# -- String to partially override cf-runtime.fullname template (will maintain the release name) nameOverride: "" # -- String to fully override cf-runtime.fullname template fullnameOverride: "" # -- Global parameters # @default -- See below global: # -- Global Docker image registry imageRegistry: "" # -- Global Docker registry secret names as array imagePullSecrets: [] # -- URL of Codefresh Platform (required!) codefreshHost: "https://g.codefresh.io" # -- User token in plain text (required if `global.codefreshTokenSecretKeyRef` is omitted!) # Ref: https://g.codefresh.io/user/settings (see API Keys) # Minimal API key scopes: Runner-Installation(read+write), Agent(read+write), Agents(read+write) codefreshToken: "" # -- User token that references an existing secret containing API key (required if `global.codefreshToken` is omitted!) codefreshTokenSecretKeyRef: {} # E.g. # codefreshTokenSecretKeyRef: # name: my-codefresh-api-token # key: codefresh-api-token # -- Account ID (required!) # Can be obtained here https://g.codefresh.io/2.0/account-settings/account-information accountId: "" # -- K8s context name (required!) context: "" # E.g. # context: prod-ue1-runtime-1 # -- Agent Name (optional!) # If omitted, the following format will be used `{{ .Values.global.context }}_{{ .Release.Namespace }}` agentName: "" # E.g. # agentName: prod-ue1-runtime-1 # -- Runtime name (optional!) # If omitted, the following format will be used `{{ .Values.global.context }}/{{ .Release.Namespace }}` runtimeName: "" # E.g. # runtimeName: prod-ue1-runtime-1/namespace # -- DEPRECATED Agent token in plain text. # !!! MUST BE provided if migrating from < 6.x chart version agentToken: "" # -- DEPRECATED Agent token that references an existing secret containing API key. # !!! MUST BE provided if migrating from < 6.x chart version agentTokenSecretKeyRef: {} # E.g. # agentTokenSecretKeyRef: # name: my-codefresh-agent-secret # key: codefresh-agent-token # DEPRECATED -- Use `.Values.global.imageRegistry` instead dockerRegistry: "" # DEPRECATED -- Use `.Values.runtime` instead re: {} # -- Runner parameters # @default -- See below runner: # -- Enable the runner enabled: true # -- Set number of pods replicasCount: 1 # -- Upgrade strategy updateStrategy: type: RollingUpdate # -- Set pod annotations podAnnotations: {} # -- Set image image: registry: quay.io repository: codefresh/venona tag: 1.10.8 digest: sha256:2327a1af2b8ad13e9685e7e577c2aa0d23580657c8da001f436f803280879eab # -- Init container init: image: registry: quay.io repository: codefresh/cli tag: 0.88.4-rootless digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562 resources: limits: memory: 512Mi cpu: '1' requests: memory: 256Mi cpu: '0.2' # -- Sidecar container # Reconciles runtime spec from Codefresh API for drift detection sidecar: enabled: false image: registry: quay.io repository: codefresh/kubectl tag: 1.31.2 digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7 env: RECONCILE_INTERVAL: 300 resources: {} # -- Add additional env vars env: {} # E.g. # env: # WORKFLOW_CONCURRENCY: 50 # The number of workflow creation and termination tasks the Runner can handle in parallel. Defaults to 50 # -- Service Account parameters serviceAccount: # -- Create service account create: true # -- Override service account name name: "" # -- Additional service account annotations annotations: {} # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Add custom rule to the role rules: [] # -- Set security context for the pod # @default -- See below podSecurityContext: enabled: true runAsUser: 10001 runAsGroup: 10001 fsGroup: 10001 # -- Readiness probe configuration # @default -- See below readinessProbe: failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 # -- Set requests and limits resources: {} # -- Set node selector nodeSelector: {} # -- Set tolerations tolerations: [] # -- Set affinity affinity: {} # -- Volume Provisioner parameters # @default -- See below volumeProvisioner: # -- Enable volume-provisioner enabled: true # -- Set number of pods replicasCount: 1 # -- Upgrade strategy updateStrategy: type: Recreate # -- Set pod annotations podAnnotations: {} # -- Set image image: registry: quay.io repository: codefresh/dind-volume-provisioner tag: 1.35.2 digest: sha256:ede6f663c912a08b7d335b5ec5518ccc266b27c431d0854d22971005992adc5d # -- Add additional env vars env: {} # E.g. # env: # THREADINESS: 4 # The number of PVC requests the dind-volume-provisioner can process in parallel. Defaults to 4 # -- Service Account parameters serviceAccount: # -- Create service account create: true # -- Override service account name name: "" # -- Additional service account annotations annotations: {} # E.g. # serviceAccount: # annotations: # eks.amazonaws.com/role-arn: "arn:aws:iam:::role/" # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Add custom rule to the role rules: [] # -- Set security context for the pod # @default -- See below podSecurityContext: enabled: true runAsUser: 3000 runAsGroup: 3000 fsGroup: 3000 # -- Set node selector nodeSelector: {} # -- Set resources resources: {} # -- Set tolerations tolerations: [] # -- Set affinity affinity: {} # -- `dind-lv-monitor` DaemonSet parameters # (local volumes cleaner) # @default -- See below dind-lv-monitor: enabled: true image: registry: quay.io repository: codefresh/dind-volume-utils tag: 1.30.0 digest: sha256:506915ccb63481cd6b249e9068235100ea2ae39d4c811c3e49851c20cbe5ee6f podAnnotations: {} podSecurityContext: enabled: false runAsUser: 1000 fsGroup: 1000 containerSecurityContext: {} env: {} resources: {} nodeSelector: {} tolerations: - key: 'codefresh/dind' operator: 'Exists' effect: 'NoSchedule' volumePermissions: enabled: false image: registry: docker.io repository: alpine tag: 3.18 digest: sha256:2995c82e8e723d9a5c8585cb8e901d1c50e3c2759031027d3bff577449435157 resources: {} securityContext: runAsUser: 0 # auto # `dind-volume-cleanup` CronJob parameters # (external volumes cleaner) # @default -- See below dind-volume-cleanup: enabled: true image: registry: quay.io repository: codefresh/dind-volume-cleanup tag: 1.2.0 digest: sha256:1af3e3ecc87bf2e26ba07ecef68f54ad100d7e3b5fcf074099f627fd5d917369 env: {} concurrencyPolicy: Forbid schedule: "*/10 * * * *" successfulJobsHistory: 3 failedJobsHistory: 1 suspend: false podAnnotations: {} podSecurityContext: enabled: true fsGroup: 3000 runAsGroup: 3000 runAsUser: 3000 nodeSelector: {} affinity: {} tolerations: [] # Storage parameters for volume-provisioner # @default -- See below storage: # -- Set backend volume type (`local`/`ebs`/`ebs-csi`/`gcedisk`/`azuredisk`) backend: local # -- Set filesystem type (`ext4`/`xfs`) fsType: "ext4" # Storage parametrs example for local volumes on the K8S nodes filesystem (i.e. `storage.backend=local`) # https://kubernetes.io/docs/concepts/storage/volumes/#local # @default -- See below local: # -- Set volume path on the host filesystem volumeParentDir: /var/lib/codefresh/dind-volumes # Storage parameters example for aws ebs disks (i.e. `storage.backend=ebs`/`storage.backend=ebs-csi`) # https://aws.amazon.com/ebs/ # https://codefresh.io/docs/docs/installation/codefresh-runner/#aws-backend-volume-configuration # @default -- See below ebs: # -- Set EBS volume type (`gp2`/`gp3`/`io1`) (required) volumeType: "gp2" # -- Set EBS volumes availability zone (required) availabilityZone: "us-east-1a" # -- Enable encryption (optional) encrypted: "false" # -- Set KMS encryption key ID (optional) kmsKeyId: "" # -- Set AWS_ACCESS_KEY_ID for volume-provisioner (optional) # Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions accessKeyId: "" # -- Existing secret containing AWS_ACCESS_KEY_ID. accessKeyIdSecretKeyRef: {} # E.g. # accessKeyIdSecretKeyRef: # name: # key: # -- Set AWS_SECRET_ACCESS_KEY for volume-provisioner (optional) # Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#dind-volume-provisioner-permissions secretAccessKey: "" # -- Existing secret containing AWS_SECRET_ACCESS_KEY secretAccessKeySecretKeyRef: {} # E.g. # secretAccessKeySecretKeyRef: # name: # key: # E.g. # ebs: # volumeType: gp3 # availabilityZone: us-east-1c # encrypted: false # iops: "5000" # # I/O operations per second. Only effetive when gp3 volume type is specified. # # Default value - 3000. # # Max - 16,000 # throughput: "500" # # Throughput in MiB/s. Only effective when gp3 volume type is specified. # # Default value - 125. # # Max - 1000. # ebs: # volumeType: gp2 # availabilityZone: us-east-1c # encrypted: true # kmsKeyId: "1234abcd-12ab-34cd-56ef-1234567890ab" # accessKeyId: "MYKEYID" # secretAccessKey: "MYACCESSKEY" # Storage parameters example for gce disks # https://cloud.google.com/compute/docs/disks#pdspecs # https://codefresh.io/docs/docs/installation/codefresh-runner/#gke-google-kubernetes-engine-backend-volume-configuration # @default -- See below gcedisk: # -- Set GCP volume backend type (`pd-ssd`/`pd-standard`) volumeType: "pd-ssd" # -- Set GCP volume availability zone availabilityZone: "us-west1-a" # -- Set Google SA JSON key for volume-provisioner (optional) serviceAccountJson: "" # -- Existing secret containing containing Google SA JSON key for volume-provisioner (optional) serviceAccountJsonSecretKeyRef: {} # E.g. # gcedisk: # volumeType: pd-ssd # availabilityZone: us-central1-c # serviceAccountJson: |- # { # "type": "service_account", # "project_id": "...", # "private_key_id": "...", # "private_key": "...", # "client_email": "...", # "client_id": "...", # "auth_uri": "...", # "token_uri": "...", # "auth_provider_x509_cert_url": "...", # "client_x509_cert_url": "..." # } # Storage parameters example for Azure Disks # https://codefresh.io/docs/docs/installation/codefresh-runner/#install-codefresh-runner-on-azure-kubernetes-service-aks # @default -- See below azuredisk: # -- Set storage type (`Premium_LRS`) skuName: Premium_LRS cachingMode: None # availabilityZone: northeurope-1 # resourceGroup: # DiskIOPSReadWrite: 500 # DiskMBpsReadWrite: 100 mountAzureJson: false # -- Set runtime parameters # @default -- See below runtime: # -- Set annotation on engine Service Account # Ref: https://codefresh.io/docs/docs/administration/codefresh-runner/#injecting-aws-arn-roles-into-the-cluster serviceAccount: create: true annotations: {} # E.g. # serviceAccount: # annotations: # eks.amazonaws.com/role-arn: "arn:aws:iam:::role/" # -- Set parent runtime to inherit. # Should not be changes. Parent runtime is controlled from Codefresh side. runtimeExtends: - system/default/hybrid/k8s_low_limits # -- Runtime description description: "" # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Add custom rule to the engine role rules: [] # -- (for On-Premise only) Enable agent agent: true # -- (for On-Premise only) Set inCluster runtime inCluster: true # -- (for On-Premise only) Assign accounts to runtime (list of account ids) accounts: [] # -- Parameters for DinD (docker-in-docker) pod (aka "runtime" pod). dind: # -- Set dind image. image: registry: quay.io repository: codefresh/dind tag: 26.1.4-1.28.8 # use `latest-rootless/rootless/26.1.4-1.28.8-rootless` tags for rootless-dind pullPolicy: IfNotPresent digest: sha256:33c343dd01e8a24f0b4a872bbe62884320719f9d9dc27b7a8fed9f7e9fc7e80e # -- Set dind resources. resources: requests: null limits: cpu: 400m memory: 800Mi # -- Set termination grace period. terminationGracePeriodSeconds: 30 # -- PV claim spec parametes. pvcs: # -- Default dind PVC parameters dind: # -- PVC name prefix. # Keep `dind` as default! Don't change! name: dind # -- PVC storage class name. # Change ONLY if you need to use storage class NOT from Codefresh volume-provisioner storageClassName: '{{ include "dind-volume-provisioner.storageClassName" . }}' # -- PVC size. volumeSize: 16Gi # -- PV reuse selector. # Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#volume-reuse-policy reuseVolumeSelector: codefresh-app,io.codefresh.accountName reuseVolumeSortOrder: pipeline_id # -- PV annotations. annotations: {} # E.g.: # annotations: # codefresh.io/volume-retention: 7d # -- Set additional env vars. env: DOCKER_ENABLE_DEPRECATED_PULL_SCHEMA_1_IMAGE: true # -- Set pod annotations. podAnnotations: {} # -- Set pod labels. podLabels: {} # -- Set node selector. nodeSelector: {} # -- Set affinity affinity: {} # -- Set tolerations. tolerations: [] # -- Set security context for the pod. podSecurityContext: {} # -- Set container security context. containerSecurityContext: {} # -- Set scheduler name. schedulerName: "" # -- Set service account for pod. serviceAccount: codefresh-engine # -- Keep `true` as default! userAccess: true # -- Add extra volumes userVolumes: {} # E.g.: # userVolumes: # regctl-docker-registry: # name: regctl-docker-registry # secret: # items: # - key: .dockerconfigjson # path: config.json # secretName: regctl-docker-registry # optional: true # -- Add extra volume mounts userVolumeMounts: {} # E.g.: # userVolumeMounts: # regctl-docker-registry: # name: regctl-docker-registry # mountPath: /home/appuser/.docker/ # readOnly: true volumePermissions: enabled: false image: registry: docker.io repository: alpine tag: 3.18 digest: sha256:2995c82e8e723d9a5c8585cb8e901d1c50e3c2759031027d3bff577449435157 resources: {} securityContext: runAsUser: 0 # auto # -- Parameters for Engine pod (aka "pipeline" orchestrator). engine: # -- Set image. image: registry: quay.io repository: codefresh/engine tag: 1.174.19 pullPolicy: IfNotPresent digest: sha256:7d3b21beec1da9bc2edc2087678aa0e8fc91a28ea4e197452a4430f8e98cf27e # -- Set container command. command: - npm - run - start # -- Set resources. resources: requests: cpu: 100m memory: 128Mi limits: cpu: 1000m memory: 2048Mi # -- Set termination grace period. terminationGracePeriodSeconds: 180 # -- Set system(base) runtime images. # @default -- See below. runtimeImages: COMPOSE_IMAGE: quay.io/codefresh/compose:v2.28.1-1.5.0@sha256:362977564c096b7c2c007b8478ec87cac13d781839adc271d858290213bd89f2 CONTAINER_LOGGER_IMAGE: quay.io/codefresh/cf-container-logger:1.11.7@sha256:1e7bcee65203f9fdfc7ee5231cb4d29b179479d70dd42ec9855d20c57ab43c48 DOCKER_BUILDER_IMAGE: quay.io/codefresh/cf-docker-builder:1.3.16@sha256:142288b34c4af9abad44f304f00b109825df0894853a66a77a09f3ebf507d176 DOCKER_PULLER_IMAGE: quay.io/codefresh/cf-docker-puller:8.0.18@sha256:1a15c3ae0952d3986de7866a3def8ac7e3e39f668fe87fd46c63d886ca06c6d7 DOCKER_PUSHER_IMAGE: quay.io/codefresh/cf-docker-pusher:6.0.16@sha256:05efc1af8b1196f1b9b3f0781b4dcc1aa2cdd0ffc1347ee5fa81b16d029ec5c2 DOCKER_TAG_PUSHER_IMAGE: quay.io/codefresh/cf-docker-tag-pusher:1.3.15@sha256:3a3e90cd10801c7ec0d3cf3816d0dcc90894d5d1771448c43f67215d90da5eca