##--------------------------------------------- ## Common images configurations section ##--------------------------------------------- images: # Image registry to pull the images from. # E.g., registry: "123456789012.dkr.ecr.us-east-1.amazonaws.com" registry: "docker.io/cloudbees" # Image tag of the image to pull tag: "2023.03.0.161439_3.2.38_20230307" # The image pull policy to use pullPolicy: IfNotPresent # Image pull secrets # Enable this option when using a private registry. # Secrets must be manually created in the namespace. # imagePullSecrets: # Optional array of imagePullSecrets containing private registry credentials # Reference to one or more secrets to be used when pulling images # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ # imagePullSecrets: # - name: "docker-registry" imagePullSecrets: # The name of the Flow server, usually its fully-qualified domain name, from # which the server will be available for all agents (resources) and other # components. # By default, it is the internal cluster hostname for the K8S Flow server # service. Flow server will not be fully accessible to non-cluster components # if this is the default. serverName: flow-server #--------------------------------------------- # Ingress configuration section #--------------------------------------------- ingress: enabled: true host: # Flow web ingress annotations, here we use nginx but any other ingress # supporting sticky sessions will suffice. annotations: nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/affinity-mode: "persistent" nginx.ingress.kubernetes.io/session-cookie-name: "route" nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" nginx.ingress.kubernetes.io/proxy-body-size: "10G" nginx.ingress.kubernetes.io/secure-backends: "false" nginx.ingress.kubernetes.io/proxy-read-timeout: "4000" nginx.ingress.kubernetes.io/proxy-stream-timeout: "4000" # Add below annotations if you are using EKS + ALB # alb.ingress.kubernetes.io/scheme: internet-facing # alb.ingress.kubernetes.io/certificate-arn: "" # Should be set to the same value as nginx-ingress.controller.ingressClass if enabled. # Should be set to the same value as ingress-nginx.controller.ingressClassResource.name if enabled. # Set to alb if using EKS and need to deploy ALB load balancer with alb controller enabled. # class: alb class: flow-ingress # Certificate for WEB ingress. # # Normally should be set when helm install executes using `--set-file # ingress.certificate.key=path/to/key` `--set-file # ingress.certificate.crt=path/to/certificate`. # # This section is just an example that ingress can be configured with # certificate for TLS. certificate: existingSecret: key: crt: # Whether to create an OpenShift Route rather than a generic Ingress. route: false # Enables specific settings depending on the platform # platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift` # Note: `openshift` maps to OpenShift 4.x platform: standard #--------------------------------------------- # Flow server configuration section #--------------------------------------------- server: # Flag that dictates whether this workload and its accompanying services are # to be installed. enabled: true imageRepository: cbflow-server replicas: 1 # expose As flow requires repository to be exposed as externally available # services ingress needs to ports 8443 and 61613 to be open to the # outer world. expose: true # Master loglevel for com.electriccloud package. logLevel: DEBUG zk: host: zookeeper port: 2181 # This line is interpreted as if passsed to ecconfigure utility within # the container. ecconfigure: "--serverInitMemoryMB=4096 --serverMaxMemoryMB=4096" resources: limits: cpu: 4 memory: 6Gi requests: cpu: 2 memory: 6Gi nodeSelector: {} tolerations: [] affinity: {} # Kubernetes Liveness and Readiness Probes livenessProbe: initialDelaySeconds: 90 periodSeconds: 60 failureThreshold: 10 timeoutSeconds: 10 readinessProbe: initialDelaySeconds: 60 periodSeconds: 10 failureThreshold: 10 timeoutSeconds: 10 ## specify additional volumes to mount in the server container additionalVolumes: [] ## specify where the additional volumes are mounted in the server container additionalVolumeMounts: [] additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" # Additional environment variables to set for flow-server extraEnvs: [] # extraEnvs: # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # Enable or disable sending telemetry data to CloudBees # Note: this option only works for the very first installation during server initialization. # For an already initialized server, this can be configured in its settings. telemetryData: enabled: true # expose As flow requires server to be exposed as externally available # services needs to ports 8443 and 61613 to be open to the # outer world. Creates extra Kubernetes service with type LoadBalancer externalService: enabled: false # Enable or disable creating init container for volume permissions for server