Configuration values

9 minute readReference

Helm provides several ways to set value fields. The CloudBees CD/RO server and agent Helm charts provide CloudBees’s default values. Helm stores these values in the chart’s cloudbees-cd-defaults.yaml file. A copy of the default values can be found in the cloudbees-example public GitHub repo.

You can override these fields as follows:

  • On the Helm install command line using the --set parameter.

  • In a local myvalues.yaml file.

CloudBees recommends using a local values file for your installation to keep all of your CloudBees CD/RO environment settings.

cloudbees-flow chart configuration values

The following tables list common configurable parameters of the cloudbees-flow chart and their default values.

Volume permissions values

Table 1. Volume permissions values
Key Description/Default

volumePermissions.enabled

Enable/disable volume permissions for the attached PVC of CloudBees CD/RO components.

Default: true

Bound agent values

Table 2. Bound agent values
Key Description/Default

boundAgent.ecconfigure

String is interpreted as if passed to ecconfigure utility within the container

Default: --agentInitMemoryMB=256 --agentMaxMemoryMB=256

boundAgent.imageName

Default: cbflow-agent

boundAgent.logLevel

Default: DEBUG

boundAgent.replicas

Default: 1

boundAgent.resources.limits.cpu

Default: 0.25

boundAgent.resources.limits.memory

Default: 1024Mi

boundAgent.resources.requests.cpu

Default: 0.25

boundAgent.resources.requests.memory

Default: 512Mi

boundAgent.volumesPermissions.enabled

Enable/disable volume permissions for the bound agent. Use to override the volumespermissions.enabled chart-level setting.

Default: true

Database values

Table 3. Database values
Key Description/Default

database.clusterEndpoint

Use this option if your database is residing in the same Kubernetes cluster as Flow. Notation is db-service.namespace If deploying into the same namespace, .namespace component can be omitted.

Default: null

database.externalEndpoint

Database endpoint, database or schema , principal that has full read/write access on that schema

Default: null

database.dbName

Default: null

database.dbPassword

Default: null

database.dbPort

Default: null

database.dbType

The database type with which CloudBees CD/RO persistence works. One of:

mysql —MYSQL

mariadb —MariaDB

sqlserver —MS SQLServer

oracle —Oracle

postgresql —PostgreSQL

Default: null

database.dbUser

Default: null

database.existingSecret

Use this option if you have or are planning to deploy the credential’s secret yourself. The layout has to be the same as that of server-secrets.yaml::dbSecret

Default: null

demoMode

Default: false

CloudBees Analytics server values

Table 4. CloudBees Analytics server values
Key Description/Default

dois.credentials.adminPassword dois.credentials.existingSecret

Credentials for administrative access to Elasticsearch data. It sets a password for the admin ` user with the corresponding rights. If the password is an empty string, then user `admin is not created and administrative access is not granted.

Default: null

dois.enabled

Flag that dictates whether this workload and its accompanying services are to be installed

Default: true

dois.esClusterName

Elasticsearch cluster name

Default: null

dois.esMinMasterNodes

Minimum number of master-eliGile nodes that must be visible in order to form an Elasticsearch cluster.

Default: 1

dois.esNumberOfShards

The number of primary shards that an index must have.

Default: null

dois.esRam

Elasticsearch heap size in MB.

Default: 2048

dois.expose

Expose DevOps Insight as externally available services ingress needs to ports 9200 and 9500 to be open to the outer world.

Default: true

dois.imageName

Default: cbflow-dois

dois.lsInitRam

Default: 512

dois.lsMaxRam

Default: 1024

dois.replicas

Number of Elasticsearch nodes

Default: 1

dois.resources.limits.cpu

Default: 1

dois.resources.limits.memory

Default: 3.5Gi

dois.resources.requests.cpu

Default: 0.1

dois.resources.requests.memory

Default: 3.5Gi

dois.serverEndpoint

CloudBees CD/RO server endpoint. If installing in a different namespace, the server name must be in service-name.namespace format. Default: flow-server

dois.serviceEndpoint

The DevOps Insight server service endpoint to be configured on the remote CloudBees CD/RO server. It is assumed the remote CloudBees CD/RO server is located in the same Kubernetes cluster.

