mirror of
https://github.com/bitnami/charts.git
synced 2026-02-23 14:27:11 +08:00
9fc58ceb56
* [bitnami/concourse] Release 2.2.1 updating components versions Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> * Update README.md with readme-generator-for-helm Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com> --------- Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
1279 lines
56 KiB
YAML
1279 lines
56 KiB
YAML
## @section Global parameters
|
||
## Global Docker image parameters
|
||
## Please, note that this will override the image parameters, including dependencies, configured to use the global value
|
||
## Current available global Docker image parameters: imageRegistry, imagePullSecrets and storageClass
|
||
## @param global.imageRegistry Global Docker image registry
|
||
## @param global.imagePullSecrets Global Docker registry secret names as an array
|
||
## @param global.storageClass Global StorageClass for Persistent Volume(s)
|
||
##
|
||
global:
|
||
imageRegistry: ""
|
||
## E.g.
|
||
## imagePullSecrets:
|
||
## - myRegistryKeySecretName
|
||
##
|
||
imagePullSecrets: []
|
||
storageClass: ""
|
||
|
||
## @section Common parameters
|
||
|
||
## @param kubeVersion Override Kubernetes version
|
||
##
|
||
kubeVersion: ""
|
||
## @param nameOverride String to partially override common.names.fullname
|
||
##
|
||
nameOverride: ""
|
||
## @param fullnameOverride String to fully override common.names.fullname
|
||
##
|
||
fullnameOverride: ""
|
||
## @param clusterDomain Kubernetes Cluster Domain
|
||
##
|
||
clusterDomain: cluster.local
|
||
## @param commonLabels Labels to add to all deployed objects
|
||
##
|
||
commonLabels: {}
|
||
## @param commonAnnotations Annotations to add to all deployed objects
|
||
##
|
||
commonAnnotations: {}
|
||
## @param extraDeploy Array of extra objects to deploy with the release
|
||
##
|
||
extraDeploy: []
|
||
|
||
## Enable diagnostic mode in the deployment(s)/statefulset(s)
|
||
##
|
||
diagnosticMode:
|
||
## @param diagnosticMode.enabled Enable diagnostic mode (all probes will be disabled and the command will be overridden)
|
||
##
|
||
enabled: false
|
||
## @param diagnosticMode.command Command to override all containers in the deployment(s)/statefulset(s)
|
||
##
|
||
command:
|
||
- sleep
|
||
## @param diagnosticMode.args Args to override all containers in the deployment(s)/statefulset(s)
|
||
##
|
||
args:
|
||
- infinity
|
||
|
||
## @section Common Concourse Parameters
|
||
|
||
## Bitnami Concourse image
|
||
## ref: https://hub.docker.com/r/bitnami/redis/tags/
|
||
## @param image.registry image registry
|
||
## @param image.repository image repository
|
||
## @param image.tag image tag (immutable tags are recommended)
|
||
## @param image.digest image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||
## @param image.pullPolicy image pull policy
|
||
## @param image.pullSecrets image pull secrets
|
||
##
|
||
image:
|
||
registry: docker.io
|
||
repository: bitnami/concourse
|
||
tag: 7.9.1-debian-11-r34
|
||
digest: ""
|
||
## Specify a imagePullPolicy
|
||
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
|
||
## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
|
||
##
|
||
pullPolicy: IfNotPresent
|
||
## Optionally specify an array of imagePullSecrets.
|
||
## Secrets must be manually created in the namespace.
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||
## e.g:
|
||
## pullSecrets:
|
||
## - myRegistryKeySecretName
|
||
##
|
||
pullSecrets: []
|
||
|
||
## For managing secrets using Helm
|
||
##
|
||
secrets:
|
||
## @param secrets.localAuth.enabled the use of local authentication (basic auth).
|
||
## Once enabled, users configured through `local_users` (secret)
|
||
## are able to authenticate.
|
||
## Ref: https://concourse-ci.org/local-auth.html
|
||
##
|
||
localAuth:
|
||
enabled: true
|
||
## @param secrets.localUsers List of `username:password` or `username:bcrypted_password` combinations for all your local concourse users. Auto-generated if not set
|
||
## For details of expected format, see https://concourse-ci.org/local-auth.html
|
||
##
|
||
localUsers: ""
|
||
## @param secrets.teamAuthorizedKeys Array of team names and public keys for team external workers
|
||
## A single team can have many keys defined in the key field.
|
||
## e.g:
|
||
## - team: main
|
||
## key: |-
|
||
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
|
||
## ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDzpK/sIOtL9SCjAWrvO8QvknzYbnXvP/BljTQFNLwzsPqawqTk3FqUIsEjsq4clV3nwADK8Iq9A/xRlPR+ANhoGDPDv34FsWz5qKcXV7aXcOma8vyU4MJPjveXcZX7FjwztGoRIND9CXlLCDuYeIwBxCcnBBAwQFZuCmEXcqwsRbCve1KkswV1yr9yvmNaKNKTkJGo+7wGyShjzkfqijYCdwYbUWpSB0/tOGszBONtKE6FyJUmVtBgj+CAGZtj1AxGBbMnxxV
|
||
##
|
||
## Make sure to check the security caveats here: https://concourse-ci.org/teams-caveats.html
|
||
## Extra Reads: https://github.com/concourse/concourse/issues/1865#issuecomment-464166994
|
||
## https://concourse-ci.org/global-resources.html#complications-with-reusing-containers
|
||
##
|
||
teamAuthorizedKeys: []
|
||
## Secrets for Conjur credentials manager.
|
||
## @param secrets.conjurAccount Account for Conjur auth provider.
|
||
conjurAccount: ""
|
||
## @param secrets.conjurAuthnLogin Host username for Conjur auth provider.
|
||
conjurAuthnLogin: ""
|
||
## @param secrets.conjurAuthnApiKey API key for host used for Conjur auth provider. Either API key or token file can be used, but not both.
|
||
conjurAuthnApiKey: ""
|
||
## @param secrets.conjurAuthnTokenFile Token file used for Conjur auth provider if running in Kubernetes or IAM. Either token file or API key can be used, but not both.
|
||
conjurAuthnTokenFile: ""
|
||
## @param secrets.conjurCACert CA Certificate to specify if conjur instance is deployed with a self-signed cert
|
||
conjurCACert: ""