volumesPermissionsInitContainer: enabled: true # Horizontal Pod Autoscaling configuration for server, # This is only supported when clusteredMode=true autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] # Custom or additional autoscaling metrics # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m jobInit: annotations: "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation nodeSelector: {} tolerations: [] affinity: {} #--------------------------------------------- # Flow web server configuration section #--------------------------------------------- web: # Flag that dictates whether this workload and its accompanying services are # to be installed. enabled: true imageRepository: cbflow-web replicas: 1 service: type: ClusterIP # This line is interpreted as if passsed to ecconfigure utility within # the container. ecconfigure: "" resources: limits: cpu: 1 memory: 512Mi requests: cpu: 0.25 memory: 256Mi nodeSelector: {} tolerations: [] affinity: {} # Additional environment variables to set for flow-web extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR # Enable shared plugin volume mount (PVC) on flow-web pods. # Mounts empty dir instead if sharedPluginsEnabled is false sharedPluginsEnabled: true ## specify additional volumes to mount in the web container additionalVolumes: [] ## specify where the additional volumes are mounted in the web container additionalVolumeMounts: [] additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" # Horizontal Pod Autoscaling configuration for web autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] # Custom or additional autoscaling metrics # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m #--------------------------------------------- # Flow repository configuration section #--------------------------------------------- repository: # Flag that dictates whether this workload and its accompanying services are # to be installed. enabled: true imageRepository: cbflow-repository replicas: 1 # expose As flow requires repository to be exposed as externally available # services ingress needs to ports 8200 to be open to the outer world. expose: true # The zone (must exist in CloudBees Flow server instance) that will be assigned # to the repository instance created in the Flow server to represent this # repository instance. zoneName: # The endpoint for Flow repository service. # # This setting will be ignored if Flow server is enabled. In this case, # the service name will be determined automatically based on .serverName value. # # If Flow server is disabled and the repository should be connected to # Flow server outside of this deployment, then this setting is mandatory. # # Usual helm templates are acceptable for this setting. serviceEndpoint: # Master loglevel for com.electriccloud package logLevel: DEBUG # This line is interpreted as if passed to ecconfigure utility within # the container. ecconfigure: "--repositoryInitMemoryMB=256 --repositoryMaxMemoryMB=512" resources: requests: cpu: 0.25 memory: 1024Mi limits: cpu: 0.25 memory: 1024Mi nodeSelector: {} tolerations: [] affinity: {} # Additional environment variables to set for flow-repository extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR # expose As flow requires repository to be exposed as externally available # services needs to ports 8200 to be open to the # outer world. Creates extra Kubernetes service with type LoadBalancer externalService: enabled: false # Enable or disable creating init container for volume permissions for repository volumesPermissionsInitContainer: enabled: true ## specify additional volumes to mount in the repository container additionalVolumes: [] ## specify where the additional volumes are mounted in the repository container additionalVolumeMounts: [] additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" # Horizontal Pod Autoscaling configuration for server autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] # Custom or additional autoscaling metrics # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: repository_process_requests_total # target: # type: AverageValue # averageValue: 10000m #--------------------------------------------- # Flow DevOps Insight configuration section #--------------------------------------------- dois: # Flag that dictates whether this workload and its accompanying services are # to be installed. enabled: true imageRepository: cbflow-dois # Number or Elasticsearch nodes replicas: 1 # expose As flow requires devopsinsight to be exposed as externally available # services ingress needs to ports 9200 and 9500 to be open to the outer world. expose: true # The DOIS service endpoint which will be configured on the remote # CloudBees Flow server. # Here we assume that the remote CloudBees Flow server is located in the same # k8s cluster. serviceEndpoint: "flow-devopsinsight.