FS_OPS_IMAGE: quay.io/codefresh/fs-ops:1.2.3@sha256:57374ccd5275325fc36b237fb38c77dd1f65c84d5aebfe88c9ea0e434ea20fc9 GIT_CLONE_IMAGE: quay.io/codefresh/cf-git-cloner:10.2.0@sha256:a3ec854823f17d0fd817d978219122e644b1abd6db778fd835688fcb6d88c515 KUBE_DEPLOY: quay.io/codefresh/cf-deploy-kubernetes:16.1.11@sha256:b6b3fc6cc5fad3ba9e36055278ce99a74a86876be116574503c6fbb4c1b4aa76 PIPELINE_DEBUGGER_IMAGE: quay.io/codefresh/cf-debugger:1.3.6@sha256:4892d72afc0e27718134eff2cb3c1276f731f3d2a41fd76cd73b500310326e47 TEMPLATE_ENGINE: quay.io/codefresh/pikolo:0.14.1@sha256:fb7173cfed7536f7de68e75996106e2ce3a0a204e6c5609cba0d7eb62c9db9e1 CR_6177_FIXER: alpine:edge@sha256:8431297eedca8df8f1e6144803c6d7e057ecff2408aa6861213cb9e507acadf8 GC_BUILDER_IMAGE: quay.io/codefresh/cf-gc-builder:0.5.3@sha256:33ac914e6b844909f188a208cf90e569358cafa5aaa60f49848f49d99bcaf875 COSIGN_IMAGE_SIGNER_IMAGE: quay.io/codefresh/cf-cosign-image-signer:2.4.0-cf.2@sha256:5e0993207aa809c25ed70cf89af444d9720892fb4a29deb82db45618b0cae4a9 # -- Set additional env vars. env: # -- Interval to check the exec status in the container-logger CONTAINER_LOGGER_EXEC_CHECK_INTERVAL_MS: 1000 # -- Timeout while doing requests to the Docker daemon DOCKER_REQUEST_TIMEOUT_MS: 30000 # -- If "true", composition images will be pulled sequentially FORCE_COMPOSE_SERIAL_PULL: false # -- Level of logging for engine LOGGER_LEVEL: debug # -- Enable debug-level logging of outgoing HTTP/HTTPS requests LOG_OUTGOING_HTTP_REQUESTS: false # -- Enable emitting metrics from engine METRICS_PROMETHEUS_ENABLED: true # -- Enable legacy metrics METRICS_PROMETHEUS_ENABLE_LEGACY_METRICS: false # -- Enable collecting process metrics METRICS_PROMETHEUS_COLLECT_PROCESS_METRICS: false # -- Host for Prometheus metrics server METRICS_PROMETHEUS_HOST: '0.0.0.0' # -- Port for Prometheus metrics server METRICS_PROMETHEUS_PORT: 9100 # -- Trusted QEMU images used for docker builds - when left blank only 'tonistiigi/binfmt' is trusted. TRUSTED_QEMU_IMAGES: '' # -- Set workflow limits. workflowLimits: # -- Maximum time allowed to the engine to wait for the pre-steps (aka "Initializing Process") to succeed; seconds. MAXIMUM_ALLOWED_TIME_BEFORE_PRE_STEPS_SUCCESS: 600 # -- Maximum time for workflow execution; seconds. MAXIMUM_ALLOWED_WORKFLOW_AGE_BEFORE_TERMINATION: 86400 # -- Maximum time allowed to workflow to spend in "elected" state; seconds. MAXIMUM_ELECTED_STATE_AGE_ALLOWED: 900 # -- Maximum retry attempts allowed for workflow. MAXIMUM_RETRY_ATTEMPTS_ALLOWED: 20 # -- Maximum time allowed to workflow to spend in "terminating" state until force terminated; seconds. MAXIMUM_TERMINATING_STATE_AGE_ALLOWED: 900 # -- Maximum time allowed to workflow to spend in "terminating" state without logs activity until force terminated; seconds. MAXIMUM_TERMINATING_STATE_AGE_ALLOWED_WITHOUT_UPDATE: 300 # -- Time since the last health check report after which workflow is terminated; seconds. TIME_ENGINE_INACTIVE_UNTIL_TERMINATION: 300 # -- Time since the last health check report after which the engine is considered unhealthy; seconds. TIME_ENGINE_INACTIVE_UNTIL_UNHEALTHY: 60 # -- Time since the last workflow logs activity after which workflow is terminated; seconds. TIME_INACTIVE_UNTIL_TERMINATION: 2700 # -- Set pod annotations. podAnnotations: {} # -- Set pod labels. podLabels: {} # -- Set node selector. nodeSelector: {} # -- Set affinity affinity: {} # -- Set tolerations. tolerations: [] # -- Set scheduler name. schedulerName: "" # -- Set service account for pod. serviceAccount: codefresh-engine # -- Set extra env vars userEnvVars: [] # E.g. # userEnvVars: # - name: GITHUB_TOKEN # valueFrom: # secretKeyRef: # name: github-token # key: token # -- Parameters for `runtime-patch` post-upgrade/install hook # @default -- See below patch: enabled: true image: registry: quay.io repository: codefresh/cli tag: 0.88.4-rootless digest: sha256:b256d150ff8a636851ddc1d5fb0490114d5036cc5bff357eac6a9899fea87562 rbac: enabled: true annotations: {} affinity: {} nodeSelector: {} podSecurityContext: {} resources: {} tolerations: [] ttlSecondsAfterFinished: 180 env: HOME: /tmp # -- Parameters for `gencerts-dind` post-upgrade/install hook # @default -- See below gencerts: enabled: true image: registry: quay.io repository: codefresh/kubectl tag: 1.31.2 digest: sha256:a30a8810dde249d0198f67792ed9696363f15c8cecbac955ee9bd267b5454ee7 rbac: enabled: true annotations: {} affinity: {} nodeSelector: {} podSecurityContext: {} resources: {} tolerations: [] ttlSecondsAfterFinished: 180 # -- DinD pod daemon config # @default -- See below dindDaemon: hosts: - unix:///var/run/docker.sock - tcp://0.0.0.0:1300 tlsverify: true tls: true tlscacert: /etc/ssl/cf-client/ca.pem tlscert: /etc/ssl/cf/server-cert.pem tlskey: /etc/ssl/cf/server-key.pem insecure-registries: - 192.168.99.100:5000 metrics-addr: 0.0.0.0:9323 experimental: true # App-Proxy parameters # Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#app-proxy-installation # @default -- See below appProxy: # -- Enable app-proxy enabled: false # -- Set number of pods replicasCount: 1 # -- Upgrade strategy updateStrategy: type: RollingUpdate # -- Set pod annotations podAnnotations: {} # -- Set image image: registry: quay.io repository: codefresh/cf-app-proxy tag: 0.0.47 digest: sha256:324a9b89924152cce195c7239ddd8501c8aa5f901d19bc4d9f3936cbe5dac14f # -- Add additional env vars env: {} # Set app-proxy ingress parameters # @default -- See below ingress: # -- Set path prefix for ingress (keep empty for default `/` path) pathPrefix: "" # -- Set ingress class class: "" # -- Set DNS hostname the ingress will use host: "" # -- Set k8s tls secret for the ingress object tlsSecret: "" # -- Set extra annotations for ingress object annotations: {} # E.g. # ingress: # pathPrefix: "/cf-app-proxy" # class: "nginx" # host: "mydomain.com" # tlsSecret: "tls-cert-app-proxy" # annotations: # nginx.ingress.kubernetes.io/whitelist-source-range: 123.123.123.123/130 # -- Service Account parameters serviceAccount: # -- Create service account create: true # -- Override service account name name: "" # -- Use Role(true)/ClusterRole(true) namespaced: true # -- Additional service account annotations annotations: {} # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Use Role(true)/ClusterRole(true) namespaced: true # -- Add custom rule to the role rules: [] # -- Set security context for the pod podSecurityContext: {} # -- Readiness probe configuration # @default -- See below readinessProbe: failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 # -- Set requests and limits resources: {} # -- Set node selector nodeSelector: {} # -- Set tolerations tolerations: [] # -- Set affinity affinity: {} # Monitor parameters # @default -- See below monitor: # -- Enable monitor # Ref: https://codefresh.io/docs/docs/installation/codefresh-runner/#install-monitoring-component enabled: false # -- Set number of pods replicasCount: 1 # -- Upgrade strategy updateStrategy: type: RollingUpdate # -- Set pod annotations podAnnotations: {} # -- Set image image: registry: quay.io repository: codefresh/cf-k8s-agent tag: 1.3.19 digest: sha256:5be2b798d583abdae68271f57724dd7f2b0251a238845c466fa7b67f078f59ad # -- Add additional env