|
||
## @param secrets.hostKey [string] Concourse Host Keys.
|
||
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
|
||
## Ref: https://concourse-ci.org/install.html#generating-keys
|
||
##
|
||
hostKey: |-
|
||
-----BEGIN RSA PRIVATE KEY-----
|
||
MIIEogIBAAKCAQEA2AUPXxuiDC/qrBWjIdT5fvNcMlMEYpR3X4SLQIgLC1ULDsCO
|
||
fleKZ+Wi4RzwbkUKiKmJm5GeyNVVCDdfvdD1Sd1+5faqmp2/OQBzLS7o8NY/btMw
|
||
8h9lx4KVJaJJ1EM1EiyGY41Nx591KP14pBfr0/NdOIrDu2JvF6e7CHEbrzkN57kb
|
||
BVQkaIMaS01Rw/5Oe68GFalli2ii8L8dNWVVzquBh5PwVWimvTgwv3TYG2TH8L1V
|
||
V7n+/zRRpkjMl2+PUouGqD+Bp+4wF+hp4AW5v24CqjtLJEMv4IEJv2FRfrOauBIZ
|
||
XjAS1SSg9VaTOS3iwxaYrv8uG1XfMFHICvkEPQIDAQABAoIBAG87W8jrX6vK2Jm3
|
||
ooJ/OeFmymiXWsCwFi+2/kVCR/2T0tfLyxO/W+NX2WD1F9CP+HaaZeMXPp3HS7up
|
||
V8FT4ZohVYBwXTS0WYyucKApcYThrVQRpzhldnEfClGQmVeVK7Sp/KEyV4Sc1SVA
|
||
L2i/cI142N2Ohm7spquVkLcuFsVINzZ0fXCv25dTqbkEgjTJzNdBzyFXvc4z0Mt9
|
||
gW14M7mz+YKYOfsCxIEm438fC9b16C96yIFBdN+/jaP8pmb2RoIE2D0F8bj5K1hR
|
||
YyGFKMOU4e6cYq59iWfubKuu2WNJEBk/5aO7x7Xu2S0k8wIYlwxFuu4LfR2Kvizu
|
||
+mFVf3kCgYEA9e0+40tJGpOPM8hAB3DwXjYc8lCuyYf3z30T3RqVNCUVSWnlaj/s
|
||
3ENi6+Ng3u+Zs8cR2CFou+jAClTyWLuSnI9yACD0eyW9n4bzYMUbgdC6vneLjpzx
|
||
wWR9Xv5RmZVly7xWuqcgEeEf8RNcYI3oXby0laF3EObvuAx/4ETIkFcCgYEA4N42
|
||
w1UEWGopWBIIXYHkEPHQuF0SxR2CZyh9ExTeSxFphyibkcHRjDW+t91ZLnSm5k1N
|
||
TOdYuc0ApBV3U+TexeFvDI94L/Oze6Ht5MatRQz8kRwMFGJL3TrpbgTmWdfG05Ad
|
||
oiScJzwY16oJXnKusxik7V+gCCNNE0/2UuMnY4sCgYAEf82pvOPef5qcGOrK+A79
|
||
ukG3UTCRcVJgUmp9nhHivVbxW+WdlwPPV9BEfol0KrAGMPsrmBjhbzWsOregVfYt
|
||
tRYh2HiAlEUu2Po06AZDzrzL5UYBWu+1WRBOH5sAk1IkcxKnIY2dph++elszTQVW
|
||
SbCIGEckYQU7ucbRJJECywKBgBb4vHFx8vKxTa3wkagzx7+vZFohL/SxEgxFx5k2
|
||
bYsPqU8kZ9gZC7YeG3CfDShAxHgMd5QeoiLA/YrFop4QaG2gnP6UfXuwkqpTnYDc
|
||
hwDh1b9hNR6z9/oOtaAGoh2VfHtKYqyYvtcHPaZyeWiLoKstHlQdi7SpHouVhJ1t
|
||
FS4HAoGAGy+56+zvdROjJy9A2Mn/4BvWrsu4RSQILBJ6Hb4TpF46p2fn0rwqyhOj
|
||
Occs+xkdEsI9w5phXzIEeOq2LqvWHDPxtdLpxOrrmx4AftAWdM8S1+OqTpzHihK1
|
||
y1ZOrWfvON+XjWFFAEej/CpQZkNUkTzjTtSC0dnfAveZlasQHdI=
|
||
-----END RSA PRIVATE KEY-----
|
||
## @param secrets.hostKeyPub [string] Concourse Host Keys.
|
||
##
|
||
hostKeyPub: |-
|
||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
|
||
## @param secrets.sessionSigningKey [string] Concourse Session Signing Keys.
|
||
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
|
||
## Ref: https://concourse-ci.org/concourse-generate-key.html
|
||
##
|
||
sessionSigningKey: |-
|
||
-----BEGIN RSA PRIVATE KEY-----
|
||
MIIEowIBAAKCAQEAwLql/rUIaI+PX7Tl3FWcTee4sQf8/daakALXx955tPwkhqlY
|
||
e4T2V84p/ylFvNWpM4vfcMYKfMY0JLKgAgBvJhCytSkDBhTBoWmN6yE0AB11P9En
|
||
lIZRBWNYqaC2cSge2ZD8qOSnwfFhnQAW8+7pE+ElJAVh7dtdF3A478H50lIigq8I
|
||
zMWp2EGJpFC7/Uu36oIL/03MNGCmrH1jvtTuJiAMQUZYyL1ReBkvvHOzw9i4HXPy
|
||
SMVtcllm4NBs2aVPtwhr2kwSkLt8t1bPdRn6OIyEAw5WktzAKaiZnkTvj6g3xzdp
|
||
zKcrdlBr9aznlNvoSinBUfvtwyFmvFN1HHbA9wIDAQABAoIBAE7G/DrUfI9gvtX7
|
||
90jMpYsigFe8UCjho2PiBZlo0o6r0bJJXiV+/8J8PqZRlHPPUc4EClzqVjcSPRYS
|
||
/VxUGRqSELoD/Xxq14rGvn+xnrO9VsOzFl6bWFq/dOpBCtHN+G4t2VifvgKES8YE
|
||
11z19sdta+UBXjn/RFnkQSGfRCI3QqTaYvjxevt0uWlyPmqkFPQQw8bvHIXzoB+B
|
||
rzeiMa++nMvbX5pAH9XA0BvhyuH3fHidTUwiVBpkMcpLWtjP0A0JTsecDdbinDDq
|
||
un2EIo8zMWRwKQN/JnUxsi8AUEigBTCUqeDgREXtW62uvFkSpcVMXwmVityLYIVy
|
||
qnVLUCECgYEA6IwXkP1qnSfcNeoVI/ypDuz1/kdqcjSPhLYe+jdiLLoFkMW9AlDm
|
||
lzwNaWlTFD9ygo+NjJCo63/A8HCm55sajws5hZ6r20vdZcKFMk9h0qF5oVA7lkQ2
|
||
gvG2WaznuU7KkqhfP+pXhiLgZKoJkst/+g7r6uHpredwDY6hxeBK4vsCgYEA1CqH
|
||
8ywC5qUo/36kQg/TU2adN/YEHdJAAbU23EVrGQSVmnXW08H2NLFk0tsxrwoNnbgp
|
||
PIk2J7BimbJvbND17ibr4GAklDTsR8aJkDl+0JgNCAK9N07qVt1s7FXzhg95jUL9
|
||
EQW55z60GAJpecqNwA4Jsa8P852N0355Obp92TUCgYBkOBvf7JcJ66fHxH4f6D+j
|
||
oxPQ5k5Fsck4VJS9GSlCRVkor09ptBvsiYDuMOoRC9b51YwXTDDAbWplNOd5YSrt
|
||
AtVjdKJz/BoKRO7KY9Owxs54au+DLxqfDDSeKRokjoRW+CE0lnXp5RX3zCAcF3+r
|
||
8MpTi9D9lYSBEzs84BDmCQKBgQCMcH6/K3HcJJVn0fd+tyUGftUw9sswxjySJNbk
|
||
pZrH263/qWMDls+Xf5kire9MU1ZCAWZiaN0NFoed/2wcVpGEDAV0548u/30r4bKr
|
||
YjOcdhmiJNYFJ1qdF0MDib2CDvpB1IbZXrX46RujDO2urbJ435HxKNVhR/had8xc
|
||
tyKYxQKBgCVDhN0MhnlUQJVZfX42APmF4gQg0r3sfL/NGXjEjMIKKFe5a88eZVHr
|
||
L8x1+dp0q7czC8a/l1DUuiwDKl8OEpxLsGCq/J/wAfrSMPifu6EUlbUwlJOPdgha
|
||
+p/KFAelHXJ2w/8yackAcarh35VP7ixhuvxswHNdgvfsBTFcjn30
|
||
-----END RSA PRIVATE KEY-----
|
||
## @param secrets.workerKey [string] Concourse Worker Keys.
|
||
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
|
||
## Ref: https://concourse-ci.org/concourse-generate-key.html
|
||
##
|
||
workerKey: |-
|
||
-----BEGIN RSA PRIVATE KEY-----
|
||
MIIEpAIBAAKCAQEAuPehUmBXAQCoA7TLAQCYhf+vzcZVyj+VGXnMhLHnWLk7dRjo
|
||
CU8GgNamdS5h7G3ywxOvKA3YjOLr8XyOMLS4c+e8N7tIzlMWdiXhe0lcBH9Z1ai5
|
||
+Bof3/BlDUBksiKdc1A+QcfX6tDwMkOO5re1H4vOK3H/Cype58wCB03HYNgb05ED
|
||
fW1Bj2qvz29VtmyjwEMuDs100iMqwCfPUx9oxXmmX8sUBRmw/Y1Rx/8pdKIjKw3m
|
||
kWIHHBOSCPimO1qC47Aa8v/UH9hERCykyuFHiBiKlnIvZWm9bYvhsRTz4gt5KzRY
|
||
6OI0oVeHlLOHDSK48Da8VWij15lOqO2Nx6WssQIDAQABAoIBADET22UNFOi6MNpS
|
||
5S5N5ypezlnOD0NLnZcV3zMyNQ0wkNsgEakuo64Zxi7/cJIYFjq2hVoeWl//cdUw
|
||
VFYODYcLbMBo3AeKukH9CRf6PgUfeUmcrENtQxnbIiTi+hTd5GMNXod7rAmtCJ59
|
||
mHQVOGS3ZqvWYnKm+mmMktk3RPinynX/A4y3WHPacuAS58HM09Ck43WcHMxbGpsL
|
||
/gZpICyFYZ2DviM+AHyWGcmw7LJrpC0QHo6+BAFMs4xlUecNgVIFUpfOoAcfsdtG
|
||
K9j4AbuZ47iFisbay+1pyg/7O5eRTdGVQRtc7PBMOjea5jGsfmlDmdn1ZS50ykun
|
||
ANfoQ5UCgYEA9Ak73PRy9nLlRkt4OBCF/4fwThUCMedsnWaVjQBMJYim4FB2ivF5
|
||
cKdWt3y/RZI85KKYu0EXhLEoSIEAfz057R8t3QdVK4tZx6B47UFjBjCYeVMtwHDQ
|
||
prxQiOPHIHCplBNFuGzA5VXL9gQLRD+ek0uOy2GJJ0Wu1xyeouI+SW8CgYEAwgkO
|
||
