The following tables list the configurable parameters of the Jenkins chart and their default values.
| Key | Type | Description | Default |
|---|---|---|---|
| additionalAgents | object | Configure additional | {} |
| additionalClouds | object | {} | |
| agent.TTYEnabled | bool | Allocate pseudo tty to the side container | false |
| agent.additionalContainers | list | Add additional containers to the agents | [] |
| agent.alwaysPullImage | bool | Always pull agent container image before build | false |
| agent.annotations | object | Annotations to apply to the pod | {} |
| agent.args | string | Arguments passed to command to execute | "${computer.jnlpmac} ${computer.name}" |
| agent.command | string | Command to execute when side container starts | nil |
| agent.componentName | string | "jenkins-agent" | |
| agent.connectTimeout | int | Timeout in seconds for an agent to be online | 100 |
| agent.containerCap | int | Max number of agents to launch | 10 |
| agent.customJenkinsLabels | list | Append Jenkins labels to the agent | [] |
| agent.defaultsProviderTemplate | string | The name of the pod template to use for providing default values | "" |
| agent.directConnection | bool | false | |
| agent.disableDefaultAgent | bool | Disable the default Jenkins Agent configuration | false |
| agent.enabled | bool | Enable Kubernetes plugin jnlp-agent podTemplate | true |
| agent.envVars | list | Environment variables for the agent Pod | [] |
| agent.hostNetworking | bool | Enables the agent to use the host network | false |
| agent.idleMinutes | int | Allows the Pod to remain active for reuse until the configured number of minutes has passed since the last step was executed on it | 0 |
| agent.image.repository | string | Repository to pull the agent jnlp image from | "jenkins/inbound-agent" |
| agent.image.tag | string | Tag of the image to pull | "3206.vb_15dcf73f6a_9-3" |
| agent.imagePullSecretName | string | Name of the secret to be used to pull the image | nil |
| agent.jenkinsTunnel | string | Overrides the Kubernetes Jenkins tunnel | nil |
| agent.jenkinsUrl | string | Overrides the Kubernetes Jenkins URL | nil |
| agent.jnlpregistry | string | Custom registry used to pull the agent jnlp image from | nil |
| agent.kubernetesConnectTimeout | int | The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5 | 5 |
| agent.kubernetesReadTimeout | int | The read timeout in seconds for connections to Kubernetes API. The minimum value is 15 | 15 |
| agent.livenessProbe | object | {} | |
| agent.maxRequestsPerHostStr | string | The maximum concurrent connections to Kubernetes API | "32" |
| agent.namespace | string | Namespace in which the Kubernetes agents should be launched | nil |
| agent.nodeSelector | object | Node labels for pod assignment | {} |
| agent.nodeUsageMode | string | "NORMAL" | |
| agent.podLabels | object | Custom Pod labels (an object with label-key: label-value pairs) | {} |
| agent.podName | string | Agent Pod base name | "default" |
| agent.podRetention | string | "Never" | |
| agent.podTemplates | object | Configures extra pod templates for the default kubernetes cloud | {} |
| agent.privileged | bool | Agent privileged container | false |
| agent.resources | object | Resources allocation (Requests and Limits) | {"limits":{"cpu":"512m","memory":"512Mi"},"requests":{"cpu":"512m","memory":"512Mi"}} |
| agent.restrictedPssSecurityContext | bool | Set a restricted securityContext on jnlp containers | false |
| agent.retentionTimeout | int | Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated | 5 |
| agent.runAsGroup | string | Configure container group | nil |
| agent.runAsUser | string | Configure container user | nil |
| agent.secretEnvVars | list | Mount a secret as environment variable | [] |
| agent.showRawYaml | bool | true | |
| agent.sideContainerName | string | Side container name | "jnlp" |
| agent.volumes | list | Additional volumes | [] |
| agent.waitForPodSec | int | Seconds to wait for pod to be running | 600 |
| agent.websocket | bool | Enables agent communication via websockets | false |
