Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-07 08:07:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
af80b83ff2c8be58fa21836d4ba6abb3dd0c4367
charts/bitnami/concourse/values.yaml
Bitnami Containers d09ed9fa48 [bitnami/concourse] Release 0.1.6 updating components versions 
Signed-off-by: Bitnami Containers <containers@bitnami.com>
2021-09-17 08:55:15 +00:00

1235 lines
48 KiB
YAML
Raw Blame History

## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## @section Common parameters
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## @section Common Concourse Parameters
##
## Bitnami Concourse image
## ref: https://hub.docker.com/r/bitnami/redis/tags/
## @param image.registry image registry
## @param image.repository image repository
## @param image.tag image tag (immutable tags are recommended)
## @param image.pullPolicy image pull policy
## @param image.pullSecrets image pull secrets
##
image:
registry: docker.io
repository: bitnami/concourse
tag: 7.5.0-debian-10-r0
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## For managing secrets using Helm
##
secrets:
localAuth:
## @param secrets.localAuth.enabled the use of local authentication (basic auth).
## Once enabled, users configured through `local-users` (secret)
## are able to authenticate.
## Ref: https://concourse-ci.org/local-auth.html
##
enabled: true
## @param secrets.teamAuthorizedKeys [array] Array of team names and public keys for team external workers. A single
## team can have many keys defined in the key field.
##
## Example:
## - team: main
## key: |-
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDzpK/sIOtL9SCjAWrvO8QvknzYbnXvP/BljTQFNLwzsPqawqTk3FqUIsEjsq4clV3nwADK8Iq9A/xRlPR+ANhoGDPDv34FsWz5qKcXV7aXcOma8vyU4MJPjveXcZX7FjwztGoRIND9CXlLCDuYeIwBxCcnBBAwQFZuCmEXcqwsRbCve1KkswV1yr9yvmNaKNKTkJGo+7wGyShjzkfqijYCdwYbUWpSB0/tOGszBONtKE6FyJUmVtBgj+CAGZtj1AxGBbMnxxV
##
## Make sure to chack the security caveats here: https://concourse-ci.org/teams-caveats.html
## Extra Reads: https://github.com/concourse/concourse/issues/1865#issuecomment-464166994
## https://concourse-ci.org/global-resources.html#complications-with-reusing-containers
##
teamAuthorizedKeys: []
## @param secrets.localUsers List of `username:password` or `username:bcrypted_password` combinations for all your local concourse users. Auto-generated if not set
## For details of expected format, see https://concourse-ci.org/local-auth.html
##
localUsers: ""
## @param secrets.hostKey [string] Concourse Host Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/install.html#generating-keys
##
hostKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA2AUPXxuiDC/qrBWjIdT5fvNcMlMEYpR3X4SLQIgLC1ULDsCO
fleKZ+Wi4RzwbkUKiKmJm5GeyNVVCDdfvdD1Sd1+5faqmp2/OQBzLS7o8NY/btMw
8h9lx4KVJaJJ1EM1EiyGY41Nx591KP14pBfr0/NdOIrDu2JvF6e7CHEbrzkN57kb
BVQkaIMaS01Rw/5Oe68GFalli2ii8L8dNWVVzquBh5PwVWimvTgwv3TYG2TH8L1V
V7n+/zRRpkjMl2+PUouGqD+Bp+4wF+hp4AW5v24CqjtLJEMv4IEJv2FRfrOauBIZ
XjAS1SSg9VaTOS3iwxaYrv8uG1XfMFHICvkEPQIDAQABAoIBAG87W8jrX6vK2Jm3
ooJ/OeFmymiXWsCwFi+2/kVCR/2T0tfLyxO/W+NX2WD1F9CP+HaaZeMXPp3HS7up
V8FT4ZohVYBwXTS0WYyucKApcYThrVQRpzhldnEfClGQmVeVK7Sp/KEyV4Sc1SVA
L2i/cI142N2Ohm7spquVkLcuFsVINzZ0fXCv25dTqbkEgjTJzNdBzyFXvc4z0Mt9
gW14M7mz+YKYOfsCxIEm438fC9b16C96yIFBdN+/jaP8pmb2RoIE2D0F8bj5K1hR
YyGFKMOU4e6cYq59iWfubKuu2WNJEBk/5aO7x7Xu2S0k8wIYlwxFuu4LfR2Kvizu