TOtOogqmcAALjWgeeQiZetflSKbJlpQNhmCPAMm0SFI8eF4SpRXLzd41VC2mLIwT
|
||
L3tjc7/8ocXoElFM4L0fo9Lx/SHFH4JEn5FT0PXPmvsF2JRhsXJFLJSihxF/91Xs
|
||
2aBcQILPFzLcrI6OFUakNwGTU/CIxpkzRvQrG98CgYEAzNVnUuo4CNadzagRK3Xr
|
||
E3Yl5VRK+FpY17FAfA6w25xc/dFr/un61e0Po4no/ltmEz7LVfmn5O/ScTEemq5o
|
||
jbjrBShfe+JGpIH0nqiQlqR5hvSjZXEMIbfVHWGbRYZrQGgA0HEwZA7k2QXB8zI3
|
||
R0lXfSzMM5OQ0uwp12xxfa8CgYBHILq1R6zTicPpWprhg0FobNaWSX4rW7iaEjvC
|
||
/rJtP4Nu33Z7SUDcc1j6ZnJ2ISXBPrfpt/mE/OPHCZ1A2bysxadLjpBWkoKIQmCV
|
||
fdiTyQgJb+t8sSf+vDzPUs0hZjDaogzo2ff3TfxMLMDoIHnFItgfsdwn8QyygIZj
|
||
hC4pUQKBgQDqsxnkI6yXFE5gshnW7H8zqKNlzKd/dZEL6e+lRz4R3UY/KcEkRAfq
|
||
Yi3cwo9fE3U3kSmpl5MQwUjWm/BZ7JyueoY/4ndwaFPgc34IKsgJ0wau9pZiQAB1
|
||
DxpOSF+BR71Jx3sxvIdCODNTtm645j5yrZVnJAuMPofo5XFmunDoJA==
|
||
-----END RSA PRIVATE KEY-----
|
||
## @param secrets.workerKeyPub [string] Concourse Worker Keys.
|
||
## Example value taken from https://github.com/concourse/concourse-chart/blob/master/values.yaml
|
||
##
|
||
workerKeyPub: |-
|
||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC496FSYFcBAKgDtMsBAJiF/6/NxlXKP5UZecyEsedYuTt1GOgJTwaA1qZ1LmHsbfLDE68oDdiM4uvxfI4wtLhz57w3u0jOUxZ2JeF7SVwEf1nVqLn4Gh/f8GUNQGSyIp1zUD5Bx9fq0PAyQ47mt7Ufi84rcf8LKl7nzAIHTcdg2BvTkQN9bUGPaq/Pb1W2bKPAQy4OzXTSIyrAJ89TH2jFeaZfyxQFGbD9jVHH/yl0oiMrDeaRYgccE5II+KY7WoLjsBry/9Qf2ERELKTK4UeIGIqWci9lab1ti+GxFPPiC3krNFjo4jShV4eUs4cNIrjwNrxVaKPXmU6o7Y3Hpayx Concourse
|
||
## @param secrets.workerAdditionalCerts Additional certificates to add to the worker nodes
|
||
##
|
||
workerAdditionalCerts: ""
|
||
|
||
## @section Concourse Web parameters
|
||
|
||
web:
|
||
## @param web.enabled Enable Concourse web component
|
||
##
|
||
enabled: true
|
||
## @param web.baseUrl url
|
||
##
|
||
baseUrl: /
|
||
## @param web.logLevel Minimum level of logs to see. Possible options: debug, info, error.
|
||
##
|
||
logLevel: debug
|
||
## @param web.clusterName A name for this Concourse cluster, to be displayed on the dashboard page.
|
||
##
|
||
clusterName: ""
|
||
## @param web.bindIp IP address on which to listen for HTTP traffic (web UI and API).
|
||
##
|
||
bindIp: 0.0.0.0
|
||
## @param web.peerAddress Network address of this web node, reachable by other web nodes.
|
||
## Used for forwarded worker addresses. (default: $POD_IP)
|
||
##
|
||
peerAddress: ""
|
||
## @param web.externalUrl URL used to reach any ATC from the outside world.
|
||
## This is *very* important for a proper authentication workflow as
|
||
## browser redirects are based on the value set here.
|
||
## E.g: http://ci.concourse-ci.org
|
||
##
|
||
externalUrl: ""
|
||
## Force sending secure flags on http cookies
|
||
##
|
||
auth:
|
||
## @param web.auth.cookieSecure use cookie secure true or false
|
||
##
|
||
cookieSecure: false
|
||
## @param web.auth.duration Length of time for which tokens are valid. Afterwards, users will have to log back in.
|
||
## The value must be specified as Go duration values (e.g.: 30m or 24h).
|
||
##
|
||
duration: 24h
|
||
## @param web.auth.passwordConnector The connector to use for password authentication for `fly login -u ... -p ...`.
|
||
## Either "local" or "ldap". Defaults to "local".
|
||
##
|
||
passwordConnector: ""
|
||
mainTeam:
|
||
## @param web.auth.mainTeam.config Configuration file for specifying the main teams params.
|
||
## ref: https://concourse-ci.org/managing-teams.html#setting-roles
|
||
## E.g:
|
||
## config: |
|
||
## roles:
|
||
## - name: owner
|
||
## local:
|
||
## users: ["admin"]
|
||
## - name: member
|
||
## local:
|
||
## users: ["test"]
|
||
##
|
||
config: ""
|
||
## @param web.auth.mainTeam.localUser Comma-separated list of local Concourse users to be included as members of the `main` team.
|
||
## Make sure you have local users support enabled (`concourse.web.localAuth.enabled`) and
|
||
## that the users were added (`secrets.localUsers`).
|
||
##
|
||
localUser: "user"
|
||
## @param web.existingSecret Use an existing secret for the Web service credentials
|
||
##
|
||
existingSecret: ""
|
||
## @param web.enableAcrossStep Enable the experimental across step to be used in jobs. The API is subject to change.
|
||
##
|
||
enableAcrossStep: false
|
||
## @param web.enablePipelineInstances Enable the creation of instanced pipelines.
|
||
##
|
||
enablePipelineInstances: false
|
||
## @param web.enableCacheStreamedVolumes Enable caching streamed resource volumes on the destination worker.
|
||
##
|
||
enableCacheStreamedVolumes: false
|
||
## @param web.baseResourceTypeDefaults Configuration file for specifying defaults for base resource types
|
||
## ref: https://concourse-ci.org/concourse-web.html#resource-defaults
|
||
## E.g:
|
||
## baseResourceTypeDefaults: |
|
||
## registry-image:
|
||
## registry_mirror:
|
||
## host: https://registry.mirror.example.com
|
||
##
|
||
baseResourceTypeDefaults: ""
|
||
## @param web.tsa.logLevel Minimum level of logs to see. Possible values: debug, info, error
|
||
## @param web.tsa.bindIp IP address on which to listen for SSH
|
||
## @param web.tsa.debugBindIp IP address on which to listen for the pprof debugger endpoints (default: 127.0.0.1)
|
||
## @param web.tsa.heartbeatInterval Interval on which to heartbeat workers to the ATC
|
||
## @param web.tsa.gardenRequestTimeout How long to wait for requests to Garden to complete. 0 means no timeout
|
||
##
|
||
tsa:
|
||
logLevel: debug
|
||
bindIp: 0.0.0.0
|
||
debugBindIp: 127.0.0.1
|
||
heartbeatInterval: 30s
|
||
gardenRequestTimeout: ""