Default: flow-devopsinsight.{{ .Release.Namespace }}

dois.volumesPermissions.enabled

Enable/disable volume permissions for the {SDA ANALYTICS} server. Use to override the volumespermissions.enabled chart-level setting.

Default: true

CloudBees CD/RO credential values

Table 5. CloudBees CD/RO credential values
Key Description/Default

flowCredentials.adminPassword

Default: changeme

flowCredentials.existingSecret

Either specify the secret where the admin user password is stored under the CBF_SERVER_ADMIN_PASS key, recommended for production, or specify the adminPassword .

Default: null

CloudBees CD/RO server license values (optional)

Table 6. CloudBees CD/RO server license values (optional)
Key Description/Default

flowLicense.existingSecret

Default: null

flowLicense.licenseData

Default: null

Images values

Table 7. Images values
Key Description/Default

images.pullPolicy

Default: IfNotPresent

images.repository

Default: 547883162893.dkr.ecr.us-east-1.amazonaws.com

images.tag

The Helm chart image tag corresponding to a specific CloudBees CD/RO artifact.

Example: 10.0.1.143076_2.0.12_20200729

Default: tag associated with latest CloudBees CD/RO artifact, as listed in cloudbees-cd-defaults.yaml found here.

Sidecar injector additional container values

Table 8. Sidecar injector additional container values
Key Description/Default

server.additionalContainers

To add additional containers for the server, uncomment the name, image, and command in your values file.

server: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

web.additionalContainers

To add additional containers, uncomment the name, image, and command in your values file.

web: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

dois.additionalContainers

To add additional containers, uncomment the name, image, and command in your values file.

dois: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

repository.additionalContainers

To add additional containers, uncomment the name, image, and command in your values file.

repository: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

boundAgent.additionalContainers

To add additional containers, uncomment the name, image, and command in your values file.

boundAgent: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

Network isolation values

Table 9. Network isolation values
Key Description/Default

networkIsolation.allowFromCidr

The CIDR allowed to make connection to all exposed CloudBees CD/RO endpoints.

Default: 0.0.0.0/0

Nginx-ingress values (Kubernetes versions 1.21 and earlier)

Table 10. Nginx-ingress values (Kubernetes versions 1.21 and earlier)
Key Description/Default

nginx-ingress.controller.ingressClass

Default: flow-ingress

nginx-ingress.controller.publishService.enabled

Default: true

nginx-ingress.controller.scope.enabled

Default: true

nginx-ingress.enabled

Default: true

nginx-ingress.tcp.61613

Default: {{ .Release.Namespace }}/flow-server:61613

nginx-ingress.tcp.8200

Default: {{ .Release.Namespace }}/flow-repository:8200

nginx-ingress.tcp.8443

Default: {{ .Release.Namespace }}/flow-server:8443

nginx-ingress.tcp.9200

Default: {{ .Release.Namespace }}/flow-devopsinsight:9200

nginx-ingress.tcp.9500

Default: {{ .Release.Namespace }}/flow-devopsinsight:9500

Ingress-nginx values (Kubernetes versions 1.22 and later)

Table 11. Ingress-nginx values (Kubernetes versions 1.22 and later)
ingress-nginx.controller.ingressClass Default: flow-ingress

ingress-nginx.controller.publishService.enabled

Default: true

ingress-nginx.controller.scope.enabled

Default: true

ingress-nginx.enabled

Default: true

ingress-nginx.tcp.61613

Default: \{\{ .Release.Namespace }}/flow-server:61613

ingress-nginx.tcp.8200

Default: \{\{ .Release.Namespace }}/flow-repository:8200

ingress-nginx.tcp.8443

Default: \{\{ .Release.Namespace }}/flow-server:8443

ingress-nginx.tcp.9200

Default: \{\{ .Release.Namespace }}/flow-devopsinsight:9200

ingress-nginx.tcp.9500

Default: \{\{ .Release.Namespace }}/flow-devopsinsight:9500

Repository values

Table 12. Repository values
Key Description/Default

repository.ecconfigure

String to pass to `ecconfigure ` utility.