+mFVf3kCgYEA9e0+40tJGpOPM8hAB3DwXjYc8lCuyYf3z30T3RqVNCUVSWnlaj/s
3ENi6+Ng3u+Zs8cR2CFou+jAClTyWLuSnI9yACD0eyW9n4bzYMUbgdC6vneLjpzx
wWR9Xv5RmZVly7xWuqcgEeEf8RNcYI3oXby0laF3EObvuAx/4ETIkFcCgYEA4N42
w1UEWGopWBIIXYHkEPHQuF0SxR2CZyh9ExTeSxFphyibkcHRjDW+t91ZLnSm5k1N
TOdYuc0ApBV3U+TexeFvDI94L/Oze6Ht5MatRQz8kRwMFGJL3TrpbgTmWdfG05Ad
oiScJzwY16oJXnKusxik7V+gCCNNE0/2UuMnY4sCgYAEf82pvOPef5qcGOrK+A79
ukG3UTCRcVJgUmp9nhHivVbxW+WdlwPPV9BEfol0KrAGMPsrmBjhbzWsOregVfYt
tRYh2HiAlEUu2Po06AZDzrzL5UYBWu+1WRBOH5sAk1IkcxKnIY2dph++elszTQVW
SbCIGEckYQU7ucbRJJECywKBgBb4vHFx8vKxTa3wkagzx7+vZFohL/SxEgxFx5k2
bYsPqU8kZ9gZC7YeG3CfDShAxHgMd5QeoiLA/YrFop4QaG2gnP6UfXuwkqpTnYDc
hwDh1b9hNR6z9/oOtaAGoh2VfHtKYqyYvtcHPaZyeWiLoKstHlQdi7SpHouVhJ1t
FS4HAoGAGy+56+zvdROjJy9A2Mn/4BvWrsu4RSQILBJ6Hb4TpF46p2fn0rwqyhOj
Occs+xkdEsI9w5phXzIEeOq2LqvWHDPxtdLpxOrrmx4AftAWdM8S1+OqTpzHihK1
y1ZOrWfvON+XjWFFAEej/CpQZkNUkTzjTtSC0dnfAveZlasQHdI=
-----END RSA PRIVATE KEY-----
## @param secrets.hostKeyPub [string] Concourse Host Keys.
##
hostKeyPub: |-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
## @param secrets.sessionSigningKey [string] Concourse Session Signing Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/concourse-generate-key.html
##
sessionSigningKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwLql/rUIaI+PX7Tl3FWcTee4sQf8/daakALXx955tPwkhqlY
e4T2V84p/ylFvNWpM4vfcMYKfMY0JLKgAgBvJhCytSkDBhTBoWmN6yE0AB11P9En
lIZRBWNYqaC2cSge2ZD8qOSnwfFhnQAW8+7pE+ElJAVh7dtdF3A478H50lIigq8I
zMWp2EGJpFC7/Uu36oIL/03MNGCmrH1jvtTuJiAMQUZYyL1ReBkvvHOzw9i4HXPy
SMVtcllm4NBs2aVPtwhr2kwSkLt8t1bPdRn6OIyEAw5WktzAKaiZnkTvj6g3xzdp
zKcrdlBr9aznlNvoSinBUfvtwyFmvFN1HHbA9wIDAQABAoIBAE7G/DrUfI9gvtX7
90jMpYsigFe8UCjho2PiBZlo0o6r0bJJXiV+/8J8PqZRlHPPUc4EClzqVjcSPRYS
/VxUGRqSELoD/Xxq14rGvn+xnrO9VsOzFl6bWFq/dOpBCtHN+G4t2VifvgKES8YE
11z19sdta+UBXjn/RFnkQSGfRCI3QqTaYvjxevt0uWlyPmqkFPQQw8bvHIXzoB+B
rzeiMa++nMvbX5pAH9XA0BvhyuH3fHidTUwiVBpkMcpLWtjP0A0JTsecDdbinDDq
un2EIo8zMWRwKQN/JnUxsi8AUEigBTCUqeDgREXtW62uvFkSpcVMXwmVityLYIVy
qnVLUCECgYEA6IwXkP1qnSfcNeoVI/ypDuz1/kdqcjSPhLYe+jdiLLoFkMW9AlDm
lzwNaWlTFD9ygo+NjJCo63/A8HCm55sajws5hZ6r20vdZcKFMk9h0qF5oVA7lkQ2
gvG2WaznuU7KkqhfP+pXhiLgZKoJkst/+g7r6uHpredwDY6hxeBK4vsCgYEA1CqH
8ywC5qUo/36kQg/TU2adN/YEHdJAAbU23EVrGQSVmnXW08H2NLFk0tsxrwoNnbgp
PIk2J7BimbJvbND17ibr4GAklDTsR8aJkDl+0JgNCAK9N07qVt1s7FXzhg95jUL9
EQW55z60GAJpecqNwA4Jsa8P852N0355Obp92TUCgYBkOBvf7JcJ66fHxH4f6D+j
oxPQ5k5Fsck4VJS9GSlCRVkor09ptBvsiYDuMOoRC9b51YwXTDDAbWplNOd5YSrt
AtVjdKJz/BoKRO7KY9Owxs54au+DLxqfDDSeKRokjoRW+CE0lnXp5RX3zCAcF3+r
8MpTi9D9lYSBEzs84BDmCQKBgQCMcH6/K3HcJJVn0fd+tyUGftUw9sswxjySJNbk
pZrH263/qWMDls+Xf5kire9MU1ZCAWZiaN0NFoed/2wcVpGEDAV0548u/30r4bKr
YjOcdhmiJNYFJ1qdF0MDib2CDvpB1IbZXrX46RujDO2urbJ435HxKNVhR/had8xc
tyKYxQKBgCVDhN0MhnlUQJVZfX42APmF4gQg0r3sfL/NGXjEjMIKKFe5a88eZVHr
L8x1+dp0q7czC8a/l1DUuiwDKl8OEpxLsGCq/J/wAfrSMPifu6EUlbUwlJOPdgha
+p/KFAelHXJ2w/8yackAcarh35VP7ixhuvxswHNdgvfsBTFcjn30
-----END RSA PRIVATE KEY-----
## @param secrets.workerKey [string] Concourse Worker Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/concourse-generate-key.html
##
workerKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuPehUmBXAQCoA7TLAQCYhf+vzcZVyj+VGXnMhLHnWLk7dRjo
CU8GgNamdS5h7G3ywxOvKA3YjOLr8XyOMLS4c+e8N7tIzlMWdiXhe0lcBH9Z1ai5
+Bof3/BlDUBksiKdc1A+QcfX6tDwMkOO5re1H4vOK3H/Cype58wCB03HYNgb05ED
fW1Bj2qvz29VtmyjwEMuDs100iMqwCfPUx9oxXmmX8sUBRmw/Y1Rx/8pdKIjKw3m
