jenkins: helm chart and cue configuration
Change-Id: I3398b0fab8af43c4a138112a258263153d3ab473
diff --git a/charts/jenkins/values.yaml b/charts/jenkins/values.yaml
new file mode 100644
index 0000000..3f096e6
--- /dev/null
+++ b/charts/jenkins/values.yaml
@@ -0,0 +1,1306 @@
+# Default values for jenkins.
+# This is a YAML-formatted file.
+# Declare name/value pairs to be passed into your templates.
+# name: value
+
+## Overrides for generated resource names
+# See templates/_helpers.tpl
+# -- Override the resource name prefix
+# @default -- `Chart.Name`
+nameOverride:
+# -- Override the full resource names
+# @default -- `jenkins-(release-name)` or `jenkins` if the release-name is `jenkins`
+fullnameOverride:
+# -- Override the deployment namespace
+# @default -- `Release.Namespace`
+namespaceOverride:
+
+# For FQDN resolving of the controller service. Change this value to match your existing configuration.
+# ref: https://github.com/kubernetes/dns/blob/master/docs/specification.md
+# -- Override the cluster name for FQDN resolving
+clusterZone: "cluster.local"
+
+# -- The URL of the Kubernetes API server
+kubernetesURL: "https://kubernetes.default"
+
+# -- The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed.
+credentialsId:
+
+# -- Enables rendering of the helm.sh/chart label to the annotations
+renderHelmLabels: true
+
+controller:
+ # -- Used for label app.kubernetes.io/component
+ componentName: "jenkins-controller"
+ image:
+ # -- Controller image registry
+ registry: "docker.io"
+ # -- Controller image repository
+ repository: "jenkins/jenkins"
+
+ # -- Controller image tag override; i.e., tag: "2.440.1-jdk17"
+ tag:
+
+ # -- Controller image tag label
+ tagLabel: jdk17
+ # -- Controller image pull policy
+ pullPolicy: "Always"
+ # -- Controller image pull secret
+ imagePullSecretName:
+ # -- Lifecycle specification for controller-container
+ lifecycle: {}
+ # postStart:
+ # exec:
+ # command:
+ # - "uname"
+ # - "-a"
+
+ # -- Disable use of remember me
+ disableRememberMe: false
+
+ # -- Set Number of executors
+ numExecutors: 0
+
+ # -- Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE"
+ executorMode: "NORMAL"
+
+ # -- Append Jenkins labels to the controller
+ customJenkinsLabels: []
+
+ hostNetworking: false
+
+ # When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.
+ # If you disable the non-Jenkins identity store and instead use the Jenkins internal one,
+ # you should revert controller.admin.username to your preferred admin user:
+ admin:
+
+ # -- Admin username created as a secret if `controller.admin.createSecret` is true
+ username: "admin"
+ # -- Admin password created as a secret if `controller.admin.createSecret` is true
+ # @default -- <random password>
+ password:
+
+ # -- The key in the existing admin secret containing the username
+ userKey: jenkins-admin-user
+ # -- The key in the existing admin secret containing the password
+ passwordKey: jenkins-admin-password
+
+ # The default configuration uses this secret to configure an admin user
+ # If you don't need that user or use a different security realm, then you can disable it
+ # -- Create secret for admin user
+ createSecret: true
+
+ # -- The name of an existing secret containing the admin credentials
+ existingSecret: ""
+ # -- Email address for the administrator of the Jenkins instance
+ jenkinsAdminEmail:
+
+ # This value should not be changed unless you use your custom image of jenkins or any derived from.
+ # If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution"
+ # -- Custom Jenkins home path
+ jenkinsHome: "/var/jenkins_home"
+
+ # This value should not be changed unless you use your custom image of jenkins or any derived from.
+ # If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref"
+ # -- Custom Jenkins reference path
+ jenkinsRef: "/usr/share/jenkins/ref"
+
+ # Path to the jenkins war file which is used by jenkins-plugin-cli.
+ jenkinsWar: "/usr/share/jenkins/jenkins.war"
+ # Override the default arguments passed to the war
+ # overrideArgs:
+ # - --httpPort=8080
+
+ # -- Resource allocation (Requests and Limits)
+ resources:
+ requests:
+ cpu: "50m"
+ memory: "256Mi"
+ limits:
+ cpu: "2000m"
+ memory: "4096Mi"
+
+ # Share process namespace to allow sidecar containers to interact with processes in other containers in the same pod
+ shareProcessNamespace: false
+
+ # Overrides the init container default values
+ # -- Resources allocation (Requests and Limits) for Init Container
+ initContainerResources: {}
+ # initContainerResources:
+ # requests:
+ # cpu: "50m"
+ # memory: "256Mi"
+ # limits:
+ # cpu: "2000m"
+ # memory: "4096Mi"
+ # -- Environment variable sources for Init Container
+ initContainerEnvFrom: []
+
+ # useful for i.e., http_proxy
+ # -- Environment variables for Init Container
+ initContainerEnv: []
+ # initContainerEnv:
+ # - name: http_proxy
+ # value: "http://192.168.64.1:3128"
+
+ # -- Environment variable sources for Jenkins Container
+ containerEnvFrom: []
+
+ # -- Environment variables for Jenkins Container
+ containerEnv: []
+ # - name: http_proxy
+ # value: "http://192.168.64.1:3128"
+
+ # Set min/max heap here if needed with "-Xms512m -Xmx512m"
+ # -- Append to `JAVA_OPTS` env var
+ javaOpts:
+ # -- Append to `JENKINS_OPTS` env var
+ jenkinsOpts:
+
+ # If you are using the ingress definitions provided by this chart via the `controller.ingress` block,
+ # the configured hostname will be the ingress hostname starting with `https://`
+ # or `http://` depending on the `tls` configuration.
+ # The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`.
+ # -- Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise
+ jenkinsUrlProtocol:
+
+ # -- Set Jenkins URL if you are not using the ingress definitions provided by the chart
+ jenkinsUrl:
+
+ # If you set this prefix and use ingress controller, then you might want to set the ingress path below
+ # I.e., "/jenkins"
+ # -- Root URI Jenkins will be served on
+ jenkinsUriPrefix:
+
+ # -- Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set)
+ usePodSecurityContext: true
+
+ # Note that `runAsUser`, `fsGroup`, and `securityContextCapabilities` are
+ # being deprecated and replaced by `podSecurityContextOverride`.
+ # Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins', which exists in 'jenkins/jenkins' docker image.
+ # When configuring runAsUser to a different value than 0 also set fsGroup to the same value:
+ # -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that jenkins runs with.
+ runAsUser: 1000
+
+ # -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that will be used for persistent volume.