{{ .Release.Namespace }}" # The name of the Elasticsearch cluster. esClusterName: # Minimum number of master-eligible nodes that must be visible in order to # form an Elasticsearch cluster. esMinMasterNodes: 1 # The number of primary shards that an index should have. esNumberOfShards: credentials: # Either specify the secret where the report user password and the admin user # password will be stored (recommended for production) or specify # the reportUserPassword and adminPassword values. # When using the secret, store the 'reportUser' password under # the 'CBF_DOIS_PASSWORD' key and the 'admin' password under # the 'CBF_DOIS_ADMIN_PASSWORD' key. # If the password is an empty string, then user 'admin' will not be created # and administrative access will not be granted. # If reportUserPassword is an empty string, a random 20 characters password will be used existingSecret: adminPassword: reportUserPassword: # The heap size in MB for Elasticsearch and Logstash services. esRam: 1024 resources: limits: cpu: 1 memory: 3Gi requests: cpu: 0.1 memory: 2Gi nodeSelector: {} tolerations: [] affinity: {} # Adds openshift Node tuning label to DOIS Pods to configure vm.max_map_count value required to run Elasticsearch. # refer https://developers.redhat.com/blog/2019/11/12/using-the-red-hat-openshift-tuned-operator-for-elasticsearch/ openshiftNodeTuning: false # Additional environment variables to set for DevOps Insight extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR # DOIS Liveness and Readiness Probes variables healthProbeReadinessPeriodSeconds: 5 healthProbeReadinessFailureThreshold: 3 healthProbeReadinessInitialDelaySeconds: 60 healthProbeLivenessPeriodSeconds: 20 healthProbeLivenessFailureThreshold: 3 healthProbeLivenessInitialDelaySeconds: 60 # Enable or disable the privileged sysctlInitContainer if the sysctl vm.max_map_count setting is set by another method sysctlInitContainer: enabled: true # Enable or disable creating init container for volume permissions for dois volumesPermissionsInitContainer: enabled: true # Enable or disable creating init container for volume permissions for dois backup: # Note: changing enabled on a previous install requires the deletion of the statefulset prior to upgrading. # e.g. kubectl delete statefulset flow-devopsinsight enabled: false schedule_cron: "0 */12 * * *" retentionDays: 15 location: "/es-backups" imageRepository: cbflow-tools cleanupImageRepository: "python" cleanupImageTag: "3.7.7" restoreSnapshot: false restoreSnapshotName: externalRepo: # enable in case need to take backup in s3 or gcs enabled: false # type can be s3 or gcs type: s3 # Name of Bucket in s3 or gcs bucketName: # Either specify the secret where the AWS or GCS credentials stored as per below keys or provide in values file with secret # Create secret for AWS S3 with permission to read/write to bucket policy with Keys AWS_ACCESS_KEY and AWS_SECRET_KEY # e.g kubectl create secret generic s3awssecret --from-literal=AWS_ACCESS_KEY="XXXXX" --from-literal=AWS_SECRET_KEY="XXXXX" # Create secret for GCS with permission to read/write to bucket policy with service account key file with KEY GCS_SA_KEY # e.g kubectl create secret generic gcssasecret --from-file=GCS_SA_KEY=/tmp/gke-credentials.json existingSecret: secret: # provide only if type s3 awsAccessKey: awsSecretKey: # provide only if type gcs gcsSaKey: # region of s3 or gcs bucket e.g us-east-1 region: # expose As flow requires dois to be exposed as externally available # services needs to ports 9200 , 9500 to be open to the # outer world. Creates extra Kubernetes service with type LoadBalancer externalService: enabled: false # Flow DOIS LoadBalancer service annotations for creating internal LoadBalancer on GCP, AWS annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" # DOIS Supported Certificates certificates: ca: crt: key: sign: crt: key: node: crt: key: admin: crt: key: dname: bundle: # Either specify the secret where the certificates ca, sign,node # admin,bundle will be stored (recommended for production) or specify above existingSecret: # When using the existingSecret secret use below keys, # store the 'ca.crt' value under CBF_DOIS_CA_CRT key # store the 'ca.key' value under CBF_DOIS_CA_KEY key # store the 'sign.crt' value under CBF_DOIS_SIGN_CRT key # store the 'sign.key' value under CBF_DOIS_SIGN_KEY key # store the 'node.crt' value under CBF_DOIS_NODE_CRT key # store the 'node.key' value under CBF_DOIS_NODE_KEY key # store the 'admin.crt' value under CBF_DOIS_ADMIN_CRT key # store the 'admin.key' value under CBF_DOIS_ADMIN_KEY key # store the 'bundle' value under CBF_DOIS_CRT_BUNDLE key # do not store admin.dnname in secret instead pass it as value # For multiple dois replicas user needs to define one of the below supported certificates . # 1. certificates.bundle is defined # 2. certificates.ca.crt and certificates.ca.key are defined # 3. certificates.ca.crt and certificates.sign.crt and certificates.sign.key are defined # 4. certificates.ca.crt and certificates.sign.crt and certificates.node.crt and certificates.node.key # and certificates.admin.crt