This repository has been archived by the owner on Aug 19, 2021. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 4
/
Copy pathcore-values.yaml
376 lines (327 loc) · 17 KB
/
core-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
# Default values for CloudBees Core
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
# ingress-nginx.Enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional).
# Enable this section if you don't have an existing installation of ingress-nginx controller
# Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16
ingress-nginx:
Enabled: false
controller:
ingressClass: nginx
nodeSelector:
kubernetes.io/os: linux
service:
externalTrafficPolicy: Local
admissionWebhooks:
patch:
nodeSelector:
kubernetes.io/os: linux
defaultBackend:
nodeSelector:
kubernetes.io/os: linux
# nginx-ingress.Enabled -- Installs the [nginx-ingress](https://github.com/helm/charts/tree/master/stable/nginx-ingress) controller (optional).
# DEPRECATED - Use ingress-nginx section instead.
# Enable this section if you don't have an existing installation of nginx-ingress controller
# Note: use `beta.kubernetes.io/os` when deploying on Kubernetes versions below 1.16
nginx-ingress:
Enabled: false
controller:
ingressClass: nginx
nodeSelector:
kubernetes.io/os: linux
service:
externalTrafficPolicy: Local
defaultBackend:
nodeSelector:
kubernetes.io/os: linux
# Sidecar injector (optional)
# Useful when running infrastructure (GitHub Enterprise, Nexus, etc.) using a self-signed certificate.
# It allows you to inject certificate bundles in pods running in CloudBees Core so that they can trust provided certificates
# without having to build custom docker images.
# Use helm inspect readme cloudbees/cloudbees-sidecar-injector to read more on this optional components
sidecarinjector:
# sidecarinjector.Enabled -- Whether to enable installation of Sidecar Injector
Enabled: false
# Operations Center options
OperationsCenter:
# OperationsCenter.Enabled -- Disable for particular use case like setting up namespaces to host masters only
Enabled: true
# Operations Center docker image
Image:
# OperationsCenter.Image.dockerImage -- Container image to use for Operations Center
dockerImage: cloudbees/cloudbees-cloud-core-oc:2.277.1.2
# OperationsCenter.Image.dockerPullPolicy -- https://kubernetes.io/docs/concepts/containers/images/#updating-images
dockerPullPolicy: null
# Image pull secrets
# Enable this option when using a private registry.
# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line
# OperationsCenter.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets
ImagePullSecrets: null
# OperationsCenter.Platform -- Enables specific settings depending on the platform
# platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`, `openshift4`
# Note: `openshift` maps to OpenShift 3.x
Platform: standard
# OperationsCenter.HostName -- The hostname used to access Operations Center through the ingress controller.
HostName: null
# OperationsCenter.ContextPath -- the path under which Operations Center will be accessible in the given host.
ContextPath: /cjoc
# OperationsCenter.Protocol -- the protocol used to access CJOC. Possible values are http/https.
Protocol: http
# Protocol: https
# OperationsCenter.Port -- the port used to access CJOC. Defaults to 80/443 depending on Protocol. Can be overridden.
# Port: 80
# https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
Resources:
Limits:
# OperationsCenter.Resources.Limits.Cpu -- CPU limit to run Operations Center
# https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu
Cpu: 1
# OperationsCenter.Resources.Limits.Memory -- Memory limit to run Operations Center
# https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory
Memory: 2G
Requests:
# OperationsCenter.Resources.Requests.Cpu -- CPU request to run Operations Center
# https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-cpu
Cpu: 1
# OperationsCenter.Resources.Requests.Memory -- Memory request to run Operations Center
# https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/#meaning-of-memory
Memory: 2G
# Environment variables that get added to the container (useful for e.g. http_proxy)
# ContainerEnv:
# - name: http_proxy
# value: "http://192.168.64.1:3128"
# OperationsCenter.JavaOpts -- Additional java options to pass to the Operations Center
JavaOpts: null
# -Dcom.sun.management.jmxremote.port=4000
# -Dcom.sun.management.jmxremote.authenticate=false
# -Dcom.sun.management.jmxremote.ssl=false
# Container port where JMX is exposed
# JMXPort: 4000
# OperationsCenter.JenkinsOpts -- Additional arguments for jenkins.war
JenkinsOpts: null
# Run the Operations Center as a specific user (defaults to uid 1000)
# When setting RunAsUser to a different value than 0 also set FsGroup to the same value:
# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
# RunAsUser: 1000
# RunAsGroup: 1000
# Volumes that support ownership management are modified to be owned and writable by the GID specified in fsGroup
# Should be set to the same value as RunAsUser to ensure the volume is writable
# https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#discussion
# FsGroup: 1000
# OperationsCenter.ServicePort -- Controls the service port where Operations Center http port is exposed. Don't change this parameter unless you know what you are doing
ServicePort: 80
# OperationsCenter.ServiceAgentListenerPort -- Controls the service port where Operations Center TCP port for agents is exposed. Don't change this parameter unless you know what you are doing