| agent.workingDir | string | Configure working directory for default agent | "/home/jenkins/agent" |
| agent.workspaceVolume | object | Workspace volume (defaults to EmptyDir) | {} |
| agent.yamlMergeStrategy | string | Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override" | "override" |
| agent.yamlTemplate | string | The raw yaml of a Pod API Object to merge into the agent spec | "" |
| awsSecurityGroupPolicies.enabled | bool | false | |
| awsSecurityGroupPolicies.policies[0].name | string | "" | |
| awsSecurityGroupPolicies.policies[0].podSelector | object | {} | |
| awsSecurityGroupPolicies.policies[0].securityGroupIds | list | [] | |
| checkDeprecation | bool | Checks if any deprecated values are used | true |
| clusterZone | string | Override the cluster name for FQDN resolving | "cluster.local" |
| controller.JCasC.authorizationStrategy | string | Jenkins Config as Code Authorization Strategy-section | "loggedInUsersCanDoAnything:\n allowAnonymousRead: false" |
| controller.JCasC.configScripts | object | List of Jenkins Config as Code scripts | {} |
| controller.JCasC.configUrls | list | Remote URLs for configuration files. | [] |
| controller.JCasC.defaultConfig | bool | Enables default Jenkins configuration via configuration as code plugin | true |
| controller.JCasC.overwriteConfiguration | bool | Whether Jenkins Config as Code should overwrite any existing configuration | false |
| controller.JCasC.security | object | Jenkins Config as Code security-section | {"apiToken":{"creationOfLegacyTokenEnabled":false,"tokenGenerationOnCreationEnabled":false,"usageStatisticsEnabled":true}} |
| controller.JCasC.securityRealm | string | Jenkins Config as Code Security Realm-section | "local:\n allowsSignup: false\n enableCaptcha: false\n users:\n - id: \"${chart-admin-username}\"\n name: \"Jenkins Admin\"\n password: \"${chart-admin-password}\"" |
| controller.additionalExistingSecrets | list | List of additional existing secrets to mount | [] |
| controller.additionalPlugins | list | List of plugins to install in addition to those listed in controller.installPlugins | [] |
| controller.additionalSecrets | list | List of additional secrets to create and mount | [] |
| controller.admin.createSecret | bool | Create secret for admin user | true |
| controller.admin.existingSecret | string | The name of an existing secret containing the admin credentials | "" |
| controller.admin.password | string | Admin password created as a secret if controller.admin.createSecret is true | <random password> |
| controller.admin.passwordKey | string | The key in the existing admin secret containing the password | "jenkins-admin-password" |
| controller.admin.userKey | string | The key in the existing admin secret containing the username | "jenkins-admin-user" |
| controller.admin.username | string | Admin username created as a secret if controller.admin.createSecret is true | "admin" |
| controller.affinity | object | Affinity settings | {} |
| controller.agentListenerEnabled | bool | Create Agent listener service | true |
| controller.agentListenerExternalTrafficPolicy | string | Traffic Policy of for the agentListener service | nil |
| controller.agentListenerHostPort | string | Host port to listen for agents | nil |
| controller.agentListenerLoadBalancerIP | string | Static IP for the agentListener LoadBalancer | nil |
| controller.agentListenerLoadBalancerSourceRanges | list | Allowed inbound IP for the agentListener service | ["0.0.0.0/0"] |
| controller.agentListenerNodePort | string | Node port to listen for agents | nil |
| controller.agentListenerPort | int | Listening port for agents | 50000 |
| controller.agentListenerServiceAnnotations | object | Annotations for the agentListener service | {} |
| controller.agentListenerServiceType | string | Defines how to expose the agentListener service | "ClusterIP" |
| controller.backendconfig.annotations | object | backendconfig annotations | {} |
| controller.backendconfig.apiVersion | string | backendconfig API version | "extensions/v1beta1" |
| controller.backendconfig.enabled | bool | Enables backendconfig | false |
| controller.backendconfig.labels | object | backendconfig labels | {} |