|
||
## @param web.tls.enabled enable serving HTTPS traffic directly through the web component.
|
||
##
|
||
tls:
|
||
enabled: false
|
||
## @param web.configRBAC Set RBAC configuration
|
||
##
|
||
## Configuration for using Conjur as a credential manager.
|
||
## Ref: https://concourse-ci.org/conjur-credential-manager.html
|
||
##
|
||
conjur:
|
||
## @param web.conjur.enabled Enable the use of Conjur as a credential manager
|
||
enabled: false
|
||
## @param web.conjur.applianceUrl URL of the Conjur instance.
|
||
applianceUrl: ""
|
||
## @param web.conjur.pipelineSecretTemplate Path used to locate pipeline-level secret
|
||
pipelineSecretTemplate: concourse/{{.Team}}/{{.Pipeline}}/{{.Secret}}
|
||
## @param web.conjur.teamSecretTemplate Path used to locate team-level secret
|
||
teamSecretTemplate: concourse/{{.Team}}/{{.Secret}}
|
||
## @param web.conjur.secretTemplate Path used to locate a vault or safe-level secret
|
||
secretTemplate: concourse/{{.Secret}}
|
||
configRBAC: ""
|
||
## @param web.existingConfigmap The name of an existing ConfigMap with your custom configuration for web
|
||
##
|
||
existingConfigmap: ""
|
||
## @param web.command Override default container command (useful when using custom images)
|
||
##
|
||
command: []
|
||
## @param web.args Override default container args (useful when using custom images)
|
||
##
|
||
args: []
|
||
## @param web.extraEnvVars Array with extra environment variables to add to Concourse web nodes
|
||
## e.g:
|
||
## extraEnvVars:
|
||
## - name: FOO
|
||
## value: "bar"
|
||
##
|
||
extraEnvVars: []
|
||
## @param web.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Concourse web nodes
|
||
##
|
||
extraEnvVarsCM: ""
|
||
## @param web.extraEnvVarsSecret Name of existing Secret containing extra env vars for Concourse web nodes
|
||
##
|
||
extraEnvVarsSecret: ""
|
||
## @param web.replicaCount Number of Concourse web replicas to deploy
|
||
##
|
||
replicaCount: 1
|
||
## @param web.containerPorts.http Concourse web UI and API HTTP container port
|
||
## @param web.containerPorts.https Concourse web UI and API HTTPS container port
|
||
## @param web.containerPorts.tsa Concourse web TSA SSH container port
|
||
## @param web.containerPorts.pprof Concourse web TSA pprof server container port
|
||
##
|
||
containerPorts:
|
||
http: 8080
|
||
https: 8443
|
||
tsa: 2222
|
||
pprof: 2221
|
||
## Configure extra options for Concourse web containers' liveness, readiness and startup probes
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
|
||
## @param web.livenessProbe.enabled Enable livenessProbe on Concourse web containers
|
||
## @param web.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
||
## @param web.livenessProbe.periodSeconds Period seconds for livenessProbe
|
||
## @param web.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
||
## @param web.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
||
## @param web.livenessProbe.successThreshold Success threshold for livenessProbe
|
||
##
|
||
livenessProbe:
|
||
enabled: true
|
||
initialDelaySeconds: 10
|
||
periodSeconds: 15
|
||
timeoutSeconds: 3
|
||
failureThreshold: 1
|
||
successThreshold: 1
|
||
## @param web.readinessProbe.enabled Enable readinessProbe on Concourse web containers
|
||
## @param web.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
||
## @param web.readinessProbe.periodSeconds Period seconds for readinessProbe
|
||
## @param web.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
||
## @param web.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
||
## @param web.readinessProbe.successThreshold Success threshold for readinessProbe
|
||
##
|
||
readinessProbe:
|
||
enabled: true
|
||
initialDelaySeconds: 10
|
||
periodSeconds: 15
|
||
timeoutSeconds: 3
|
||
failureThreshold: 1
|
||
successThreshold: 1
|
||
## @param web.startupProbe.enabled Enable startupProbe on Concourse web containers
|
||
## @param web.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
||
## @param web.startupProbe.periodSeconds Period seconds for startupProbe
|
||
## @param web.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
||
## @param web.startupProbe.failureThreshold Failure threshold for startupProbe
|
||
## @param web.startupProbe.successThreshold Success threshold for startupProbe
|
||
##
|
||
startupProbe:
|
||
enabled: false
|
||
initialDelaySeconds: 5
|
||
periodSeconds: 10
|
||
timeoutSeconds: 1
|
||
failureThreshold: 15
|
||
successThreshold: 1
|
||
## @param web.customLivenessProbe Custom livenessProbe that overrides the default one
|
||
##
|
||
customLivenessProbe: {}
|
||
## @param web.customReadinessProbe Custom readinessProbe that overrides the default one
|
||
##
|
||
customReadinessProbe: {}
|
||
## @param web.customStartupProbe Custom startupProbe that overrides the default one
|
||
##
|
||
customStartupProbe: {}
|
||
## Concourse web resource requests and limits
|
||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||
## @param web.resources.limits The resources limits for the Concourse web containers
|
||
## @param web.resources.requests The requested resources for the Concourse web containers
|
||
##
|
||
resources:
|
||
limits: {}
|
||
requests: {}
|
||
## Configure Pods Security Context
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||
## @param web.podSecurityContext.enabled Enabled web pods' Security Context
|
||
## @param web.podSecurityContext.fsGroup Set web pod's Security Context fsGroup
|
||
##
|
||
podSecurityContext:
|
||
enabled: true
|
||
fsGroup: 1001
|
||
## Configure Container Security Context
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||
## @param web.containerSecurityContext.enabled Enabled web containers' Security Context
|
||
## @param web.containerSecurityContext.runAsUser Set web containers' Security Context runAsUser
|
||
##
|
||
containerSecurityContext:
|
||
enabled: true
|
||
runAsUser: 1001
|
||
## @param web.hostAliases Concourse web pod host aliases
|
||
##
|
||
hostAliases: []
|
||
## @param web.podLabels Extra labels for Concourse web pods
|
||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/
|
||
##
|
||
podLabels: {}
|
||
## @param web.podAnnotations Annotations for Concourse web pods
|
||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||
##
|
||
podAnnotations: {}
|
||
## @param web.podAffinityPreset Pod affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
|
||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||
##
|
||
podAffinityPreset: ""
|
||
## @param web.podAntiAffinityPreset Pod anti-affinity preset. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
|
||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||
##
|
||
podAntiAffinityPreset: soft
|
||
## Node web.affinity preset
|
||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
||
##
|
||
nodeAffinityPreset:
|
||
## @param web.nodeAffinityPreset.type Node affinity preset type. Ignored if `web.affinity` is set. Allowed values: `soft` or `hard`
|
||
##
|
||
type: ""
|
||
## @param web.nodeAffinityPreset.key Node label key to match. Ignored if `web.affinity` is set
|
||
##
|
||
key: ""
|
||
## @param web.nodeAffinityPreset.values Node label values to match. Ignored if `web.affinity` is set
|
||
## E.g.
|
||
## values:
|
||
## - e2e-az1
|
||
## - e2e-az2
|
||
##
|
||
values: []
|
||
## @param web.affinity Affinity for web pods assignment
|
||
## ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||
## NOTE: `web.podAffinityPreset`, `web.podAntiAffinityPreset`, and `web.nodeAffinityPreset` will be ignored when it's set
|
||
##
|
||
affinity: {}
|
||
## @param web.nodeSelector Node labels for web pods assignment
|
||
## ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||
##
|
||
nodeSelector: {}
|
||
## @param web.tolerations Tolerations for web pods assignment
|
||
## ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||
##
|
||
tolerations: []
|
||
## @param web.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
||
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
||
##
|
||
topologySpreadConstraints: []
|
||
## @param web.priorityClassName Priority Class to use for each pod (Concourse web)
|
||
##
|
||
priorityClassName: ""