+ fsGroup: 1000
+
+ # If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here
+ # securityContextCapabilities:
+ # drop:
+ # - NET_RAW
+ securityContextCapabilities: {}
+
+ # In the case of mounting an ext4 filesystem, it might be desirable to use `supplementalGroups` instead of `fsGroup` in
+ # the `securityContext` block: https://github.com/kubernetes/kubernetes/issues/67014#issuecomment-589915496
+ # podSecurityContextOverride:
+ # runAsUser: 1000
+ # runAsNonRoot: true
+ # supplementalGroups: [1000]
+ # capabilities: {}
+ # -- Completely overwrites the contents of the pod security context, ignoring the values provided for `runAsUser`, `fsGroup`, and `securityContextCapabilities`
+ podSecurityContextOverride: ~
+
+ # -- Allow controlling the securityContext for the jenkins container
+ containerSecurityContext:
+ runAsUser: 1000
+ runAsGroup: 1000
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+
+ # For minikube, set this to NodePort, elsewhere uses LoadBalancer
+ # Use ClusterIP if your setup includes ingress controller
+ # -- k8s service type
+ serviceType: ClusterIP
+
+ # -- k8s service clusterIP. Only used if serviceType is ClusterIP
+ clusterIp:
+ # -- k8s service port
+ servicePort: 8080
+ # -- k8s target port
+ targetPort: 8080
+ # -- k8s node port. Only used if serviceType is NodePort
+ nodePort:
+
+ # Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and NodePort type services,
+ # but risks potentially imbalanced traffic spreading.
+ serviceExternalTrafficPolicy:
+
+ # -- Jenkins controller service annotations
+ serviceAnnotations: {}
+ # -- Jenkins controller custom labels for the StatefulSet
+ statefulSetLabels: {}
+ # foo: bar
+ # bar: foo
+ # -- Labels for the Jenkins controller-service
+ serviceLabels: {}
+ # service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
+
+ # Put labels on Jenkins controller pod
+ # -- Custom Pod labels (an object with `label-key: label-value` pairs)
+ podLabels: {}
+
+ # Enable Kubernetes Startup, Liveness and Readiness Probes
+ # if Startup Probe is supported, enable it too
+ # ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.
+ # ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes
+ # -- Enable Kubernetes Probes configuration configured in `controller.probes`
+ healthProbes: true
+
+ probes:
+ startupProbe:
+ # -- Set the failure threshold for the startup probe
+ failureThreshold: 12
+ httpGet:
+ # -- Set the Pod's HTTP path for the startup probe
+ path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
+ # -- Set the Pod's HTTP port to use for the startup probe
+ port: http
+ # -- Set the time interval between two startup probes executions in seconds
+ periodSeconds: 10
+ # -- Set the timeout for the startup probe in seconds
+ timeoutSeconds: 5
+
+ livenessProbe:
+ # -- Set the failure threshold for the liveness probe
+ failureThreshold: 5
+ httpGet:
+ # -- Set the Pod's HTTP path for the liveness probe
+ path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
+ # -- Set the Pod's HTTP port to use for the liveness probe
+ port: http
+ # -- Set the time interval between two liveness probes executions in seconds
+ periodSeconds: 10
+ # -- Set the timeout for the liveness probe in seconds
+ timeoutSeconds: 5
+
+ # If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.
+ # It delays the initial liveness probe while Jenkins is starting
+ # -- Set the initial delay for the liveness probe in seconds
+ initialDelaySeconds:
+
+ readinessProbe:
+ # -- Set the failure threshold for the readiness probe
+ failureThreshold: 3
+ httpGet:
+ # -- Set the Pod's HTTP path for the liveness probe
+ path: '{{ default "" .Values.controller.jenkinsUriPrefix }}/login'
+ # -- Set the Pod's HTTP port to use for the readiness probe
+ port: http
+ # -- Set the time interval between two readiness probes executions in seconds
+ periodSeconds: 10
+ # -- Set the timeout for the readiness probe in seconds
+ timeoutSeconds: 5
+
+ # If Startup Probe is not supported on your Kubernetes cluster, you might want to use "initialDelaySeconds" instead.
+ # It delays the initial readiness probe while Jenkins is starting
+ # -- Set the initial delay for the readiness probe in seconds
+ initialDelaySeconds:
+
+ # PodDisruptionBudget config
+ podDisruptionBudget:
+ # ref: https://kubernetes.io/docs/tasks/run-application/configure-pdb/
+
+ # -- Enable Kubernetes Pod Disruption Budget configuration
+ enabled: false
+
+ # For Kubernetes v1.5+, use 'policy/v1beta1'
+ # For Kubernetes v1.21+, use 'policy/v1'
+ # -- Policy API version
+ apiVersion: "policy/v1beta1"
+
+ annotations: {}
+ labels: {}
+ # -- Number of pods that can be unavailable. Either an absolute number or a percentage
+ maxUnavailable: "0"
+
+ # -- Create Agent listener service
+ agentListenerEnabled: true
+ # -- Listening port for agents
+ agentListenerPort: 50000
+ # -- Host port to listen for agents
+ agentListenerHostPort:
+ # -- Node port to listen for agents
+ agentListenerNodePort:
+
+ # ref: https://kubernetes.io/docs/concepts/services-networking/service/#traffic-policies
+ # -- Traffic Policy of for the agentListener service
+ agentListenerExternalTrafficPolicy:
+ # -- Allowed inbound IP for the agentListener service
+ agentListenerLoadBalancerSourceRanges:
+ - 0.0.0.0/0
+ # -- Disabled agent protocols
+ disabledAgentProtocols:
+ - JNLP-connect
+ - JNLP2-connect
+ csrf:
+ defaultCrumbIssuer:
+ # -- Enable the default CSRF Crumb issuer
+ enabled: true
+ # -- Enable proxy compatibility
+ proxyCompatability: true
+
+ # Kubernetes service type for the JNLP agent service
+ # agentListenerServiceType is the Kubernetes Service type for the JNLP agent service,
+ # either 'LoadBalancer', 'NodePort', or 'ClusterIP'
+ # Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default,
+ # this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE
+ # security risk: https://github.com/kubernetes/charts/issues/1341
+ # -- Defines how to expose the agentListener service
+ agentListenerServiceType: "ClusterIP"
+
+ # -- Annotations for the agentListener service
+ agentListenerServiceAnnotations: {}
+
+ # Optionally, assign an IP to the LoadBalancer agentListenerService LoadBalancer
+ # GKE users: only regional static IPs will work for Service Load balancer.
