### -------------------------------------------- ### Common images configurations section ### -------------------------------------------- images: ## Image registry to pull CloudBees CD/RO images from. ## Example: registry: "123456789012.dkr.ecr.us-east-1.amazonaws.com" registry: "docker.io/cloudbees" ## The `imageRepository` in the `images.registry` to pull the agent image from. imageRepository: "cbflow-agent" ## CloudBees CD/RO flow-server image tag to pull. tag: "2024.09.0.176472_3.2.121_20240925" ## The image pull policy to use: pullPolicy: IfNotPresent ## Enable `imagePullSecrets` if you are using a private registry. ## Secrets must be manually created or already exist in the namespace. ## `imagePullSecrets: ` imagePullSecrets: ## (OPTIONAL) Create an array of `imagePullSecrets` containing private registry credentials. ## when you have one or more secrets to use when pulling images. ## NOTE: Only one instance of `imagePullSecrets:` can be present. ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ # imagePullSecrets: # - name: "docker-registry" ## The name of the CloudBees CD/RO flow-server you are installing the agent for. ## Usually, a fully-qualified domain name, where the server ## is available for all agents (resources) and other components. ## By default, it is the internal cluster hostname for the K8S flow-server ## service. However, the CloudBees CD/RO flow-server will not be fully ## accessible to non-cluster components if this is the default. ## NOTE: If you are installing this agent in different namespace than ## flow-server, you must provide the `serverEndpoint` as `service-name.namespace`. ## Here it is assumed the server and agent are in the same namespace. serverEndpoint: flow-server ### -------------------------------------------- ### Flow agent configuration section ### --------------------------------------------- ## Provide the resource pools you want your agents to attempt to register ## with when initializing and connecting with the flow-server. resourcePools: ## Flow resource name that agents in this deployment will be assigned to (defaults to hostname). ## You can use ordinary Helm template values. ## For example: ## {{ .Release.Name }}, {{ .Release.Namespace }}, etc. ## ## Additionally, the following special templates are allowed here: ## {{ hostname }} - will be replaced by the actual resource hostname ## {{ ordinalIndex }} - will be replaced by a serial replica index in StatefulSet ## ## Example resourceName: ## resourceName: "myResource - {{ .Release.Name }} - {{ ordinalIndex }}" ## resourceName: ## Release name prefix added to support this chart to launch as multiple sub-chart in CD deployment ## NOTE: Leave `releaseNamePrefix` empty for standalone deployments. releaseNamePrefix: ## Number of agent replicas to create. replicas: 1 ## The default is to deploy all pods one at a time. By setting `podManagementPolicy: "Parallel"` ## all pods are started at the same time. podManagementPolicy: "Parallel" ## The zone for resources created in the flow-server for the agent(s). ## This zone must exist in your flow-server instance. zoneName: ## The zone for workspace created in the flow-server for the agent(s). ## This zone must exist in your flow-server instance. workspaceName: ## Set `trustedAgent: true` to configure the agent as a trusted agent. ## NOTE This restricts the agent to one flow-server deployment. trustedAgent: false ## Type of resource to create on the remote flow-server. ## This argument is relevant only when the ## flow-server is using a mixed-mode license with ## concurrent resources and registered hosts. ## ## Valid options for `resourceType` are: ## `resourceType: concurrent` ## or ## `resourceType: registered` resourceType: ### -------------------------------------------- ### Pod scheduling settings ### --------------------------------------------- nodeSelector: {} tolerations: [] affinity: {} ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "--agentInitMemoryMB=16 --agentMaxMemoryMB=64" ## The default loglevel for the agent. logLevel: DEBUG service: type: ClusterIP clusterIP: "None" ## External DNS hostname to set to as the agent service name. ## Used for Gateway Agent configuration. publicHostName: null ## (OPTIONAL) Provide a service name for the agent pod. name: ## Gateway Agents require port `7800` (by default) to be open externally ## to communicate with external agents. ## Creates extra Kubernetes service with type LoadBalancer ## Enabling `externalService` creates a Load Balancer Kubernetes service named `-flow-agents-external`. ## Use your LoadBalancer Endpoint or DNS Endpoint (DNS Entry added for LB Endpoint) as the Resource Agent Host Name for ## the External Gateway Agent in CD/RO resources. ## If `service.publicHostName` is configured with a DNS Endpoint (DNS Entry added for LB Endpoint), an ## External Gateway Agent with the specified Agent Host Name is automatically created. ## The port can be set to ports other than 7800. The load balancer will route any requests ## to the specified port to the internal service on port 7800. externalService: enabled: false port: 7800 ## agent LoadBalancer service annotations for ## creating internal LoadBalancer on GCP or AWS. annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ### -------------------------------------------- ### Flow agent storage and resources configuration section ### --------------------------------------------- storage: volumes: agentWorkspace: name: flow-agent-workspace ## `access-mode` is either: ## NFS: `accessMode: ReadWriteMany` ## Traditional volume mount `accessMode: ReadWriteOnce` accessMode: ReadWriteOnce storage: 5Gi ## To use any custom storage class just uncomment the line and state required storageClass name # storageClass: my-class ## Configure `existingClaim: true` if you have agents already deployed with a shared workspace or PVC. existingClaim: false resources: limits: cpu: 1 memory: 1024Mi requests: cpu: 0.25 memory: 512Mi ## Additional environment variables to set for agent. extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR ### -------------------------------------------- ### Flow server credentials configuration section ### --------------------------------------------- ## CloudBees flow-server credentials used to register the agent as a resource on the flow-server. flowCredentials: ## If you are using an `existingSecret`, provide the name of the secret containing the flow-user credentials. ## The data field must contain base64 encoded values for keys 'CBF_SERVER_USER' and 'CBF_SERVER_PASSWORD'. ## You can modify and use the following command to create them: ## E.g., kubectl create secret generic your-flow-user-secret --from-literal=CBF_SERVER_USER='admin' --from-literal=CBF_SERVER_ADMIN_PASSWORD='XXXXXXX' -n your-release-namespace existingSecret: ## `serverSecretReference` is added to support case where agents need to refer flow servers existing admin credentials serverSecretReference: false ## `flowCredentials.user: admin` is used by default, you can specify a different user if desired. ## IMPORTANT: The `flowCredentials.user` must have `modify` permissions for `resources` on the flow-server. user: admin password: ### -------------------------------------------- ### Pods security context ### --------------------------------------------- ## Requires `securityContext.enabled=true` to apply `securityContext` settings for pod spec. ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/ securityContext: enabled: false fsGroup: 1000 runAsUser: 1000 ## Configure pod security context, which is applied to pod spec. ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#podsecuritycontext-v1-core # fsGroup: 1000 # fsGroupChangePolicy: OnRootMismatch # runAsGroup: 1000 # runAsNonRoot: true # runAsUser: 1000 # seLinuxOptions: {} # seccompProfile: {} # supplementalGroups: # sysctls: ## Requires `securityContext.enabled=true` to apply `containerSecurityContext` settings for containers. containerSecurityContext: {} ## Configure pod security context, which is applied to containers. ## Ref: https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.28/#securitycontext-v1-core # allowPrivilegeEscalation: false # capabilities: # drop: [ "ALL" ] # privileged: false # procMount: "Default" # readOnlyRootFilesystem: true # runAsGroup: 1000 # runAsNonRoot: true # runAsUser: 1000 # seLinuxOptions: {} # seccompProfile: {} rbac: ## Specifies if RBAC resources should be created. create: false serviceAccountName: role: ## RBAC rules to create. rules: [] volumePermissions: enabled: true gateway: ## Install this agent as a gateway agent. enabled: false ## Name of the gateway to create. name: external ## Name of the gateway agent to pair with as gateway resource 2. pairedResourceName: ## Specify additional containers to mount for agent. additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" ## Horizontal Pod Autoscaling configuration for agent. autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] ## Specify custom or additional autoscaling metrics. ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m ## Specify additional volumes to mount in the agent container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the agent container. additionalVolumeMounts: [] ## Helm tests configuration helmTests: image: cbflowtest/wget ## Specify additional custom labels to agent pods. customLabels: product: cdro ## Specify termination grace periods seconds for agent pods. terminationGracePeriodSeconds: 30