IntroductionInstallationConfiguring Helm chartsPlatform-specific configurationsVerifying Helm chartsCreating Docker imagesVerifying Docker imagesHow-tos
IntroductionSpecial-case installationsInstaller optionsServer topology best practicesDefault installation directoriesVerifying installation binaries
IntroductionDefault configurationCustom configurationExpress agentExpress agent-onlyAdvanced agent-onlyCloudBees Analytics server
IntroductionExpress serverAdvanced serverExpress agentExpress agent-only (standalone)Advanced agent-only (standalone)CloudBees Analytics server installation
IntroductionSilent install overviewSilent install argumentsLinux installation examplesWindows installation examplesLinux repository server installation exampleWindows repository server installation exampleWindows or Linux CloudBees Analytics server installation example
IntroductionUNIX agent interactive command-lineUNIX agent unattended
IntroductionPrerequisitesPermissionsInstalling via the web interfaceInstalling via the API
Moving the artifact repository in Linux
Moving the artifact repository in Windows
Connecting CloudBees CD/RO to a Microsoft SQL server
Installing the MySQL JDBC driver
IntroductionUninstalling CloudBees CD/RO on Linux, Unix, or macOSUninstalling CloudBees CD/RO on WindowsUninstalling the CloudBees Analytics Server on LinuxUninstalling the CloudBees Analytics Server on Windows
Signing in to CloudBees CD/RO
IntroductionConfiguring initial events for Workload Insights
Introduction
Microservice applications
IntroductionArtifact stagingSnapshotsRollbackManaging dependencies
IntroductionApplications and processesManaging ApplicationsCreating processesAdding process stepsProcess branchingConfiguring plugin process stepsManual steps and tasksExample: manual step with runtime parameters
IntroductionCreating environmentsCreating environment tier mapsInventory trackingEnvironment inventoryGlobal environment inventoryEnvironment reservationsEnvironment lockingModeling dynamic environmentsAutomated environment discoveryExample: dynamic environment with Amazon and Chef
IntroductionMaster Component ExamplesMaster components list
IntroductionThird-party DeploymentApplication deploy optionsDeploying and troubleshooting applicationsDeployment packagesDeployment examplesDeploying applications with provisioned cloud resourcesExample: implementing deployment strategies
Property reference use case
Creating a project
Parameters
Full-stack dependency view
Configuration drift
Attaching credentials to processes
Developer task: creating custom plugins
IntroductionRelease and Environment Reservations CalendarVisibility and Status of Release PipelinesRelease DefinitionRelease DashboardPlanned Versus Actual ViewPath to Production ViewRelease SummaryRunning and Ending Releases
IntroductionPipeline stages and gatesPipeline access controlPipeline tasksUse API to define tasksEntry and exit gatesPipeline conditionsPipeline start and end stages and stage skippingWait dependenciesNative CI integration Pipeline UI
IntroductionDefining gate approvalsPipeline objects and conditionsPipeline stage summaryCredentials in pipelines
IntroductionExample: Creating a manual task in a pipelineExample: plugin pipeline tasksExample: integrating test automation in release pipelinesExample: leveraging test data management and service virtualization in release pipelinesExample: Surfacing Jenkins build details in Flow
Signing in to CloudBees CD/RO
Guided Tutorials
Home page
Personas
Viewing and changing access control privileges on objects
My work dashboard
Object list layout
Object schedules
Event-based triggers
IntroductionPaginationSearching and filteringHierarchy menuProperty browserProjects in CloudBees CD/ROObject tags
IntroductionUsing chkconfigClusterInfoTooleccertecconfigureecdaemonecproxyecremotefilecopyZKConfigTool
IntroductionThe default zone and gateways to remote zonesSetting agent environment variablesLicensesExternal Database ConfigurationConfiguring CloudBees CD/RO to Use an Alternate DatabaseConfiguring autostart for non-root/non-sudo Linux installationsUniversal access to the plugins directoryEnvironment proxy server configurationSystem health monitoringIncreasing file descriptors on LinuxAdjusting swappiness on LinuxSetting variables on Windows agent machinesConfiguring Kibana to work with CloudBees AnalyticsServer propertiesServer settingsSource code synchronizationGitOps configuration with Helm charts
Data Retention
IntroductionPerformance consequences of change trackingEstimating database growthBest practices for change trackingConfiguring change trackingSearching the change historyViewing the change historyModifying what you see in the change historyReverting changes to a tracked object and its tracked contentsExporting a previous state of a tracked object and its tracked contents
IntroductionSetting Email NotificationsSelecting and Editing Email Messages for Application or Microservice Processes
Producing audit reports
Configuration drift
IntroductionInstalling pluginsCreating configurationsManaging pluginsCreating pluginsManaging the plugin catalog
Self-Service Catalogs
IntroductionArchitecture of a CloudBees CD/RO ClusterResource, agent, and procedure considerationsSoftware for clusteringDependencies for clusteringConfiguring clusteringSeparating agents from flow serversPreparing your cluster resourcesInstalling and configuring a load balancerInstalling ZooKeeperConfiguring a multi-ZooKeeper clusterInstalling CloudBees CD/RO softwareConfiguring repository serversConfiguring machines to operate in clustered modeRunning a cluster in single-server modeAdding the configuration to ZooKeeperUploading configuration files to ZooKeeperGetting Information on the CloudBees CD/RO server cluster from ZooKeeperAdding a node to an existing clusterConfiguring web server propertiesConfiguring repository server propertiesConfiguring CloudBees CD/RO agentsConfiguring the cluster workspaceConfiguring CloudBees CD/RO repositoriesAdding trusted agents to clustersVerifying CloudBees CD/RO servicesAccessing CloudBees CD/RO with clusteringHealth check for the CloudBees CD/RO clusterAdditional Ways to improve a clusterInstalling the CloudBees Analytics server in cluster modeUsing self-signed certificates in CloudBees CD/RO on KubernetesDisaster recovery
Introduction
Build-test automation
IntroductionScenario 1 - Creating a simple procedureScenario 2 - Creating a procedure that uses an SCMScenario 3 - Notification, scheduling, and reportingScenario 4 - Multi-agent build and test
IntroductionAutomation platform home pageCustomizing the automation platform UIConfiguring CloudBees CD/ROUsing CloudBees CD/RO in your environmentCloudBees CD/RO Installed tools
IntroductionArtifact managementAuthenticating users for ldap and active directoryAuto-discoveryDefect trackingElectricSentryJob step execution environmentPreflight buildsPostprocessorsReportsWorkflow overviewWorkspaces and disk space management
IntroductionIntrinsic propertiesReserved wordsProperty shortcutsProperty error codes
IntroductionAdding a link to a jobCalling a subprocedureChecking the outcome of preceding stepsConditional executionCustom parameter layoutsEmail notificationsExecuting tasks on all resources in a poolFactory proceduresPostp extensionPublishing and retrieving an artifactReserving a resource for the job step durationRunning steps in parallelStep timeouts and steps that always runStoring and retrieving properties in a jobWorking with properties stored in a procedure
Using special characters in object names
IntroductionDefining entriesCreate new or edit existing privileges
IntroductionArtifact detailsCreate new or edit existing artifactsArtifact versionsArtifact version detailsEdit an existing artifact versionRepositoriesCreate new or edit existing repositories
Database configuration
IntroductionCreate new or edit existing configurationsDefect tracking reports
IntroductionCreate new or edit existing email configurationsEmail notifiers
Event log
IntroductionJob configurationShortcutsJobs quick view
IntroductionCloudBees CD/RO job detailsJob step details
IntroductionView licenseImport license
IntroductionProcedure runsCreate new or edit existing procedureCreate new or edit existing stepsPublish artifact version stepsRetrieve artifact version stepsSend email stepsExtract preflight sources stepsCreate new or edit existing parameters
IntroductionCreate new or edit existing projectsProject detailsCreate new or edit existing schedulesCreate new or edit existing credentials
IntroductionNested Property Sheet
Reports
IntroductionResource poolsCreate new or edit existing poolsResource pool detailsZonesGateways
IntroductionSearch resultsEdit existing property settings
IntroductionCreate new or edit existing configurations
IntroductionUsersCreate new or edit existing local usersUser detailsEdit user settingsGroupsCreate new or edit existing groupsGroup detailsDirectory providersCreate new or edit existing directory providersSingle sign-onTest directory provider
IntroductionCreate new or edit exiting workflow definitionsWorkflow definition detailsRun workflowWorkflow detailsWorkflow logTransition workflow
IntroductionCreate new or edit existing workspacesWorkspace file

