# Default values for gocd. # This is a YAML-formatted file. # Declare variables to be passed into your templates. rbac: # Specifies whether rbac resources must be created. create: true # The API version to use while creating the rbac resources. Use `kubectl api-versions | grep rbac` to find which abi versions are supported for your cluster. apiVersion: v1 # Create a cluster role binding with the existing role, do not create a new one. If left blank, a new cluster role is created. roleRef: serviceAccount: # Specifies whether a service account should be created create: true # The name of the ServiceAccount to use. # If not set and create is true, a name is generated using the fullname template # If create is false and a name is not specified, the default service account is used for the cluster role binding. name: server: # server.enabled is the toggle to run GoCD Server. Change to false for Agent Only Deployment. enabled: true # server.annotations is the annotations for the GoCD Server Deployment and Pod spec. annotations: deployment: # iam.amazonaws.com/role: arn:aws:iam::xxx:role/my-custom-role pod: # iam.amazonaws.com/role: arn:aws:iam::xxx:role/my-custom-role # Specify security settings for GoCD Server Pod securityContext: # Specify the container user for the GoCD server pod runAsUser: 1000 # Specify the container group for the GoCD server pod runAsGroup: 0 # Specify the container supplementary group for the GoCD server pod fsGroup: 0 # server.shouldPreconfigure is used to invoke a script to pre configure the elastic agent profile and the plugin settings in the GoCD server. # Note: If this value is set to true, then, the serviceAccount.name is configured for the GoCD server pod. The service account token is mounted as a secret and is used in the lifecycle hook. # Note: An attempt to preconfigure the GoCD server is made. There are cases where the pre-configuration can fail and the GoCD server starts with an empty config. shouldPreconfigure: true preconfigureCommand: - "/bin/bash" - "/preconfigure_server.sh" # server.preStop - array of commands to use in the server pre-stop lifecycle hook # preStop: # - "/bin/bash" # - "/backup_and_stop.sh" # server.terminationGracePeriodSeconds is the optional duration in seconds the gocd server pod needs to terminate gracefully. # Note: SIGTERM is issued immediately after the pod deletion request is sent. If the pod doesn't terminate, k8s waits for terminationGracePeriodSeconds before issuing SIGKILL. # server.terminationGracePeriodSeconds: 60 image: # server.image.repository is the GoCD Server image name repository: "gocd/gocd-server" # server.image.tag is the GoCD Server image's tag tag: # server.image.pullPolicy is the GoCD Server image's pull policy pullPolicy: "IfNotPresent" ## Configure GoCD server resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # requests: # memory: 512Mi # cpu: 300m # limits: # cpu: 100m # memory: 1024Mi # Sidecar containers that runs alongside GoCD server. # https://kubernetes.io/docs/concepts/workloads/pods/pod-overview/ sidecarContainers: [] # - name: sidecar-container # image: sidecar-image:latest # volumeMounts: # - name: goserver-vol # mountPath: /godata # specify init containers, e.g. to prepopulate home directories etc initContainers: [] # - name: download-kubectl # image: "ellerbrock/alpine-bash-curl-ssl:latest" # imagePullPolicy: "IfNotPresent" # volumeMounts: # - name: kubectl # mountPath: /download # workingDir: /download # command: ["/bin/bash"] # args: # - "-c" # - 'curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl' # specify restart policy for server restartPolicy: Always ## Additional GoCD server pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ nodeSelector: {} ## Affinity for assigning pods to specific nodes ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} ## Tolerations for allowing pods to be scheduled on nodes with matching taints ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: {} healthCheck: # server.healthCheck.initialDelaySeconds is the initial delays in seconds to start the health checks initialDelaySeconds: 90 # server.healthCheck.periodSeconds is the health check interval duration periodSeconds: 15 # server.healthCheck.failureThreshold is the number of unsuccessful attempts made to the GoCD server health check endpoint before the container is restarted (for liveness) or marked as unready (for readiness) failureThreshold: 10 env: # server.env.goServerJvmOpts is a list of JVM options, which needs to be provided to the GoCD Server, typically prefixed with -D unless otherwise stated. # Example: "-Xmx4096mb -Dfoo=bar" goServerJvmOpts: # server.env.extraEnvVars is the list of environment variables passed to GoCD Server extraEnvVars: - name: GOCD_PLUGIN_INSTALL_kubernetes-elastic-agents value: https://github.com/gocd/kubernetes-elastic-agents/releases/download/v3.4.0-196/kubernetes-elastic-agent-3.4.0-196.jar - name: GOCD_PLUGIN_INSTALL_docker-registry-artifact-plugin value: https://github.com/gocd/docker-registry-artifact-plugin/releases/download/v1.1.0-104/docker-registry-artifact-plugin-1.1.0-104.jar service: # server.service.type is the GoCD Server service type type: "NodePort" # server.service.httpPort is the GoCD Server HTTP port httpPort: 8153 # Provide the nodeHttpPort and nodeHttpsPort if you want the service to be exposed on specific ports. Without this, random node ports will be assigned. # server.service.nodeHttpPort is the GoCD Server Service Node HTTP port nodeHttpPort: # server.service.nodeHttpPort is the GoCD Server Service Node HTTPS port nodeHttpsPort: annotations: ## When using LoadBalancer service type, use the following AWS certificate from ACM ## https://aws.amazon.com/documentation/acm/ # service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123" # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "https" # service.beta.kubernetes.io/aws-load-balancer-backend-port: "https" ## When using LoadBalancer service type, whitelist these source IP ranges ## https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/ # loadBalancerSourceRanges: # - 192.168.1.10/32 ingress: # server.ingress.enabled is the toggle to enable/disable GoCD Server Ingress enabled: true # server.ingress.hosts is used to create an Ingress record. # hosts: # - ci.example.com annotations: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" tls: # - secretName: ci-example-tls # hosts: # - ci.example.com persistence: # server.persistence.enabled is the toggle for server volume persistence. enabled: true accessMode: "ReadWriteOnce" # The storage space that should be claimed from the persistent volume size: 2Gi # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing 'standard' storage class available with the default provisioner (gcd-pd on GKE, hostpath on minikube, etc). # storageClass: "-" # A manually managed Persistent Volume and Claim # If defined, PVC must be created manually before volume will be bound existingClaim: # To choose a suitable persistent volume from available static persistent volumes, selectors are used. pvSelector: # matchLabels: # volume-type: ssd name: # server.persistence.name.dockerEntryPoint name of the volume mounted at /docker-entrypoint.d/ on the server dockerEntryPoint: goserver-vol # "" for the volume root subpath: # godata is where the config, db, plugins are stored godata: godata # homego can be used for storing and mounting secrets homego: homego # custom entrypoint scripts that should be run before starting the GoCD server inside the container. dockerEntryPoint: scripts # server.persistence.extraVolumes additional server volumes extraVolumes: [] # - name: gocd-server-init-scripts # configMap: # name: gocd-server-init-scripts # defaultMode: 0755 # - name: github-key # secret: # secretName: github-key # defaultMode: 0744 # server.persistence.extraVolumeMounts additional server volumeMounts extraVolumeMounts: [] # - name: github-key # mountPath: /etc/config/keys/ # readOnly: true # - name: gocd-server-init-scripts # mountPath: /docker-entrypoint.d/ # server.hostAliases allows the modification of the hosts file inside a container hostAliases: # - ip: "192.168.1.10" # hostnames: # - "example.com" # - "www.example.com" security: ssh: # server.security.ssh.enabled is the toggle to enable/disable mounting of ssh secret on GoCD server pods enabled: false # server.security.ssh.secretName specifies the name of the k8s secret object that contains the ssh key and known hosts secretName: gocd-server-ssh # server.security.ssh.defaultMode specifies the permission of the files in ~/.ssh directory defaultMode: agent: # specifies overrides for agent specific service account creation serviceAccount: # specifies whether the top level service account (also used by the server) should be reused as the service account for gocd agents reuseTopLevelServiceAccount: false # if reuseTopLevelServiceAccount is false, this field specifies the name of an existing service account to be associated with gocd agents # If field is empty, the service account "default" will be used. name: # agent.annotations is the annotations for the GoCD Agent Deployment and Pod Spec annotations: deployment: # iam.amazonaws.com/role: arn:aws:iam::xxx:role/my-custom-role pod: # iam.amazonaws.com/role: arn:aws:iam::xxx:role/my-custom-role # Specify security settings for GoCD Agent Pod securityContext: # Specify the container user for all the GoCD agent pods runAsUser: 1000 # Specify the container group for all the GoCD agent pods runAsGroup: 0 # Specify the container supplementary group for all the GoCD agent pods fsGroup: 0 # agent.replicaCount is the GoCD Agent replicas Count. Specify the number of GoCD agents to run replicaCount: 0 # agent.preStop - array of command and arguments to run in the agent pre-stop lifecycle hook # preStop: # - "/bin/bash" # - "/disable_and_stop.sh" # agent.postStart - array of command and arguments to run in agent post-start lifecycle hook # postStart: # - "/bin/bash" # - "/agent_startup.sh" # agent.deployStrategy is the strategy explained in detail at https://kubernetes.io/docs/concepts/workloads/controllers/deployment/#strategy # agent.terminationGracePeriodSeconds is the optional duration in seconds the gocd agent pods need to terminate