| controller.backendconfig.name | string | backendconfig name | nil |
| controller.backendconfig.spec | object | backendconfig spec | {} |
| controller.cloudName | string | Name of default cloud configuration. | "kubernetes" |
| controller.clusterIp | string | k8s service clusterIP. Only used if serviceType is ClusterIP | nil |
| controller.componentName | string | Used for label app.kubernetes.io/component | "jenkins-controller" |
| controller.containerEnv | list | Environment variables for Jenkins Container | [] |
| controller.containerEnvFrom | list | Environment variable sources for Jenkins Container | [] |
| controller.containerSecurityContext | object | Allow controlling the securityContext for the jenkins container | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true,"runAsGroup":1000,"runAsUser":1000} |
| controller.csrf.defaultCrumbIssuer.enabled | bool | Enable the default CSRF Crumb issuer | true |
| controller.csrf.defaultCrumbIssuer.proxyCompatability | bool | Enable proxy compatibility | true |
| controller.customInitContainers | list | Custom init-container specification in raw-yaml format | [] |
| controller.customJenkinsLabels | list | Append Jenkins labels to the controller | [] |
| controller.disableRememberMe | bool | Disable use of remember me | false |
| controller.disabledAgentProtocols | list | Disabled agent protocols | ["JNLP-connect","JNLP2-connect"] |
| controller.enableRawHtmlMarkupFormatter | bool | Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter) | false |
| controller.executorMode | string | Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE" | "NORMAL" |
| controller.existingSecret | string | nil | |
| controller.extraPorts | list | Optionally configure other ports to expose in the controller container | [] |
| controller.fsGroup | int | Deprecated in favor of controller.podSecurityContextOverride. uid that will be used for persistent volume. | 1000 |
| controller.googlePodMonitor.enabled | bool | false | |
| controller.googlePodMonitor.scrapeEndpoint | string | "/prometheus" | |
| controller.googlePodMonitor.scrapeInterval | string | "60s" | |
| controller.healthProbes | bool | Enable Kubernetes Probes configuration configured in controller.probes | true |
| controller.hostAliases | list | Allows for adding entries to Pod /etc/hosts | [] |
| controller.hostNetworking | bool | false | |
| controller.httpsKeyStore.disableSecretMount | bool | false | |
| controller.httpsKeyStore.enable | bool | Enables HTTPS keystore on jenkins controller | false |
| controller.httpsKeyStore.fileName | string | Jenkins keystore filename which will appear under controller.httpsKeyStore.path | "keystore.jks" |
| controller.httpsKeyStore.httpPort | int | HTTP Port that Jenkins should listen to along with HTTPS, it also serves as the liveness and readiness probes port. | 8081 |
| controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretKey | string | Name of the key in the secret that contains the JKS password | "https-jks-password" |
| controller.httpsKeyStore.jenkinsHttpsJksPasswordSecretName | string | Name of the secret that contains the JKS password, if it is not in the same secret as the JKS file | "" |
| controller.httpsKeyStore.jenkinsHttpsJksSecretKey | string | Name of the key in the secret that already has ssl keystore | "jenkins-jks-file" |
| controller.httpsKeyStore.jenkinsHttpsJksSecretName | string | Name of the secret that already has ssl keystore | "" |
| controller.httpsKeyStore.jenkinsKeyStoreBase64Encoded | string | Base64 encoded Keystore content. Keystore must be converted to base64 then being pasted here | nil |
| controller.httpsKeyStore.password | string | Jenkins keystore password | "password" |
| controller.httpsKeyStore.path | string | Path of HTTPS keystore file | "/var/jenkins_keystore" |
| controller.image.pullPolicy | string | Controller image pull policy | "Always" |
| controller.image.registry | string | Controller image registry | "docker.io" |
| controller.image.repository | string | Controller image repository | "jenkins/jenkins" |