Configuring Helm charts

26 minute readReference

Within the Kubernetes environment, Helm charts are the primary method to configure CloudBees CD/RO components. From configuring your license information and database connections to autoscaling and platform specific implementation, these charts provide a central location to configure most aspects of CloudBees CD/RO installations.

CloudBees CD/RO releases include default Helm charts that provide the values for a basic environment you can configure into a project-specific production environment. After doing so in a project-specific myvalues.yaml, you can configure your CloudBees CD/RO Helm installation to use your values file with the helm install -f option.

For more information, including helm CLI commands for working with values files, refer to Helm values files.

CloudBees CD/RO default Helm charts

CloudBees provides server and agent Helm charts with CloudBees CD/RO default values for both demo and production installations.

CloudBees strongly recommends that you create copies of your Helm charts and place them under version control as a project-specific myvalues.yaml. This makes tracking updates and changes between releases much easier.

Demo installations

For demo installations, refer to the GitHub cloudbees-example public repository:

Production installations

A default values file (values.yaml) is released for each CloudBees CD/RO version that contains all default values for the CloudBees CD/RO server installation as part of the cloudbees-flow Helm chart. However, for production environments, there are many project-specific values that must be set in the cloudbees-flow Helm chart according to your project’s implementation.

Your project-specific values, which are only a subset of the default values, are normally set in a seperate myvalues.yaml. This has the major advantage of reducing the amount of overall configuration you must track and maintain.

During installation, you can specify your project-specific myvalues.yaml when running helm install. Doing so, overwrites the default values in the values.yaml with the project-specific values in your myvalues.yaml, while still using the default values for items you did not customize.

CloudBees provides two ways to get started with your myvalues.yaml:

Use the default values file to create your project-specific values file

To get started using the values.yaml to create your myvalues.yaml chart:

  1. Visit SonaType Nexus, find the latest release of cloudbees-flow, and download the package.

  2. Open the package and, in the top-level of the directory, locate the values.yaml.

    In the charts directory of the package, you can find charts for individual components within their subdirectory.

  3. Save the file as a project-specific myvalues.yaml.

  4. Go through your myvalues.yaml and update it to meet your project-specific needs. Specifically, configure your database, storage, license information, and CloudBees CD/RO credentials before installing it. For information on available configuration options, refer to cloudbees-flow chart configuration values.

