Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-02-11 21:07:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
e146c733d45273a58affc0eef25a030d76b1c612
charts/bitnami/concourse/values.yaml
Carlos Rodríguez Hernández a5e4bd0e35 Replace VMware by Broadcom copyright text (#25306) 
Signed-off-by: Carlos Rodríguez Hernández <carlosrh@vmware.com>
2024-04-25 12:44:38 +02:00

1496 lines
67 KiB
YAML
Raw Blame History

# Copyright Broadcom, Inc. All Rights Reserved.
# SPDX-License-Identifier: APACHE-2.0
## @section Global parameters
## Global Docker image parameters
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
## @param global.imageRegistry Global Docker image registry
## @param global.imagePullSecrets Global Docker registry secret names as an array
## @param global.storageClass Global StorageClass for Persistent Volume(s)
##
global:
imageRegistry: ""
## E.g.
## imagePullSecrets:
## - myRegistryKeySecretName
##
imagePullSecrets: []
storageClass: ""
## Compatibility adaptations for Kubernetes platforms
##
compatibility:
## Compatibility adaptations for Openshift
##
openshift:
## @param global.compatibility.openshift.adaptSecurityContext Adapt the securityContext sections of the deployment to make them compatible with Openshift restricted-v2 SCC: remove runAsUser, runAsGroup and fsGroup and let the platform use their allowed default IDs. Possible values: auto (apply if the detected running cluster is Openshift), force (perform the adaptation always), disabled (do not perform adaptation)
##
adaptSecurityContext: disabled
## @section Common parameters
## @param kubeVersion Override Kubernetes version
##
kubeVersion: ""
## @param nameOverride String to partially override common.names.fullname
##
nameOverride: ""
## @param fullnameOverride String to fully override common.names.fullname
##
fullnameOverride: ""
## @param clusterDomain Kubernetes Cluster Domain
##
clusterDomain: cluster.local
## @param commonLabels Labels to add to all deployed objects
##
commonLabels: {}
## @param commonAnnotations Annotations to add to all deployed objects
##
commonAnnotations: {}
## @param extraDeploy Array of extra objects to deploy with the release
##
extraDeploy: []
## Enable diagnostic mode in the deployment(s)/statefulset(s)
##
diagnosticMode:
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
##
enabled: false
## @param diagnosticMode.command Command to override all containers in the deployment(s)/statefulset(s)
##
command:
- sleep
## @param diagnosticMode.args Args to override all containers in the deployment(s)/statefulset(s)
##
args:
- infinity
## @section Common Concourse Parameters
## Bitnami Concourse image
## ref: https://hub.docker.com/r/bitnami/redis/tags/
## @param image.registry [default: REGISTRY_NAME] image registry
## @param image.repository [default: REPOSITORY_NAME/concourse] image repository
## @skip image.tag image tag (immutable tags are recommended)
## @param image.digest image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param image.pullPolicy image pull policy
## @param image.pullSecrets image pull secrets
##
image:
registry: docker.io
repository: bitnami/concourse
tag: 7.11.2-debian-12-r10
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## For managing secrets using Helm
##
secrets:
## @param secrets.localAuth.enabled the use of local authentication (basic auth).
## Once enabled, users configured through `local_users` (secret)
## are able to authenticate.
## Ref: https://concourse-ci.org/local-auth.html
##
localAuth:
enabled: true
## @param secrets.localUsers List of `username:password` or `username:bcrypted_password` combinations for all your local concourse users. Auto-generated if not set
## For details of expected format, see https://concourse-ci.org/local-auth.html
##
localUsers: ""
## @param secrets.teamAuthorizedKeys Array of team names and public keys for team external workers
## A single team can have many keys defined in the key field.
## e.g:
## - team: main
## key: |-
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDzpK/sIOtL9SCjAWrvO8QvknzYbnXvP/BljTQFNLwzsPqawqTk3FqUIsEjsq4clV3nwADK8Iq9A/xRlPR+ANhoGDPDv34FsWz5qKcXV7aXcOma8vyU4MJPjveXcZX7FjwztGoRIND9CXlLCDuYeIwBxCcnBBAwQFZuCmEXcqwsRbCve1KkswV1yr9yvmNaKNKTkJGo+7wGyShjzkfqijYCdwYbUWpSB0/tOGszBONtKE6FyJUmVtBgj+CAGZtj1AxGBbMnxxV
##
## Make sure to check the security caveats here: https://concourse-ci.org/teams-caveats.html
## Extra Reads: https://github.com/concourse/concourse/issues/1865#issuecomment-464166994
## https://concourse-ci.org/global-resources.html#complications-with-reusing-containers
##
teamAuthorizedKeys: []
## Secrets for Conjur credentials manager.
## @param secrets.conjurAccount Account for Conjur auth provider.
conjurAccount: ""
## @param secrets.conjurAuthnLogin Host username for Conjur auth provider.
conjurAuthnLogin: ""
## @param secrets.conjurAuthnApiKey API key for host used for Conjur auth provider. Either API key or token file can be used, but not both.
conjurAuthnApiKey: ""
## @param secrets.conjurAuthnTokenFile Token file used for Conjur auth provider if running in Kubernetes or IAM. Either token file or API key can be used, but not both.