+ # -- Static IP for the agentListener LoadBalancer
+ agentListenerLoadBalancerIP:
+
+ # -- Whether legacy remoting security should be enabled
+ legacyRemotingSecurityEnabled: false
+
+ # Example of a 'LoadBalancer'-type agent listener with annotations securing it
+ # agentListenerServiceType: LoadBalancer
+ # agentListenerServiceAnnotations:
+ # service.beta.kubernetes.io/aws-load-balancer-internal: "True"
+ # service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"
+
+ # LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
+ # set allowed inbound rules on the security group assigned to the controller load balancer
+ # -- Allowed inbound IP addresses
+ loadBalancerSourceRanges:
+ - 0.0.0.0/0
+
+ # -- Optionally assign a known public LB IP
+ loadBalancerIP:
+
+ # Optionally configure a JMX port. This requires additional javaOpts, for example,
+ # javaOpts: >
+ # -Dcom.sun.management.jmxremote.port=4000
+ # -Dcom.sun.management.jmxremote.authenticate=false
+ # -Dcom.sun.management.jmxremote.ssl=false
+ # jmxPort: 4000
+ # -- Open a port, for JMX stats
+ jmxPort:
+
+ # -- Optionally configure other ports to expose in the controller container
+ extraPorts: []
+ # - name: BuildInfoProxy
+ # port: 9000
+ # targetPort: 9010 (Optional: Use to explicitly set targetPort if different from port)
+
+ # Plugins will be installed during Jenkins controller start
+ # -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
+ installPlugins:
+ - kubernetes:4203.v1dd44f5b_1cf9
+ - workflow-aggregator:596.v8c21c963d92d
+ - git:5.2.1
+ - configuration-as-code:1775.v810dc950b_514
+
+ # If set to false, Jenkins will download the minimum required version of all dependencies.
+ # -- Download the minimum required version or latest version of all dependencies
+ installLatestPlugins: true
+
+ # -- Set to true to download the latest version of any plugin that is requested to have the latest version
+ installLatestSpecifiedPlugins: false
+
+ # -- List of plugins to install in addition to those listed in controller.installPlugins
+ additionalPlugins: []
+
+ # Without this; whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates that have the potential to cause breakage.
+ # Note that for this to work, `persistence.enabled` needs to be set to `true`
+ # -- Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true`
+ initializeOnce: false
+
+ # Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment.
+ # -- Overwrite installed plugins on start
+ overwritePlugins: false
+
+ # Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment.
+ # -- Overwrite plugins that are already installed in the controller image
+ overwritePluginsFromImage: true
+
+ # Configures the restrictions for naming projects. Set this key to null or empty to skip it in the default config.
+ projectNamingStrategy: standard
+
+ # Useful with ghprb plugin. The OWASP plugin is not installed by default, please update controller.installPlugins.
+ # -- Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter)
+ enableRawHtmlMarkupFormatter: false
+
+ # This is ignored if enableRawHtmlMarkupFormatter is true
+ # -- Yaml of the markup formatter to use
+ markupFormatter: plainText
+
+ # Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval
+ # -- List of groovy functions to approve
+ scriptApproval: []
+ # - "method groovy.json.JsonSlurperClassic parseText java.lang.String"
+ # - "new groovy.json.JsonSlurperClassic"
+
+ # -- Map of groovy init scripts to be executed during Jenkins controller start
+ initScripts: {}
+ # test: |-
+ # print 'adding global pipeline libraries, register properties, bootstrap jobs...'
+ # -- Name of the existing ConfigMap that contains init scripts
+ initConfigMap:
+
+ # 'name' is a name of an existing secret in the same namespace as jenkins,
+ # 'keyName' is the name of one of the keys inside the current secret.
+ # the 'name' and 'keyName' are concatenated with a '-' in between, so for example:
+ # an existing secret "secret-credentials" and a key inside it named "github-password" should be used in JCasC as ${secret-credentials-github-password}
+ # 'name' and 'keyName' must be lowercase RFC 1123 label must consist of lower case alphanumeric characters or '-',
+ # and must start and end with an alphanumeric character (e.g. 'my-name', or '123-abc')
+ # existingSecret existing secret "secret-credentials" and a key inside it named "github-username" should be used in JCasC as ${github-username}
+ # When using existingSecret no need to specify the keyName under additionalExistingSecrets.
+ existingSecret:
+
+ # -- List of additional existing secrets to mount
+ additionalExistingSecrets: []
+ # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets
+ # additionalExistingSecrets:
+ # - name: secret-name-1
+ # keyName: username
+ # - name: secret-name-1
+ # keyName: password
+
+ # -- List of additional secrets to create and mount
+ additionalSecrets: []
+ # ref: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc#kubernetes-secrets
+ # additionalSecrets:
+ # - name: nameOfSecret
+ # value: secretText
+
+ # Generate SecretClaim resources to create Kubernetes secrets from HashiCorp Vault using kube-vault-controller.
+ # 'name' is the name of the secret that will be created in Kubernetes. The Jenkins fullname is prepended to this value.
+ # 'path' is the fully qualified path to the secret in Vault
+ # 'type' is an optional Kubernetes secret type. The default is 'Opaque'
+ # 'renew' is an optional secret renewal time in seconds
+ # -- List of `SecretClaim` resources to create
+ secretClaims: []
+ # - name: secretName # required
+ # path: testPath # required
+ # type: kubernetes.io/tls # optional
+ # renew: 60 # optional
+
+ # -- Name of default cloud configuration.
+ cloudName: "kubernetes"
+
+ # Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area,
+ # where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value.
+ # Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
+ # characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the controller in
+ # /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each |
+ # become the content of the configuration yaml file. The first line after this is a JCasC root element, e.g., jenkins, credentials,
+ # etc. Best reference is https://<jenkins_url>/configuration-as-code/reference. The example below creates a welcome message:
+ JCasC:
+ # -- Enables default Jenkins configuration via configuration as code plugin
+ defaultConfig: true
+
+ # If true, the init container deletes all the plugin config files and Jenkins Config as Code overwrites any existing configuration
+ # -- Whether Jenkins Config as Code should overwrite any existing configuration
+ overwriteConfiguration: false
+ # -- Remote URLs for configuration files.
+ configUrls: []
+ # - https://acme.org/jenkins.yaml
+ # -- List of Jenkins Config as Code scripts
+ configScripts: {}
+ # welcome-message: |
+ # jenkins:
+ # systemMessage: Welcome to our CI\CD server. This Jenkins is configured and managed 'as code'.