    By default, the values.yaml includes a built-in database for testing. However, for production environments, you must configure CloudBees CD/RO to connect with your project-specific database. For information on supported databases, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

    Using a project-specific database requires a CloudBees CD/RO enterprise license. To avoid installation errors, your CloudBees CD/RO server licence and database connections should both be configured in the same installation of the cloudbees-flow values chart in your project-specific myvalues.yaml. Failing to do so generates error messages about an unsupported configuration or a license requirement, depending on which is omitted.

    To install CloudBees CD/RO with an existing database, refer to How to install CloudBees CD/RO on Kubernetes using an existing database.

    If CloudBees CD/RO is initially installed with the built-in database, you can reconfigure it to use a separate database at any time. For more information on configuring CloudBees CD/RO to use your external database, refer to Configuring CloudBees CD/RO to Use an Alternate Database.

    If your database connection fails, ensure the license is valid for CloudBees CD/RO, and the database configuration is correct. For information on configuring an external database for use by CloudBees CD/RO, refer to External database configuration.

  5. (Optional) If you are using a multi-node deployment for the CloudBees Analytics server, a common node certificate infrastructure is required. Refer to Configure CloudBees Analytics server certificates to learn how to configure common node certificate infrastructure in your project-specific values file.

  6. (Optional) Place your myvalues.yaml under version control. CloudBees strongly suggests you do this to track updates and compare changes between releases.

  7. (Optional) Any configurations not specified in your myvalues.yaml are automatically taken from the values.yaml during installation. This means, you can also delete any configuration options in your myvalues.yaml that are not specifically required by your project. This helps to reduce the overall configurations maintained in this file.

    While deleting unneeded configuration options, ensure you maintain valid tag nesting and syntax. Failing to do so may cause your installation to fail or produce unpredictable behavior on your platform.

After you have configured your myvalues.yaml, refer to Install CloudBees CD/RO production server.

Use an example production values file to create your project-specific values file

Preconfigured production Helm chart examples are available in the CloudBees examples repository to get you started. These files include:

Values file Description

cloudbees-cd-prod.yaml

File for use with production installations. You must configure your database, storage, and CloudBees CD/RO credentials in a local project-specific values file before it can be used. For information on available configuration options, refer to cloudbees-flow chart configuration values.

cloudbees-cd-defaults.yaml

File listing all Helm chart values along and their default value. Use as a reference when specifying additional configurations in your local project-specific values file. For information on available configuration options, refer to cloudbees-flow chart configuration values.
There are several platform versions of the production example Helm charts available in the CloudBees examples repository, each with prod in the YAML file name.

To create your myvalues.yaml based on the example production chart:

  1. Go to the CloudBees examples repository and save a copy of the example production chart you want to use as your project-specific myvalues.yaml.

  2. Go through your myvalues.yaml and update it to meet your project-specific needs. Specifically, configure your database, storage, license information, and CloudBees CD/RO credentials before installing it. For information on available configuration options, refer to cloudbees-flow chart configuration values.

    By default, the values.yaml includes a built-in database for testing. However, for production environments, you must configure CloudBees CD/RO to connect with your project-specific database. For information on supported databases, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

    Using a project-specific database requires a CloudBees CD/RO enterprise license. To avoid installation errors, your CloudBees CD/RO server licence and database connections should both be configured in the same installation of the cloudbees-flow values chart in your project-specific myvalues.yaml. Failing to do so generates error messages about an unsupported configuration or a license requirement, depending on which is omitted.

    To install CloudBees CD/RO with an existing database, refer to How to install CloudBees CD/RO on Kubernetes using an existing database.

    If CloudBees CD/RO is initially installed with the built-in database, you can reconfigure it to use a separate database at any time. For more information on configuring CloudBees CD/RO to use your external database, refer to Configuring CloudBees CD/RO to Use an Alternate Database.

    If your database connection fails, ensure the license is valid for CloudBees CD/RO, and the database configuration is correct. For information on configuring an external database for use by CloudBees CD/RO, refer to External database configuration.

  3. (Optional) If you are using a multi-node deployment for the CloudBees Analytics server, a common node certificate infrastructure is required. Refer to Configure CloudBees Analytics server certificates to learn how to configure common node certificate infrastructure in your project-specific values file.

  4. (Optional) Place your myvalues.yaml under version control. CloudBees strongly suggests you do this to track updates and compare changes between releases.

After you have configured your myvalues.yaml, refer to Install CloudBees CD/RO production server.

cloudbees-flow chart configuration values

The following tables list common configurable parameters of the cloudbees-flow chart and their default values.

Images values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Common images configurations section.

Image default values 
##---------------------------------------------
## Common images configurations section
##---------------------------------------------
images:
  # Image registry to pull the images from.
  # E.g., registry: "123456789012.dkr.ecr.us-east-1.amazonaws.com"
  registry: "docker.io/cloudbees"

  # Image tag of the image to pull
  tag: "<refer_to_latest_release>"

  # The image pull policy to use
  pullPolicy: IfNotPresent

  # Image pull secrets
  # Enable this option when using a private registry.
  # Secrets must be manually created in the namespace.
  # imagePullSecrets: <secret-name>

  # (Optional) Array of `imagePullSecrets` containing private registry credentials.
  # Reference to one or more secrets to use when pulling images.
  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  # imagePullSecrets:
  # - name: "docker-registry"

  imagePullSecrets:

# The name of the Flow server, usually its fully-qualified domain name, from
# which the server will be available for all agents (resources) and other
# components.
# By default, it is the internal cluster hostname for the K8S Flow server
# service. Flow server will not be fully accessible to non-cluster components
# if this is the default.
serverName: flow-server

Ingress values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Ingress configuration section.

