# -- The Jenkins credentials to access the Kubernetes API server. For the default cluster it is not needed.
credentialsId:
# -- Enables rendering of the helm.sh/chart label to the annotations
renderHelmLabels:true
controller:
# -- Used for label app.kubernetes.io/component
componentName:"jenkins-controller"
image:
# -- Controller image registry
registry:"docker.io"
# -- Controller image repository
repository:"jenkins/jenkins"
# -- Controller image tag override; i.e., tag: "2.440.1-jdk17"
tag:
# -- Controller image tag label
tagLabel:jdk17
# -- Controller image pull policy
pullPolicy:"Always"
# -- Controller image pull secret
imagePullSecretName:
# -- Lifecycle specification for controller-container
lifecycle:{}
# postStart:
# exec:
# command:
# - "uname"
# - "-a"
# -- Disable use of remember me
disableRememberMe:true
# -- Set Number of executors
numExecutors:0
# -- Sets the executor mode of the Jenkins node. Possible values are "NORMAL" or "EXCLUSIVE"
executorMode:"NORMAL"
# -- Append Jenkins labels to the controller
customJenkinsLabels:[]
hostNetworking:false
# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.
# If you disable the non-Jenkins identity store and instead use the Jenkins internal one,
# you should revert controller.admin.username to your preferred admin user:
admin:
# -- Admin username created as a secret if `controller.admin.createSecret` is true
username:"admin"
# -- Admin password created as a secret if `controller.admin.createSecret` is true
# @default -- <random password>
password:r6Y@QTb*7BQN@hDGsN
# -- The key in the existing admin secret containing the username
userKey:jenkins-admin-user
# -- The key in the existing admin secret containing the password
passwordKey:jenkins-admin-password
# The default configuration uses this secret to configure an admin user
# If you don't need that user or use a different security realm, then you can disable it
# -- Create secret for admin user
createSecret:true
# -- The name of an existing secret containing the admin credentials
existingSecret:""
# -- Email address for the administrator of the Jenkins instance
jenkinsAdminEmail:jetli@mathmast.com
# This value should not be changed unless you use your custom image of jenkins or any derived from.
# If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsHome: "/var/cloudbees-jenkins-distribution"
# -- Custom Jenkins home path
jenkinsHome:"/var/jenkins_home"
# This value should not be changed unless you use your custom image of jenkins or any derived from.
# If you want to use Cloudbees Jenkins Distribution docker, you should set jenkinsRef: "/usr/share/cloudbees-jenkins-distribution/ref"
# -- Custom Jenkins reference path
jenkinsRef:"/usr/share/jenkins/ref"
# Path to the jenkins war file which is used by jenkins-plugin-cli.
jenkinsWar:"/usr/share/jenkins/jenkins.war"
# Override the default arguments passed to the war
# overrideArgs:
# - --httpPort=8080
# -- Resource allocation (Requests and Limits)
resources:
requests:
cpu:"50m"
memory:"256Mi"
limits:
cpu:"2000m"
memory:"4096Mi"
# Share process namespace to allow sidecar containers to interact with processes in other containers in the same pod
shareProcessNamespace:false
# Service links might cause issue if running in a namespace with a large amount of services
# that might cause a slow startup when plugins are copied from ref to volume
# Set to true to keep previous behavior
# See https://github.com/kubernetes/kubernetes/issues/121787
enableServiceLinks:false
# Overrides the init container default values
# -- Resources allocation (Requests and Limits) for Init Container
initContainerResources:{}
# initContainerResources:
# requests:
# cpu: "50m"
# memory: "256Mi"
# limits:
# cpu: "2000m"
# memory: "4096Mi"
# -- Environment variable sources for Init Container
initContainerEnvFrom:[]
# useful for i.e., http_proxy
# -- Environment variables for Init Container
initContainerEnv:[]
# initContainerEnv:
# - name: http_proxy
# value: "http://192.168.64.1:3128"
# -- Environment variable sources for Jenkins Container
containerEnvFrom:[]
# -- Environment variables for Jenkins Container
containerEnv:[]
# - name: http_proxy
# value: "http://192.168.64.1:3128"
# Set min/max heap here if needed with "-Xms512m -Xmx512m"
# -- Append to `JAVA_OPTS` env var
javaOpts:
# -- Append to `JENKINS_OPTS` env var
jenkinsOpts:
# If you are using the ingress definitions provided by this chart via the `controller.ingress` block,
# the configured hostname will be the ingress hostname starting with `https://`
# or `http://` depending on the `tls` configuration.
# The Protocol can be overwritten by specifying `controller.jenkinsUrlProtocol`.
# -- Set protocol for Jenkins URL; `https` if `controller.ingress.tls`, `http` otherwise
jenkinsUrlProtocol:
# -- Set Jenkins URL if you are not using the ingress definitions provided by the chart
jenkinsUrl:https://jenkins.mathmast.com
# If you set this prefix and use ingress controller, then you might want to set the ingress path below
# I.e., "/jenkins"
# -- Root URI Jenkins will be served on
jenkinsUriPrefix:
# -- Enable pod security context (must be `true` if podSecurityContextOverride, runAsUser or fsGroup are set)
usePodSecurityContext:true
# Note that `runAsUser`, `fsGroup`, and `securityContextCapabilities` are
# being deprecated and replaced by `podSecurityContextOverride`.
# Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins', which exists in 'jenkins/jenkins' docker image.
# When configuring runAsUser to a different value than 0 also set fsGroup to the same value:
# -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that jenkins runs with.
runAsUser:1000
# -- Deprecated in favor of `controller.podSecurityContextOverride`. uid that will be used for persistent volume.
fsGroup:1000
# If you have PodSecurityPolicies that require dropping of capabilities as suggested by CIS K8s benchmark, put them here
# securityContextCapabilities:
# drop:
# - NET_RAW
securityContextCapabilities:{}
# In the case of mounting an ext4 filesystem, it might be desirable to use `supplementalGroups` instead of `fsGroup` in
# the `securityContext` block: https://github.com/kubernetes/kubernetes/issues/67014#issuecomment-589915496
# podSecurityContextOverride:
# runAsUser: 1000
# runAsNonRoot: true
# supplementalGroups: [1000]
# capabilities: {}
# -- Completely overwrites the contents of the pod security context, ignoring the values provided for `runAsUser`, `fsGroup`, and `securityContextCapabilities`
podSecurityContextOverride:~
# -- Allow controlling the securityContext for the jenkins container
containerSecurityContext:
runAsUser:1000
runAsGroup:1000
readOnlyRootFilesystem:true
allowPrivilegeEscalation:false
# For minikube, set this to NodePort, elsewhere uses LoadBalancer
# Use ClusterIP if your setup includes ingress controller
# -- k8s service type
serviceType:ClusterIP
# -- k8s service clusterIP. Only used if serviceType is ClusterIP
clusterIp:
# -- k8s service port
servicePort:8080
# -- k8s target port
targetPort:8080
# -- k8s node port. Only used if serviceType is NodePort
nodePort:
# Use Local to preserve the client source IP and avoids a second hop for LoadBalancer and NodePort type services,
# but risks potentially imbalanced traffic spreading.
serviceExternalTrafficPolicy:
# If enabled, the controller is available through its service before its pods reports ready. Makes startup screen and
# auto-reload on restart feature possible.
publishNotReadyAddresses:true
# -- Jenkins controller service annotations
serviceAnnotations:{}
# -- Jenkins controller custom labels for the StatefulSet
# -- Optionally configure other ports to expose in the controller container
extraPorts:[]
# - name: BuildInfoProxy
# port: 9000
# targetPort: 9010 (Optional: Use to explicitly set targetPort if different from port)
# Plugins will be installed during Jenkins controller start
# -- List of Jenkins plugins to install. If you don't want to install plugins, set it to `false`
installPlugins:
- kubernetes:4306.vc91e951ea_eb_d
- workflow-aggregator:600.vb_57cdd26fdd7
- git:5.7.0
- configuration-as-code:1915.vcdd0a_d0d2625
- pipeline-utility-steps:2.18.0
- gitea-checks:504.v7d75347769cf
# If set to false, Jenkins will download the minimum required version of all dependencies.
# -- Download the minimum required version or latest version of all dependencies
installLatestPlugins:true
# -- Set to true to download the latest version of any plugin that is requested to have the latest version
installLatestSpecifiedPlugins:false
# -- List of plugins to install in addition to those listed in controller.installPlugins
additionalPlugins:[]
# Without this; whenever the controller gets restarted (Evicted, etc.) it will fetch plugin updates that have the potential to cause breakage.
# Note that for this to work, `persistence.enabled` needs to be set to `true`
# -- Initialize only on first installation. Ensures plugins do not get updated inadvertently. Requires `persistence.enabled` to be set to `true`
initializeOnce:false
# Enable to always override the installed plugins with the values of 'controller.installPlugins' on upgrade or redeployment.