+
+ # Allows adding to the top-level security JCasC section. For legacy purposes, by default, the chart includes apiToken configurations
+ # -- Jenkins Config as Code security-section
+ security:
+ apiToken:
+ creationOfLegacyTokenEnabled: false
+ tokenGenerationOnCreationEnabled: false
+ usageStatisticsEnabled: true
+
+ # Ignored if securityRealm is defined in controller.JCasC.configScripts
+ # -- Jenkins Config as Code Security Realm-section
+ securityRealm: |-
+ local:
+ allowsSignup: false
+ enableCaptcha: false
+ users:
+ - id: "${chart-admin-username}"
+ name: "Jenkins Admin"
+ password: "${chart-admin-password}"
+
+ # Ignored if authorizationStrategy is defined in controller.JCasC.configScripts
+ # -- Jenkins Config as Code Authorization Strategy-section
+ authorizationStrategy: |-
+ loggedInUsersCanDoAnything:
+ allowAnonymousRead: false
+ # -- Custom init-container specification in raw-yaml format
+ customInitContainers: []
+ # - name: custom-init
+ # image: "alpine:3"
+ # imagePullPolicy: Always
+ # command: [ "uname", "-a" ]
+
+ sidecars:
+ configAutoReload:
+ # If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot.
+ # If false or not-specified, JCasC changes will cause a reboot and will only be applied at the subsequent start-up.
+ # Auto-reload uses the http://<jenkins_url>/reload-configuration-as-code endpoint to reapply config when changes to
+ # the configScripts are detected.
+ # -- Enables Jenkins Config as Code auto-reload
+ enabled: true
+ image:
+ # -- Registry for the image that triggers the reload
+ registry: docker.io
+ # -- Repository of the image that triggers the reload
+ repository: kiwigrid/k8s-sidecar
+ # -- Tag for the image that triggers the reload
+ tag: 1.26.1
+ imagePullPolicy: IfNotPresent
+ resources: {}
+ # limits:
+ # cpu: 100m
+ # memory: 100Mi
+ # requests:
+ # cpu: 50m
+ # memory: 50Mi
+
+ # -- The scheme to use when connecting to the Jenkins configuration as code endpoint
+ scheme: http
+ # -- Skip TLS verification when connecting to the Jenkins configuration as code endpoint
+ skipTlsVerify: false
+
+ # -- How many connection-related errors to retry on
+ reqRetryConnect: 10
+ # -- How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar)
+ sleepTime:
+
+ # -- Environment variable sources for the Jenkins Config as Code auto-reload container
+ envFrom: []
+ # -- Environment variables for the Jenkins Config as Code auto-reload container
+ env: {}
+ # - name: REQ_TIMEOUT
+ # value: "30"
+
+ # SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random.
+ # This is only used to reload JCasC config from the sidecar container running in the Jenkins controller pod.
+ # This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be
+ # accessible via SSH from outside the pod. Note if you use non-root pod privileges (runAsUser & fsGroup),
+ # this must be > 1024:
+ sshTcpPort: 1044
+ # folder in the pod that should hold the collected dashboards:
+ folder: "/var/jenkins_home/casc_configs"
+
+ # If specified, the sidecar will search for JCasC config-maps inside this namespace.
+ # Otherwise, the namespace in which the sidecar is running will be used.
+ # It's also possible to specify ALL to search in all namespaces:
+ # searchNamespace:
+ # -- Enable container security context
+ containerSecurityContext:
+ readOnlyRootFilesystem: true
+ allowPrivilegeEscalation: false
+
+ # -- Configures additional sidecar container(s) for the Jenkins controller
+ additionalSidecarContainers: []
+ ## The example below runs the client for https://smee.io as sidecar container next to Jenkins,
+ ## that allows triggering build behind a secure firewall.
+ ## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall
+ ##
+ ## Note: To use it you should go to https://smee.io/new and update the url to the generated one.
+ # - name: smee
+ # image: docker.io/twalter/smee-client:1.0.2
+ # args: ["--port", "{{ .Values.controller.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"]
+ # resources:
+ # limits:
+ # cpu: 50m
+ # memory: 128Mi
+ # requests:
+ # cpu: 10m
+ # memory: 32Mi
+
+ # -- Name of the Kubernetes scheduler to use
+ schedulerName: ""
+
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
+ # -- Node labels for pod assignment
+ nodeSelector: {}
+
+ # ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
+ # -- Toleration labels for pod assignment
+ tolerations: []
+ # -- Set TerminationGracePeriodSeconds
+ terminationGracePeriodSeconds:
+ # -- Set the termination message path
+ terminationMessagePath:
+ # -- Set the termination message policy
+ terminationMessagePolicy:
+
+ # -- Affinity settings
+ affinity: {}
+
+ # Leverage a priorityClass to ensure your pods survive resource shortages
+ # ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
+ # -- The name of a `priorityClass` to apply to the controller pod
+ priorityClassName:
+
+ # -- Annotations for controller pod
+ podAnnotations: {}
+ # -- Annotations for controller StatefulSet
+ statefulSetAnnotations: {}
+
+ # ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#update-strategies
+ # -- Update strategy for StatefulSet
+ updateStrategy: {}
+
+ ingress:
+ # -- Enables ingress
+ enabled: false
+
+ # Override for the default paths that map requests to the backend
+ # -- Override for the default Ingress paths
+ paths: []
+ # - backend:
+ # serviceName: ssl-redirect
+ # servicePort: use-annotation
+ # - backend:
+ # serviceName: >-
+ # {{ template "jenkins.fullname" . }}
+ # # Don't use string here, use only integer value!
+ # servicePort: 8080
+
+ # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
+ # For Kubernetes v1.19+, use 'networking.k8s.io/v1'
+ # -- Ingress API version
+ apiVersion: "extensions/v1beta1"
+ # -- Ingress labels
+ labels: {}
+ # -- Ingress annotations
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+
+ # Set this path to jenkinsUriPrefix above or use annotations to rewrite path
+ # -- Ingress path
+ path:
+
+ # configures the hostname e.g. jenkins.example.com
+ # -- Ingress hostname
+ hostName:
+ # -- Hostname to serve assets from
+ resourceRootUrl:
+ # -- Ingress TLS configuration
+ tls: []
+ # - secretName: jenkins.cluster.local
+ # hosts:
+ # - jenkins.cluster.local
+
+ # often you want to have your controller all locked down and private,
+ # but you still want to get webhooks from your SCM
+ # A secondary ingress will let you expose different urls
+ # with a different configuration
+ secondaryingress:
+ enabled: false
+ # paths you want forwarded to the backend
+ # ex /github-webhook
+ paths: []
+ # For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
+ # For Kubernetes v1.19+, use 'networking.k8s.io/v1'
+ apiVersion: "extensions/v1beta1"
+ labels: {}
+ annotations: {}
+ # kubernetes.io/ingress.class: nginx
+ # kubernetes.io/tls-acme: "true"
+ # For Kubernetes >= 1.18 you should specify the ingress-controller via the field ingressClassName
+ # See https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/#specifying-the-class-of-an-ingress
+ # ingressClassName: nginx
+ # configures the hostname e.g., jenkins-external.example.com
+ hostName:
+ tls:
+ # - secretName: jenkins-external.example.com
+ # hosts:
+ # - jenkins-external.example.com
+
+ # If you're running on GKE and need to configure a backendconfig
+ # to finish ingress setup, use the following values.