Ingress default values 
#---------------------------------------------
# Ingress configuration section
#---------------------------------------------

ingress:

  enabled: true

  host:

# Flow web ingress annotations, here we use nginx but any other ingress
# supporting sticky sessions will suffice.
  annotations:
    nginx.ingress.kubernetes.io/affinity: "cookie"
    nginx.ingress.kubernetes.io/affinity-mode: "persistent"
    nginx.ingress.kubernetes.io/session-cookie-name: "route"
    nginx.ingress.kubernetes.io/session-cookie-hash: "sha1"
    nginx.ingress.kubernetes.io/proxy-body-size: "10G"
    nginx.ingress.kubernetes.io/secure-backends: "false"
    nginx.ingress.kubernetes.io/proxy-read-timeout: "4000"
    nginx.ingress.kubernetes.io/proxy-stream-timeout: "4000"



# Add below annotations if you are using EKS + ALB
#  alb.ingress.kubernetes.io/scheme: internet-facing
#  alb.ingress.kubernetes.io/certificate-arn: "<acm certificate arn>"


# Should be set to the same value as nginx-ingress.controller.ingressClass if enabled.
# Should be set to the same value as ingress-nginx.controller.ingressClassResource.name if enabled.
# Set to alb if using EKS and need to deploy ALB load balancer with alb controller enabled.
#  class: alb
  class: flow-ingress

# Certificate for WEB ingress.
#
# Normally should be set when helm install executes using `--set-file
# ingress.certificate.key=path/to/key` `--set-file
# ingress.certificate.crt=path/to/certificate`.
#
# This section is just an example that ingress can be configured with
# certificate for TLS.
  certificate:
    existingSecret:
    key:
    crt:

# Whether to create an OpenShift Route rather than a generic Ingress.
  route: false

# Enables specific settings depending on the platform.
# Platform specific values are: `eks`, `aws`, `gke`, `aks`, `openshift`
# Note: `openshift` maps to OpenShift 4.x
platform: standard

CloudBees CD/RO server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server configuration section.

Flow server default values 
#---------------------------------------------
# Flow server configuration section
#---------------------------------------------

server:

# Flag that dictates whether this workload and its accompanying services are
# to be installed.
  enabled: true
  imageRepository: cbflow-server
  replicas: 1

# `expose` as flow requires the repository to be exposed as an externally available
# service and requires (by default) ports 8443 and 61613 to be public.
  expose: true

# Master loglevel for com.electriccloud package.
  logLevel: DEBUG

  zk:
    host: zookeeper
    port: 2181

# This line is interpreted as if passed to the CloudBees ecconfigure
# utility within the container.
  ecconfigure: "--serverInitMemoryMB=4096 --serverMaxMemoryMB=4096"

  resources:
    limits:
      cpu: 4
      memory: 6Gi
    requests:
      cpu: 2
      memory: 6Gi

  nodeSelector: {}
  tolerations: []
  affinity: {}

# Kubernetes Liveness and Readiness Probes.
  livenessProbe:
    initialDelaySeconds: 90
    periodSeconds: 60
    failureThreshold: 10
    timeoutSeconds: 10

  readinessProbe:
    initialDelaySeconds: 60
    periodSeconds: 10
    failureThreshold: 10
    timeoutSeconds: 10

  ## Specify additional volumes to mount in the server container.
  additionalVolumes: []

  ## Specify where the additional volumes are mounted in the server container.
  additionalVolumeMounts: []

  additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

# Additional environment variables to set for flow-server.
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     value: "BAR"
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource

# Enable or disable sending telemetry data to CloudBees
# Note: This option only works for the very first installation during server initialization.
# For an already initialized server, this can be configured in its settings.
  telemetryData:
    enabled: true

# Creates extra Kubernetes service with type `LoadBalancer`.
# The server requires (by default) ports 8443 and 61613 to be public.
  externalService:
    enabled: false

# Enable or disable creating init container for volume permissions for server.
  volumesPermissionsInitContainer:
    enabled: true
# Horizontal Pod Autoscaling configuration for server.
# This is only supported when clusteredMode=true.
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 3
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    templates: []
    # Custom or additional autoscaling metrics:
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: server_process_requests_total
    #     target:
    #       type: AverageValue
    #       averageValue: 10000m


jobInit:
  annotations:
    "helm.sh/hook": "post-install,post-upgrade"
    "helm.sh/hook-weight": "1"
    "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation
  nodeSelector: {}
  tolerations: []
  affinity: {}

CloudBees CD/RO web server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow web server configuration section.

Flow web server default values 
#---------------------------------------------
# Flow web server configuration section
#---------------------------------------------

web:

# Flag that dictates whether this workload and its accompanying services are
# to be installed.
  enabled: true
  imageRepository: cbflow-web
  replicas: 1

  service:
    type: ClusterIP

# This line is interpreted as if passed to the CloudBees ecconfigure
# utility within the container.
  ecconfigure: ""

  resources:
    limits:
      cpu: 1
      memory: 512Mi
    requests:
      cpu: 0.25
      memory: 256Mi

  nodeSelector: {}
  tolerations: []
  affinity: {}

# Additional environment variables to set for flow-web.
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  #   - name: FOO
  #     value: BAR

  # Enable shared plugin volume mount (PVC) on flow-web pods.
  # Mounts empty dir instead if `sharedPluginsEnabled: false.
  sharedPluginsEnabled: true

  ## Specify additional volumes to mount in the web container.
  additionalVolumes: []

  ## Specify where the additional volumes are mounted in the web container.
  additionalVolumeMounts: []

  additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

# Horizontal Pod Autoscaling configuration for web.
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 3
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    templates: []
    # Custom or additional autoscaling metrics
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: server_process_requests_total
    #     target:
    #       type: AverageValue
    #       averageValue: 10000m

Repository values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow repository configuration section.