|
||
## @param web.schedulerName Use an alternate scheduler, e.g. "stork".
|
||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||
##
|
||
schedulerName: ""
|
||
## @param web.terminationGracePeriodSeconds Seconds Concourse web pod needs to terminate gracefully
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
||
##
|
||
terminationGracePeriodSeconds: ""
|
||
## @param web.updateStrategy.rollingUpdate Concourse web statefulset rolling update configuration parameters
|
||
## @param web.updateStrategy.type Concourse web statefulset strategy type
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
||
##
|
||
updateStrategy:
|
||
type: RollingUpdate
|
||
rollingUpdate: {}
|
||
## @param web.lifecycleHooks lifecycleHooks for the Concourse web container(s)
|
||
##
|
||
lifecycleHooks: {}
|
||
## @param web.extraVolumes Optionally specify extra list of additional volumeMounts for the Concourse web container(s)
|
||
##
|
||
extraVolumes: []
|
||
## @param web.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Concourse web container(s)
|
||
##
|
||
extraVolumeMounts: []
|
||
## @param web.sidecars Add additional sidecar containers to the Concourse web pod(s)
|
||
## e.g:
|
||
## sidecars:
|
||
## - name: your-image-name
|
||
## image: your-image
|
||
## imagePullPolicy: Always
|
||
## ports:
|
||
## - name: portname
|
||
## containerPort: 1234
|
||
##
|
||
sidecars: []
|
||
## @param web.initContainers Add additional init containers to the Concourse web pod(s)
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
||
## e.g:
|
||
## initContainers:
|
||
## - name: your-image-name
|
||
## image: your-image
|
||
## imagePullPolicy: Always
|
||
## command: ['sh', '-c', 'echo "hello world"']
|
||
##
|
||
initContainers: []
|
||
## @param web.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
||
##
|
||
psp:
|
||
create: false
|
||
## RBAC parameters
|
||
##
|
||
rbac:
|
||
## @param web.rbac.create Specifies whether RBAC resources should be created
|
||
##
|
||
create: true
|
||
## @param web.rbac.rules Custom RBAC rules to set
|
||
## e.g:
|
||
## rules:
|
||
## - apiGroups:
|
||
## - ""
|
||
## resources:
|
||
## - pods
|
||
## verbs:
|
||
## - get
|
||
## - list
|
||
##
|
||
rules: []
|
||
## ServiceAccount parameters
|
||
##
|
||
serviceAccount:
|
||
## @param web.serviceAccount.create Specifies whether a ServiceAccount should be created
|
||
##
|
||
create: true
|
||
## @param web.serviceAccount.name Override Web service account name
|
||
## If not set and create is true, a name is generated using the fullname template
|
||
##
|
||
name: ""
|
||
## @param web.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
||
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
||
##
|
||
automountServiceAccountToken: true
|
||
## @param web.serviceAccount.annotations Additional custom annotations for the ServiceAccount
|
||
##
|
||
annotations: {}
|
||
|
||
## @section Concourse Worker parameters
|
||
##
|
||
worker:
|
||
## @param worker.enabled Enable Concourse worker nodes
|
||
##
|
||
enabled: true
|
||
## @param worker.runtime Set CONCURSE_RUNTIME in worker nodes. Please note the default runtime (guardian) only supports cgroupsv1.
|
||
## ref: https://concourse-ci.org/concourse-worker.html#configuring-runtimes
|
||
## ref: https://github.com/concourse/docs/pull/444
|
||
runtime: containerd
|
||
## @param worker.logLevel Minimum level of logs to see. Possible options: debug, info, error
|
||
##
|
||
logLevel: debug
|
||
## @param worker.bindIp IP address on which to listen for the Garden server.
|
||
##
|
||
bindIp: 127.0.0.1
|
||
## @param worker.tsa.hosts TSA host(s) to forward the worker through
|
||
## Only used for worker-only deployments.
|
||
##
|
||
tsa:
|
||
hosts: []
|
||
## @param worker.existingSecret name of an existing secret resource containing the keys and the pub
|
||
##
|
||
existingSecret: ""
|
||
## @param worker.baggageclaim.logLevel Minimum level of logs to see. Allowed values: `debug`, `info`, and `error`
|
||
## @param worker.baggageclaim.bindIp IP address on which to listen for API traffic
|
||
## @param worker.baggageclaim.debugBindIp IP address on which to listen for the pprof debugger endpoints
|
||
## @param worker.baggageclaim.disableUserNamespaces Disable remapping of user/group IDs in unprivileged volumes
|
||
## @param worker.baggageclaim.volumes Directory in which to place volume data
|
||
## @param worker.baggageclaim.driver Driver to use for managing volumes. Allowed values: `detect`, `naive`, `btrfs`, and `overlay`
|
||
## @param worker.baggageclaim.btrfsBin Path to btrfs binary
|
||
## @param worker.baggageclaim.mkfsBin Path to mkfs.btrfs binary
|
||
## @param worker.baggageclaim.overlaysDir Path to directory in which to store overlay data
|
||
##
|
||
baggageclaim:
|
||
logLevel: info
|
||
bindIp: 127.0.0.1
|
||
debugBindIp: 127.0.0.1
|
||
disableUserNamespaces: ""
|
||
volumes: ""
|
||
driver: ""
|
||
btrfsBin: btrfs
|
||
mkfsBin: mkfs.btrfs
|
||
overlaysDir: ""
|
||
## @param worker.command Override default container command (useful when using custom images)
|
||
##
|
||
command: []
|
||
## @param worker.args Override worker default args
|
||
##
|
||
args: []
|
||
## @param worker.replicaCount Number of worker replicas
|
||
##
|
||
replicaCount: 2
|
||
## @param worker.mode Selects kind of Deployment. Allowed values: `deployment` or `statefulset`
|
||
## Using `deployment` leads to ephemeral workers. Meaning workers do not share state between restarts
|
||
##
|
||
mode: deployment
|
||
## @param worker.containerPorts.garden Concourse worker Garden server container port
|
||
## @param worker.containerPorts.health Concourse worker health-check container port
|
||
## @param worker.containerPorts.baggageclaim Concourse worker baggageclaim API container port
|
||
## @param worker.containerPorts.pprof Concourse worker baggageclaim pprof server container port
|
||
##
|
||
containerPorts:
|
||
garden: 7777
|
||
health: 8888
|
||
baggageclaim: 7788
|
||
pprof: 7787
|
||
## Configure extra options for Concourse worker containers' liveness, readiness and startup probes
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes
|
||
## @param worker.livenessProbe.enabled Enable livenessProbe on Concourse worker containers
|
||
## @param worker.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
|
||
## @param worker.livenessProbe.periodSeconds Period seconds for livenessProbe
|
||
## @param worker.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
|
||
## @param worker.livenessProbe.failureThreshold Failure threshold for livenessProbe
|
||
## @param worker.livenessProbe.successThreshold Success threshold for livenessProbe
|
||
##
|
||
livenessProbe:
|
||
enabled: true
|
||
initialDelaySeconds: 10
|
||
periodSeconds: 15
|
||
timeoutSeconds: 3
|
||
failureThreshold: 1
|
||
successThreshold: 1
|
||
## @param worker.readinessProbe.enabled Enable readinessProbe on Concourse worker containers
|
||
## @param worker.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
|
||
## @param worker.readinessProbe.periodSeconds Period seconds for readinessProbe
|
||
## @param worker.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
|
||
## @param worker.readinessProbe.failureThreshold Failure threshold for readinessProbe
|
||
## @param worker.readinessProbe.successThreshold Success threshold for readinessProbe
|
||
##
|
||
readinessProbe:
|
||
enabled: true
|
||
initialDelaySeconds: 10
|
||
periodSeconds: 15
|
||
timeoutSeconds: 3
|
||
failureThreshold: 1
|
||
successThreshold: 1
|
||
## @param worker.startupProbe.enabled Enable startupProbe on Concourse worker containers
|
||
## @param worker.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
|
||
## @param worker.startupProbe.periodSeconds Period seconds for startupProbe
|
||
## @param worker.startupProbe.timeoutSeconds Timeout seconds for startupProbe
|
||
## @param worker.startupProbe.failureThreshold Failure threshold for startupProbe
|