| controller.image.tag | string | Controller image tag override; i.e., tag: "2.440.1-jdk17" | nil |
| controller.image.tagLabel | string | Controller image tag label | "jdk17" |
| controller.imagePullSecretName | string | Controller image pull secret | nil |
| controller.ingress.annotations | object | Ingress annotations | {} |
| controller.ingress.apiVersion | string | Ingress API version | "extensions/v1beta1" |
| controller.ingress.enabled | bool | Enables ingress | false |
| controller.ingress.hostName | string | Ingress hostname | nil |
| controller.ingress.labels | object | Ingress labels | {} |
| controller.ingress.path | string | Ingress path | nil |
| controller.ingress.paths | list | Override for the default Ingress paths | [] |
| controller.ingress.resourceRootUrl | string | Hostname to serve assets from | nil |
| controller.ingress.tls | list | Ingress TLS configuration | [] |
| controller.initConfigMap | string | Name of the existing ConfigMap that contains init scripts | nil |
| controller.initContainerEnv | list | Environment variables for Init Container | [] |
| controller.initContainerEnvFrom | list | Environment variable sources for Init Container | [] |
| controller.initContainerResources | object | Resources allocation (Requests and Limits) for Init Container | {} |
| controller.initScripts | object | Map of groovy init scripts to be executed during Jenkins controller start | {} |
| controller.initializeOnce | bool | Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires persistence.enabled to be set to true | false |
| controller.installLatestPlugins | bool | Download the minimum required version or latest version of all dependencies | true |
| controller.installLatestSpecifiedPlugins | bool | Set to true to download the latest version of any plugin that is requested to have the latest version | false |
| controller.installPlugins | list | List of Jenkins plugins to install. If you don't want to install plugins, set it to false | ["kubernetes:4203.v1dd44f5b_1cf9","workflow-aggregator:596.v8c21c963d92d","git:5.2.1","configuration-as-code:1775.v810dc950b_514"] |
| controller.javaOpts | string | Append to JAVA_OPTS env var | nil |
| controller.jenkinsAdminEmail | string | Email address for the administrator of the Jenkins instance | nil |
| controller.jenkinsHome | string | Custom Jenkins home path | "/var/jenkins_home" |
| controller.jenkinsOpts | string | Append to JENKINS_OPTS env var | nil |
| controller.jenkinsRef | string | Custom Jenkins reference path | "/usr/share/jenkins/ref" |
| controller.jenkinsUriPrefix | string | Root URI Jenkins will be served on | nil |
| controller.jenkinsUrl | string | Set Jenkins URL if you are not using the ingress definitions provided by the chart | nil |
| controller.jenkinsUrlProtocol | string | Set protocol for Jenkins URL; https if controller.ingress.tls, http otherwise | nil |
| controller.jenkinsWar | string | "/usr/share/jenkins/jenkins.war" | |
| controller.jmxPort | string | Open a port, for JMX stats | nil |
| controller.legacyRemotingSecurityEnabled | bool | Whether legacy remoting security should be enabled | false |
| controller.lifecycle | object | Lifecycle specification for controller-container | {} |
| controller.loadBalancerIP | string | Optionally assign a known public LB IP | nil |
| controller.loadBalancerSourceRanges | list | Allowed inbound IP addresses | ["0.0.0.0/0"] |
| controller.markupFormatter | string | Yaml of the markup formatter to use | "plainText" |
| controller.nodePort | string | k8s node port. Only used if serviceType is NodePort | nil |
| controller.nodeSelector | object | Node labels for pod assignment | {} |
| controller.numExecutors | int | Set Number of executors | 0 |
| controller.overwritePlugins | bool | Overwrite installed plugins on start | false |
| controller.overwritePluginsFromImage | bool | Overwrite plugins that are already installed in the controller image | true |
| controller.podAnnotations | object | Annotations for controller pod | {} |
| controller.podDisruptionBudget.annotations | object | {} | |
| controller.podDisruptionBudget.apiVersion | string | Policy API version | "policy/v1beta1" |