+ # Docs: https://cloud.google.com/kubernetes-engine/docs/concepts/backendconfig
+ backendconfig:
+ # -- Enables backendconfig
+ enabled: false
+ # -- backendconfig API version
+ apiVersion: "extensions/v1beta1"
+ # -- backendconfig name
+ name:
+ # -- backendconfig labels
+ labels: {}
+ # -- backendconfig annotations
+ annotations: {}
+ # -- backendconfig spec
+ spec: {}
+
+ # Openshift route
+ route:
+ # -- Enables openshift route
+ enabled: false
+ # -- Route labels
+ labels: {}
+ # -- Route annotations
+ annotations: {}
+ # -- Route path
+ path:
+
+ # -- Allows for adding entries to Pod /etc/hosts
+ hostAliases: []
+ # ref: https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
+ # hostAliases:
+ # - ip: 192.168.50.50
+ # hostnames:
+ # - something.local
+ # - ip: 10.0.50.50
+ # hostnames:
+ # - other.local
+
+ # Expose Prometheus metrics
+ prometheus:
+ # If enabled, add the prometheus plugin to the list of plugins to install
+ # https://plugins.jenkins.io/prometheus
+
+ # -- Enables prometheus service monitor
+ enabled: false
+ # -- Additional labels to add to the service monitor object
+ serviceMonitorAdditionalLabels: {}
+ # -- Set a custom namespace where to deploy ServiceMonitor resource
+ serviceMonitorNamespace:
+ # -- How often prometheus should scrape metrics
+ scrapeInterval: 60s
+
+ # Defaults to the default endpoint used by the prometheus plugin
+ # -- The endpoint prometheus should get metrics from
+ scrapeEndpoint: /prometheus
+
+ # See here: https://prometheus.io/docs/prometheus/latest/configuration/alerting_rules/
+ # The `groups` root object is added by default, add the rule entries
+ # -- Array of prometheus alerting rules
+ alertingrules: []
+ # -- Additional labels to add to the PrometheusRule object
+ alertingRulesAdditionalLabels: {}
+ # -- Set a custom namespace where to deploy PrometheusRule resource
+ prometheusRuleNamespace: ""
+
+ # RelabelConfigs to apply to samples before scraping. Prometheus Operator automatically adds
+ # relabelings for a few standard Kubernetes fields. The original scrape job’s name
+ # is available via the __tmp_prometheus_job_name label.
+ # More info: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#relabel_config
+ relabelings: []
+ # MetricRelabelConfigs to apply to samples before ingestion.
+ metricRelabelings: []
+
+ googlePodMonitor:
+ # If enabled, It creates Google Managed Prometheus scraping config
+ enabled: false
+ # Set a custom namespace where to deploy PodMonitoring resource
+ # serviceMonitorNamespace: ""
+ scrapeInterval: 60s
+ # This is the default endpoint used by the prometheus plugin
+ scrapeEndpoint: /prometheus
+
+ # -- Can be used to disable rendering controller test resources when using helm template
+ testEnabled: true
+
+ httpsKeyStore:
+ # -- Enables HTTPS keystore on jenkins controller
+ enable: false
+ # -- Name of the secret that already has ssl keystore
+ jenkinsHttpsJksSecretName: ""
+ # -- Name of the key in the secret that already has ssl keystore
+ jenkinsHttpsJksSecretKey: "jenkins-jks-file"
+ # -- Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file
+ jenkinsHttpsJksPasswordSecretName: ""
+ # -- Name of the key in the secret that contains the JKS password
+ jenkinsHttpsJksPasswordSecretKey: "https-jks-password"
+ disableSecretMount: false
+
+ # When HTTPS keystore is enabled, servicePort and targetPort will be used as HTTPS port
+ # -- HTTP Port that Jenkins should listen to along with HTTPS, it also serves as the liveness and readiness probes port.
+ httpPort: 8081
+ # -- Path of HTTPS keystore file
+ path: "/var/jenkins_keystore"
+ # -- Jenkins keystore filename which will appear under controller.httpsKeyStore.path
+ fileName: "keystore.jks"
+ # -- Jenkins keystore password
+ password: "password"
+
+ # -- Base64 encoded Keystore content. Keystore must be converted to base64 then being pasted here
+ jenkinsKeyStoreBase64Encoded:
+ # Convert keystore.jks files content to base64 > $ cat keystore.jks | base64
+# /u3+7QAAAAIAAAABAAAAAQANamVua2luc2NpLmNvbQAAAW2r/b1ZAAAFATCCBP0wDgYKKwYBBAEq
+# AhEBAQUABIIE6QbCqasvoHS0pSwYqSvdydMCB9t+VNfwhFIiiuAelJfO5sSe2SebJbtwHgLcRz1Z
+# gMtWgOSFdl3bWSzA7vrW2LED52h+jXLYSWvZzuDuh8hYO85m10ikF6QR+dTi4jra0whIFDvq3pxe
+# TnESxEsN+DvbZM3jA3qsjQJSeISNpDjO099dqQvHpnCn18lyk7J4TWJ8sOQQb1EM2zDAfAOSqA/x
+# QuPEFl74DlY+5DIk6EBvpmWhaMSvXzWZACGA0sYqa157dq7O0AqmuLG/EI5EkHETO4CrtBW+yLcy
+# 2dUCXOMA+j+NjM1BjrQkYE5vtSfNO6lFZcISyKo5pTFlcA7ut0Fx2nZ8GhHTn32CpeWwNcZBn1gR
+# pZVt6DxVVkhTAkMLhR4rL2wGIi/1WRs23ZOLGKtyDNvDHnQyDiQEoJGy9nAthA8aNHa3cfdF10vB
+# Drb19vtpFHmpvKEEhpk2EBRF4fTi644Fuhu2Ied6118AlaPvEea+n6G4vBz+8RWuVCmZjLU+7h8l
+# Hy3/WdUPoIL5eW7Kz+hS+sRTFzfu9C48dMkQH3a6f3wSY+mufizNF9U298r98TnYy+PfDJK0bstG
+# Ph6yPWx8DGXKQBwrhWJWXI6JwZDeC5Ny+l8p1SypTmAjpIaSW3ge+KgcL6Wtt1R5hUV1ajVwVSUi
+# HF/FachKqPqyLJFZTGjNrxnmNYpt8P1d5JTvJfmfr55Su/P9n7kcyWp7zMcb2Q5nlXt4tWogOHLI
+# OzEWKCacbFfVHE+PpdrcvCVZMDzFogIq5EqGTOZe2poPpBVE+1y9mf5+TXBegy5HToLWvmfmJNTO