kWIHHBOSCPimO1qC47Aa8v/UH9hERCykyuFHiBiKlnIvZWm9bYvhsRTz4gt5KzRY
6OI0oVeHlLOHDSK48Da8VWij15lOqO2Nx6WssQIDAQABAoIBADET22UNFOi6MNpS
5S5N5ypezlnOD0NLnZcV3zMyNQ0wkNsgEakuo64Zxi7/cJIYFjq2hVoeWl//cdUw
VFYODYcLbMBo3AeKukH9CRf6PgUfeUmcrENtQxnbIiTi+hTd5GMNXod7rAmtCJ59
mHQVOGS3ZqvWYnKm+mmMktk3RPinynX/A4y3WHPacuAS58HM09Ck43WcHMxbGpsL
/gZpICyFYZ2DviM+AHyWGcmw7LJrpC0QHo6+BAFMs4xlUecNgVIFUpfOoAcfsdtG
K9j4AbuZ47iFisbay+1pyg/7O5eRTdGVQRtc7PBMOjea5jGsfmlDmdn1ZS50ykun
ANfoQ5UCgYEA9Ak73PRy9nLlRkt4OBCF/4fwThUCMedsnWaVjQBMJYim4FB2ivF5
cKdWt3y/RZI85KKYu0EXhLEoSIEAfz057R8t3QdVK4tZx6B47UFjBjCYeVMtwHDQ
prxQiOPHIHCplBNFuGzA5VXL9gQLRD+ek0uOy2GJJ0Wu1xyeouI+SW8CgYEAwgkO
TOtOogqmcAALjWgeeQiZetflSKbJlpQNhmCPAMm0SFI8eF4SpRXLzd41VC2mLIwT
L3tjc7/8ocXoElFM4L0fo9Lx/SHFH4JEn5FT0PXPmvsF2JRhsXJFLJSihxF/91Xs
2aBcQILPFzLcrI6OFUakNwGTU/CIxpkzRvQrG98CgYEAzNVnUuo4CNadzagRK3Xr
E3Yl5VRK+FpY17FAfA6w25xc/dFr/un61e0Po4no/ltmEz7LVfmn5O/ScTEemq5o
jbjrBShfe+JGpIH0nqiQlqR5hvSjZXEMIbfVHWGbRYZrQGgA0HEwZA7k2QXB8zI3
R0lXfSzMM5OQ0uwp12xxfa8CgYBHILq1R6zTicPpWprhg0FobNaWSX4rW7iaEjvC
/rJtP4Nu33Z7SUDcc1j6ZnJ2ISXBPrfpt/mE/OPHCZ1A2bysxadLjpBWkoKIQmCV
fdiTyQgJb+t8sSf+vDzPUs0hZjDaogzo2ff3TfxMLMDoIHnFItgfsdwn8QyygIZj
hC4pUQKBgQDqsxnkI6yXFE5gshnW7H8zqKNlzKd/dZEL6e+lRz4R3UY/KcEkRAfq
Yi3cwo9fE3U3kSmpl5MQwUjWm/BZ7JyueoY/4ndwaFPgc34IKsgJ0wau9pZiQAB1
DxpOSF+BR71Jx3sxvIdCODNTtm645j5yrZVnJAuMPofo5XFmunDoJA==
-----END RSA PRIVATE KEY-----
## @param secrets.workerKeyPub [string] Concourse Worker Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
##
workerKeyPub: |-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC496FSYFcBAKgDtMsBAJiF/6/NxlXKP5UZecyEsedYuTt1GOgJTwaA1qZ1LmHsbfLDE68oDdiM4uvxfI4wtLhz57w3u0jOUxZ2JeF7SVwEf1nVqLn4Gh/f8GUNQGSyIp1zUD5Bx9fq0PAyQ47mt7Ufi84rcf8LKl7nzAIHTcdg2BvTkQN9bUGPaq/Pb1W2bKPAQy4OzXTSIyrAJ89TH2jFeaZfyxQFGbD9jVHH/yl0oiMrDeaRYgccE5II+KY7WoLjsBry/9Qf2ERELKTK4UeIGIqWci9lab1ti+GxFPPiC3krNFjo4jShV4eUs4cNIrjwNrxVaKPXmU6o7Y3Hpayx Concourse
## @param secrets.workerAdditionalCerts Additional certificates to add to the worker nodes
##
workerAdditionalCerts: ""
## @section Concourse Web parameters
##
web:
## @param web.enabled Enable web
##
enabled: true
## @param web.replicaCount Number of web replicas to deploy
##
replicaCount: 1
## @param web.args Override default args of the startup command for the web component.
##
args: []
## @param web.baseUrl url
##
baseUrl: /
## @param web.logLevel Minimum level of logs to see. Possible options: debug, info, error.
##
logLevel: debug
## @param web.clusterName A name for this Concourse cluster, to be displayed on the dashboard page.
##
clusterName: ""
## @param web.bindIp IP address on which to listen for HTTP traffic (web UI and API).
##
bindIp: 0.0.0.0
## @param web.containerPort Port on which to listen for HTTP traffic (web UI and API).
##
containerPort: 8080
## @param web.peerAddress Network address of this web node, reachable by other web nodes.
## Used for forwarded worker addresses. (default: $POD_IP)
##
peerAddress: ""
## @param web.externalUrl URL used to reach any ATC from the outside world.
## This is *very* important for a proper authentication workflow as
## browser redirects are based on the value set here.
##
## Example: http://ci.concourse-ci.org
##
externalUrl: ""
## @param web.enableAcrossStep Enable the experimental across step to be used in jobs. The API is subject to change.
##
enableAcrossStep: false