| controller.podDisruptionBudget.enabled | bool | Enable Kubernetes Pod Disruption Budget configuration | false |
| controller.podDisruptionBudget.labels | object | {} | |
| controller.podDisruptionBudget.maxUnavailable | string | Number of pods that can be unavailable. Either an absolute number or a percentage | "0" |
| controller.podLabels | object | Custom Pod labels (an object with label-key: label-value pairs) | {} |
| controller.podSecurityContextOverride | string | Completely overwrites the contents of the pod security context, ignoring the values provided for runAsUser, fsGroup, and securityContextCapabilities | nil |
| controller.priorityClassName | string | The name of a priorityClass to apply to the controller pod | nil |
| controller.probes.livenessProbe.failureThreshold | int | Set the failure threshold for the liveness probe | 5 |
| controller.probes.livenessProbe.httpGet.path | string | Set the Pod's HTTP path for the liveness probe | "{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login" |
| controller.probes.livenessProbe.httpGet.port | string | Set the Pod's HTTP port to use for the liveness probe | "http" |
| controller.probes.livenessProbe.initialDelaySeconds | string | Set the initial delay for the liveness probe in seconds | nil |
| controller.probes.livenessProbe.periodSeconds | int | Set the time interval between two liveness probes executions in seconds | 10 |
| controller.probes.livenessProbe.timeoutSeconds | int | Set the timeout for the liveness probe in seconds | 5 |
| controller.probes.readinessProbe.failureThreshold | int | Set the failure threshold for the readiness probe | 3 |
| controller.probes.readinessProbe.httpGet.path | string | Set the Pod's HTTP path for the liveness probe | "{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login" |
| controller.probes.readinessProbe.httpGet.port | string | Set the Pod's HTTP port to use for the readiness probe | "http" |
| controller.probes.readinessProbe.initialDelaySeconds | string | Set the initial delay for the readiness probe in seconds | nil |
| controller.probes.readinessProbe.periodSeconds | int | Set the time interval between two readiness probes executions in seconds | 10 |
| controller.probes.readinessProbe.timeoutSeconds | int | Set the timeout for the readiness probe in seconds | 5 |
| controller.probes.startupProbe.failureThreshold | int | Set the failure threshold for the startup probe | 12 |
| controller.probes.startupProbe.httpGet.path | string | Set the Pod's HTTP path for the startup probe | "{{ default \"\" .Values.controller.jenkinsUriPrefix }}/login" |
| controller.probes.startupProbe.httpGet.port | string | Set the Pod's HTTP port to use for the startup probe | "http" |
| controller.probes.startupProbe.periodSeconds | int | Set the time interval between two startup probes executions in seconds | 10 |
| controller.probes.startupProbe.timeoutSeconds | int | Set the timeout for the startup probe in seconds | 5 |
| controller.projectNamingStrategy | string | "standard" | |
| controller.prometheus.alertingRulesAdditionalLabels | object | Additional labels to add to the PrometheusRule object | {} |
| controller.prometheus.alertingrules | list | Array of prometheus alerting rules | [] |
| controller.prometheus.enabled | bool | Enables prometheus service monitor | false |
| controller.prometheus.metricRelabelings | list | [] | |
| controller.prometheus.prometheusRuleNamespace | string | Set a custom namespace where to deploy PrometheusRule resource | "" |
| controller.prometheus.relabelings | list | [] | |
| controller.prometheus.scrapeEndpoint | string | The endpoint prometheus should get metrics from | "/prometheus" |
| controller.prometheus.scrapeInterval | string | How often prometheus should scrape metrics | "60s" |
| controller.prometheus.serviceMonitorAdditionalLabels | object | Additional labels to add to the service monitor object | {} |
| controller.prometheus.serviceMonitorNamespace | string | Set a custom namespace where to deploy ServiceMonitor resource | nil |
| controller.resources | object | Resource allocation (Requests and Limits) | {"limits":{"cpu":"2000m","memory":"4096Mi"},"requests":{"cpu":"50m","memory":"256Mi"}} |