Default: --repositoryInitMemoryMB=256 --repositoryMaxMemoryMB=512

repository.enabled

Flag that dictates whether this workload and its accompanying services are to be installed

Default: true

repository.expose

Expose repository as an externally available service that ingress needs to port port 8200.

Default: true

repository.externalService.enabled

Expose flow-respoitory:8200 endpoint for platforms like OpenShift where Ingress isn’t supported or doesn’t support exposing non-web, TCP ports. Use with server.externalService.enabled. Refer to How external clients access CloudBees CD/RO components inside an OpenShift cluster for more details.

Default: false

repository.imageName

Default: cbflow-repository

repository.logLevel

Default: DEBUG

repository.replicas

Default: 1

repository.resources.limits.cpu

Default: 0.25

repository.resources.limits.memory

Default: 1024Mi

repository.resources.requests.cpu

Default: 0.25

repository.resources.requests.memory

Default: 512Mi

repository.volumesPermissions.enabled

Enable/disable volume permissions for the repository. Use to override the volumespermissions.enabled chart-level setting.

Default: true

repository.zoneName

The zone, assigned to the repository instance, created in the CloudBees CD/RO server to represent this repository instance. The zone must exist in CloudBees CD/RO server instance.

Default: null

CloudBees CD/RO server values

Table 13. CloudBees CD/RO server values
Key Description/Default

server.ecconfigure

String to pass to `ecconfigure ` utility.

Default: --serverInitMemoryMB=4096 --serverMaxMemoryMB=4096

server.enabled

Flag that dictates whether the web workload and its accompanying services are to be installed.

Default: true

server.expose

As CloudBees CD/RO requires repository to be exposed as externally available services, ingress needs to ports 8443 and 61613 to be open to the outer world.

Default: true

server.externalService.enabled

Expose flow-server:8443 endpoint for platforms like OpenShift where Ingress isn’t supported or doesn’t support exposing non-web, TCP ports. Use with repository.externalService.enabled. Refer to How external clients access CloudBees CD/RO components inside an OpenShift cluster for more details.

Default: false

server.imageName

Default: cbflow-server

server.logLevel

Master loglevel for com.electriccloud package

Default: INFO

server.replicas

Default: 1

server.resources.limits.cpu

Default: 4

server.resources.limits.memory

Default: 6Gi

server.resources.requests.cpu

Default: 1.5

server.resources.requests.memory

Default: 6Gi

server.volumesPermissions.enabled

Enable/disable volume permissions for the CloudBees CD/RO server. Use to override the volumespermissions.enabled chart-level setting.

Default: true

server.zk.host

Default: zookeeper

server.zk.port

Default: 2181

Server storage values

Table 14. Server storage values
Key Description/Default

storage.volumes.doisStorage.accessMode

Default: ReadWriteOnce

storage.volumes.doisStorage.name

Default: elasticsearch-data

storage.volumes.doisStorage.storage

Default: 10Gi

storage.volumes.repositoryStorage.accessMode

Default: ReadWriteOnce

storage.volumes.repositoryStorage.name

Default: flow-repo-artifacts

storage.volumes.repositoryStorage.storage

Default: 20Gi

storage.volumes.repositoryStorage.storageClass

Specify non-platform-default or custom storage class.

Default: null

storage.volumes.serverPlugins.accessMode

Default: ReadWriteMany

storage.volumes.serverPlugins.name

Default: flow-server-shared

storage.volumes.serverPlugins.storage

Default: 5Gi

storage.volumes.serverPlugins.storageClass

Storage class for plugins directory. Currently it has to be shared across all server and web replicas. Has to be ReadWriteMany accessible.

Default: null

CloudBees CD/RO web server values

Table 15. CloudBees CD/RO web server values
Key Description/Default

web.ecconfigure

String to pass to `ecconfigure ` utility.

web.enabled

Flag that dictates whether the web workload and its accompanying services are to be installed.