conjurAuthnTokenFile: ""
## @param secrets.conjurCACert CA Certificate to specify if conjur instance is deployed with a self-signed cert
conjurCACert: ""
## @param secrets.hostKey [string] Concourse Host Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/install.html#generating-keys
##
hostKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEA2AUPXxuiDC/qrBWjIdT5fvNcMlMEYpR3X4SLQIgLC1ULDsCO
fleKZ+Wi4RzwbkUKiKmJm5GeyNVVCDdfvdD1Sd1+5faqmp2/OQBzLS7o8NY/btMw
8h9lx4KVJaJJ1EM1EiyGY41Nx591KP14pBfr0/NdOIrDu2JvF6e7CHEbrzkN57kb
BVQkaIMaS01Rw/5Oe68GFalli2ii8L8dNWVVzquBh5PwVWimvTgwv3TYG2TH8L1V
V7n+/zRRpkjMl2+PUouGqD+Bp+4wF+hp4AW5v24CqjtLJEMv4IEJv2FRfrOauBIZ
XjAS1SSg9VaTOS3iwxaYrv8uG1XfMFHICvkEPQIDAQABAoIBAG87W8jrX6vK2Jm3
ooJ/OeFmymiXWsCwFi+2/kVCR/2T0tfLyxO/W+NX2WD1F9CP+HaaZeMXPp3HS7up
V8FT4ZohVYBwXTS0WYyucKApcYThrVQRpzhldnEfClGQmVeVK7Sp/KEyV4Sc1SVA
L2i/cI142N2Ohm7spquVkLcuFsVINzZ0fXCv25dTqbkEgjTJzNdBzyFXvc4z0Mt9
gW14M7mz+YKYOfsCxIEm438fC9b16C96yIFBdN+/jaP8pmb2RoIE2D0F8bj5K1hR
YyGFKMOU4e6cYq59iWfubKuu2WNJEBk/5aO7x7Xu2S0k8wIYlwxFuu4LfR2Kvizu
+mFVf3kCgYEA9e0+40tJGpOPM8hAB3DwXjYc8lCuyYf3z30T3RqVNCUVSWnlaj/s
3ENi6+Ng3u+Zs8cR2CFou+jAClTyWLuSnI9yACD0eyW9n4bzYMUbgdC6vneLjpzx
wWR9Xv5RmZVly7xWuqcgEeEf8RNcYI3oXby0laF3EObvuAx/4ETIkFcCgYEA4N42
w1UEWGopWBIIXYHkEPHQuF0SxR2CZyh9ExTeSxFphyibkcHRjDW+t91ZLnSm5k1N
TOdYuc0ApBV3U+TexeFvDI94L/Oze6Ht5MatRQz8kRwMFGJL3TrpbgTmWdfG05Ad
oiScJzwY16oJXnKusxik7V+gCCNNE0/2UuMnY4sCgYAEf82pvOPef5qcGOrK+A79
ukG3UTCRcVJgUmp9nhHivVbxW+WdlwPPV9BEfol0KrAGMPsrmBjhbzWsOregVfYt
tRYh2HiAlEUu2Po06AZDzrzL5UYBWu+1WRBOH5sAk1IkcxKnIY2dph++elszTQVW
SbCIGEckYQU7ucbRJJECywKBgBb4vHFx8vKxTa3wkagzx7+vZFohL/SxEgxFx5k2
bYsPqU8kZ9gZC7YeG3CfDShAxHgMd5QeoiLA/YrFop4QaG2gnP6UfXuwkqpTnYDc
hwDh1b9hNR6z9/oOtaAGoh2VfHtKYqyYvtcHPaZyeWiLoKstHlQdi7SpHouVhJ1t
FS4HAoGAGy+56+zvdROjJy9A2Mn/4BvWrsu4RSQILBJ6Hb4TpF46p2fn0rwqyhOj
Occs+xkdEsI9w5phXzIEeOq2LqvWHDPxtdLpxOrrmx4AftAWdM8S1+OqTpzHihK1
y1ZOrWfvON+XjWFFAEej/CpQZkNUkTzjTtSC0dnfAveZlasQHdI=
-----END RSA PRIVATE KEY-----
## @param secrets.hostKeyPub [string] Concourse Host Keys.
##
hostKeyPub: |-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
## @param secrets.sessionSigningKey [string] Concourse Session Signing Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/concourse-generate-key.html
##
sessionSigningKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAwLql/rUIaI+PX7Tl3FWcTee4sQf8/daakALXx955tPwkhqlY
e4T2V84p/ylFvNWpM4vfcMYKfMY0JLKgAgBvJhCytSkDBhTBoWmN6yE0AB11P9En
lIZRBWNYqaC2cSge2ZD8qOSnwfFhnQAW8+7pE+ElJAVh7dtdF3A478H50lIigq8I
zMWp2EGJpFC7/Uu36oIL/03MNGCmrH1jvtTuJiAMQUZYyL1ReBkvvHOzw9i4HXPy
SMVtcllm4NBs2aVPtwhr2kwSkLt8t1bPdRn6OIyEAw5WktzAKaiZnkTvj6g3xzdp
zKcrdlBr9aznlNvoSinBUfvtwyFmvFN1HHbA9wIDAQABAoIBAE7G/DrUfI9gvtX7
90jMpYsigFe8UCjho2PiBZlo0o6r0bJJXiV+/8J8PqZRlHPPUc4EClzqVjcSPRYS
/VxUGRqSELoD/Xxq14rGvn+xnrO9VsOzFl6bWFq/dOpBCtHN+G4t2VifvgKES8YE
11z19sdta+UBXjn/RFnkQSGfRCI3QqTaYvjxevt0uWlyPmqkFPQQw8bvHIXzoB+B
rzeiMa++nMvbX5pAH9XA0BvhyuH3fHidTUwiVBpkMcpLWtjP0A0JTsecDdbinDDq
un2EIo8zMWRwKQN/JnUxsi8AUEigBTCUqeDgREXtW62uvFkSpcVMXwmVityLYIVy
qnVLUCECgYEA6IwXkP1qnSfcNeoVI/ypDuz1/kdqcjSPhLYe+jdiLLoFkMW9AlDm
lzwNaWlTFD9ygo+NjJCo63/A8HCm55sajws5hZ6r20vdZcKFMk9h0qF5oVA7lkQ2
gvG2WaznuU7KkqhfP+pXhiLgZKoJkst/+g7r6uHpredwDY6hxeBK4vsCgYEA1CqH
8ywC5qUo/36kQg/TU2adN/YEHdJAAbU23EVrGQSVmnXW08H2NLFk0tsxrwoNnbgp
PIk2J7BimbJvbND17ibr4GAklDTsR8aJkDl+0JgNCAK9N07qVt1s7FXzhg95jUL9
EQW55z60GAJpecqNwA4Jsa8P852N0355Obp92TUCgYBkOBvf7JcJ66fHxH4f6D+j
oxPQ5k5Fsck4VJS9GSlCRVkor09ptBvsiYDuMOoRC9b51YwXTDDAbWplNOd5YSrt
AtVjdKJz/BoKRO7KY9Owxs54au+DLxqfDDSeKRokjoRW+CE0lnXp5RX3zCAcF3+r
8MpTi9D9lYSBEzs84BDmCQKBgQCMcH6/K3HcJJVn0fd+tyUGftUw9sswxjySJNbk
pZrH263/qWMDls+Xf5kire9MU1ZCAWZiaN0NFoed/2wcVpGEDAV0548u/30r4bKr
YjOcdhmiJNYFJ1qdF0MDib2CDvpB1IbZXrX46RujDO2urbJ435HxKNVhR/had8xc
tyKYxQKBgCVDhN0MhnlUQJVZfX42APmF4gQg0r3sfL/NGXjEjMIKKFe5a88eZVHr
L8x1+dp0q7czC8a/l1DUuiwDKl8OEpxLsGCq/J/wAfrSMPifu6EUlbUwlJOPdgha
+p/KFAelHXJ2w/8yackAcarh35VP7ixhuvxswHNdgvfsBTFcjn30
-----END RSA PRIVATE KEY-----
## @param secrets.workerKey [string] Concourse Worker Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
## Ref: https://concourse-ci.org/concourse-generate-key.html
##
workerKey: |-
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAuPehUmBXAQCoA7TLAQCYhf+vzcZVyj+VGXnMhLHnWLk7dRjo