+# NCDuBjgLs2tdw2yMPm4YEr57PnMX5gGTC3f2ZihXCIJDCRCdQ9sVBOjIQbOCzxFXkVITo0BAZhCi
+# Yz61wt3Ud8e//zhXWCkCsSV+IZCxxPzhEFd+RFVjW0Nm9hsb2FgAhkXCjsGROgoleYgaZJWvQaAg
+# UyBzMmKDPKTllBHyE3Gy1ehBNGPgEBChf17/9M+j8pcm1OmlM434ctWQ4qW7RU56//yq1soFY0Te
+# fu2ei03a6m68fYuW6s7XEEK58QisJWRAvEbpwu/eyqfs7PsQ+zSgJHyk2rO95IxdMtEESb2GRuoi
+# Bs+AHNdYFTAi+GBWw9dvEgqQ0Mpv0//6bBE/Fb4d7b7f56uUNnnE7mFnjGmGQN+MvC62pfwfvJTT
+# EkT1iZ9kjM9FprTFWXT4UmO3XTvesGeE50sV9YPm71X4DCQwc4KE8vyuwj0s6oMNAUACW2ClU9QQ
+# y0tRpaF1tzs4N42Q5zl0TzWxbCCjAtC3u6xf+c8MCGrr7DzNhm42LOQiHTa4MwX4x96q7235oiAU
+# iQqSI/hyF5yLpWw4etyUvsx2/0/0wkuTU1FozbLoCWJEWcPS7QadMrRRISxHf0YobIeQyz34regl
+# t1qSQ3dCU9D6AHLgX6kqllx4X0fnFq7LtfN7fA2itW26v+kAT2QFZ3qZhINGfofCja/pITC1uNAZ
+# gsJaTMcQ600krj/ynoxnjT+n1gmeqThac6/Mi3YlVeRtaxI2InL82ZuD+w/dfY9OpPssQjy3xiQa
+# jPuaMWXRxz/sS9syOoGVH7XBwKrWpQcpchozWJt40QV5DslJkclcr8aC2AGlzuJMTdEgz1eqV0+H
+# bAXG9HRHN/0eJTn1/QAAAAEABVguNTA5AAADjzCCA4swggJzAhRGqVxH4HTLYPGO4rzHcCPeGDKn
+# xTANBgkqhkiG9w0BAQsFADCBgTELMAkGA1UEBhMCY2ExEDAOBgNVBAgMB29udGFyaW8xEDAOBgNV
+# BAcMB3Rvcm9udG8xFDASBgNVBAoMC2plbmtpbnN0ZXN0MRkwFwYDVQQDDBBqZW5raW5zdGVzdC5p
+# bmZvMR0wGwYJKoZIhvcNAQkBFg50ZXN0QHRlc3QuaW5mbzAeFw0xOTEwMDgxNTI5NTVaFw0xOTEx
+# MDcxNTI5NTVaMIGBMQswCQYDVQQGEwJjYTEQMA4GA1UECAwHb250YXJpbzEQMA4GA1UEBwwHdG9y
+# b250bzEUMBIGA1UECgwLamVua2luc3Rlc3QxGTAXBgNVBAMMEGplbmtpbnN0ZXN0LmluZm8xHTAb
+# BgkqhkiG9w0BCQEWDnRlc3RAdGVzdC5pbmZvMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+# AQEA02q352JTHGvROMBhSHvSv+vnoOTDKSTz2aLQn0tYrIRqRo+8bfmMjXuhkwZPSnCpvUGNAJ+w
+# Jrt/dqMoYUjCBkjylD/qHmnXN5EwS1cMg1Djh65gi5JJLFJ7eNcoSsr/0AJ+TweIal1jJSP3t3PF
+# 9Uv21gm6xdm7HnNK66WpUUXLDTKaIs/jtagVY1bLOo9oEVeLN4nT2CYWztpMvdCyEDUzgEdDbmrP
+# F5nKUPK5hrFqo1Dc5rUI4ZshL3Lpv398aMxv6n2adQvuL++URMEbXXBhxOrT6rCtYzbcR5fkwS9i
+# d3Br45CoWOQro02JAepoU0MQKY5+xQ4Bq9Q7tB9BAwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQAe
+# 4xc+mSvKkrKBHg9/zpkWgZUiOp4ENJCi8H4tea/PCM439v6y/kfjT/okOokFvX8N5aa1OSz2Vsrl
+# m8kjIc6hiA7bKzT6lb0EyjUShFFZ5jmGVP4S7/hviDvgB5yEQxOPpumkdRP513YnEGj/o9Pazi5h
+# /MwpRxxazoda9r45kqQpyG+XoM4pB+Fd3JzMc4FUGxfVPxJU4jLawnJJiZ3vqiSyaB0YyUL+Er1Q
+# 6NnqtR4gEBF0ZVlQmkycFvD4EC2boP943dLqNUvop+4R3SM1QMM6P5u8iTXtHd/VN4MwMyy1wtog
+# hYAzODo1Jt59pcqqKJEas0C/lFJEB3frw4ImNx5fNlJYOpx+ijfQs9m39CevDq0=
+
+agent:
+ # -- Enable Kubernetes plugin jnlp-agent podTemplate
+ enabled: true
+ # -- The name of the pod template to use for providing default values
+ defaultsProviderTemplate: ""
+
+ # For connecting to the Jenkins controller
+ # -- Overrides the Kubernetes Jenkins URL
+ jenkinsUrl:
+
+ # connects to the specified host and port, instead of connecting directly to the Jenkins controller
+ # -- Overrides the Kubernetes Jenkins tunnel
+ jenkinsTunnel:
+ # -- The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5
+ kubernetesConnectTimeout: 5
+ # -- The read timeout in seconds for connections to Kubernetes API. The minimum value is 15
+ kubernetesReadTimeout: 15
+ # -- The maximum concurrent connections to Kubernetes API
+ maxRequestsPerHostStr: "32"
+ # -- Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated
+ retentionTimeout: 5
+ # -- Seconds to wait for pod to be running
+ waitForPodSec: 600
+ # -- Namespace in which the Kubernetes agents should be launched
+ namespace:
+ # -- Custom Pod labels (an object with `label-key: label-value` pairs)
+ podLabels: {}
+ # -- Custom registry used to pull the agent jnlp image from
+ jnlpregistry:
+ image:
+ # -- Repository to pull the agent jnlp image from
+ repository: "jenkins/inbound-agent"
+ # -- Tag of the image to pull
+ tag: "3206.vb_15dcf73f6a_9-3"
+ # -- Configure working directory for default agent
+ workingDir: "/home/jenkins/agent"
+ nodeUsageMode: "NORMAL"
+ # -- Append Jenkins labels to the agent
+ customJenkinsLabels: []
+ # -- Name of the secret to be used to pull the image
+ imagePullSecretName:
+ componentName: "jenkins-agent"
+ # -- Enables agent communication via websockets
+ websocket: false
+ directConnection: false
+ # -- Agent privileged container
+ privileged: false
+ # -- Configure container user
+ runAsUser:
+ # -- Configure container group
+ runAsGroup:
+ # -- Enables the agent to use the host network
+ hostNetworking: false
+ # -- Resources allocation (Requests and Limits)
+ resources:
+ requests:
+ cpu: "512m"
+ memory: "512Mi"
+ # ephemeralStorage:
+ limits:
+ cpu: "512m"
+ memory: "512Mi"
+ # ephemeralStorage:
+ livenessProbe: {}
+# execArgs: "cat /tmp/healthy"
+# failureThreshold: 3
+# initialDelaySeconds: 0
+# periodSeconds: 10
+# successThreshold: 1
+# timeoutSeconds: 1
+
+ # You may want to change this to true while testing a new image
+ # -- Always pull agent container image before build
+ alwaysPullImage: false
+ # When using Pod Security Admission in the Agents namespace with the restricted Pod Security Standard,
+ # the jnlp container cannot be scheduled without overriding its container definition with a securityContext.