## @param web.enablePipelineInstances Enable the creation of instanced pipelines.
##
enablePipelineInstances: false
## @param web.enableCacheStreamedVolumes Enable caching streamed resource volumes on the destination worker.
##
enableCacheStreamedVolumes: false
## Configure extra options for web container liveness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param web.livenessProbe.enabled Enable livenessProbe on web nodes
## @param web.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param web.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param web.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param web.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param web.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## Configure extra options for web container readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param web.readinessProbe.enabled Enable readinessProbe on web nodes
## @param web.readinessProbe.enabled Enable readinessProbe
## @param web.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param web.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param web.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param web.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param web.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## @param web.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param web.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## web resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## @param web.resources.limits The resources limits for the web containers
## The requested resources for the web containers
## @param web.resources.requests The requested for the web containers
## resources:
## limits: {}
## requests:
## cpu: "100m"
## memory: "128Mi"
##
resources:
limits: {}
requests: {}
## RBAC parameters
##
rbac:
## @param web.rbac.create Specifies whether RBAC resources should be created
##
create: true
## ServiceAccount parameters
##
serviceAccount:
## @param web.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param web.serviceAccount.name Override Web service account name
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param web.tls.enabled enable serving HTTPS traffic directly through the web component.
## @param web.tls.containerPort on which to listen for HTTPS traffic.
##
tls:
enabled: false
containerPort: 443
## @param web.existingConfigmap The name of an existing ConfigMap with your custom configuration for web
##
existingConfigmap: ""
## @param web.command Override default container command (useful when using custom images)
##
command: []
## @param web.hostAliases Deployment pod host aliases
##
hostAliases: []
## @param web.podLabels Extra labels for web pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.podSecurityContext.enabled Enabled web pods' Security Context
## @param web.podSecurityContext.fsGroup Set web pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.containerSecurityContext.enabled Enabled web containers' Security Context
## @param web.containerSecurityContext.runAsUser Set web containers' Security Context runAsUser
##
containerSecurityContext:
enabled: true
runAsUser: 1001
## @param web.psp.create Specifies whether a PodSecurityPolicy should be created (set `psp.create` to `true` to enable it)
##
psp:
create: false
tsa:
## Enable this flag in order to customize the `client_id` and
## `client_secret` used when the TSA needs to communicate with the ATC.
##
## @param web.tsa.logLevel Minimum level of logs to see. Possible values: debug, info, error.
##
logLevel: debug
## @param web.tsa.bindIp IP address on which to listen for SSH.
##
bindIp: 0.0.0.0
## @param web.tsa.containerPort Port on which to listen for SSH.
##
containerPort: 2222
## @param web.tsa.debugbindIp IP address on which to listen for the pprof debugger endpoints (default: 127.0.0.1)
##
debugbindIp: 127.0.0.1
## @param web.tsa.debugContainerPort Port on which to listen for TSA pprof server.
##
debugContainerPort: 2221
## @param web.tsa.heartbeatInterval Interval on which to heartbeat workers to the ATC.
##
heartbeatInterval: 30s
## @param web.tsa.gardenRequestTimeout How long to wait for requests to Garden to complete. 0 means no timeout.
##
gardenRequestTimeout: ""
## @param web.configRBAC set RBAC configuration
##
configRBAC: ""
## Force sending secure flag on http cookies
##
auth:
##
## @param web.auth.cookieSecure use cookie secure true or flase
##
cookieSecure: false
## @param web.auth.duration Length of time for which tokens are valid. Afterwards, users will have to log back in.
## The value must be specified as Go duration values (e.g.: 30m or 24h).
##
duration: 24h
## @param web.auth.passwordConnector The connector to use for password authentication for `fly login -u ... -p ...`.
## Either "local" or "ldap". Defaults to "local".
##
passwordConnector: ""
mainTeam:
## @param web.auth.mainTeam.config Configuration file for specifying the main teams params.
## Ref: https://concourse-ci.org/managing-teams.html#setting-roles
## Example:
## config: |
## roles:
## - name: owner
## local:
## users: ["admin"]
## - name: member
## local:
## users: ["test"]
##
config: ""
## @param web.auth.mainTeam.localUser Comma-separated list of local Concourse users to be included as members of the `main` team.
## Make sure you have local users support enabled (`concourse.web.localAuth.enabled`) and
## that the users were added (`secrets.localUsers`).
##
localUser: "user"
## @param web.podAnnotations Annotations for web pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param web.podAffinityPreset Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param web.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node web.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param web.nodeAffinityPreset.type Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param web.nodeAffinityPreset.key Node label key to match. Ignored if `web.affinity` is set
##
key: ""
## @param web.nodeAffinityPreset.values Node label values to match. Ignored if `web.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param web.affinity Affinity for web pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `web.podAffinityPreset`, `web.podAntiAffinityPreset`, and `web.nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param web.nodeSelector Node labels for web pods assignment
## ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param web.tolerations Tolerations for web pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param web.updateStrategy.type web statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
## StrategyType
## Can be set to RollingUpdate or OnDelete
##
type: RollingUpdate
## @param web.priorityClassName web pods' priorityClassName
##
priorityClassName: ""
## @param web.lifecycleHooks for the web container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param web.extraEnvVars Array with extra environment variables to add to web nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
## @param web.baseResourceTypeDefaults Configuration file for specifying defaults for base resource types
## Ref: https://concourse-ci.org/concourse-web.html#resource-defaults
## Example:
## baseResourceTypeDefaults: |
## registry-image:
## registry_mirror:
## host: https://registry.mirror.example.com
##
baseResourceTypeDefaults: ""
extraEnvVars: []
## @param web.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for web nodes
##
extraEnvVarsCM: ""
## @param web.extraEnvVarsSecret Name of existing Secret containing extra env vars for web nodes
##
extraEnvVarsSecret: ""
## @param web.extraVolumes Optionally specify extra list of additional volumes for the web pod(s)
##
extraVolumes: []
## @param web.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the web container(s)
##
extraVolumeMounts: []
## @param web.sidecars Add additional sidecar containers to the web pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param web.initContainers Add additional init containers to the web pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param web.existingSecret Use an existing secret for the Web service credentials
##
existingSecret: ""
## @section Concourse Worker parameters
##
worker:
## @param worker.enabled Enable worker nodes
##
enabled: true
## @param worker.replicaCount Number of worker replicas
##
replicaCount: 2
## @param worker.mode Selects kind of Deployment. Valid Options are: statefulSet | deployment
## Using Deployment leads to ephemeral workers. Meaning workers do not
## share state between restarts
##
mode: deployment
## @param worker.logLevel Minimum level of logs to see. Possible options: debug, info, error
##
logLevel: debug
## @param worker.command Override default container command (useful when using custom images)
##
command: []
## @param worker.args Override worker default args
##
args: []