Flow repository default values 
#---------------------------------------------
# Flow repository configuration section
#---------------------------------------------

repository:

# Flag that dictates whether this workload and its accompanying services are
# to be installed.
  enabled: true
  imageRepository: cbflow-repository
  replicas: 1

# `expose` as flow requires the repository to be exposed as an externally available
# service and requires (by default) port 8200 to be public.
  expose: true

# The zone assigned to the repository instance created in the Flow server
# to represent this repository instance.
# NOTE: The zone must already exist in CloudBees Flow server instance.
  zoneName:

# The endpoint for Flow repository service.
#
# This setting is ignored if Flow server is `enabled`. In this case,
# the service name will be determined automatically based on `.serverName` value.
#
# If Flow server is disabled and the repository should connect to
# a Flow server outside of this deployment, this setting is REQUIRED.
#
# Helm templates are acceptable for this setting.
  serviceEndpoint:

# Master loglevel for com.electriccloud package
  logLevel: DEBUG

# This line is interpreted as if passed to the CloudBees ecconfigure
# utility within the container.
  ecconfigure: "--repositoryInitMemoryMB=256 --repositoryMaxMemoryMB=512"

  resources:
    requests:
      cpu: 0.25
      memory: 1024Mi
    limits:
      cpu: 0.25
      memory: 1024Mi

  nodeSelector: {}
  tolerations: []
  affinity: {}

# Additional environment variables to set for flow-repository.
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  #   - name: FOO
  #     value: BAR

# Creates extra Kubernetes service with type `LoadBalancer`.
# The repository requires (by default) port 8200 to be public.
  externalService:
    enabled: false

# Enable or disable creating init container for volume permissions for repository.
  volumesPermissionsInitContainer:
    enabled: true

  ## Specify additional volumes to mount in the repository container.
  additionalVolumes: []

  ## Specify where the additional volumes are mounted in the repository container.
  additionalVolumeMounts: []

  additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

# Horizontal Pod Autoscaling configuration for server.
  autoscaling:
    enabled: false
    minReplicas: 1
    maxReplicas: 3
    targetCPUUtilizationPercentage: 80
    targetMemoryUtilizationPercentage: 80
    templates: []
    # Custom or additional autoscaling metrics:
    # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
    # - type: Pods
    #   pods:
    #     metric:
    #       name: repository_process_requests_total
    #     target:
    #       type: AverageValue
    #       averageValue: 10000m

CloudBees Analytics server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow DevOps Insight configuration section.

Flow DevOps Insight default values 
#---------------------------------------------
# Flow DevOps Insight configuration section
#---------------------------------------------

dois:

# Flag that dictates whether this workload and its accompanying services are
# to be installed.
  enabled: true
  imageRepository: cbflow-dois
# Number or Elasticsearch nodes
  replicas: 1

# `expose` as flow requires devopsinsight to be exposed as an externally available
# service and requires (by default) ports 9200 and 9500 to be public.
  expose: true

# The DOIS service endpoint to configure on the remote
# CloudBees Flow server.
# Here, we assume the remote CloudBees Flow server is located in the same
# Kubernetes cluster.
  serviceEndpoint: "flow-devopsinsight.{{ .Release.Namespace }}"

# The name of the Elasticsearch cluster.
  esClusterName:
# Minimum number of master-eligible nodes that must be visible in order to
# form an Elasticsearch cluster.
  esMinMasterNodes: 1
# The number of primary shards that an index should have.
  esNumberOfShards:

  credentials:
# Either specify the secret where the report user password and the admin user
# password will be stored (recommended for production) or specify
# the reportUserPassword and adminPassword values.
# When using the secret, store the 'reportUser' password under
# the 'CBF_DOIS_PASSWORD' key and the 'admin' password under
# the 'CBF_DOIS_ADMIN_PASSWORD' key.
# If the password is an empty string, then user 'admin' will not be created
# and administrative access will not be granted.
# If reportUserPassword is an empty string, a random 20 characters password will be used

    existingSecret:
    adminPassword:
    reportUserPassword:

# The heap size in MB for Elasticsearch and Logstash services.
  esRam: 1024

  resources:
    limits:
      cpu: 1
      memory: 3Gi
    requests:
      cpu: 0.1
      memory: 2Gi

  nodeSelector: {}
  tolerations: []
  affinity: {}
  # Adds Openshift Node Tuning label to DOIS Pods to configure `vm.max_map_count` value required to run Elasticsearch.
  # refer https://developers.redhat.com/blog/2019/11/12/using-the-red-hat-openshift-tuned-operator-for-elasticsearch/
  openshiftNodeTuning: false
# Additional environment variables to set for DevOps Insight.
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  #   - name: FOO
  #     value: BAR

#  DOIS Liveness and Readiness Probes variables
  healthProbeReadinessPeriodSeconds: 5
  healthProbeReadinessFailureThreshold: 3
  healthProbeReadinessInitialDelaySeconds: 60
  healthProbeLivenessPeriodSeconds: 20
  healthProbeLivenessFailureThreshold: 3
  healthProbeLivenessInitialDelaySeconds: 60

# Enable or disable the privileged `sysctlInitContainer` if the `sysctl vm.max_map_count` setting is set by another method.
  sysctlInitContainer:
    enabled: true