Default: true

web.imageName

Default: cbflow-web

web.ingress.annotations. kubernetes.io/ingress.class

Default: flow-ingress

web.ingress.annotations.nginx.ingress. kubernetes.io/affinity

Default: cookie

web.ingress.annotations.nginx.ingress. kubernetes.io/proxy-body-size

Default: 10GB

web.ingress.annotations.nginx.ingress. kubernetes.io/secure-backends

Default: false

web.ingress.annotations.nginx.ingress. kubernetes.io/session-cookie-hash

Default: sha1

web.ingress.annotations.nginx.ingress. kubernetes.io/session-cookie-name

Default: route

web.ingress.cert.crt web.ingress.cert.key

Certificates for WEB ingress. Normally should be set when helm install ` executes using: `--set-file web.ingress.cert.key=path/to/key ` `--set-file web.ingress.cert.crt=path/to/crt

This section is just an example that ingress can be configured with certs for TLS.

Default: null

web.ingress.enabled

Default: true

web.ingress.host

Default: fbapp.ecsaas.xyz

web.replicas

Default: 1

web.resources.limits.cpu

Default: 1

web.resources.limits.memory

Default: 512Mi

web.resources.requests.cpu

Default: 0.25

web.resources.requests.memory

Default: 256Mi

web.service.type

Default: ClusterIP

Zookeeper values

Table 16. Zookeeper values
Key Description/Default

zookeeper.enabled

Default: true

zookeeper.fullnameOverride

Default: zookeeper

zookeeper.podLabels.mode

Default: private

zookeeper.podLabels.ownerApp

Default: cloudbees-flow

zookeeper.podLabels.role

Default: cluster-coordinator

zookeeper.replicaCount

Default: 3

zookeeper.resources.limits.cpu

Default: 250m

zookeeper.resources.limits.memory

Default: 1Gi

zookeeper.resources.requests.cpu

Default: 250m

zookeeper.resources.requests.memory

Default: 512Mi

cloudbees-flow-agent chart configuration values

The following tables list common configurable parameters of the cloudbees-flow-agent chart and their default values. Refer to the chart’s values.yaml for the exhaustive list of options. For current default values, refer to cloudbees-cd-agent-defaults.yaml, found here.

Table 17. Configuration values
Key Description/Default

ecconfigure

String to pass to ecconfigure utility.

Default:

--agentInitMemoryMB=16 --agentMaxMemoryMB=64

CloudBees CD/RO credential values

CloudBees CD/RO server credentials to use in order to register with agent as a resource on the CloudBees CD/RO server. The admin user is used by default. You may user a different user if desired. The user must have modify permissions on CloudBees CD/RO server resources.

Table 18. CloudBees CD/RO credential values
Key Description/Default

flowCredentials.existingSecret

Default: null. Use for the Existing Secret Name of the secret containing the Flow user credentials to use. The data field must contain base64 encoded value for keys 'CBF_SERVER_USER' and 'CBF_SERVER_PASSWORD'.

flowCredentials.password

Default: changeme

flowCredentials.user

Default: admin

Image values

Table 19. Image values
Key Description/Default

images.imageRepository

Default: cbflow-agent

images.pullPolicy

Default: IfNotPresent

images.registry

Default: 547883162893.dkr.ecr.us-east-1.amazonaws.com

images.tag

The Helm chart image tag corresponding to a specific CloudBees CD/RO agent artifact.

Example: 10.0.1.143076_2.0.12_20200729

Default: tag associated with latest agent artifact, as listed in cloudbees-cd-agent-defaults.yaml found here.

Resource values

Table 20. Resource values
Key Description/Default

resources.limits.cpu

Default: 1

resources.limits.memory

Default: 1024Mi

resources.requests.cpu

Default: 0.25

resources.requests.memory

Default: 512Mi

Agent storage values

Table 21. Agent storage values
Key Description/Default

storage.volumes.agentWorkspace.accessMode

Default: ReadWriteOnce

storage.volumes.agentWorkspace.storageClass

Use with any non platform-default or custom storage class.