and certificates.admin.key are defined. # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" #--------------------------------------------- # Flow bound agent configuration section #--------------------------------------------- # This is an internal component that serves the web server and the repository # connections to Flow server. It will be automatically enabled or disabled if # deployment of these components is enabled. boundAgent: imageRepository: cbflow-agent replicas: 1 # Master loglevel for com.electriccloud package. logLevel: DEBUG # This line is interpreted as if passsed to ecconfigure utility within the # container. ecconfigure: "--agentInitMemoryMB=256 --agentMaxMemoryMB=256" resources: limits: cpu: 0.25 memory: 1024Mi requests: cpu: 0.25 memory: 512Mi nodeSelector: {} tolerations: [] affinity: {} # Additional environment variables to set for bound agent extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR # Enable or disable creating init container for volume permissions for boundagent volumesPermissionsInitContainer: enabled: true ## specify additional volumes to mount in the bound agent container additionalVolumes: [] ## specify where the additional volumes are mounted in the bound agent container additionalVolumeMounts: [] additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" #--------------------------------------------- # Flow storage configuration section #--------------------------------------------- storage: volumes: serverPlugins: name: flow-server-shared accessMode: ReadWriteMany # Storage class for plugins directory. Currently it has to be shared across all # server and web replicas. Has to be ReadWriteMany accessible. storageClass: storage: 5Gi # In order to use any existing pvc. set existingClaim flag to true and # set storage.volumes.serverPlugins.name to pvc name. existingClaim: false repositoryStorage: name: flow-repo-artifacts accessMode: ReadWriteOnce storage: 20Gi # In order to use any non "platform-default" or custom storage class just # state required storageClass name. storageClass: # In order to use any existing pvc. set existingClaim flag to true and # set storage.volumes.repositoryStorage.name to pvc name. existingClaim: false doisStorage: name: elasticsearch-data accessMode: ReadWriteOnce storage: 10Gi # In order to use any non "platform-default" or custom storage class just # state required storageClass name. storageClass: boundAgentStorage: # set enable to true in order to use Persistent Volume for bound agent workspace enabled: false name: flow-bound-agent-workspace accessMode: ReadWriteOnce storage: 5Gi # In order to use any non "platform-default" or custom storage class just # state required storageClass name. storageClass: # In order to use any existing pvc. set existingClaim flag to true and # set storage.volumes.boundAgentStorage.name to pvc name. existingClaim: false #--------------------------------------------- # Flow server database configuration section #--------------------------------------------- # Db endpoint, `database` or `schema`, principal that has full privileges on # that schema (rw access) - dbUser, dbPassword. database: # externalEndpoint: "my.db.somewhere.com" # Please use this option if your database is residing in the same k8s cluster # as flow notation is . If deploying into the same # namespace `.` part can be omitted. # clusterEndpoint: "." # Please use this option if you have or are planning to deploy credentials # secret yourself. The layout has to be the same as that of # server-secrets.yaml::dbSecret. # existingSecret: # If dbPassword is an empty string, a random 20 characters password will be used dbName: dbUser: dbPassword: # Remote database port to connect to. dbPort: # database type for flow persistence to work with. # One of: `mysql` - MYSQL, `mariadb` - MariaDB, `sqlserver` - MSSQLServer, # `oracle` - Oracle, `postgresql` - PostgreSql. dbType: # External Mysql Connector URL to download during cloudbees flow installation mysqlConnector: enabled: true externalUrl: #--------------------------------------------- # Flow server credentials configuration section #--------------------------------------------- flowCredentials: # Either specify the secret where the admin user password is stored under # the 'CBF_SERVER_ADMIN_PASSWORD' key (recommended for production) or specify # the adminPassword. # If adminPassword is an empty string, a random 20 characters password will be used existingSecret: adminPassword: #--------------------------------------------- # Flow server license configuration optional section #--------------------------------------------- # Automations of licence installations or upgrades # should be made using the the following API: # https://docs.cloudbees.com/docs/cloudbees-cd-api/latest/flow-api/apiserver # This optional section is to allow for setting up license with flow server during # first initialization only. Allows for either create a secret from this chart or supply # own pre-created one pre-created secret must have a single field named # CBF_LICENSE with value containing license file contents. flowLicense: # Pass existing secret name with license data here. existingSecret: licenseData: #--------------------------------------------- # Pods security context #--------------------------------------------- securityContext: enabled: false fsGroup: 1000 allowPrivilegeEscalation: false runAsUser: 1000 readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" volumePermissions: enabled: true #--------------------------------------------- # RBAC resources #--------------------------------------------- rbac: ## Specifies whether RBAC resources should be created ## create: false serviceAccountName: annotations: {} role: ## Rules to create. rules: [] #--------------------------------------------- # Network isolation configuration #--------------------------------------------- networkIsolation: # `allowFromCidr` defines CIDR which is allowed to make connection to all # exposed flow endpoints. allowFromCidr: "0.0.0.0/0" #--------------------------------------------- # Zookeeper configuration section #--------------------------------------------- # Bundled zookeeper installation. If you already have available zookeeper # installation or your security policy demands so please disable this one and # enter zookeeper endpoint address into `workloads.server.zk.host` and # `workloads.server.zk.port`. # Bear in mind though that flow can not share zookeeper with any other # applications as of now. zookeeper: image: repository: docker.io/cloudbees/cbflow-tools # Container image repository for zookeeper container. tag: "2023.02.0.160256_3.2.35_20230201" # Container image tag for zookeeper container. fullnameOverride: zookeeper replicaCount: 3 podLabels: ownerApp: "cloudbees-flow" role: "cluster-coordinator" mode: "private" resources: limits: cpu: "250m" memory: "1Gi" requests: memory: "512Mi" cpu: "250m" #--------------------------------------------- # Flow ingress configuration section #--------------------------------------------- # As Flow requires server repository and DevOps Insight to be exposed as # externally available services ingress needs to ports 8200 8443 61613 9200 # and 9500 to be open to outer world. This is not supported as per kubernetes # ingress specification, though available as a non-standard extension of # nginx-ingress, which is why we are bundling ingress itself with Flow. nginx-ingress: enabled: false defaultBackend: service: omitClusterIP: true # To omit the clusterIP from the controller service controller: ingressClass: flow-ingress # publishService Allows customization of the external service the ingress will # be bound to via DNS. publishService: enabled: true scope: enabled: true # extraArgs: # Additional log messages that may be useful for debugging: # shows details using diff about the changes in the configuration in nginx # v: 2 # shows details about the service, Ingress rule, endpoint changes and it # dumps the nginx configuration in JSON format # v: 3 # configures NGINX in debug mode # v: 5 config: # Ingress must support long-running requests without resetting the connection. # By default, nginx reset connections to TCP/UDP services after 600 seconds of # inactivity between two successive read or write operations. This setting # extends the timeout to 4000 seconds. proxy-stream-timeout: "4000s" # Increasing the detail of the error log. This can be useful for debugging. # error-log-level: debug # Ingress must support long-running requests without resetting the connection. # By default, AWS ELB resets connections after 60 seconds of inactivity. With # this annotation, the timeout will be increased to 4000 seconds. This is # the maximum timeout supported by AWS ELB. service: annotations: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: 4000 omitClusterIP: true tcp: 8200: "{{ .Release.Namespace }}/flow-repository:8200" 8443: "{{ .Release.Namespace }}/flow-server:8443" 61613: "{{ .Release.Namespace }}/flow-server:61613" ## Additional TCP ports to access DOIS more specifically Elasticsearch over ingress endpoint. ## 7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800" ## 9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200" ## 9500: "{{ .Release.Namespace }}/flow-devopsinsight:9500" ## Additional port to enable external agents to connect to flow-server. ## 8000: "{{ .Release.Namespace }}/flow-server:8000" # ingress-nginx.enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional). # Enable this section if you don't have an existing installation of ingress-nginx controller ingress-nginx: enabled: true controller: service: externalTrafficPolicy: Local ingressClassResource: name: flow-ingress # publishService Allows customization of the external service the ingress will # be bound to via DNS. publishService: enabled: true scope: enabled: true # as we already use 8443 port for flow-server tcp expose , changed default