# -- Overwrite installed plugins on start
overwritePlugins:false
# Configures if plugins bundled with `controller.image` should be overwritten with the values of 'controller.installPlugins' on upgrade or redeployment.
# -- Overwrite plugins that are already installed in the controller image
overwritePluginsFromImage:true
# Configures the restrictions for naming projects. Set this key to null or empty to skip it in the default config.
projectNamingStrategy:standard
# Useful with ghprb plugin. The OWASP plugin is not installed by default, please update controller.installPlugins.
# -- Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter)
enableRawHtmlMarkupFormatter:false
# This is ignored if enableRawHtmlMarkupFormatter is true
# -- Yaml of the markup formatter to use
markupFormatter:plainText
# Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval
# -- The name of the pod template to use for providing default values
defaultsProviderTemplate:""
# Useful for not including a serviceAccount in the template if `false`
# -- Use `serviceAccountAgent.name` as the default value for defaults template `serviceAccount`
useDefaultServiceAccount:true
# -- Override the default service account
# @default -- `serviceAccountAgent.name` if `agent.useDefaultServiceAccount` is `true`
serviceAccount:
# For connecting to the Jenkins controller
# -- Overrides the Kubernetes Jenkins URL
jenkinsUrl:
# connects to the specified host and port, instead of connecting directly to the Jenkins controller
# -- Overrides the Kubernetes Jenkins tunnel
jenkinsTunnel:
# -- Disables the verification of the controller certificate on remote connection. This flag correspond to the "Disable https certificate check" flag in kubernetes plugin UI
skipTlsVerify:false
# -- Enable the possibility to restrict the usage of this agent to specific folder. This flag correspond to the "Restrict pipeline support to authorized folders" flag in kubernetes plugin UI
usageRestricted:false
# -- The connection timeout in seconds for connections to Kubernetes API. The minimum value is 5
kubernetesConnectTimeout:5
# -- The read timeout in seconds for connections to Kubernetes API. The minimum value is 15
kubernetesReadTimeout:15
# -- The maximum concurrent connections to Kubernetes API
maxRequestsPerHostStr:"32"
# -- Time in minutes after which the Kubernetes cloud plugin will clean up an idle worker that has not already terminated
retentionTimeout:5
# -- Seconds to wait for pod to be running
waitForPodSec:600
# -- Namespace in which the Kubernetes agents should be launched
namespace:freeleaps-devops-system
# -- Custom Pod labels (an object with `label-key: label-value` pairs)
podLabels:{}
# -- Custom registry used to pull the agent jnlp image from
jnlpregistry:
image:
# -- Repository to pull the agent jnlp image from
repository:"jenkins/inbound-agent"
# -- Tag of the image to pull
tag:"3273.v4cfe589b_fd83-1"
# -- Configure working directory for default agent
workingDir:"/home/jenkins/agent"
nodeUsageMode:"NORMAL"
# -- Append Jenkins labels to the agent
customJenkinsLabels:[]
# -- Name of the secret to be used to pull the image
imagePullSecretName:
componentName:"jenkins-agent"
# -- Enables agent communication via websockets
websocket:false
directConnection:false
# -- Agent privileged container
privileged:false
# -- Configure container user
runAsUser:
# -- Configure container group
runAsGroup:
# -- Enables the agent to use the host network
hostNetworking:false
# -- Resources allocation (Requests and Limits)
resources:
requests:
cpu:"0.5"
memory:"512Mi"
# ephemeralStorage:
limits:
cpu:"1"
memory:"1024Mi"