Default: null

storage.volumes.agentWorkspace.name

Default: flow-agent-workspace

storage.volumes.agentWorkspace.storage

Default: 5Gi

storage.volumes.agentWorkspace.existingClaim

Whether to use the existing claim for a previously deployed agent to share its workspace.

Set to true to share the existing claim for storage.volumes.agentWorkspace.name.

storage.volumes.boundAgentStorage.enabled

Use to enable the ability to create and mount a persistent volume claim for bound agents. Optional.

Set to true to enable a persistent volume claim for bound agents.

Default: false

Miscellaneous agent values

Table 22. Miscellaneous agent values
Key Description/Default

additionalContainers

To add additional containers for sidecar injector, uncomment the name, image, and command in your values file.

additionalContainers: additionalContainers: # additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command"

logLevel

Master loglevel for com.electriccloud package

Default: DEBUG

replicas

Default: 1

resourceName

CloudBees CD/RO resource name that agents of this deployment are assigned to. Refer to Agent resource name templates for more options.

Default: hostname

resourcePools

List of resource pools with which agents try to register upon coming up and registering with server.

Default: null

resourceType

Type of resource to create on the remote CloudBees CD/RO server. This argument is relevant only when the CloudBees CD/RO server is using a mixed-mode license (concurrent resources and registered hosts). Valid options for this value are concurrent or registered.

Default: null

serverEndpoint

Default: null

trustedAgent

Set to `true ` to configure the agent as a trusted agent, restricting the agent to one CloudBees CD/RO server deployment.

Default: false

workspaceName

The default workspace (must exist in CloudBees CD/RO server instance) for the resources created in the CloudBees CD/RO server for the agent(s).

Default: null

zoneName

The zone (must exist in CloudBees CD/RO server instance) for the resources created in the CloudBees CD/RO server for the agent(s).

Default: null

Agent resource name templates

Generally, you set the name for the agent resource with the value agent.resourceName , but this only works when the agent deployment has only one replica. If there are multiple replicas, then each of them tries to register itself using the same resource name. As a result, only one replica from the entire deployment will be registered as a resource.

The resource name defaults to hostname , but other template values are available to fully qualify the resource:

  • Ordinary Helm template values. For example: {{ .Release.Name }} , {{ .Release.Namespace }} , and so on.

  • In addition, two special template values are allowed :

    • {{ hostname }} –the actual resource hostname

    • {{ ordinalIndex }} –the serial replica index in the StatefulSet

For example:

resourceName: "myResource - {{ .Release.Name }} - {{ ordinalIndex }}"

Very large Helm deployments

A very large Helm deployment of CloudBees CD/RO is:

  • ~ 100K jobs per day

  • ~ 2000 running pipelines per day

  • ~ 5M job steps per day

Active customers and partners can refer to the CloudBees CD/RO Level 2: Helm for Very Large Kubernetes Deployments training course for details.

The following tables summarize the changes to the default Helm chart for very large deployments:

CloudBees CD/RO server values

Table 23. CloudBees CD/RO server values for very large Helm deployments
Name Value

server.replicas

4

server.ecconfigure

"--serverInitMemory=70 --serverMaxMemory=85"

server.resources.limits.cpu

16

server.resources.limits.memory

128Gi

server.resources.requests.cpu

4

server.resources.requests.memory

16Gi

CloudBees CD/RO web server values

Table 24. CloudBees CD/RO web server values for very large Helm deployments
Name Value

web.replicas

2

Repository values

Table 25. Repository values for very large Helm deployments
Name Value

repository.resources.requests.memory

768Mi

CloudBees Analytics server values

Table 26. CloudBees Analytics server values for very large Helm deployments
Name Value

dois.replicas

3

dois.esMinMasterNodes

2

dois.esRam

8192

dois.lsMaxRam

2048

dois.resources.limits.cpu

4

dois.resources.limits.memory

16Gi

dois.resources.requests.cpu

4

dois.resources.requests.memory

16Gi

CloudBees CD/RO agent values

Table 27. CloudBees CD/RO agent values for very large Helm deployments
Name Value

replicas

2