# Enable or disable creating init container for volume permissions for dois.
  volumesPermissionsInitContainer:
    enabled: true

# Enable or disable creating init container for volume permissions for dois.
  backup:
    # Note: Changing `enabled` on a previous installation requires the deletion of the statefulset prior to upgrading.
    # e.g. kubectl delete statefulset flow-devopsinsight
    enabled: false
    schedule_cron: "0 */12 * * *"
    retentionDays: 15
    location: "/es-backups"
    imageRepository: cbflow-tools
    cleanupImageRepository: "python"
    cleanupImageTag: "3.7.7"
    restoreSnapshot: false
    restoreSnapshotName:
    externalRepo:
      # Enable in case need to take backup in s3 or gcs.
      enabled: false
      # Type can be s3 or gcs.
      type: s3
      # Name of Bucket in s3 or gcs.
      bucketName:
      # Either specify the secret where the AWS or GCS credentials stored as per below keys or provide in values file with secret.
      # For AWS, create secret for AWS S3 with permission to read/write to bucket policy with Keys AWS_ACCESS_KEY and AWS_SECRET_KEY.
      # E.g. kubectl create secret generic s3awssecret --from-literal=AWS_ACCESS_KEY="XXXXX" --from-literal=AWS_SECRET_KEY="XXXXX"
      # Create secret for GCS with permission to read/write to bucket policy with service account key file with KEY GCS_SA_KEY
      # E.g. kubectl create secret generic gcssasecret --from-file=GCS_SA_KEY=/tmp/gke-credentials.json
      existingSecret:
      secret:
        # provide only if type s3
        awsAccessKey:
        awsSecretKey:
        # provide only if type gcs
        gcsSaKey:

      # Region of s3 or gcs bucket e.g. us-east-1.
      region:


# Creates extra Kubernetes service with type `LoadBalancer`.
# DOIS requires (by default) ports 9200 and 9500 to be public.
  externalService:
    enabled: false
# Flow DOIS LoadBalancer service annotations for creating internal LoadBalancer
# on GCP, AWS.
    annotations:
#      networking.gke.io/load-balancer-type: "Internal"
#      service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"

# DOIS Supported Certificates.
  certificates:
    ca:
      crt:
      key:
    sign:
      crt:
      key:
    node:
      crt:
      key:
    admin:
      crt:
      key:
      dname:
    bundle:
# Either specify the secret where the certificates ca, sign, node, and
# admin bundle will be stored (recommended for production) or specify above.
    existingSecret:
# When using the `existingSecret` secret, use the keys:
#     store the 'ca.crt' value under CBF_DOIS_CA_CRT key
#     store the 'ca.key' value under CBF_DOIS_CA_KEY key
#     store the 'sign.crt' value under CBF_DOIS_SIGN_CRT key
#     store the 'sign.key' value under CBF_DOIS_SIGN_KEY key
#     store the 'node.crt' value under CBF_DOIS_NODE_CRT key
#     store the 'node.key' value under CBF_DOIS_NODE_KEY key
#     store the 'admin.crt' value under CBF_DOIS_ADMIN_CRT key
#     store the 'admin.key' value under CBF_DOIS_ADMIN_KEY key
#     store the 'bundle' value under CBF_DOIS_CRT_BUNDLE key
### DO NOT STORE `admin.dname` IN SECRET, instead pass it as value.###

# For multiple dois replicas, use the following option that best
# supports your certificates:
#      * Define certificates.bundle.
#      * Define certificates.ca.crt and certificates.ca.key.
#      * Define certificates.ca.crt, certificates.sign.crt, and
#         certificates.sign.key.
#      * Define certificates.ca.crt, certificates.sign.crt, certificates.node.crt,
#         certificates.node.key, certificates.admin.crt, and
#         certificates.admin.key are defined.
#

  additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

Bound agent values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow bound agent configuration section.

Flow bound agent default values 
#---------------------------------------------
# Flow bound agent configuration section
#---------------------------------------------

# This is an internal component that serves the web server and the repository
# connections to Flow server. It is automatically enabled or disabled if
# deployment of these components is enabled.

boundAgent:

  imageRepository: cbflow-agent
  replicas: 1

# Master loglevel for com.electriccloud package.
  logLevel: DEBUG

# This line is interpreted as if passed to the CloudBees ecconfigure
# utility within the container.
  ecconfigure: "--agentInitMemoryMB=256 --agentMaxMemoryMB=256"

  resources:
    limits:
      cpu: 0.25
      memory: 1024Mi
    requests:
      cpu: 0.25
      memory: 512Mi

  nodeSelector: {}
  tolerations: []
  affinity: {}


# Additional environment variables to set for bound agent.
  extraEnvs: []
  # extraEnvs:
  #   - name: FOO
  #     valueFrom:
  #       secretKeyRef:
  #         key: FOO
  #         name: secret-resource
  #   - name: FOO
  #     value: BAR

# Enable or disable creating init container for volume permissions for `boundagent`.
  volumesPermissionsInitContainer:
    enabled: true

  ## Specify additional volumes to mount in the bound agent container.
  additionalVolumes: []

  ## Specify where the additional volumes are mounted in the bound agent container.
  additionalVolumeMounts: []

  additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

Server storage values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow storage configuration section.