| controller.route.annotations | object | Route annotations | {} |
| controller.route.enabled | bool | Enables openshift route | false |
| controller.route.labels | object | Route labels | {} |
| controller.route.path | string | Route path | nil |
| controller.runAsUser | int | Deprecated in favor of controller.podSecurityContextOverride. uid that jenkins runs with. | 1000 |
| controller.schedulerName | string | Name of the Kubernetes scheduler to use | "" |
| controller.scriptApproval | list | List of groovy functions to approve | [] |
| controller.secondaryingress.annotations | object | {} | |
| controller.secondaryingress.apiVersion | string | "extensions/v1beta1" | |
| controller.secondaryingress.enabled | bool | false | |
| controller.secondaryingress.hostName | string | nil | |
| controller.secondaryingress.labels | object | {} | |
| controller.secondaryingress.paths | list | [] | |
| controller.secondaryingress.tls | string | nil | |
| controller.secretClaims | list | List of SecretClaim resources to create | [] |
| controller.securityContextCapabilities | object | {} | |
| controller.serviceAnnotations | object | Jenkins controller service annotations | {} |
| controller.serviceExternalTrafficPolicy | string | nil | |
| controller.serviceLabels | object | Labels for the Jenkins controller-service | {} |
| controller.servicePort | int | k8s service port | 8080 |
| controller.serviceType | string | k8s service type | "ClusterIP" |
| controller.shareProcessNamespace | bool | false | |
| controller.sidecars.additionalSidecarContainers | list | Configures additional sidecar container(s) for the Jenkins controller | [] |
| controller.sidecars.configAutoReload.containerSecurityContext | object | Enable container security context | {"allowPrivilegeEscalation":false,"readOnlyRootFilesystem":true} |
| controller.sidecars.configAutoReload.enabled | bool | Enables Jenkins Config as Code auto-reload | true |
| controller.sidecars.configAutoReload.env | object | Environment variables for the Jenkins Config as Code auto-reload container | {} |
| controller.sidecars.configAutoReload.envFrom | list | Environment variable sources for the Jenkins Config as Code auto-reload container | [] |
| controller.sidecars.configAutoReload.folder | string | "/var/jenkins_home/casc_configs" | |
| controller.sidecars.configAutoReload.image.registry | string | Registry for the image that triggers the reload | "docker.io" |
| controller.sidecars.configAutoReload.image.repository | string | Repository of the image that triggers the reload | "kiwigrid/k8s-sidecar" |
| controller.sidecars.configAutoReload.image.tag | string | Tag for the image that triggers the reload | "1.26.1" |
| controller.sidecars.configAutoReload.imagePullPolicy | string | "IfNotPresent" | |
| controller.sidecars.configAutoReload.reqRetryConnect | int | How many connection-related errors to retry on | 10 |
| controller.sidecars.configAutoReload.resources | object | {} | |
| controller.sidecars.configAutoReload.scheme | string | The scheme to use when connecting to the Jenkins configuration as code endpoint | "http" |
| controller.sidecars.configAutoReload.skipTlsVerify | bool | Skip TLS verification when connecting to the Jenkins configuration as code endpoint | false |
| controller.sidecars.configAutoReload.sleepTime | string | How many seconds to wait before updating config-maps/secrets (sets METHOD=SLEEP on the sidecar) | nil |
| controller.sidecars.configAutoReload.sshTcpPort | int | 1044 | |
| controller.statefulSetAnnotations | object | Annotations for controller StatefulSet | {} |
| controller.statefulSetLabels | object | Jenkins controller custom labels for the StatefulSet | {} |
| controller.targetPort | int | k8s target port | 8080 |
| controller.terminationGracePeriodSeconds | string | Set TerminationGracePeriodSeconds | nil |
| controller.terminationMessagePath | string | Set the termination message path | nil |
| controller.terminationMessagePolicy | string | Set the termination message policy | nil |