ServiceAgentListenerPort: 50000
# OperationsCenter.ServiceType -- Service Type. Defaults to ClusterIP, since we recommend using an ingress controller.
ServiceType: ClusterIP
# OperationsCenter.ServiceAnnotations -- Additional annotations to put on the Operations Center service
ServiceAnnotations: {}
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
# OperationsCenter.ContainerPort -- Container port for http traffic
ContainerPort: 8080
# OperationsCenter.AgentListenerPort -- Container port for agent listener traffic
AgentListenerPort: 50000
# OperationsCenter.HealthProbes -- Enable Kubernetes Liveness and Readiness Probes
HealthProbes: true
# OperationsCenter.HealthProbeLivenessFailureThreshold -- Threshold for liveness failure
HealthProbeLivenessFailureThreshold: 12
# https://wiki.jenkins.io/display/JENKINS/CSRF+Protection
CSRF:
# OperationsCenter.CSRF.ProxyCompatibility -- Proxy compatibility for the default CSRF issuer
ProxyCompatibility: false
# OperationsCenter.LoadBalancerSourceRanges -- Only applicable when using `ServiceType: LoadBalancer`
LoadBalancerSourceRanges:
- 0.0.0.0/0
# OperationsCenter.LoadBalancerIP -- Optionally assign a known public LB IP
LoadBalancerIP: null
# LoadBalancerIP: 1.2.3.4
# OperationsCenter.NodeSelector -- Node labels and tolerations for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
NodeSelector: {}
# OperationsCenter.Tolerations -- Specify tolerations for the Operations Center pod.
# See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
Tolerations: []
# OperationsCenter.Annotations -- Additional annotations to put on the pod running Operations Center
Annotations: {}
Ingress:
# OperationsCenter.Ingress.Class -- Ingress class to use for OC and MM ingresses
# Should be set to the same value as nginx-ingress.controller.ingressClass if enabled
Class: nginx
# OperationsCenter.Ingress.Annotations -- annotations to put on Ingress object
Annotations:
kubernetes.io/tls-acme: 'false'
tls:
# OperationsCenter.Ingress.tls.Enable -- Set this to true in order to enable TLS on the ingress record
Enable: false
# OperationsCenter.Ingress.tls.SecretName -- The name of the secret containing the certificate
# and private key to terminate TLS for the ingress
SecretName: null
Route:
tls:
# OperationsCenter.Route.tls.Enable -- Set this to true in OpenShift to terminate TLS at route level
# Read https://docs.openshift.com/container-platform/4.6/networking/routes/secured-routes.html for details.
# These also apply to Hibernation monitor if enabled.
Enable: false
# OperationsCenter.Route.tls.Termination -- Type of termination
Termination: edge
# OperationsCenter.Route.tls.InsecureEdgeTerminationPolicy -- Whether to redirect http to https
InsecureEdgeTerminationPolicy: Redirect
# OperationsCenter.Route.tls.CACertificate -- CA Certificate PEM-encoded
CACertificate: null
# OperationsCenter.Route.tls.Certificate -- Certificate PEM-encoded
Certificate: null
# OperationsCenter.Route.tls.Key -- Private key PEM-encoded
Key: null
# OperationsCenter.Route.tls.DestinationCACertificate -- When using `termination=reencrypt`, destination CA PEM-encoded
DestinationCACertificate: null
# OperationsCenter.ExtraConfigMaps -- Extra configmaps deployed with the chart
ExtraConfigMaps: []
# ExtraConfigMaps:
# - name: my-config-map
# labels:
# key1: value1
# annotations:
# key1: value1
# data:
# myfile.yaml: |
# foo: bar
# OperationsCenter.ExtraContainers -- Extra containers to add to the pod containing Operations Center.
ExtraContainers: []
# ExtraContainers:
# - name: sleep
# image: tutum/curl
# command: ["sleep", "infinity"]
# OperationsCenter.ExtraGroovyConfiguration -- Provides additional init groovy scripts
# Each key becomes a file in /var/jenkins_config
ExtraGroovyConfiguration: {}
# ExtraGroovyConfiguration:
# hello-world.groovy: |
# System.out.println('Hello world!')
# OperationsCenter.ExtraVolumes -- Extra volumes to add to the pod
ExtraVolumes: []
# ExtraVolumes:
# - name: my-volume
# configMap:
# name: my-config-map
# OperationsCenter.ExtraVolumeMounts -- Extra volume mounts to add to the container containing Operations Center
ExtraVolumeMounts: []
# ExtraVolumeMounts:
# - name: my-volume
# mountPath: /var/my-path
# readOnly: true
# Master options
Master:
# Master.Enabled -- Whether to create the resources required to schedule masters.
Enabled: true
# Master.OperationsCenterNamespace -- When deploying Master resources, this grants an Operations Center deployed in another namespace the right to deploy masters
OperationsCenterNamespace: null
# Docker image inserted in Operations Center automatically
Image:
# Master.Image.dockerImage -- Used to override the default docker image
dockerImage: cloudbees/cloudbees-core-mm:2.277.1.2
# Master.JavaOpts -- Additional Java options to pass to managed masters. For example, setting up a JMX port
JavaOpts: null
# Agent options
Agents:
# Agents.Enabled -- Enable to create agent resources (service account, role)
Enabled: true
SeparateNamespace:
# Agents.SeparateNamespace.Enabled -- If enabled, agents resources will be created in a separate namespace as well as bindings allowing masters to schedule them.