||
## @param worker.startupProbe.successThreshold Success threshold for startupProbe
|
||
##
|
||
startupProbe:
|
||
enabled: false
|
||
initialDelaySeconds: 5
|
||
periodSeconds: 10
|
||
timeoutSeconds: 1
|
||
failureThreshold: 15
|
||
successThreshold: 1
|
||
## @param worker.customLivenessProbe Custom livenessProbe that overrides the default one
|
||
##
|
||
customLivenessProbe: {}
|
||
## @param worker.customReadinessProbe Custom readinessProbe that overrides the default one
|
||
##
|
||
customReadinessProbe: {}
|
||
## @param worker.customStartupProbe Custom startupProbe that overrides the default one
|
||
##
|
||
customStartupProbe: {}
|
||
## Concourse worker resource requests and limits
|
||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||
## @param worker.resources.limits The resources limits for the Concourse worker containers
|
||
## @param worker.resources.requests The requested resources for the Concourse worker containers
|
||
##
|
||
resources:
|
||
limits: {}
|
||
requests: {}
|
||
## Configure Pods Security Context
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||
## @param worker.podSecurityContext.enabled Enabled worker pods' Security Context
|
||
## @param worker.podSecurityContext.fsGroup Set worker pod's Security Context fsGroup
|
||
##
|
||
podSecurityContext:
|
||
enabled: true
|
||
fsGroup: 1001
|
||
## Configure Container Security Context
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
|
||
## @param worker.containerSecurityContext.enabled Enabled worker containers' Security Context
|
||
## @param worker.containerSecurityContext.privileged Set worker containers' Security Context with privileged or not
|
||
## @param worker.containerSecurityContext.runAsUser Set worker containers' Security Context user
|
||
##
|
||
containerSecurityContext:
|
||
enabled: true
|
||
privileged: true
|
||
runAsUser: 0
|
||
## @param worker.hostAliases Concourse worker pod host aliases
|
||
##
|
||
hostAliases: []
|
||
## @param worker.podLabels Custom labels for Concourse worker pods
|
||
##
|
||
podLabels: {}
|
||
## @param worker.podAnnotations Annotations for Concourse worker pods
|
||
## ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
|
||
##
|
||
podAnnotations: {}
|
||
## @param worker.podAffinityPreset Pod affinity preset. Ignored if `worker.affinity` is set. Allowed values: `soft` or `hard`
|
||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||
##
|
||
## Pod affinity preset
|
||
## ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||
## Allowed values: soft, hard
|
||
##
|
||
podAffinityPreset: ""
|
||
## @param worker.podAntiAffinityPreset Pod anti-affinity preset
|
||
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#inter-pod-affinity-and-anti-affinity
|
||
## Allowed values: soft, hard
|
||
##
|
||
podAntiAffinityPreset: soft
|
||
## Node affinity preset
|
||
## Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#node-affinity
|
||
## Allowed values: soft, hard
|
||
##
|
||
nodeAffinityPreset:
|
||
## @param worker.nodeAffinityPreset.type Node affinity type
|
||
## Allowed values: soft, hard
|
||
##
|
||
type: ""
|
||
## @param worker.nodeAffinityPreset.key Node label key to match
|
||
## E.g.
|
||
## key: "kubernetes.io/e2e-az-name"
|
||
##
|
||
key: ""
|
||
## @param worker.nodeAffinityPreset.values [array] Node label values to match
|
||
## E.g.
|
||
## values:
|
||
## - e2e-az1
|
||
## - e2e-az2
|
||
##
|
||
values: []
|
||
## @param worker.affinity Affinity for pod assignment
|
||
## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
|
||
## Note: podAffinityPreset, podAntiAffinityPreset, and nodeAffinityPreset will be ignored when it's set
|
||
##
|
||
affinity: {}
|
||
## @param worker.nodeSelector Node labels for pod assignment
|
||
## Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
||
##
|
||
nodeSelector: {}
|
||
## @param worker.tolerations Tolerations for worker pod assignment
|
||
## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
|
||
## Note: this configuration supersedes the global tolerations configuration
|
||
##
|
||
tolerations: []
|
||
## @param worker.topologySpreadConstraints Topology Spread Constraints for pod assignment spread across your cluster among failure-domains. Evaluated as a template
|
||
## Ref: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/#spread-constraints-for-pods
|
||
##
|
||
topologySpreadConstraints: []
|
||
## @param worker.priorityClassName Priority Class to use for each pod (Concourse worker)
|
||
##
|
||
priorityClassName: ""
|
||
## @param worker.schedulerName Use an alternate scheduler, e.g. "stork".
|
||
## ref: https://kubernetes.io/docs/tasks/administer-cluster/configure-multiple-schedulers/
|
||
##
|
||
schedulerName: ""
|
||
## @param worker.terminationGracePeriodSeconds Seconds Concourse worker pod needs to terminate gracefully
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/pod/#termination-of-pods
|
||
##
|
||
terminationGracePeriodSeconds: ""
|
||
## @param worker.podManagementPolicy Statefulset Pod Management Policy Type. Allowed values: `OrderedReady` or `Parallel`
|
||
## ref: https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy
|
||
##
|
||
podManagementPolicy: OrderedReady
|
||
## @param worker.updateStrategy.rollingUpdate Concourse worker statefulset rolling update configuration parameters
|
||
## @param worker.updateStrategy.type Concourse worker statefulset strategy type
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
|
||
##
|
||
updateStrategy:
|
||
type: RollingUpdate
|
||
rollingUpdate: {}
|
||
## @param worker.lifecycleHooks for the Concourse worker container(s) to automate configuration before or after startup
|
||
##
|
||
lifecycleHooks: {}
|
||
## @param worker.extraEnvVars Array with extra environment variables to add to Concourse worker nodes
|
||
## e.g:
|
||
## extraEnvVars:
|
||
## - name: FOO
|
||
## value: "bar"
|
||
##
|
||
extraEnvVars: []
|
||
## @param worker.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Concourse worker nodes
|
||
##
|
||
extraEnvVarsCM: ""
|
||
## @param worker.extraEnvVarsSecret Name of existing Secret containing extra env vars for Concourse worker nodes
|
||
##
|
||
extraEnvVarsSecret: ""
|
||
## @param worker.extraVolumes Optionally specify extra list of additional volumes for the Concourse worker pod(s)
|
||
##
|
||
extraVolumes: []
|
||
## @param worker.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Concourse worker container(s)
|
||
##
|
||
extraVolumeMounts: []
|
||
## @param worker.sidecars Add additional sidecar containers to the Concourse worker pod(s)
|
||
## e.g:
|
||
## sidecars:
|
||
## - name: your-image-name
|
||
## image: your-image
|
||
## imagePullPolicy: Always
|
||
## ports:
|
||
## - name: portname
|
||
## containerPort: 1234
|
||
##
|
||
sidecars: []
|
||
## @param worker.initContainers Add additional init containers to the Concourse worker pod(s)
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
|
||
## e.g:
|
||
## initContainers:
|
||
## - name: your-image-name
|
||
## image: your-image
|
||
## imagePullPolicy: Always
|
||
## command: ['sh', '-c', 'echo "hello world"']
|
||
##
|
||
initContainers: []
|
||
## Enable HorizontalPodAutoscaler for Concourse worker pods
|
||
## ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/
|
||
##
|
||
## @param worker.autoscaling.enabled Enable autoscaling for the Concourse worker nodes
|
||
## @param worker.autoscaling.maxReplicas Set maximum number of replicas to the Concourse worker nodes
|
||
## @param worker.autoscaling.minReplicas Set minimum number of replicas to the Concourse worker nodes
|
||
## @param worker.autoscaling.builtInMetrics Array with built-in metrics
|
||
## @param worker.autoscaling.customMetrics Array with custom metrics
|
||
##
|
||
autoscaling:
|
||
enabled: false
|
||
maxReplicas: ""
|
||
minReplicas: ""
|
||
builtInMetrics: []
|
||
customMetrics: []
|
||
## Concourse Pod Disruption Budget configuration
|