gracefully. # Note: SIGTERM is issued immediately after the pod deletion request is sent. If the pod doesn't terminate, k8s waits for terminationGracePeriodSeconds before issuing SIGKILL. # agent.terminationGracePeriodSeconds: 60 deployStrategy: {} image: # agent.image.repository is the GoCD Agent image name repository: "gocd/gocd-agent-alpine-3.9" # agent.image.tag is the GoCD Agent image's tag tag: # agent.image.pullPolicy is the GoCD Agent image's pull policy pullPolicy: "IfNotPresent" env: # agent.env.goServerUrl is the GoCD Server Url goServerUrl: # agent.env.agentAutoRegisterKey is the GoCD Agent auto-register key agentAutoRegisterKey: # agent.env.agentAutoRegisterResources is the GoCD Agent auto-register resources agentAutoRegisterResources: # agent.env.agentAutoRegisterEnvironments is the GoCD Agent auto-register Environments # deprecated because of a typo. Use agent.env.agentAutoRegisterEnvironments instead agentAutoRegisterEnvironemnts: # agent.env.agentAutoRegisterEnvironments is the GoCD Agent auto-register Environments agentAutoRegisterEnvironments: # agent.env.agentAutoRegisterHostname is the GoCD Agent auto-register hostname agentAutoRegisterHostname: # agent.env.goAgentJvmOpts is the GoCD Agent JVM options goAgentJvmOpts: # agent.env.goAgentBootstrapperArgs is the GoCD Agent bootstrapper args goAgentBootstrapperArgs: # agent.env.goAgentBootstrapperJvmArgs is the GoCD Agent bootstrapper JVM args goAgentBootstrapperJvmArgs: # agent.env.extraEnvVars is the list of environment variables passed to GoCD Agent extraEnvVars: persistence: # agent.persistence.enabled is the toggle for agent volume persistence. Change to true if a persistent volume is available and configured manually. enabled: false accessMode: "ReadWriteOnce" size: 1Gi # If defined, storageClassName: # If set to "-", storageClassName: "", which disables dynamic provisioning # If undefined (the default) or set to null, no storageClassName spec is # set, choosing 'standard' storage class available with the default provisioner (gcd-pd on GKE, hostpath on minikube, etc). # storageClass: "-" # A manually managed Persistent Volume and Claim # If defined, PVC must be created manually before volume will be bound existingClaim: pvSelector: # matchLabels: # app: godata-gocd-agent name: # agent.persistence.name.dockerEntryPoint name of the volume mounted at /docker-entrypoint.d/ on the agent dockerEntryPoint: goagent-vol # "" for the volume root subpath: homego: homego dockerEntryPoint: scripts # agent.persistence.extraVolumes additional agent volumes extraVolumes: [] # - name: gocd-agent-init-scripts # configMap: # name: gocd-agent-init-scripts # defaultMode: 0755 # - name: github-key # secret: # secretName: github-key # defaultMode: 0744 # agent.persistence.extraVolumeMounts additional agent volumeMounts extraVolumeMounts: [] # - name: github-key # mountPath: /etc/config/keys/ # readOnly: true # - name: gocd-agent-init-scripts # mountPath: /docker-entrypoint.d/ # specify init containers, e.g. to prepopulate home directories etc initContainers: [] # - name: download-kubectl # image: "ellerbrock/alpine-bash-curl-ssl:latest" # imagePullPolicy: "IfNotPresent" # volumeMounts: # - name: kubectl # mountPath: /download # workingDir: /download # command: ["/bin/bash"] # args: # - "-c" # - 'curl -LO https://storage.googleapis.com/kubernetes-release/release/$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl && chmod +x ./kubectl' # specify restart policy for agents restartPolicy: Always # agent.privileged is needed for running Docker-in-Docker (DinD) agents privileged: false healthCheck: # agent.healthCheck.enable is the toggle for GoCD agent health checks enabled: false # agent.healthCheck.initialDelaySeconds is the initial delays in seconds to start the health checks initialDelaySeconds: 60 # agent.healthCheck.periodSeconds is the health check interval duration periodSeconds: 60 # agent.healthCheck.failureThreshold is the health check failure threshold of GoCD agent failureThreshold: 60 security: ssh: # agent.security.ssh.enabled is the toggle to enable/disable mounting of ssh secret on GoCD agent pods enabled: false # agent.security.ssh.secretName specifies the name of the k8s secret object that contains the ssh key and known hosts secretName: gocd-agent-ssh # agent.security.ssh.defaultMode specifies the permission of the files in ~/.ssh directory defaultMode: ## Configure GoCD agent resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## resources: {} # requests: # memory: 512Mi # cpu: 300m # limits: # cpu: 100m # memory: 1024Mi # agent.hostAliases allows the modification of the hosts file inside a container hostAliases: # - ip: "192.168.1.10" # hostnames: # - "example.com" # - "www.example.com" ## Additional GoCD agent pod labels ## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/ nodeSelector: {} ## Affinity for assigning pods to specific nodes ## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ affinity: {} ## Tolerations for allowing pods to be scheduled on nodes with matching taints ## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/ tolerations: {}