# ephemeralStorage:
livenessProbe:{}
# execArgs: "cat /tmp/healthy"
# failureThreshold: 3
# initialDelaySeconds: 0
# periodSeconds: 10
# successThreshold: 1
# timeoutSeconds: 1
# You may want to change this to true while testing a new image
# -- Always pull agent container image before build
alwaysPullImage:false
# When using Pod Security Admission in the Agents namespace with the restricted Pod Security Standard,
# the jnlp container cannot be scheduled without overriding its container definition with a securityContext.
# This option allows to automatically inject in the jnlp container a securityContext
# that is suitable for the use of the restricted Pod Security Standard.
# -- Set a restricted securityContext on jnlp containers
restrictedPssSecurityContext:false
# Controls how agent pods are retained after the Jenkins build completes
# Possible values: Always, Never, OnFailure
podRetention:"Never"
# Disable if you do not want the Yaml the agent pod template to show up
# in the job Console Output. This can be helpful for either security reasons
# or simply to clean up the output to make it easier to read.
showRawYaml:true
# You can define the volumes that you want to mount for this container
# -- The raw yaml of a Pod API Object to merge into the agent spec
yamlTemplate:""
# yamlTemplate: |-
# apiVersion: v1
# kind: Pod
# spec:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
# -- Defines how the raw yaml field gets merged with yaml definitions from inherited pod templates. Possible values: "merge" or "override"
yamlMergeStrategy:"override"
# -- Controls whether the defined yaml merge strategy will be inherited if another defined pod template is configured to inherit from the current one
inheritYamlMergeStrategy:false
# -- Timeout in seconds for an agent to be online
connectTimeout:100
# -- Annotations to apply to the pod
annotations:{}
# Containers specified here are added to all agents. Set key empty to remove container from additional agents.
# -- Add additional containers to the agents
additionalContainers:[]
# - sideContainerName: dind
# image:
# repository: docker
# tag: dind
# command: dockerd-entrypoint.sh
# args: ""
# privileged: true
# resources:
# requests:
# cpu: 500m
# memory: 1Gi
# limits:
# cpu: 1
# memory: 2Gi
# Useful when configuring agents only with the podTemplates value, since the default podTemplate populated by values mentioned above will be excluded in the rendered template.
# -- Disable the default Jenkins Agent configuration
disableDefaultAgent:false
# Below is the implementation of custom pod templates for the default configured kubernetes cloud.
# Add a key under podTemplates for each pod template. Each key (prior to | character) is just a label, and can be any value.
# Keys are only used to give the pod template a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
# characters: lowercase letters, numbers, and hyphens. Each pod template can contain multiple containers.
# For this pod templates configuration to be loaded, the following values must be set:
# controller.JCasC.defaultConfig: true
# Best reference is https://<jenkins_url>/configuration-as-code/reference#Cloud-kubernetes. The example below creates a python pod template.
# -- Configures extra pod templates for the default kubernetes cloud
podTemplates:{}
# python: |
# - name: python
# label: jenkins-python
# serviceAccount: jenkins
# containers:
# - name: python
# image: python:3
# command: "/bin/sh -c"
# args: "cat"
# ttyEnabled: true
# privileged: true
# resourceRequestCpu: "400m"
# resourceRequestMemory: "512Mi"
# resourceLimitCpu: "1"
# resourceLimitMemory: "1024Mi"
# Inherits all values from `agent` so you only need to specify values which differ
# -- Configure additional
additionalAgents:{}
# maven:
# podName: maven
# customJenkinsLabels: maven
# # An example of overriding the jnlp container
# # sideContainerName: jnlp
# image:
# repository: jenkins/jnlp-agent-maven
# tag: latest
# python:
# podName: python
# customJenkinsLabels: python
# sideContainerName: python
# image:
# repository: python
# tag: "3"
# command: "/bin/sh -c"
# args: "cat"
# TTYEnabled: true
# Here you can add additional clouds
# They inherit all values from the default cloud (including the main agent), so
# you only need to specify values which differ. If you want to override
# default additionalAgents with the additionalClouds.additionalAgents set
# additionalAgentsOverride to `true`.
additionalClouds:{}
# remote-cloud-1:
# kubernetesURL: https://api.remote-cloud.com
# additionalAgentsOverride: true
# additionalAgents:
# maven-2:
# podName: maven-2
# customJenkinsLabels: maven
# # An example of overriding the jnlp container
# # sideContainerName: jnlp
# image:
# repository: jenkins/jnlp-agent-maven
# tag: latest
# namespace: my-other-maven-namespace
# remote-cloud-2:
# kubernetesURL: https://api.remote-cloud.com
persistence:
# -- Enable the use of a Jenkins PVC
enabled:true
# A manually managed Persistent Volume and Claim
# Requires persistence.enabled: true
# If defined, PVC must be created manually before volume will be bound
# -- Provide the name of a PVC
existingClaim:
# jenkins data Persistent Volume Storage Class
# If defined, storageClassName: <storageClass>
# If set to "-", storageClassName: "", which disables dynamic provisioning
# If undefined (the default) or set to null, no storageClassName spec is
# set, choosing the default provisioner (gp2 on AWS, standard on GKE, AWS & OpenStack)