||
## ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/
|
||
##
|
||
pdb:
|
||
create: true
|
||
## @param worker.pdb.create Create Pod disruption budget object for Concourse worker nodes
|
||
## @param worker.pdb.minAvailable Minimum number / percentage of Concourse worker pods that should remain scheduled
|
||
## @param worker.pdb.maxUnavailable Maximum number/percentage of Concourse worker pods that may be made unavailable
|
||
##
|
||
minAvailable: 2
|
||
maxUnavailable: ""
|
||
## @param worker.psp.create Whether to create a PodSecurityPolicy. WARNING: PodSecurityPolicy is deprecated in Kubernetes v1.21 or later, unavailable in v1.25 or later
|
||
##
|
||
psp:
|
||
create: false
|
||
## Concourse worker persistence configuration
|
||
##
|
||
persistence:
|
||
## @param worker.persistence.enabled Enable Concourse worker data persistence using PVC
|
||
##
|
||
enabled: true
|
||
## @param worker.persistence.existingClaim Name of an existing PVC to use
|
||
##
|
||
existingClaim: ""
|
||
## @param worker.persistence.storageClass PVC Storage Class for Concourse worker data volume
|
||
## If defined, storageClassName: <storageClass>
|
||
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
||
## If undefined (the default) or set to null, no storageClassName spec is
|
||
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
||
## GKE, AWS & OpenStack)
|
||
##
|
||
storageClass: ""
|
||
## @param worker.persistence.accessModes PVC Access Mode for Concourse worker volume
|
||
##
|
||
accessModes:
|
||
- ReadWriteOnce
|
||
## @param worker.persistence.size PVC Storage Request for Concourse worker volume
|
||
##
|
||
size: 8Gi
|
||
## @param worker.persistence.annotations Annotations for the PVC
|
||
##
|
||
annotations: {}
|
||
## @param worker.persistence.selector Selector to match an existing Persistent Volume (this value is evaluated as a template)
|
||
## selector:
|
||
## matchLabels:
|
||
## app: my-app
|
||
##
|
||
selector: {}
|
||
## RBAC parameters
|
||
##
|
||
rbac:
|
||
## @param worker.rbac.create Specifies whether RBAC resources should be created
|
||
##
|
||
create: true
|
||
## @param worker.rbac.rules Custom RBAC rules to set
|
||
## e.g:
|
||
## rules:
|
||
## - apiGroups:
|
||
## - ""
|
||
## resources:
|
||
## - pods
|
||
## verbs:
|
||
## - get
|
||
## - list
|
||
##
|
||
rules: []
|
||
## ServiceAccount parameters
|
||
##
|
||
serviceAccount:
|
||
## @param worker.serviceAccount.create Specifies whether a ServiceAccount should be created
|
||
##
|
||
create: true
|
||
## @param worker.serviceAccount.name Override worker service account name
|
||
## If not set and create is true, a name is generated using the fullname template
|
||
##
|
||
name: ""
|
||
## @param worker.serviceAccount.automountServiceAccountToken Allows auto mount of ServiceAccountToken on the serviceAccount created
|
||
## Can be set to false if pods using this serviceAccount do not need to use K8s API
|
||
##
|
||
automountServiceAccountToken: true
|
||
## @param worker.serviceAccount.annotations Additional custom annotations for the ServiceAccount
|
||
##
|
||
annotations: {}
|
||
|
||
|
||
## @section Traffic exposure parameters
|
||
|
||
service:
|
||
## Concourse web service parameters
|
||
##
|
||
web:
|
||
## @param service.web.type Concourse web service type
|
||
##
|
||
type: LoadBalancer
|
||
## @param service.web.ports.http Concourse web service HTTP port
|
||
## @param service.web.ports.https Concourse web service HTTPS port
|
||
##
|
||
ports:
|
||
http: 80
|
||
https: 443
|
||
## Node ports to expose
|
||
## @param service.web.nodePorts.http Node port for HTTP
|
||
## @param service.web.nodePorts.https Node port for HTTPS
|
||
## NOTE: choose port between <30000-32767>
|
||
##
|
||
nodePorts:
|
||
http: ""
|
||
https: ""
|
||
## @param service.web.sessionAffinity Control where client requests go, to the same pod or round-robin
|
||
## Values: ClientIP or None
|
||
## ref: https://kubernetes.io/docs/user-guide/services/
|
||
##
|
||
sessionAffinity: None
|
||
## @param service.web.sessionAffinityConfig Additional settings for the sessionAffinity
|
||
## sessionAffinityConfig:
|
||
## clientIP:
|
||
## timeoutSeconds: 300
|
||
##
|
||
sessionAffinityConfig: {}
|
||
## @param service.web.clusterIP Concourse web service Cluster IP
|
||
## e.g.:
|
||
## clusterIP: None
|
||
##
|
||
clusterIP: ""
|
||
## @param service.web.loadBalancerIP Concourse web service Load Balancer IP
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
||
##
|
||
loadBalancerIP: ""
|
||
## @param service.web.loadBalancerSourceRanges Concourse web service Load Balancer sources
|
||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||
## e.g:
|
||
## loadBalancerSourceRanges:
|
||
## - 10.10.10.0/24
|
||
##
|
||
loadBalancerSourceRanges: []
|
||
## @param service.web.externalTrafficPolicy Concourse web service external traffic policy
|
||
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||
##
|
||
externalTrafficPolicy: Cluster
|
||
## @param service.web.annotations Additional custom annotations for Concourse web service
|
||
##
|
||
annotations: {}
|
||
## @param service.web.extraPorts Extra port to expose on Concourse web service
|
||
##
|
||
extraPorts: []
|
||
## Concourse worker gateway service parameters
|
||
##
|
||
workerGateway:
|
||
## @param service.workerGateway.type Concourse worker gateway service type
|
||
##
|
||
type: ClusterIP
|
||
## @param service.workerGateway.ports.tsa Concourse worker gateway service port
|
||
##
|
||
ports:
|
||
tsa: 2222
|
||
## Node ports to expose
|
||
## @param service.workerGateway.nodePorts.tsa Node port for worker gateway service
|
||
## NOTE: choose port between <30000-32767>
|
||
##
|
||
nodePorts:
|
||
tsa: ""
|
||
## @param service.workerGateway.sessionAffinity Control where client requests go, to the same pod or round-robin
|
||
## Values: ClientIP or None
|
||
## ref: https://kubernetes.io/docs/user-guide/services/
|
||
##
|
||
sessionAffinity: None
|
||
## @param service.workerGateway.sessionAffinityConfig Additional settings for the sessionAffinity
|
||
## sessionAffinityConfig:
|
||
## clientIP:
|
||
## timeoutSeconds: 300
|
||
##
|
||
sessionAffinityConfig: {}
|
||
## @param service.workerGateway.clusterIP Concourse worker gateway service Cluster IP
|
||
## e.g.:
|
||
## clusterIP: None
|
||
##
|
||
clusterIP: ""
|
||
## @param service.workerGateway.loadBalancerIP Concourse worker gateway service Load Balancer IP
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/service/#type-loadbalancer
|
||
##
|
||
loadBalancerIP: ""
|
||
## @param service.workerGateway.loadBalancerSourceRanges Concourse worker gateway service Load Balancer sources
|
||
## ref: https://kubernetes.io/docs/tasks/access-application-cluster/configure-cloud-provider-firewall/#restrict-access-for-loadbalancer-service
|
||
## e.g:
|
||
## loadBalancerSourceRanges:
|
||
## - 10.10.10.0/24
|
||
##
|
||
loadBalancerSourceRanges: []
|
||
## @param service.workerGateway.externalTrafficPolicy Concourse worker gateway service external traffic policy
|
||
## ref https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
|
||
##
|
||
externalTrafficPolicy: Cluster
|
||
## @param service.workerGateway.annotations Additional custom annotations for Concourse worker gateway service
|
||
##
|
||
annotations: {}
|
||
## @param service.workerGateway.extraPorts Extra port to expose on Concourse worker gateway service
|
||
##
|
||
extraPorts: []
|
||
## Concourse ingress parameters
|
||
## ref: https://kubernetes.io/docs/user-guide/ingress/
|
||
##
|
||
ingress:
|
||
## @param ingress.enabled Enable ingress record generation for Concourse
|
||
##
|
||
enabled: false
|
||
## @param ingress.ingressClassName IngressClass that will be be used to implement the Ingress (Kubernetes 1.18+)
|
||
## This is supported in Kubernetes 1.18+ and required if you have more than one IngressClass marked as the default for your cluster .