## @param worker.bindIp IP address on which to listen for the Garden server.
##
bindIp: 127.0.0.1
## @param worker.containerPort Port on which to listen for the Garden server.
##
containerPort: 7777
## @param worker.healthCheckContainerPort Port on which to listen for the healh checks.
##
healthCheckContainerPort: 8888
tsa:
## @param worker.tsa.hosts TSA host(s) to forward the worker through.
## Only used for worker-only deployments.
##
hosts: []
## RBAC parameters
##
rbac:
## @param worker.rbac.create Specifies whether RBAC resources should be created
##
create: true
## ServiceAccount parameters
##
serviceAccount:
## @param worker.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param worker.serviceAccount.name Override Worker service account name
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## Enable HorizontalPodAutoscaler for worker pods
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
## @param worker.autoscaling.enabled Enable autoscaling for the worker nodes
## @param worker.autoscaling.maxReplicas Set maximum number of replicas to the worker nodes
## @param worker.autoscaling.minReplicas Set minimum number of replicas to the worker nodes
## @param worker.autoscaling.builtInMetrics Array with built-in metrics
## @param worker.autoscaling.customMetrics Array with custom metrics
##
autoscaling:
enabled: false
maxReplicas: ""
minReplicas: ""
builtInMetrics: []
customMetrics: []
## Concourse Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
##
pdb:
create: true
## @param worker.pdb.create Create Pod disruption budget object for worker nodes
## @param worker.pdb.minAvailable Minimum number of workers available after an eviction
##
minAvailable: 2
## Configures the liveness probe used to determine if the Worker component is up.
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
## @param worker.livenessProbe.enabled Enable livenessProbe on worker nodes
## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param worker.livenessProbe.successThreshold Failure threshold for livenessProbe
##
livenessProbe:
enabled: true
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
## @param worker.readinessProbe.enabled Enable readiness probe on worker nodes
## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe
## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/
##
readinessProbe:
enabled: true
failureThreshold: 5
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
successThreshold: 1
## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param worker.resources.limits Configure resource limits.
## @param worker.resources.requests Configure resource request
## resources:
## limits: {}
## requests:
## cpu: "100m"
## memory: "512Mi"
## Ref: https://kubernetes.io/docs/user-guide/compute-resources/
##
resources:
limits: {}
requests: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.podSecurityContext.enabled Enabled worker pods' Security Context
## @param worker.podSecurityContext.fsGroup Set worker pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context
## @param worker.containerSecurityContext.privileged Set worker containers' Security Context with privileged or not
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context user
##
containerSecurityContext:
enabled: true
privileged: true
runAsUser: 0
## @param worker.psp.create Specifies whether a PodSecurityPolicy should be created (set `psp.create` to `true` to enable it)
##
psp:
create: false
## @param worker.podLabels Custom labels for worker pods
##
podLabels: {}
## @param worker.podAnnotations Annotations for worker pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## @param worker.podAntiAffinityPreset Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## @param worker.hostAliases Deployment pod host aliases
##
hostAliases: []
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## @param worker.nodeAffinityPreset.type Node affinity type
## Allowed values: soft, hard
##
type: ""
## @param worker.nodeAffinityPreset.key Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param worker.nodeAffinityPreset.values [array] Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param worker.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param worker.nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
##
nodeSelector: {}
## @param worker.tolerations Tolerations for worker pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
## Note: this configuration supersedes the global tolerations configuration
##
tolerations: []
## @param worker.updateStrategy.type worker statefulset strategy type
## StrategyType
## Can be set to RollingUpdate or OnDelete
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
## @param worker.priorityClassName worker pods' priorityClassName
##
priorityClassName: ""
## @param worker.lifecycleHooks for the worker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param worker.extraEnvVars Array with extra environment variables to add to worker nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for worker nodes
##
extraEnvVarsCM: ""
## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for worker nodes
##
extraEnvVarsSecret: ""
## @param worker.extraVolumes Optionally specify extra list of additional volumes for the worker pod(s)
##
extraVolumes: []
## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the worker container(s)
##
extraVolumeMounts: []
## @param worker.sidecars Add additional sidecar containers to the worker pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param worker.initContainers Add additional init containers to the worker pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param worker.existingSecret name of an existing secret resource containing the keys and the pub
##
existingSecret: ""
baggageclaim:
## @param worker.baggageclaim.logLevel Minimum level of logs to see. Possible values: debug, info, error
##
logLevel: info
## @param worker.baggageclaim.bindIp IP address on which to listen for API traffic.
##
bindIp: 127.0.0.1
## @param worker.baggageclaim.containerPort Port on which to listen for API traffic.
##
containerPort: 7788
## @param worker.baggageclaim.debugbindIp IP address on which to listen for the pprof debugger endpoints.
##
debugbindIp: 127.0.0.1
## @param worker.baggageclaim.debugContainerPort Port on which to listen for baggageclaim pprof server.
##
debugContainerPort: 7787
## @param worker.baggageclaim.disableUserNamespaces Disable remapping of user/group IDs in unprivileged volumes.
##
disableUserNamespaces: ""
## @param worker.baggageclaim.volumes Directory in which to place volume data.
##
volumes: ""
## @param worker.baggageclaim.driver Driver to use for managing volumes.
## Possible values: detect, naive, btrfs, and overlay.
##
driver: ""
## @param worker.baggageclaim.btrfsBin Path to btrfs binary
##
btrfsBin: btrfs
## @param worker.baggageclaim.mkfsBin Path to mkfs.btrfs binary
##
mkfsBin: mkfs.btrfs
## @param worker.baggageclaim.overlaysDir Path to directory in which to store overlay data
##
overlaysDir: ""
## If true, use a Persistent Volume Claim, If false, use emptyDir
## @param worker.persistence.enabled Enable persistence using Persistent Volume Claims
##
persistence:
enabled: true
## Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
## @param worker.persistence.storageClass Persistent Volume storage class
##
storageClass: ""
## @param worker.persistence.annotations Persistent Volume Claim annotations
##
annotations: {}
## Persistent Volume Access Mode
##
## @param worker.persistence.accessModes [array] Persistent Volume access modes
##
accessModes:
- ReadWriteOnce
## Persistent Volume size
##
## @param worker.persistence.size Persistent Volume size
##
size: 8Gi
## @param worker.persistence.selector Additional labels to match for the PVC
## e.g:
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## @section Traffic exposure parameters
##
service:
web:
## @param service.web.type For minikube, set this to ClusterIP, elsewhere use LoadBalancer or NodePort
## Ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
##
type: LoadBalancer
## @param service.web.port Service HTTP port
##
port: 80
## @param service.web.tlsPort Service HTTPS port
##
tlsPort: 443
## @param service.web.clusterIP When using `service.web.type: ClusterIP`, sets the user-specified cluster IP.
## Example: 172.217.1.174
##
clusterIP: ""
## @param service.web.loadBalancerIP When using `service.web.type: LoadBalancer`, sets the user-specified load balancer IP.
## Example: 172.217.1.174
##
loadBalancerIP: ""
## @param service.web.labels Additional Labels to be added to the web api service.
##
labels: {}
## @param service.web.annotations Annotations to be added to the web api service.
##
##
## When using `service.web.type: LoadBalancer` in AWS, enable HTTPS with an ACM cert:
##
## service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123"
## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
## service.beta.kubernetes.io/aws-load-balancer-backend-port: "api"
## service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
##
annotations: {}
## @param service.web.loadBalancerSourceRanges When using `service.web.type: LoadBalancer`, restrict access to the load balancer to particular IPs
## Example:
## - 192.168.1.10/32
##
loadBalancerSourceRanges: []
## @param service.web.nodePort When using `service.web.type: NodePort`, sets the nodePort for api
##
nodePort: ""
## @param service.web.tlsnodePort When using `service.web.type: NodePort`, sets the nodePort for api tls
##
tlsnodePort: ""
## @param service.web.externalTrafficPolicy Set service externalTraffic policy
##
externalTrafficPolicy: ""
workerGateway:
## @param service.workerGateway.type For minikube, set this to ClusterIP, elsewhere use LoadBalancer or NodePort
## Ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
##
type: ClusterIP
## @param service.workerGateway.clusterIP When using `service.workerGateway.type: ClusterIP`, sets the user-specified cluster IP.
## Example: 172.217.1.174
##
clusterIP: ""
## @param service.workerGateway.port Service HTTP port
##
port: 2222
## @param service.workerGateway.loadBalancerIP When using `service.workerGateway.type: LoadBalancer`, sets the user-specified load balancer IP.
## Example: 172.217.1.174
##
loadBalancerIP: ""
## @param service.workerGateway.labels Additional Labels to be added to the web workerGateway service.
##
labels: {}
## @param service.workerGateway.annotations Annotations to be added to the web workerGateway service.
##
## When using `service.workerGateway.type: LoadBalancer` in AWS, enable HTTPS with an ACM cert:
##
## service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123"
## service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
## service.beta.kubernetes.io/aws-load-balancer-backend-port: "http"
## service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
##
annotations: {}
## @param service.workerGateway.loadBalancerSourceRanges When using `service.workerGateway.type: LoadBalancer`, restrict access to the load balancer to particular IPs
## Example:
## - 192.168.1.10/32
##
loadBalancerSourceRanges: []
## @param service.workerGateway.nodePort When using `service.workerGateway.type: NodePort`, sets the nodePort for tsa
##
nodePort: ""
## Ingress parameters
##
ingress:
## @param ingress.enabled Ingress configuration enabled
## Ref: https://kubernetes.io/docs/user-guide/ingress/
##
## Enable Ingress.
##
enabled: false
## @param ingress.certManager Add annotations for cert-manager
##
certManager: false
## @param ingress.annotations Annotations to be added to the web ingress.
## Example:
## kubernetes.io/ingress.class: nginx
## kubernetes.io/tls-acme: 'true'
##
annotations: {}
## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled.