admissionWebhooks port to 8445 admissionWebhooks: port: 8445 # extraArgs: # Additional log messages that may be useful for debugging: # shows details using diff about the changes in the configuration in nginx # v: 2 # shows details about the service, Ingress rule, endpoint changes and it # dumps the nginx configuration in JSON format # v: 3 # configures NGINX in debug mode # v: 5 config: # Ingress must support long-running requests without resetting the connection. # By default, nginx reset connections to TCP/UDP services after 600 seconds of # inactivity between two successive read or write operations. This setting # extends the timeout to 4000 seconds. proxy-stream-timeout: "4000s" # Increasing the detail of the error log. This can be useful for debugging. # error-log-level: debug tcp: 8200: "{{ .Release.Namespace }}/flow-repository:8200" 8443: "{{ .Release.Namespace }}/flow-server:8443" 61613: "{{ .Release.Namespace }}/flow-server:61613" ## Additional TCP ports to access DOIS more specifically Elasticsearch over ingress endpoint. ## 7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800" ## 9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200" ## 9500: "{{ .Release.Namespace }}/flow-devopsinsight:9500" ## Additional port to enable external agents to connect to flow-server. ## 8000: "{{ .Release.Namespace }}/flow-server:8000" ##--------------------------------------------- ## Miscellaneous configuration section ##--------------------------------------------- clusteredMode: true # Flag used to configure the cloudbees-sda chart. # Should not be used from a standalone cloudbees-flow installation. sda: false mariadb: enabled: false fullnameOverride: mariadb replication: enabled: false volumePermissions: enabled: true initdbScriptsConfigMap: mariadb-initdb-scripts existingSecret: mariadb-initdb-secret # must provide same user name same as database.dbUser(default it "flow") db: user: "" rootUser: # MariaDB admin password # If password is an empty string, a random 10 characters password will be used # ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run # password: "" master: nodeSelector: kubernetes.io/os: linux # cloudbees-flow-agent chart configurations used for creating the # internal agent for the gateway internalGatewayAgent: enabled: false releaseNamePrefix: gateway-default-agent resourceName: gateway-default-agent replicas: 1 trustedAgent: false flowCredentials: # enable serverSecretReference to re-use flow-server secrets in agents chart serverSecretReference: true autoscaling: enabled: false minReplicas: 1 maxReplicas: 2 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 gateway: # considering this as internal gateway agent enabled: true # cloudbees-flow-agent chart configurations used for creating the # external agent for the gateway externalGatewayAgent: enabled: false releaseNamePrefix: gateway-external-agent resourceName: gateway-external-agent replicas: 1 trustedAgent: false zoneName: external service: # External DNS hostname that the external agents would use to communicate # with the external gateway agent publicHostName: # configure gateway using external gateway agent gateway: # configure gateway using this agent enabled: true # Name of the gateway to create name: external # Name of gateway agent to pair with as gateway resource 2 pairedResourceName: gateway-default-agent flowCredentials: # enable serverSecretReference to re-use flow-server secrets in agents chart serverSecretReference: true autoscaling: enabled: false minReplicas: 1 maxReplicas: 2 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 gitops: enabled: false repo: # Either specify the secret where the gitToken is stored under # the 'CBF_GIT_TOKEN' key (recommended for production) or specify gitToken: existingSecret: # CD Sidecar injector (optional) # Useful when running infrastructure (GitHub Enterprise, Nexus, etc.) using a self-signed certificate. # It allows you to inject certificate bundles in pods running in CloudBees CD so that they can trust provided certificates # without having to build custom docker images. # label your namespace with sidecar-injector-cd=enabled to enable sidecar-injector to work # kubectl label namespace mynamespace sidecar-injector-cd=enabled # Use helm inspect readme cloudbees/cloudbees-sidecar-injector to read more on this optional components # Note: If you are using SDA and CI has sidecarinjector enabled you cant enable cdsidecarinjector. # As We refer to same chart and it contains conflicting names. cdsidecarinjector: # cdsidecarinjector.enabled -- Whether to enable installation of Sidecar Injector enabled: false caBundleName: ca-bundles injectionCaCertificates: - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem injectionJavaKeystore: - /opt/cbflow/jre/lib/security/cacerts # Alpine/Debian/Ubuntu/Gentoo etc. namespaceLabel: sidecar-injector annotationPrefix: com.cloudbees.sidecar-injector batchApiVersion: batch/v1 # Use batch/v1beta1 if using Kubernetes < 1.22