|
||
## ref: https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/
|
||
##
|
||
ingressClassName: ""
|
||
## @param ingress.pathType Ingress path type
|
||
##
|
||
pathType: ImplementationSpecific
|
||
## @param ingress.apiVersion Force Ingress API version (automatically detected if not set)
|
||
##
|
||
apiVersion: ""
|
||
## @param ingress.hostname Default host for the ingress record
|
||
##
|
||
hostname: concourse.local
|
||
## @param ingress.path Default path for the ingress record
|
||
## NOTE: You may need to set this to '/*' in order to use this with ALB ingress controllers
|
||
##
|
||
path: /
|
||
## @param ingress.annotations [object] Additional annotations for the Ingress resource. To enable certificate autogeneration, place here your cert-manager annotations.
|
||
## Use this parameter to set the required annotations for cert-manager, see
|
||
## ref: https://cert-manager.io/docs/usage/ingress/#supported-annotations
|
||
## e.g:
|
||
## annotations:
|
||
## kubernetes.io/ingress.class: nginx
|
||
## cert-manager.io/cluster-issuer: cluster-issuer-name
|
||
##
|
||
annotations: {}
|
||
## @param ingress.tls Enable TLS configuration for the host defined at `ingress.hostname` parameter
|
||
## TLS certificates will be retrieved from a TLS secret with name: `{{- printf "%s-tls" .Values.ingress.hostname }}`
|
||
## You can:
|
||
## - Use the `ingress.secrets` parameter to create this TLS secret
|
||
## - Rely on cert-manager to create it by setting the corresponding annotations
|
||
## - Rely on Helm to create self-signed certificates by setting `ingress.selfSigned=true`
|
||
##
|
||
tls: false
|
||
## @param ingress.selfSigned Create a TLS secret for this ingress record using self-signed certificates generated by Helm
|
||
##
|
||
selfSigned: false
|
||
## @param ingress.extraHosts An array with additional hostname(s) to be covered with the ingress record
|
||
## e.g:
|
||
## extraHosts:
|
||
## - name: concourse.local
|
||
## path: /
|
||
##
|
||
extraHosts: []
|
||
## @param ingress.extraPaths An array with additional arbitrary paths that may need to be added to the ingress under the main host
|
||
## e.g:
|
||
## extraPaths:
|
||
## - path: /*
|
||
## backend:
|
||
## serviceName: ssl-redirect
|
||
## servicePort: use-annotation
|
||
##
|
||
extraPaths: []
|
||
## @param ingress.extraTls TLS configuration for additional hostname(s) to be covered with this ingress record
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
|
||
## e.g:
|
||
## extraTls:
|
||
## - hosts:
|
||
## - concourse.local
|
||
## secretName: concourse.local-tls
|
||
##
|
||
extraTls: []
|
||
## @param ingress.secrets Custom TLS certificates as secrets
|
||
## NOTE: 'key' and 'certificate' are expected in PEM format
|
||
## NOTE: 'name' should line up with a 'secretName' set further up
|
||
## If it is not set and you're using cert-manager, this is unneeded, as it will create a secret for you with valid certificates
|
||
## If it is not set and you're NOT using cert-manager either, self-signed certificates will be created valid for 365 days
|
||
## It is also possible to create and manage the certificates outside of this helm chart
|
||
## Please see README.md for more information
|
||
## e.g:
|
||
## secrets:
|
||
## - name: concourse.local-tls
|
||
## key: |-
|
||
## -----BEGIN RSA PRIVATE KEY-----
|
||
## ...
|
||
## -----END RSA PRIVATE KEY-----
|
||
## certificate: |-
|
||
## -----BEGIN CERTIFICATE-----
|
||
## ...
|
||
## -----END CERTIFICATE-----
|
||
##
|
||
secrets: []
|
||
## @param ingress.extraRules Additional rules to be covered with this ingress record
|
||
## ref: https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-rules
|
||
## e.g:
|
||
## extraRules:
|
||
## - host: concourse.local
|
||
## http:
|
||
## path: /
|
||
## backend:
|
||
## service:
|
||
## name: concourse-svc
|
||
## port:
|
||
## name: http
|
||
##
|
||
extraRules: []
|
||
|
||
## @section Init Container Parameters
|
||
|
||
## Init containers parameters:
|
||
## volumePermissions: Change the owner and group of the persistent volume(s) mountpoint(s) to 'runAsUser:fsGroup' on each node
|
||
##
|
||
volumePermissions:
|
||
## @param volumePermissions.enabled Enable init container that changes the owner and group of the persistent volume
|
||
##
|
||
enabled: false
|
||
## @param volumePermissions.image.registry Init container volume-permissions image registry
|
||
## @param volumePermissions.image.repository Init container volume-permissions image repository
|
||
## @param volumePermissions.image.tag Init container volume-permissions image tag (immutable tags are recommended)
|
||
## @param volumePermissions.image.digest Init container volume-permissions image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
|
||
## @param volumePermissions.image.pullPolicy Init container volume-permissions image pull policy
|
||
## @param volumePermissions.image.pullSecrets Init container volume-permissions image pull secrets
|
||
##
|
||
image:
|
||
registry: docker.io
|
||
repository: bitnami/bitnami-shell
|
||
tag: 11-debian-11-r118
|
||
digest: ""
|
||
pullPolicy: IfNotPresent
|
||
## Optionally specify an array of imagePullSecrets.
|
||
## Secrets must be manually created in the namespace.
|
||
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
|
||
## Example:
|
||
## pullSecrets:
|
||
## - myRegistryKeySecretName
|
||
##
|
||
pullSecrets: []
|
||
## Init container resource requests and limits
|
||
## ref: https://kubernetes.io/docs/user-guide/compute-resources/
|
||
## @param volumePermissions.resources.limits Init container volume-permissions resource limits
|
||
## @param volumePermissions.resources.requests Init container volume-permissions resource requests
|
||
##
|
||
resources:
|
||
limits: {}
|
||
requests: {}
|
||
## Init container' Security Context
|
||
## @param volumePermissions.containerSecurityContext.enabled Enabled init container Security Context
|
||
## @param volumePermissions.containerSecurityContext.runAsUser User ID for the init container
|
||
##
|
||
containerSecurityContext:
|
||
enabled: true
|
||
runAsUser: 0
|
||
|
||
## @section Concourse database parameters
|
||
|
||
## PostgreSQL chart configuration
|
||
## ref: https://github.com/bitnami/charts/blob/main/bitnami/postgresql/values.yaml
|
||
## @param postgresql.enabled Switch to enable or disable the PostgreSQL helm chart
|
||
## @param postgresql.auth.enablePostgresUser Assign a password to the "postgres" admin user. Otherwise, remote access will be blocked for this user
|
||
## @param postgresql.auth.username Name for a custom user to create
|
||
## @param postgresql.auth.password Password for the custom user to create
|
||
## @param postgresql.auth.database Name for a custom database to create
|
||
## @param postgresql.auth.existingSecret Name of existing secret to use for PostgreSQL credentials
|
||
## @param postgresql.architecture PostgreSQL architecture (`standalone` or `replication`)
|
||
##
|
||
postgresql:
|
||
enabled: true
|
||
auth:
|
||
enablePostgresUser: false
|
||
username: bn_concourse
|
||
password: ""
|
||
database: bitnami_concourse
|
||
existingSecret: ""
|
||
architecture: standalone
|
||
|
||
## @section External PostgreSQL configuration
|
||
## All of these values are only used when postgresql.enabled is set to false
|
||
## @param externalDatabase.host Database host
|
||
## @param externalDatabase.port Database port number
|
||
## @param externalDatabase.user Non-root username for Concourse
|
||
## @param externalDatabase.password Password for the non-root username for Concourse
|
||
## @param externalDatabase.database Concourse database name
|
||
## @param externalDatabase.existingSecret Name of an existing secret resource containing the database credentials
|
||
## @param externalDatabase.existingSecretPasswordKey Name of an existing secret key containing the database credentials
|
||
##
|
||
externalDatabase:
|
||
host: localhost
|
||
port: 5432
|
||
user: bn_concourse
|
||
password: ""
|
||
database: bitnami_concourse
|
||
existingSecret: ""
|
||
existingSecretPasswordKey: ""
|