CU8GgNamdS5h7G3ywxOvKA3YjOLr8XyOMLS4c+e8N7tIzlMWdiXhe0lcBH9Z1ai5
+Bof3/BlDUBksiKdc1A+QcfX6tDwMkOO5re1H4vOK3H/Cype58wCB03HYNgb05ED
fW1Bj2qvz29VtmyjwEMuDs100iMqwCfPUx9oxXmmX8sUBRmw/Y1Rx/8pdKIjKw3m
kWIHHBOSCPimO1qC47Aa8v/UH9hERCykyuFHiBiKlnIvZWm9bYvhsRTz4gt5KzRY
6OI0oVeHlLOHDSK48Da8VWij15lOqO2Nx6WssQIDAQABAoIBADET22UNFOi6MNpS
5S5N5ypezlnOD0NLnZcV3zMyNQ0wkNsgEakuo64Zxi7/cJIYFjq2hVoeWl//cdUw
VFYODYcLbMBo3AeKukH9CRf6PgUfeUmcrENtQxnbIiTi+hTd5GMNXod7rAmtCJ59
mHQVOGS3ZqvWYnKm+mmMktk3RPinynX/A4y3WHPacuAS58HM09Ck43WcHMxbGpsL
/gZpICyFYZ2DviM+AHyWGcmw7LJrpC0QHo6+BAFMs4xlUecNgVIFUpfOoAcfsdtG
K9j4AbuZ47iFisbay+1pyg/7O5eRTdGVQRtc7PBMOjea5jGsfmlDmdn1ZS50ykun
ANfoQ5UCgYEA9Ak73PRy9nLlRkt4OBCF/4fwThUCMedsnWaVjQBMJYim4FB2ivF5
cKdWt3y/RZI85KKYu0EXhLEoSIEAfz057R8t3QdVK4tZx6B47UFjBjCYeVMtwHDQ
prxQiOPHIHCplBNFuGzA5VXL9gQLRD+ek0uOy2GJJ0Wu1xyeouI+SW8CgYEAwgkO
TOtOogqmcAALjWgeeQiZetflSKbJlpQNhmCPAMm0SFI8eF4SpRXLzd41VC2mLIwT
L3tjc7/8ocXoElFM4L0fo9Lx/SHFH4JEn5FT0PXPmvsF2JRhsXJFLJSihxF/91Xs
2aBcQILPFzLcrI6OFUakNwGTU/CIxpkzRvQrG98CgYEAzNVnUuo4CNadzagRK3Xr
E3Yl5VRK+FpY17FAfA6w25xc/dFr/un61e0Po4no/ltmEz7LVfmn5O/ScTEemq5o
jbjrBShfe+JGpIH0nqiQlqR5hvSjZXEMIbfVHWGbRYZrQGgA0HEwZA7k2QXB8zI3
R0lXfSzMM5OQ0uwp12xxfa8CgYBHILq1R6zTicPpWprhg0FobNaWSX4rW7iaEjvC
/rJtP4Nu33Z7SUDcc1j6ZnJ2ISXBPrfpt/mE/OPHCZ1A2bysxadLjpBWkoKIQmCV
fdiTyQgJb+t8sSf+vDzPUs0hZjDaogzo2ff3TfxMLMDoIHnFItgfsdwn8QyygIZj
hC4pUQKBgQDqsxnkI6yXFE5gshnW7H8zqKNlzKd/dZEL6e+lRz4R3UY/KcEkRAfq
Yi3cwo9fE3U3kSmpl5MQwUjWm/BZ7JyueoY/4ndwaFPgc34IKsgJ0wau9pZiQAB1
DxpOSF+BR71Jx3sxvIdCODNTtm645j5yrZVnJAuMPofo5XFmunDoJA==
-----END RSA PRIVATE KEY-----
## @param secrets.workerKeyPub [string] Concourse Worker Keys.
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
##
workerKeyPub: |-
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC496FSYFcBAKgDtMsBAJiF/6/NxlXKP5UZecyEsedYuTt1GOgJTwaA1qZ1LmHsbfLDE68oDdiM4uvxfI4wtLhz57w3u0jOUxZ2JeF7SVwEf1nVqLn4Gh/f8GUNQGSyIp1zUD5Bx9fq0PAyQ47mt7Ufi84rcf8LKl7nzAIHTcdg2BvTkQN9bUGPaq/Pb1W2bKPAQy4OzXTSIyrAJ89TH2jFeaZfyxQFGbD9jVHH/yl0oiMrDeaRYgccE5II+KY7WoLjsBry/9Qf2ERELKTK4UeIGIqWci9lab1ti+GxFPPiC3krNFjo4jShV4eUs4cNIrjwNrxVaKPXmU6o7Y3Hpayx Concourse
## @param secrets.workerAdditionalCerts Additional certificates to add to the worker nodes
##
workerAdditionalCerts: ""
## @section Concourse Web parameters
web:
## @param web.enabled Enable Concourse web component
##
enabled: true
## @param web.baseUrl url
##
baseUrl: /
## @param web.logLevel Minimum level of logs to see. Possible options: debug, info, error.
##
logLevel: debug
## @param web.clusterName A name for this Concourse cluster, to be displayed on the dashboard page.
##
clusterName: ""
## @param web.bindIp IP address on which to listen for HTTP traffic (web UI and API).
##
bindIp: 0.0.0.0
## @param web.peerAddress Network address of this web node, reachable by other web nodes.
## Used for forwarded worker addresses. (default: $POD_IP)
##
peerAddress: ""