## `hosts` sets up the Ingress with default rules per provided hostname.
## @param ingress.hostname Hostename for the Ingress object
##
hostname: concourse.local
## @param ingress.path The Path to Concourse
##
path: /
## @param ingress.rulesOverride Ingress rules override
## Either `hosts` or `rulesOverride` must be provided if Ingress is enabled.
## `rulesOverride` allows the user to define the full set of ingress rules, for more complex Ingress setups.
##
rulesOverride: []
## @param ingress.tls TLS configuration.
## Secrets must be manually created in the namespace.
## Example:
## - secretName: concourse-web-tls
## hosts:
## - concourse.domain.com
##
tls: false
## @param ingress.pathType Ingress Path type
##
pathType: ImplementationSpecific
## @param ingress.extraHosts The list of additional hostnames to be covered with this ingress record.
## Most likely the hostname above will be enough, but in the event more hosts are needed, this is an array
## extraHosts:
## - name: concourse.local
## path: /
##
extraHosts: []
## @param ingress.extraTls The tls configuration for additional hostnames to be covered with this ingress record.
## see: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## extraTls:
## - hosts:
## - concourse.local
## secretName: concourse.local-tls
##
extraTls: []
## @param ingress.secrets If you're providing your own certificates, please use this to add the certificates as secrets
## key and certificate should start with -----BEGIN CERTIFICATE----- or
## -----BEGIN RSA PRIVATE KEY-----
##
## name should line up with a tlsSecret set further up
## If you're using cert-manager, this is unneeded, as it will create the secret for you if it is not set
##
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## Example:
## - name: concourse.local-tls
## key:
## certificate:
##
secrets: []
## @section Init Container Parameters
##
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume mountpoint to runAsUser:fsGroup values from the securityContext section.
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner/group of the PV mount point to `runAsUser:fsGroup`
##
enabled: false
## Bitnami Shell image
## ref: https://hub.docker.com/r/bitnami/bitnami-shell/tags/
## @param volumePermissions.image.registry Bitnami Shell image registry
## @param volumePermissions.image.repository Bitnami Shell image repository
## @param volumePermissions.image.tag Bitnami Shell image tag (immutable tags are recommended)
## @param volumePermissions.image.pullPolicy Bitnami Shell image pull policy
## @param volumePermissions.image.pullSecrets Bitnami Shell image pull secrets
##
image:
registry: docker.io
repository: bitnami/bitnami-shell
tag: 10-debian-10-r195
pullPolicy: Always
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container's resource requests and limits
## ref: http://kubernetes.io/docs/user-guide/compute-resources/
## @param volumePermissions.resources.limits The resources limits for the init container
## @param volumePermissions.resources.requests The requested resources for the init container
##
resources:
limits: {}
requests: {}
## Init container Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param volumePermissions.containerSecurityContext.enabled Enable init container's Security Context
## @param volumePermissions.containerSecurityContext.runAsUser Set init container's Security Context runAsUser
## NOTE: when runAsUser is set to special value "auto", init container will try to chown the
## data folder to auto-determined user&group, using commands: `id -u`:`id -G | cut -d" " -f2`
## "auto" is especially useful for OpenShift which has scc with dynamic user ids (and 0 is not allowed)
##
containerSecurityContext:
enabled: true
runAsUser: 1001
## @section PostgreSQL sub-chart configuration
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/master/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.nameOverride Override Concourse Postgresql name
## @param postgresql.postgresqlUsername Concourse Postgresql username
## @param postgresql.postgresqlDatabase Concourse Postgresql database
## @param postgresql.existingSecret Name of an existing secret containing the PostgreSQL password ('postgresql-password' key)
##
postgresql:
enabled: true
nameOverride: ""
postgresqlUsername: bn_concourse
postgresqlDatabase: bitnami_concourse
## In case of postgresql.enabled = true, allow the usage of existing secrets for postgresql
##
existingSecret: ""
## @section External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.user non-root Username for Airflow Database
## @param externalDatabase.password Database password
## @param externalDatabase.existingSecret Name of an existing secret resource containing the DB password
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the DB password
## @param externalDatabase.database Database name
## @param externalDatabase.port Database port number
##
externalDatabase:
## All of these values are only used when postgresql.enabled is set to false
## Database host
##
host: localhost
## non-root Username for concourse Database
##
user: bn_concourse
## Database password
##
password: ""
## Name of an existing secret resource containing the DB password
##
existingSecret: ""
## Name of an existing secret key containing the DB password
##
existingSecretPasswordKey: ""
## Database name
##
database: bitnami_concourse
## Database port number
##
port: 5432
Reference in New Issue View Git Blame Copy Permalink