Flow storage default values 
#---------------------------------------------
# Flow storage configuration section
#---------------------------------------------

storage:

  volumes:

    serverPlugins:
      name: flow-server-shared
      accessMode: ReadWriteMany
# Storage class for plugins directory. Currently, it has to be shared across all
# server and web replicas, and it must be `ReadWriteMany` accessible.
      storageClass:
      storage: 5Gi
# To use any existing PVC, set the `existingClaim` flag to `true`, and
# set `storage.volumes.serverPlugins.name` to PVC name.
      existingClaim: false

    repositoryStorage:
      name: flow-repo-artifacts
      accessMode: ReadWriteOnce
      storage: 20Gi
# To use any non-"platform-default" or custom storage class,
# state the required `storageClass` name.
      storageClass:
# To use any existing PVC, set the `existingClaim` flag to `true`, and
# set `storage.volumes.repositoryStorage.name` to PVC name.
      existingClaim: false

    doisStorage:
      name: elasticsearch-data
      accessMode: ReadWriteOnce
      storage: 10Gi
# To use any non-"platform-default" or custom storage class,
# state the required `storageClass` name.
      storageClass:

    boundAgentStorage:
# Set `enable: true` to use Persistent Volume for bound agent workspace.
      enabled: false
      name: flow-bound-agent-workspace
      accessMode: ReadWriteOnce
      storage: 5Gi
# To use any non-"platform-default" or custom storage class,
# state the required `storageClass` name.
      storageClass:
# To use any existing PVC, set the `existingClaim` flag to `true`, and
# set `storage.volumes.boundAgentStorage.name` to PVC name.
      existingClaim: false

Database values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server database configuration section.

Flow server database default values 
#---------------------------------------------
# Flow server database configuration section
#---------------------------------------------

# Db endpoint, `database` or `schema`, principal that has full privileges on
# that schema (rw access) - dbUser, dbPassword.

database:

#  externalEndpoint: "my.db.somewhere.com"

# Use this option if your database is residing in the same Kubernetes cluster
# as flow. Notation is `<db-service>.<namespace>`. If deploying into the same
# namespace, `.<namespace>` part can be omitted.

#  clusterEndpoint: "<db-service>.<namespace>"

# Use this option if you have or are planning to deploy credentials
# secret yourself. The layout has to be the same as that of
# server-secrets.yaml::dbSecret.

#  existingSecret: <my-existing-secret>
# If dbPassword is an empty string, a random 20 characters password will be used.

  dbName:
  dbUser:
  dbPassword:

# Remote database port to connect to.
  dbPort:

# Database type for flow persistence to work with.
# One of: `mysql` - MYSQL, `mariadb` - MariaDB, `sqlserver` - MSSQLServer,
# `oracle` - Oracle, `postgresql` - PostgreSql.
  dbType:

# External Mysql Connector URL to download during CloudBees flow installation.
  mysqlConnector:
    enabled: true
    externalUrl:

CloudBees CD/RO credential values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server credentials configuration section.

Flow server credentials default values 
#---------------------------------------------
# Flow server credentials configuration section
#---------------------------------------------

flowCredentials:

# Either specify the secret where the admin user password is stored under
# the 'CBF_SERVER_ADMIN_PASSWORD' key (recommended for production), or specify
# the adminPassword.
# If adminPassword is an empty string, a random 20 characters password will be used.

  existingSecret:
  adminPassword:

CloudBees CD/RO server license values (optional)

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server license configuration section.

Flow server license default values 
#---------------------------------------------
# Flow server license configuration optional section
#---------------------------------------------

# Automations of licence installations or upgrades
# should be made using the following API:
# https://docs.cloudbees.com/docs/cloudbees-cd-api/latest/flow-api/apiserver

# This optional section allows you to set up your license with the flow server during
# the first initialization only. Allows for either create a secret from this chart or
# supply your own pre-created one. Pre-created secrets must have a single field named
# `CBF_LICENSE` with value containing license file contents.

flowLicense:

# Pass existing secret name with license data.
  existingSecret:
  licenseData:

Pods security context values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Pods security context section.

Pods security context default values 
#---------------------------------------------
# Pods security context
#---------------------------------------------

securityContext:
  enabled: false
  fsGroup: 1000
  allowPrivilegeEscalation: false
  runAsUser: 1000
  readOnlyRootFilesystem: true
  runAsNonRoot: true
  capabilities:
    drop: ["ALL"]
  seccompProfile:
    type: "RuntimeDefault"

volumePermissions:
  enabled: true

RBAC resources values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the RBAC resources section.

RBAC resources default values 
#---------------------------------------------
#  RBAC resources
#---------------------------------------------

rbac:
  ## Specifies whether RBAC resources should be created.
  ##
  create: false
  serviceAccountName:
  annotations: {}
  role:
    ## Rules to create.
    rules: []

Network isolation values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Network isolation configuration section.

Network isolation default values 
#---------------------------------------------
# Network isolation configuration
#---------------------------------------------

networkIsolation:

# `allowFromCidr` defines CIDR, which is allowed to make connection to all
# exposed flow endpoints.
  allowFromCidr: "0.0.0.0/0"

Zookeeper values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Zookeeper configuration section.

Zookeeper default values 
#---------------------------------------------
# Zookeeper configuration section
#---------------------------------------------

# Bundled zookeeper installation. If you already have an available zookeeper
# installation or your security policy demands so, disable this one and
# enter your zookeeper endpoint address into `workloads.server.zk.host` and
# `workloads.server.zk.port`.
# Flow can not share zookeeper with any other applications as of now.
zookeeper:

  image:
    # Container image repository for zookeeper container.
    repository: docker.io/cloudbees/cbflow-tools
    # Container image tag for zookeeper container.
    tag: "<refer_to_latest_release>"

  fullnameOverride: zookeeper
  replicaCount: 3

  podLabels:
    ownerApp: "cloudbees-flow"
    role: "cluster-coordinator"
    mode: "private"

  resources:
    limits:
      cpu: "250m"
      memory: "1Gi"
    requests:
      memory: "512Mi"
      cpu: "250m"

CloudBees CD/RO flow ingress values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow ingress configuration section.