## @param web.externalUrl URL used to reach any ATC from the outside world.
## This is *very* important for a proper authentication workflow as
## browser redirects are based on the value set here.
## E.g: http://ci.concourse-ci.org
##
externalUrl: ""
## Force sending secure flags on http cookies
##
auth:
## @param web.auth.cookieSecure use cookie secure true or false
##
cookieSecure: false
## @param web.auth.duration Length of time for which tokens are valid. Afterwards, users will have to log back in.
## The value must be specified as Go duration values (e.g.: 30m or 24h).
##
duration: 24h
## @param web.auth.passwordConnector The connector to use for password authentication for `fly login -u ... -p ...`.
## Either "local" or "ldap". Defaults to "local".
##
passwordConnector: ""
mainTeam:
## @param web.auth.mainTeam.config Configuration file for specifying the main teams params.
## ref: https://concourse-ci.org/managing-teams.html#setting-roles
## E.g:
## config: |
## roles:
## - name: owner
## local:
## users: ["admin"]
## - name: member
## local:
## users: ["test"]
##
config: ""
## @param web.auth.mainTeam.localUser Comma-separated list of local Concourse users to be included as members of the `main` team.
## Make sure you have local users support enabled (`concourse.web.localAuth.enabled`) and
## that the users were added (`secrets.localUsers`).
##
localUser: "user"
## @param web.existingSecret Use an existing secret for the Web service credentials
##
existingSecret: ""
## @param web.enableAcrossStep Enable the experimental across step to be used in jobs. The API is subject to change.
##
enableAcrossStep: false
## @param web.enablePipelineInstances Enable the creation of instanced pipelines.
##
enablePipelineInstances: false
## @param web.enableCacheStreamedVolumes Enable caching streamed resource volumes on the destination worker.
##
enableCacheStreamedVolumes: false
## @param web.baseResourceTypeDefaults Configuration file for specifying defaults for base resource types
## ref: https://concourse-ci.org/concourse-web.html#resource-defaults
## E.g:
## baseResourceTypeDefaults: |
## registry-image:
## registry_mirror:
## host: https://registry.mirror.example.com
##
baseResourceTypeDefaults: ""
## @param web.tsa.logLevel Minimum level of logs to see. Possible values: debug, info, error
## @param web.tsa.bindIp IP address on which to listen for SSH
## @param web.tsa.debugBindIp IP address on which to listen for the pprof debugger endpoints (default: 127.0.0.1)
## @param web.tsa.heartbeatInterval Interval on which to heartbeat workers to the ATC
## @param web.tsa.gardenRequestTimeout How long to wait for requests to Garden to complete. 0 means no timeout
##
tsa:
logLevel: debug
bindIp: 0.0.0.0
debugBindIp: 127.0.0.1
heartbeatInterval: 30s
gardenRequestTimeout: ""
## @param web.tls.enabled enable serving HTTPS traffic directly through the web component.
##
tls:
enabled: false
## @param web.configRBAC Set RBAC configuration
##
## Configuration for using Conjur as a credential manager.
## Ref: https://concourse-ci.org/conjur-credential-manager.html
##
conjur:
## @param web.conjur.enabled Enable the use of Conjur as a credential manager
enabled: false
## @param web.conjur.applianceUrl URL of the Conjur instance.
applianceUrl: ""
## @param web.conjur.pipelineSecretTemplate Path used to locate pipeline-level secret
pipelineSecretTemplate: concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}}
## @param web.conjur.teamSecretTemplate Path used to locate team-level secret
teamSecretTemplate: concourse/{{.Team}}/{{.Secret}}
## @param web.conjur.secretTemplate Path used to locate a vault or safe-level secret
secretTemplate: concourse/{{.Secret}}
configRBAC: ""
## @param web.existingConfigmap The name of an existing ConfigMap with your custom configuration for web
##
existingConfigmap: ""
## @param web.command Override default container command (useful when using custom images)
##
command: []
## @param web.args Override default container args (useful when using custom images)
##
args: []
## @param web.extraEnvVars Array with extra environment variables to add to Concourse web nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param web.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Concourse web nodes
##
extraEnvVarsCM: ""
## @param web.extraEnvVarsSecret Name of existing Secret containing extra env vars for Concourse web nodes
##
extraEnvVarsSecret: ""
## @param web.replicaCount Number of Concourse web replicas to deploy
##
replicaCount: 1
## @param web.containerPorts.http Concourse web UI and API HTTP container port
## @param web.containerPorts.https Concourse web UI and API HTTPS container port
## @param web.containerPorts.tsa Concourse web TSA SSH container port
## @param web.containerPorts.pprof Concourse web TSA pprof server container port
##
containerPorts:
http: 8080
https: 8443
tsa: 2222
pprof: 2221
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param web.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param web.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param web.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param web.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param web.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param web.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param web.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param web.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure extra options for Concourse web containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param web.livenessProbe.enabled Enable livenessProbe on Concourse web containers
## @param web.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param web.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param web.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param web.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param web.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## @param web.readinessProbe.enabled Enable readinessProbe on Concourse web containers
## @param web.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param web.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param web.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param web.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param web.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## @param web.startupProbe.enabled Enable startupProbe on Concourse web containers
## @param web.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param web.startupProbe.periodSeconds Period seconds for startupProbe
## @param web.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param web.startupProbe.failureThreshold Failure threshold for startupProbe
## @param web.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param web.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param web.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param web.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## Concourse web resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param web.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if web.resources is set (web.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param web.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.podSecurityContext.enabled Enabled web pods' Security Context
## @param web.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param web.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param web.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param web.podSecurityContext.fsGroup Set web pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param web.containerSecurityContext.enabled web container securityContext
## @param web.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param web.containerSecurityContext.runAsUser User ID for the web container
## @param web.containerSecurityContext.runAsGroup Group ID for the web container
## @param web.containerSecurityContext.runAsNonRoot Set web container's Security Context runAsNonRoot
## @param web.containerSecurityContext.privileged Set web container's Security Context privileged
## @param web.containerSecurityContext.allowPrivilegeEscalation Set web container's Security Context allowPrivilegeEscalation
## @param web.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param web.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param web.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
privileged: false
allowPrivilegeEscalation: false
readOnlyRootFilesystem: true
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param web.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param web.hostAliases Concourse web pod host aliases
##
hostAliases: []
## @param web.podLabels Extra labels for Concourse web pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
##
podLabels: {}
## @param web.podAnnotations Annotations for Concourse web pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param web.podAffinityPreset Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAffinityPreset: ""
## @param web.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
podAntiAffinityPreset: soft
## Node web.affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
##
nodeAffinityPreset:
## @param web.nodeAffinityPreset.type Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
##
type: ""
## @param web.nodeAffinityPreset.key Node label key to match. Ignored if `web.affinity` is set
##
key: ""
## @param web.nodeAffinityPreset.values Node label values to match. Ignored if `web.affinity` is set
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param web.affinity Affinity for web pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## NOTE: `web.podAffinityPreset`, `web.podAntiAffinityPreset`, and `web.nodeAffinityPreset` will be ignored when it's set
##
affinity: {}
## @param web.nodeSelector Node labels for web pods assignment
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param web.tolerations Tolerations for web pods assignment
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
##
tolerations: []
## @param web.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param web.priorityClassName Priority Class to use for each pod (Concourse web)
##
priorityClassName: ""
## @param web.schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param web.terminationGracePeriodSeconds Seconds Concourse web pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param web.updateStrategy.rollingUpdate Concourse web statefulset rolling update configuration parameters
## @param web.updateStrategy.type Concourse web statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: {}
## @param web.lifecycleHooks lifecycleHooks for the Concourse web container(s)
##
lifecycleHooks: {}
## @param web.extraVolumes Optionally specify extra list of additional volumeMounts for the Concourse web container(s)
##
extraVolumes: []
## @param web.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Concourse web container(s)
##
extraVolumeMounts: []
## @param web.sidecars Add additional sidecar containers to the Concourse web pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param web.initContainers Add additional init containers to the Concourse web pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## @param web.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
psp:
create: false
## RBAC parameters
##
rbac:
## @param web.rbac.create Specifies whether RBAC resources should be created
##
create: true
## @param web.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## ServiceAccount parameters
##
serviceAccount:
## @param web.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param web.serviceAccount.name Override Web service account name
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param web.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param web.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Concourse Worker parameters
##
worker:
## @param worker.enabled Enable Concourse worker nodes
##
enabled: true
## @param worker.runtime Set CONCURSE_RUNTIME in worker nodes. Please note the default runtime (guardian) only supports cgroupsv1.