Enabled: false
# Agents.SeparateNamespace.Name -- Namespace where to create agents resources. Defaults to `${namespace}-builds` where `${namespace}` is the namespace where the chart is installed.
Name: null
# Agents.SeparateNamespace.Create -- If true, the second namespace will be created when installing this chart. Otherwise, the existing namespace should be labeled with `cloudbees.com/role: agents` in order for network policies to work.
Create: false
Image:
# Agents.Image.dockerImage -- Used to override the default docker image used for agents
dockerImage: cloudbees/cloudbees-core-agent:2.277.1.2
# Image pull secrets
# Enable this option when using a private registry.
# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line
# Agents.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets
ImagePullSecrets: null
Persistence:
# Persistence.StorageClass -- Persistent Volume Storage Class for Jenkins Home
# If defined, storageClassName: <storageClass>.
# If set to "-", storageClassName: "", which disables dynamic provisioning.
# If undefined (the default) or set to null, the default storage class will be used,
# unless specified otherwise below.
# If setting OperationsCenter.Platform == gke, a storage class backed with
# SSD drives will be created by this chart and used automatically.
#
# StorageClass: "-"
StorageClass: null
# On AKS, use the following
# StorageClass: "managed-premium"
# Persistence.Annotations -- Annotations to put on the PVC
Annotations: {}
# Persistence.AccessMode -- Access mode for the PVC ([doc](https://kubernetes.io/docs/concepts/storage/persistent-volumes/#access-modes))
AccessMode: ReadWriteOnce
# Persistence.Size -- Size of the Operations Center volume
Size: 20Gi
# Master hibernation
Hibernation:
# Hibernation.Enabled -- Whether to enable the [Hibernation](https://docs.cloudbees.com/docs/cloudbees-ci/latest/cloud-admin-guide/managing-masters#_hibernation_of_managed_masters) feature
Enabled: false
Image:
# Hibernation.Image.dockerImage -- Used to override the default docker image
dockerImage: cloudbees/managed-master-hibernation-monitor:230.ee066a318539
# Hibernation.Image.dockerPullPolicy -- Used to override the default pull policy
dockerPullPolicy: null
# Image pull secrets
# Enable this option when using a private registry.
# https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line
# Hibernation.ImagePullSecrets -- Name of image pull secret to pull private Docker images or an array of image pull secrets
ImagePullSecrets: null
# Hibernation.NodeSelector -- Node labels and tolerations for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
NodeSelector: {}
# Hibernation.Tolerations -- Specify tolerations for the Hibernation Monitor pod.
# See [documentation](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)
Tolerations: []
PodSecurityPolicy:
# Requires rbac.installCluster = true
#
# PodSecurityPolicy.Enabled -- Enables [Pod Security Policies](https://kubernetes.io/docs/concepts/policy/pod-security-policy/) support
# Enable only if the cluster supports it.
Enabled: false
# PodSecurityPolicy.Annotations -- Additional annotations to put on the PodSecurityPolicy, e.g. AppArmor/Seccomp settings
Annotations: {}
NetworkPolicy:
# NetworkPolicy.Enabled -- Enable only if the cluster supports it. Read the [documentation](https://kubernetes.io/docs/concepts/services-networking/network-policies/) to understand what this is about.
Enabled: false
# NetworkPolicy.ingressControllerSelector -- Custom selector for the ingress-controller
ingressControllerSelector: []
# - namespaceSelector:
# matchLabels:
# name: nginx-ingress
# podSelector:
# matchLabels:
# app: nginx-ingress
# component: controller
# NetworkPolicy.JMXSelectors -- Custom selectors for accessing JMX port
JMXSelectors: []
# - namespaceSelector:
# matchLabels:
# name: datadog
# podSelector:
# matchLabels:
# app: datadog
## Install Default RBAC roles and bindings
rbac:
# rbac.install -- Install `role`/`rolebindings`/`serviceAccount`.
# If false (and rbac is enabled in the cluster anyway), provide valid names for all service accounts.
install: true
# rbac.installCluster -- Install `clusterrole`/`clusterrolebinding`
# These cluster roles are optional but prevent usage of some features, so we recommend setting them up.
# Defaults to true, except on Openshift 3 where it defaults to false
# Please refer to templates/cjoc-clusterrole-master-management.yaml in the chart
#installCluster: true
# rbac.serviceAccountName -- Name of the service account Operations Center will run as
serviceAccountName: cjoc
# rbac.masterServiceAccountName -- Name of the service account Jenkins masters will run as
masterServiceAccountName: jenkins
# rbac.agentServiceAccountName -- Name of the service account Jenkins agents will run as
agentsServiceAccountName: jenkins-agents
# rbac.hibernationMonitorServiceAccountName -- Name of the service account the Hibernation monitor will run as (if enabled)
hibernationMonitorServiceAccountName: managed-master-hibernation-monitor