| controller.testEnabled | bool | Can be used to disable rendering controller test resources when using helm template | true |
| controller.tolerations | list | Toleration labels for pod assignment | [] |
| controller.updateStrategy | object | Update strategy for StatefulSet | {} |
| controller.usePodSecurityContext | bool | Enable pod security context (must be true if podSecurityContextOverride, runAsUser or fsGroup are set) | true |
| credentialsId | string | The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed. | nil |
| fullnameOverride | string | Override the full resource names | jenkins-(release-name) or jenkins if the release-name is jenkins |
| helmtest.bats.image.registry | string | Registry of the image used to test the framework | "docker.io" |
| helmtest.bats.image.repository | string | Repository of the image used to test the framework | "bats/bats" |
| helmtest.bats.image.tag | string | Tag of the image to test the framework | "1.11.0" |
| kubernetesURL | string | The URL of the Kubernetes API server | "https://kubernetes.default" |
| nameOverride | string | Override the resource name prefix | Chart.Name |
| namespaceOverride | string | Override the deployment namespace | Release.Namespace |
| networkPolicy.apiVersion | string | NetworkPolicy ApiVersion | "networking.k8s.io/v1" |
| networkPolicy.enabled | bool | Enable the creation of NetworkPolicy resources | false |
| networkPolicy.externalAgents.except | list | A list of IP sub-ranges to be excluded from the allowlisted IP range | [] |
| networkPolicy.externalAgents.ipCIDR | string | The IP range from which external agents are allowed to connect to controller, i.e., 172.17.0.0/16 | nil |
| networkPolicy.internalAgents.allowed | bool | Allow internal agents (from the same cluster) to connect to controller. Agent pods will be filtered based on PodLabels | true |
| networkPolicy.internalAgents.namespaceLabels | object | A map of labels (keys/values) that agents namespaces must have to be able to connect to controller | {} |
| networkPolicy.internalAgents.podLabels | object | A map of labels (keys/values) that agent pods must have to be able to connect to controller | {} |
| persistence.accessMode | string | The PVC access mode | "ReadWriteOnce" |
| persistence.annotations | object | Annotations for the PVC | {} |
| persistence.dataSource | object | Existing data source to clone PVC from | {} |
| persistence.enabled | bool | Enable the use of a Jenkins PVC | true |
| persistence.existingClaim | string | Provide the name of a PVC | nil |
| persistence.labels | object | Labels for the PVC | {} |
| persistence.mounts | list | Additional mounts | [] |
| persistence.size | string | The size of the PVC | "8Gi" |
| persistence.storageClass | string | Storage class for the PVC | nil |
| persistence.subPath | string | SubPath for jenkins-home mount | nil |
| persistence.volumes | list | Additional volumes | [] |
| rbac.create | bool | Whether RBAC resources are created | true |
| rbac.readSecrets | bool | Whether the Jenkins service account should be able to read Kubernetes secrets | false |
| renderHelmLabels | bool | Enables rendering of the helm.sh/chart label to the annotations | true |
| serviceAccount.annotations | object | Configures annotations for the ServiceAccount | {} |
| serviceAccount.create | bool | Configures if a ServiceAccount with this name should be created | true |
| serviceAccount.extraLabels | object | Configures extra labels for the ServiceAccount | {} |
| serviceAccount.imagePullSecretName | string | Controller ServiceAccount image pull secret | nil |
| serviceAccount.name | string | nil | |
| serviceAccountAgent.annotations | object | Configures annotations for the agent ServiceAccount | {} |
| serviceAccountAgent.create | bool | Configures if an agent ServiceAccount should be created | false |
| serviceAccountAgent.extraLabels | object | Configures extra labels for the agent ServiceAccount | {} |
| serviceAccountAgent.imagePullSecretName | string | Agent ServiceAccount image pull secret | nil |
| serviceAccountAgent.name | string | The name of the agent ServiceAccount to be used by access-controlled resources | nil |