## ref: https://concourse-ci.org/concourse-worker.html#configuring-runtimes
## ref: https://github.com/concourse/docs/pull/444
runtime: containerd
## @param worker.logLevel Minimum level of logs to see. Possible options: debug, info, error
##
logLevel: debug
## @param worker.bindIp IP address on which to listen for the Garden server.
##
bindIp: 127.0.0.1
## @param worker.tsa.hosts TSA host(s) to forward the worker through
## Only used for worker-only deployments.
##
tsa:
hosts: []
## @param worker.existingSecret name of an existing secret resource containing the keys and the pub
##
existingSecret: ""
## @param worker.baggageclaim.logLevel Minimum level of logs to see. Allowed values: `debug`, `info`, and `error`
## @param worker.baggageclaim.bindIp IP address on which to listen for API traffic
## @param worker.baggageclaim.debugBindIp IP address on which to listen for the pprof debugger endpoints
## @param worker.baggageclaim.disableUserNamespaces Disable remapping of user/group IDs in unprivileged volumes
## @param worker.baggageclaim.volumes Directory in which to place volume data
## @param worker.baggageclaim.driver Driver to use for managing volumes. Allowed values: `detect`, `naive`, `btrfs`, and `overlay`
## @param worker.baggageclaim.btrfsBin Path to btrfs binary
## @param worker.baggageclaim.mkfsBin Path to mkfs.btrfs binary
## @param worker.baggageclaim.overlaysDir Path to directory in which to store overlay data
##
baggageclaim:
logLevel: info
bindIp: 127.0.0.1
debugBindIp: 127.0.0.1
disableUserNamespaces: ""
volumes: ""
driver: ""
btrfsBin: btrfs
mkfsBin: mkfs.btrfs
overlaysDir: ""
## @param worker.command Override default container command (useful when using custom images)
##
command: []
## @param worker.args Override worker default args
##
args: []
## @param worker.replicaCount Number of worker replicas
##
replicaCount: 2
## @param worker.mode Selects kind of Deployment. Allowed values: `deployment` or `statefulset`
## Using `deployment` leads to ephemeral workers. Meaning workers do not share state between restarts
##
mode: deployment
## @param worker.containerPorts.garden Concourse worker Garden server container port
## @param worker.containerPorts.health Concourse worker health-check container port
## @param worker.containerPorts.baggageclaim Concourse worker baggageclaim API container port
## @param worker.containerPorts.pprof Concourse worker baggageclaim pprof server container port
##
containerPorts:
garden: 7777
health: 8888
baggageclaim: 7788
pprof: 7787
## Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##
networkPolicy:
## @param worker.networkPolicy.enabled Specifies whether a NetworkPolicy should be created
##
enabled: true
## @param worker.networkPolicy.allowExternal Don't require server label for connections
## The Policy model to apply. When set to false, only pods with the correct
## server label will have network access to the ports server is listening
## on. When true, server will accept connections from any source
## (with the correct destination port).
##
allowExternal: true
## @param worker.networkPolicy.allowExternalEgress Allow the pod to access any range of port and all destinations.
##
allowExternalEgress: true
## @param worker.networkPolicy.kubeAPIServerPorts [array] List of possible endpoints to kube-apiserver (limit to your cluster settings to increase security)
##
kubeAPIServerPorts: [443, 6443, 8443]
## @param worker.networkPolicy.extraIngress [array] Add extra ingress rules to the NetworkPolicy
## e.g:
## extraIngress:
## - ports:
## - port: 1234
## from:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
extraIngress: []
## @param worker.networkPolicy.extraEgress [array] Add extra ingress rules to the NetworkPolicy (ignored if allowExternalEgress=true)
## e.g:
## extraEgress:
## - ports:
## - port: 1234
## to:
## - podSelector:
## - matchLabels:
## - role: frontend
## - podSelector:
## - matchExpressions:
## - key: role
## operator: In
## values:
## - frontend
##
extraEgress: []
## @param worker.networkPolicy.ingressNSMatchLabels [object] Labels to match to allow traffic from other namespaces
## @param worker.networkPolicy.ingressNSPodMatchLabels [object] Pod labels to match to allow traffic from other namespaces
##
ingressNSMatchLabels: {}
ingressNSPodMatchLabels: {}
## Configure extra options for Concourse worker containers' liveness, readiness and startup probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
## @param worker.livenessProbe.enabled Enable livenessProbe on Concourse worker containers
## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## @param worker.readinessProbe.enabled Enable readinessProbe on Concourse worker containers
## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 10
periodSeconds: 15
timeoutSeconds: 3
failureThreshold: 1
successThreshold: 1
## @param worker.startupProbe.enabled Enable startupProbe on Concourse worker containers
## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param worker.startupProbe.periodSeconds Period seconds for startupProbe
## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe
## @param worker.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 5
periodSeconds: 10
timeoutSeconds: 1
failureThreshold: 15
successThreshold: 1
## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param worker.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## Concourse worker resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param worker.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if worker.resources is set (worker.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param worker.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Configure Pods Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.podSecurityContext.enabled Enabled worker pods' Security Context
## @param worker.podSecurityContext.fsGroupChangePolicy Set filesystem group change policy
## @param worker.podSecurityContext.sysctls Set kernel settings using the sysctl interface
## @param worker.podSecurityContext.supplementalGroups Set filesystem extra groups
## @param worker.podSecurityContext.fsGroup Set worker pod's Security Context fsGroup
##
podSecurityContext:
enabled: true
fsGroupChangePolicy: Always
sysctls: []
supplementalGroups: []
fsGroup: 1001
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
## @param worker.containerSecurityContext.enabled worker container securityContext
## @param worker.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param worker.containerSecurityContext.runAsUser User ID for the worker container
## @param worker.containerSecurityContext.runAsGroup Group ID for the worker container
## @param worker.containerSecurityContext.runAsNonRoot Set worker container's Security Context runAsNonRoot
## @param worker.containerSecurityContext.privileged Set worker container's Security Context privileged
## @param worker.containerSecurityContext.allowPrivilegeEscalation Set worker container's Security Context allowPrivilegeEscalation
## @param worker.containerSecurityContext.readOnlyRootFilesystem Set container's Security Context readOnlyRootFilesystem
## @param worker.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param worker.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 0
runAsGroup: 0
runAsNonRoot: false
privileged: true
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param worker.automountServiceAccountToken Mount Service Account token in pod
##
automountServiceAccountToken: true
## @param worker.hostAliases Concourse worker pod host aliases
##
hostAliases: []
## @param worker.podLabels Custom labels for Concourse worker pods
##
podLabels: {}
## @param worker.podAnnotations Annotations for Concourse worker pods
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
##
podAnnotations: {}
## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
##
## Pod affinity preset
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAffinityPreset: ""
## @param worker.podAntiAffinityPreset Pod anti-affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
## Allowed values: soft, hard
##
podAntiAffinityPreset: soft
## Node affinity preset
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
## Allowed values: soft, hard
##
nodeAffinityPreset:
## @param worker.nodeAffinityPreset.type Node affinity type
## Allowed values: soft, hard
##
type: ""