+ # This option allows to automatically inject in the jnlp container a securityContext
+ # that is suitable for the use of the restricted Pod Security Standard.
+ # -- Set a restricted securityContext on jnlp containers
+ restrictedPssSecurityContext: false
+ # Controls how agent pods are retained after the Jenkins build completes
+ # Possible values: Always, Never, OnFailure
+ podRetention: "Never"
+ # Disable if you do not want the Yaml the agent pod template to show up
+ # in the job Console Output. This can be helpful for either security reasons
+ # or simply to clean up the output to make it easier to read.
+ showRawYaml: true
+
+ # You can define the volumes that you want to mount for this container
+ # Allowed types are: ConfigMap, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC, Secret
+ # Configure the attributes as they appear in the corresponding Java class for that type
+ # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
+ # -- Additional volumes
+ volumes: []
+ # - type: ConfigMap
+ # configMapName: myconfigmap
+ # mountPath: /var/myapp/myconfigmap
+ # - type: EmptyDir
+ # mountPath: /var/myapp/myemptydir
+ # memory: false
+ # - type: EphemeralVolume
+ # mountPath: /var/myapp/myephemeralvolume
+ # accessModes: ReadWriteOnce
+ # requestsSize: 10Gi
+ # storageClassName: mystorageclass
+ # - type: HostPath
+ # hostPath: /var/lib/containers
+ # mountPath: /var/myapp/myhostpath
+ # - type: Nfs
+ # mountPath: /var/myapp/mynfs
+ # readOnly: false
+ # serverAddress: "192.0.2.0"
+ # serverPath: /var/lib/containers
+ # - type: PVC
+ # claimName: mypvc
+ # mountPath: /var/myapp/mypvc
+ # readOnly: false
+ # - type: Secret
+ # defaultMode: "600"
+ # mountPath: /var/myapp/mysecret
+ # secretName: mysecret
+ # Pod-wide environment, these vars are visible to any container in the agent pod
+
+ # You can define the workspaceVolume that you want to mount for this container
+ # Allowed types are: DynamicPVC, EmptyDir, EphemeralVolume, HostPath, Nfs, PVC
+ # Configure the attributes as they appear in the corresponding Java class for that type
+ # https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes/workspace
+ # -- Workspace volume (defaults to EmptyDir)
+ workspaceVolume: {}
+ ## DynamicPVC example
+ # - type: DynamicPVC
+ # configMapName: myconfigmap
+ ## EmptyDir example
+ # - type: EmptyDir
+ # memory: false
+ ## EphemeralVolume example
+ # - type: EphemeralVolume
+ # accessModes: ReadWriteOnce
+ # requestsSize: 10Gi
+ # storageClassName: mystorageclass
+ ## HostPath example
+ # - type: HostPath
+ # hostPath: /var/lib/containers
+ ## NFS example
+ # - type: Nfs
+ # readOnly: false
+ # serverAddress: "192.0.2.0"
+ # serverPath: /var/lib/containers
+ ## PVC example
+ # - type: PVC
+ # claimName: mypvc
+ # readOnly: false
+
+ # Pod-wide environment, these vars are visible to any container in the agent pod
+ # -- Environment variables for the agent Pod
+ envVars: []
+ # - name: PATH
+ # value: /usr/local/bin
+ # -- Mount a secret as environment variable
+ secretEnvVars: []
+ # - key: PATH
+ # optional: false # default: false
+ # secretKey: MY-K8S-PATH
+ # secretName: my-k8s-secret
+
+ # -- Node labels for pod assignment
+ nodeSelector: {}
+ # Key Value selectors. Ex:
+ # nodeSelector
+ # jenkins-agent: v1
+
+ # -- Command to execute when side container starts
+ command:
+ # -- Arguments passed to command to execute
+ args: "${computer.jnlpmac} ${computer.name}"
+ # -- Side container name
+ sideContainerName: "jnlp"
+
+ # Doesn't allocate pseudo TTY by default
+ # -- Allocate pseudo tty to the side container
+ TTYEnabled: false
+ # -- Max number of agents to launch
+ containerCap: 10
+ # -- Agent Pod base name
+ podName: "default"
+
+ # -- Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it
+ idleMinutes: 0
+
+
+ # The raw yaml of a Pod API Object, for example, this allows usage of toleration for agent pods.
+ # https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
+ # https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
+ # -- The raw yaml of a Pod API Object to merge into the agent spec
+ yamlTemplate: ""
+ # yamlTemplate: |-
+ # apiVersion: v1
+ # kind: Pod
+ # spec:
+ # tolerations:
+ # - key: "key"
+ # operator: "Equal"
+ # value: "value"
+
+ # -- Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override"
+ yamlMergeStrategy: "override"
+ # -- Timeout in seconds for an agent to be online
+ connectTimeout: 100
+ # -- Annotations to apply to the pod
+ annotations: {}
+
+ # Containers specified here are added to all agents. Set key empty to remove container from additional agents.
+ # -- Add additional containers to the agents
+ additionalContainers: []
+ # - sideContainerName: dind
+ # image:
+ # repository: docker
+ # tag: dind
+ # command: dockerd-entrypoint.sh
+ # args: ""
+ # privileged: true
+ # resources:
+ # requests:
+ # cpu: 500m
+ # memory: 1Gi
+ # limits:
+ # cpu: 1
+ # memory: 2Gi
+
+ # Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template.