vars env: {} # -- Service Account parameters serviceAccount: # -- Create service account create: true # -- Override service account name name: "" # -- Additional service account annotations annotations: {} # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Use Role(true)/ClusterRole(true) namespaced: true # -- Add custom rule to the role rules: [] # -- Readiness probe configuration # @default -- See below readinessProbe: failureThreshold: 5 initialDelaySeconds: 5 periodSeconds: 5 successThreshold: 1 timeoutSeconds: 5 podSecurityContext: {} # -- Set node selector nodeSelector: {} # -- Set resources resources: {} # -- Set tolerations tolerations: [] # -- Set affinity affinity: {} # -- Add serviceMonitor # @default -- See below serviceMonitor: main: # -- Enable service monitor for dind pods enabled: false nameOverride: dind selector: matchLabels: app: dind endpoints: - path: /metrics targetPort: 9100 relabelings: - action: labelmap regex: __meta_kubernetes_pod_label_(.+) # -- Add podMonitor (for engine pods) # @default -- See below podMonitor: main: # -- Enable pod monitor for engine pods enabled: false nameOverride: engine selector: matchLabels: app: runtime podMetricsEndpoints: - path: /metrics targetPort: 9100 runner: # -- Enable pod monitor for runner pod enabled: false nameOverride: runner selector: matchLabels: codefresh.io/application: runner podMetricsEndpoints: - path: /metrics targetPort: 8080 volume-provisioner: # -- Enable pod monitor for volumeProvisioner pod enabled: false nameOverride: volume-provisioner selector: matchLabels: codefresh.io/application: volume-provisioner podMetricsEndpoints: - path: /metrics targetPort: 8080 # -- Event exporter parameters # @default -- See below event-exporter: # -- Enable event-exporter enabled: false # -- Set number of pods replicasCount: 1 # -- Upgrade strategy updateStrategy: type: Recreate # -- Set pod annotations podAnnotations: {} # -- Set image image: registry: docker.io repository: codefresh/k8s-event-exporter tag: latest digest: sha256:cf52048f1378fb6659dffd1394d68fdf23a7ea709585dc14b5007f3e5a1b7584 # -- Add additional env vars env: {} # -- Service Account parameters serviceAccount: # -- Create service account create: true # -- Override service account name name: "" # -- Additional service account annotations annotations: {} # -- RBAC parameters rbac: # -- Create RBAC resources create: true # -- Add custom rule to the role rules: [] # -- Set security context for the pod # @default -- See below podSecurityContext: enabled: false # -- Set node selector nodeSelector: {} # -- Set resources resources: {} # -- Set tolerations tolerations: [] # -- Set affinity affinity: {} # -- Array of extra objects to deploy with the release extraResources: [] # E.g. # extraResources: # - apiVersion: rbac.authorization.k8s.io/v1 # kind: ClusterRole # metadata: # name: codefresh-role # rules: # - apiGroups: [ "*"] # resources: ["*"] # verbs: ["get", "list", "watch", "create", "update", "patch", "delete"] # - apiVersion: v1 # kind: ServiceAccount # metadata: # name: codefresh-user # namespace: "{{ .Release.Namespace }}" # - apiVersion: rbac.authorization.k8s.io/v1 # kind: ClusterRoleBinding # metadata: # name: codefresh-user # roleRef: # apiGroup: rbac.authorization.k8s.io # kind: ClusterRole # name: codefresh-role # subjects: # - kind: ServiceAccount # name: codefresh-user # namespace: "{{ .Release.Namespace }}" # - apiVersion: v1 # kind: Secret # type: kubernetes.io/service-account-token # metadata: # name: codefresh-user-token # namespace: "{{ .Release.Namespace }}" # annotations: # kubernetes.io/service-account.name: "codefresh-user"