## @param worker.nodeAffinityPreset.key Node label key to match
## E.g.
## key: "kubernetes.io/e2e-az-name"
##
key: ""
## @param worker.nodeAffinityPreset.values [array] Node label values to match
## E.g.
## values:
## - e2e-az1
## - e2e-az2
##
values: []
## @param worker.affinity Affinity for pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
##
affinity: {}
## @param worker.nodeSelector Node labels for pod assignment
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/
##
nodeSelector: {}
## @param worker.tolerations Tolerations for worker pod assignment
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
## Note: this configuration supersedes the global tolerations configuration
##
tolerations: []
## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
##
topologySpreadConstraints: []
## @param worker.priorityClassName Priority Class to use for each pod (Concourse worker)
##
priorityClassName: ""
## @param worker.schedulerName Use an alternate scheduler, e.g. "stork".
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
##
schedulerName: ""
## @param worker.terminationGracePeriodSeconds Seconds Concourse worker pod needs to terminate gracefully
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
##
terminationGracePeriodSeconds: ""
## @param worker.podManagementPolicy Statefulset Pod Management Policy Type. Allowed values: `OrderedReady` or `Parallel`
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
##
podManagementPolicy: OrderedReady
## @param worker.updateStrategy.rollingUpdate Concourse worker statefulset rolling update configuration parameters
## @param worker.updateStrategy.type Concourse worker statefulset strategy type
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
##
updateStrategy:
type: RollingUpdate
rollingUpdate: {}
## @param worker.lifecycleHooks for the Concourse worker container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param worker.extraEnvVars Array with extra environment variables to add to Concourse worker nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Concourse worker nodes
##
extraEnvVarsCM: ""
## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Concourse worker nodes
##
extraEnvVarsSecret: ""
## @param worker.extraVolumes Optionally specify extra list of additional volumes for the Concourse worker pod(s)
##
extraVolumes: []
## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Concourse worker container(s)
##
extraVolumeMounts: []
## @param worker.sidecars Add additional sidecar containers to the Concourse worker pod(s)
## e.g:
## sidecars:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## ports:
## - name: portname
## containerPort: 1234
##
sidecars: []
## @param worker.initContainers Add additional init containers to the Concourse worker pod(s)
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
## e.g:
## initContainers:
## - name: your-image-name
## image: your-image
## imagePullPolicy: Always
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
## Enable HorizontalPodAutoscaler for Concourse worker pods
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
##
## @param worker.autoscaling.enabled Enable autoscaling for the Concourse worker nodes
## @param worker.autoscaling.maxReplicas Set maximum number of replicas to the Concourse worker nodes
## @param worker.autoscaling.minReplicas Set minimum number of replicas to the Concourse worker nodes
## @param worker.autoscaling.builtInMetrics Array with built-in metrics
## @param worker.autoscaling.customMetrics Array with custom metrics
##
autoscaling:
enabled: false
maxReplicas: ""
minReplicas: ""
builtInMetrics: []
customMetrics: []
## Concourse Pod Disruption Budget configuration
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
##
pdb:
create: true
## @param worker.pdb.create Create Pod disruption budget object for Concourse worker nodes
## @param worker.pdb.minAvailable Minimum number / percentage of Concourse worker pods that should remain scheduled
## @param worker.pdb.maxUnavailable Maximum number/percentage of Concourse worker pods that may be made unavailable
##
minAvailable: 2
maxUnavailable: ""
## @param worker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
##
psp:
create: false
## Concourse worker persistence configuration
##
persistence:
## @param worker.persistence.enabled Enable Concourse worker data persistence using PVC
##
enabled: true
## @param worker.persistence.existingClaim Name of an existing PVC to use
##
existingClaim: ""
## @param worker.persistence.storageClass PVC Storage Class for Concourse worker data volume
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass: ""
## @param worker.persistence.accessModes PVC Access Mode for Concourse worker volume
##
accessModes:
- ReadWriteOnce
## @param worker.persistence.size PVC Storage Request for Concourse worker volume
##
size: 8Gi
## @param worker.persistence.annotations Annotations for the PVC
##
annotations: {}
## @param worker.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
## selector:
## matchLabels:
## app: my-app
##
selector: {}
## RBAC parameters
##
rbac:
## @param worker.rbac.create Specifies whether RBAC resources should be created
##
create: true
## @param worker.rbac.rules Custom RBAC rules to set
## e.g:
## rules:
## - apiGroups:
## - ""
## resources:
## - pods
## verbs:
## - get
## - list
##
rules: []
## ServiceAccount parameters
##
serviceAccount:
## @param worker.serviceAccount.create Specifies whether a ServiceAccount should be created
##
create: true
## @param worker.serviceAccount.name Override worker service account name
## If not set and create is true, a name is generated using the fullname template
##
name: ""
## @param worker.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
## Can be set to false if pods using this serviceAccount do not need to use K8s API
##
automountServiceAccountToken: false
## @param worker.serviceAccount.annotations Additional custom annotations for the ServiceAccount
##
annotations: {}
## @section Traffic exposure parameters
service:
## Concourse web service parameters
##
web:
## @param service.web.type Concourse web service type
##
type: LoadBalancer
## @param service.web.ports.http Concourse web service HTTP port
## @param service.web.ports.https Concourse web service HTTPS port
##
ports:
http: 80
https: 443
## Node ports to expose
## @param service.web.nodePorts.http Node port for HTTP
## @param service.web.nodePorts.https Node port for HTTPS
## NOTE: choose port between <30000-32767>
##
nodePorts:
http: ""
https: ""
## @param service.web.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.web.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @param service.web.clusterIP Concourse web service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.web.loadBalancerIP Concourse web service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.web.loadBalancerSourceRanges Concourse web service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.web.externalTrafficPolicy Concourse web service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.web.annotations Additional custom annotations for Concourse web service
##
annotations: {}
## @param service.web.extraPorts Extra port to expose on Concourse web service
##
extraPorts: []
## Concourse worker gateway service parameters
##
workerGateway:
## @param service.workerGateway.type Concourse worker gateway service type
##
type: ClusterIP
## @param service.workerGateway.ports.tsa Concourse worker gateway service port
##
ports:
tsa: 2222
## Node ports to expose
## @param service.workerGateway.nodePorts.tsa Node port for worker gateway service
## NOTE: choose port between <30000-32767>
##
nodePorts:
tsa: ""
## @param service.workerGateway.sessionAffinity Control where client requests go, to the same pod or round-robin
## Values: ClientIP or None
## ref: https://kubernetes.io/docs/concepts/services-networking/service/
##
sessionAffinity: None
## @param service.workerGateway.sessionAffinityConfig Additional settings for the sessionAffinity
## sessionAffinityConfig:
## clientIP:
## timeoutSeconds: 300
##
sessionAffinityConfig: {}
## @param service.workerGateway.clusterIP Concourse worker gateway service Cluster IP
## e.g.:
## clusterIP: None
##
clusterIP: ""
## @param service.workerGateway.loadBalancerIP Concourse worker gateway service Load Balancer IP
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
##
loadBalancerIP: ""
## @param service.workerGateway.loadBalancerSourceRanges Concourse worker gateway service Load Balancer sources
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
## e.g:
## loadBalancerSourceRanges:
## - 10.10.10.0/24
##
loadBalancerSourceRanges: []
## @param service.workerGateway.externalTrafficPolicy Concourse worker gateway service external traffic policy
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
##
externalTrafficPolicy: Cluster
## @param service.workerGateway.annotations Additional custom annotations for Concourse worker gateway service
##
annotations: {}
## @param service.workerGateway.extraPorts Extra port to expose on Concourse worker gateway service
##
extraPorts: []
## Concourse ingress parameters
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/
##
ingress:
## @param ingress.enabled Enable ingress record generation for Concourse
##
enabled: false
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
##
ingressClassName: ""
## @param ingress.pathType Ingress path type
##
pathType: ImplementationSpecific
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
##
apiVersion: ""
## @param ingress.hostname Default host for the ingress record
##
hostname: concourse.local
## @param ingress.path Default path for the ingress record
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
##
path: /
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
## Use this parameter to set the required annotations for cert-manager, see
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
## e.g:
## annotations:
## kubernetes.io/ingress.class: nginx
## cert-manager.io/cluster-issuer: cluster-issuer-name
##
annotations: {}
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
## You can:
## - Use the `ingress.secrets` parameter to create this TLS secret
## - Rely on cert-manager to create it by setting the corresponding annotations
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
##
tls: false
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
##
selfSigned: false
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
## e.g:
## extraHosts:
## - name: concourse.local
## path: /
##
extraHosts: []
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
## e.g:
## extraPaths:
## - path: /*
## backend:
## serviceName: ssl-redirect
## servicePort: use-annotation
##
extraPaths: []
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
## e.g:
## extraTls:
## - hosts:
## - concourse.local
## secretName: concourse.local-tls
##
extraTls: []
## @param ingress.secrets Custom TLS certificates as secrets
## NOTE: 'key' and 'certificate' are expected in PEM format
## NOTE: 'name' should line up with a 'secretName' set further up
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
## It is also possible to create and manage the certificates outside of this helm chart
## Please see README.md for more information
## e.g:
## secrets:
## - name: concourse.local-tls
## key: |-
## -----BEGIN RSA PRIVATE KEY-----
## ...
## -----END RSA PRIVATE KEY-----
## certificate: |-
## -----BEGIN CERTIFICATE-----
## ...
## -----END CERTIFICATE-----
##
secrets: []
## @param ingress.extraRules Additional rules to be covered with this ingress record
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
## e.g:
## extraRules:
## - host: concourse.local
## http:
## path: /
## backend:
## service:
## name: concourse-svc
## port:
## name: http
##
extraRules: []
## @section Init Container Parameters
## Init containers parameters:
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
##
volumePermissions:
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
##
enabled: false
## @param volumePermissions.image.registry [default: REGISTRY_NAME] Init container volume-permissions image registry
## @param volumePermissions.image.repository [default: REPOSITORY_NAME/os-shell] Init container volume-permissions image repository
## @skip volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
##
image:
registry: docker.io
repository: bitnami/os-shell
tag: 12-debian-12-r18
digest: ""
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## Example:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Init container resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param volumePermissions.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if volumePermissions.resources is set (volumePermissions.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param volumePermissions.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## Init container' Security Context
## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context
## @param volumePermissions.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
## @param volumePermissions.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: null
runAsUser: 0
seccompProfile:
type: "RuntimeDefault"
## @section Concourse database parameters
## PostgreSQL chart configuration
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
## @param postgresql.auth.username Name for a custom user to create
## @param postgresql.auth.password Password for the custom user to create
## @param postgresql.auth.database Name for a custom database to create
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
##
postgresql:
enabled: true
auth:
enablePostgresUser: false
username: bn_concourse
password: ""
database: bitnami_concourse
existingSecret: ""
architecture: standalone
primary:
## PostgreSQL Primary resource requests and limits
## ref: https://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param postgresql.primary.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, small, medium, large, xlarge, 2xlarge). This is ignored if primary.resources is set (primary.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param postgresql.primary.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @section External PostgreSQL configuration
## All of these values are only used when postgresql.enabled is set to false
## @param externalDatabase.host Database host
## @param externalDatabase.port Database port number
## @param externalDatabase.user Non-root username for Concourse
## @param externalDatabase.password Password for the non-root username for Concourse
## @param externalDatabase.database Concourse database name
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
##
externalDatabase:
host: localhost
port: 5432
user: bn_concourse
password: ""
database: bitnami_concourse
existingSecret: ""
existingSecretPasswordKey: ""
Reference in New Issue View Git Blame Copy Permalink