+ # -- Disable the default Jenkins Agent configuration
+ disableDefaultAgent: false
+
+ # Below is the implementation of custom pod templates for the default configured kubernetes cloud.
+ # Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value.
+ # Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
+ # characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers.
+ # For this pod templates configuration to be loaded, the following values must be set:
+ # controller.JCasC.defaultConfig: true
+ # Best reference is https://<jenkins_url>/configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template.
+ # -- Configures extra pod templates for the default kubernetes cloud
+ podTemplates: {}
+ # python: |
+ # - name: python
+ # label: jenkins-python
+ # serviceAccount: jenkins
+ # containers:
+ # - name: python
+ # image: python:3
+ # command: "/bin/sh -c"
+ # args: "cat"
+ # ttyEnabled: true
+ # privileged: true
+ # resourceRequestCpu: "400m"
+ # resourceRequestMemory: "512Mi"
+ # resourceLimitCpu: "1"
+ # resourceLimitMemory: "1024Mi"
+
+# Inherits all values from `agent` so you only need to specify values which differ
+# -- Configure additional
+additionalAgents: {}
+# maven:
+# podName: maven
+# customJenkinsLabels: maven
+# # An example of overriding the jnlp container
+# # sideContainerName: jnlp
+# image:
+# repository: jenkins/jnlp-agent-maven
+# tag: latest
+# python:
+# podName: python
+# customJenkinsLabels: python
+# sideContainerName: python
+# image:
+# repository: python
+# tag: "3"
+# command: "/bin/sh -c"
+# args: "cat"
+# TTYEnabled: true
+
+# Here you can add additional clouds
+# They inherit all values from the default cloud (including the main agent), so
+# you only need to specify values which differ. If you want to override
+# default additionalAgents with the additionalClouds.additionalAgents set
+# additionalAgentsOverride to `true`.
+additionalClouds: {}
+# remote-cloud-1:
+# kubernetesURL: https://api.remote-cloud.com
+# additionalAgentsOverride: true
+# additionalAgents:
+# maven-2:
+# podName: maven-2
+# customJenkinsLabels: maven
+# # An example of overriding the jnlp container
+# # sideContainerName: jnlp
+# image:
+# repository: jenkins/jnlp-agent-maven
+# tag: latest
+# namespace: my-other-maven-namespace
+# remote-cloud-2:
+# kubernetesURL: https://api.remote-cloud.com
+
+persistence:
+ # -- Enable the use of a Jenkins PVC
+ enabled: true
+
+ # A manually managed Persistent Volume and Claim
+ # Requires persistence.enabled: true
+ # If defined, PVC must be created manually before volume will be bound
+ # -- Provide the name of a PVC
+ existingClaim:
+
+ # jenkins data Persistent Volume Storage Class
+ # If defined, storageClassName: <storageClass>
+ # If set to "-", storageClassName: "", which disables dynamic provisioning
+ # If undefined (the default) or set to null, no storageClassName spec is
+ # set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS & OpenStack)
+ # -- Storage class for the PVC
+ storageClass:
+ # -- Annotations for the PVC
+ annotations: {}
+ # -- Labels for the PVC
+ labels: {}
+ # -- The PVC access mode
+ accessMode: "ReadWriteOnce"
+ # -- The size of the PVC
+ size: "8Gi"
+
+ # ref: https://kubernetes.io/docs/concepts/storage/volume-pvc-datasource/
+ # -- Existing data source to clone PVC from
+ dataSource: {}
+ # name: PVC-NAME
+ # kind: PersistentVolumeClaim
+
+ # -- SubPath for jenkins-home mount
+ subPath:
+ # -- Additional volumes
+ volumes: []
+ # - name: nothing
+ # emptyDir: {}
+
+ # -- Additional mounts
+ mounts: []
+ # - mountPath: /var/nothing
+ # name: nothing
+ # readOnly: true
+
+networkPolicy:
+ # -- Enable the creation of NetworkPolicy resources
+ enabled: false
+
+ # For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'
+ # For Kubernetes v1.7, use 'networking.k8s.io/v1'
+ # -- NetworkPolicy ApiVersion
+ apiVersion: networking.k8s.io/v1
+ # You can allow agents to connect from both within the cluster (from within specific/all namespaces) AND/OR from a given external IP range
+ internalAgents:
+ # -- Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels
+ allowed: true
+ # -- A map of labels (keys/values) that agent pods must have to be able to connect to controller
+ podLabels: {}
+ # -- A map of labels (keys/values) that agents namespaces must have to be able to connect to controller
+ namespaceLabels: {}
+ # project: myproject
+ externalAgents:
+ # -- The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16
+ ipCIDR:
+ # -- A list of IP sub-ranges to be excluded from the allowlisted IP range
+ except: []
+ # - 172.17.1.0/24
+
+## Install Default RBAC roles and bindings
+rbac:
+ # -- Whether RBAC resources are created
+ create: true
+ # -- Whether the Jenkins service account should be able to read Kubernetes secrets
+ readSecrets: false
+
+serviceAccount:
+ # -- Configures if a ServiceAccount with this name should be created
+ create: true
+
+ # The name of the ServiceAccount is autogenerated by default
+ # -- The name of the ServiceAccount to be used by access-controlled resources
+ name:
+ # -- Configures annotations for the ServiceAccount
+ annotations: {}
+ # -- Configures extra labels for the ServiceAccount
+ extraLabels: {}
+ # -- Controller ServiceAccount image pull secret
+ imagePullSecretName:
+
+
+serviceAccountAgent:
+ # -- Configures if an agent ServiceAccount should be created
+ create: false
+
+ # If not set and create is true, a name is generated using the fullname template
+ # -- The name of the agent ServiceAccount to be used by access-controlled resources
+ name:
+ # -- Configures annotations for the agent ServiceAccount
+ annotations: {}
+ # -- Configures extra labels for the agent ServiceAccount
+ extraLabels: {}
+ # -- Agent ServiceAccount image pull secret
+ imagePullSecretName:
+
+# -- Checks if any deprecated values are used
+checkDeprecation: true
+
+awsSecurityGroupPolicies:
+ enabled: false
+ policies:
+ - name: ""
+ securityGroupIds: []
+ podSelector: {}
+
+# Here you can configure unit tests values when executing the helm unittest in the CONTRIBUTING.md
+helmtest:
+ # A testing framework for bash
+ bats:
+ # Bash Automated Testing System (BATS)
+ image:
+ # -- Registry of the image used to test the framework
+ registry: "docker.io"
+ # -- Repository of the image used to test the framework
+ repository: "bats/bats"
+ # -- Tag of the image to test the framework
+ tag: "1.11.0"