CloudBees CD/RO’s flow-server requires the flow-repository and flow-devopsinsight servers to be exposed as externally available services to access them. By default, ingress requires the following ports to access these servers:

  • 61613 (flow-server)

  • 8443 (flow-server)

  • 8200 (flow-repository)

  • 9200 (flow-devopsinsight)

  • 9500 (flow-devopsinsight)

Per Kubernetes ingress specification, this is not supported. However, this is available as a non-standard extension of nginx-ingress, which is why ingress is bundled with CloudBees CD/RO.

Nginx-ingress values (Kubernetes versions 1.21 and earlier)

nginx-ingress default values 
nginx-ingress:

  enabled: false

  defaultBackend:
    service:
      omitClusterIP: true
# To omit the clusterIP from the controller service:
  controller:
    ingressClass: flow-ingress
# `publishService` allows customization of the external service the ingress will
# be bound to via DNS.
    publishService:
      enabled: true
    scope:
      enabled: true

#    extraArgs:
# Additional log messages that may be useful for debugging:
# shows details using diff about the changes in the configuration in nginx
#      v: 2
# Shows details about the service, ingress rule, endpoint changes, and it
# dumps the nginx configuration in JSON format.
#      v: 3
# Configures NGINX in debug mode.
#      v: 5

    config:
# Ingress must support long-running requests without resetting the connection.
# By default, nginx reset connections to TCP/UDP services after 600 seconds of
# inactivity between two successive read or write operations. This setting
# extends the timeout to 4000 seconds.
      proxy-stream-timeout: "4000s"
# Increasing the detail of the error log. This can be useful for debugging.
#      error-log-level: debug

# Ingress must support long-running requests without resetting the connection.
# By default, AWS ELB resets connections after 60 seconds of inactivity. With
# this annotation, the timeout will be increased to 4000 seconds. This is
# the maximum timeout supported by AWS ELB.
    service:
      annotations:
        service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: 4000
      omitClusterIP: true

  tcp:
    8200: "{{ .Release.Namespace }}/flow-repository:8200"
    8443: "{{ .Release.Namespace }}/flow-server:8443"
    61613: "{{ .Release.Namespace }}/flow-server:61613"

##  Additional TCP ports to access DOIS more specifically Elasticsearch over ingress endpoint.
##  7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800"
##  9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200"
##  9500: "{{ .Release.Namespace }}/flow-devopsinsight:9500"
## Additional port to enable external agents to connect to flow-server.
##  8000: "{{ .Release.Namespace }}/flow-server:8000"

Ingress-nginx values (Kubernetes versions 1.22 and later)

ingress-nginx default values 
# ingress-nginx.enabled -- Installs the [ingress-nginx](https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx) controller (optional).
# Enable this section if you don't have an existing installation of ingress-nginx controller.
ingress-nginx:
  enabled: true
  controller:
    service:
      externalTrafficPolicy: Local
    ingressClassResource:
      name: flow-ingress

    # `publishService` allows customization of the external service the ingress will
    # be bound to via DNS.
    publishService:
      enabled: true
    scope:
      enabled: true
    # By default, port 8443 is used for flow-server tcp expose, and default
    # `admissionWebhooks` port is 8445.
    admissionWebhooks:
      port: 8445

#    extraArgs:
# Additional log messages that may be useful for debugging:
# shows details using diff about the changes in the configuration in nginx
#      v: 2
# shows details about the service, Ingress rule, endpoint changes, and it
# dumps the nginx configuration in JSON format.
#      v: 3
# Configures NGINX in debug mode.
#      v: 5

    config:
# Ingress must support long-running requests without resetting the connection.
# By default, nginx reset connections to TCP/UDP services after 600 seconds of
# inactivity between two successive read or write operations. This setting
# extends the timeout to 4000 seconds.
      proxy-stream-timeout: "4000s"
# Increasing the detail of the error log. This can be useful for debugging.
#      error-log-level: debug

  tcp:
    8200: "{{ .Release.Namespace }}/flow-repository:8200"
    8443: "{{ .Release.Namespace }}/flow-server:8443"
    61613: "{{ .Release.Namespace }}/flow-server:61613"

##  Additional TCP ports to access DOIS (more specifically Elasticsearch) over ingress endpoint.
##  7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800"
##  9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200"
##  9500: "{{ .Release.Namespace }}/flow-devopsinsight:9500"
## Additional port to enable external agents to connect to flow-server.
##  8000: "{{ .Release.Namespace }}/flow-server:8000"

CloudBees CD/RO miscellaneous values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Miscellaneous configuration section.

Miscellaneous default values 
##---------------------------------------------
## Miscellaneous configuration section
##---------------------------------------------
clusteredMode: true

# Flag used to configure the cloudbees-sda chart.
# Should not be used from a standalone cloudbees-flow installation.
sda: false


mariadb:
  enabled:  false
  fullnameOverride: mariadb
  replication:
    enabled: false
  volumePermissions:
    enabled: true
  initdbScriptsConfigMap: mariadb-initdb-scripts
  existingSecret: mariadb-initdb-secret
  # Must provide same user name same as `database.dbUser` (default it "flow").
  db:
    user: ""
  rootUser:
    # MariaDB admin password
    # If password is an empty string, a random 10 characters password will be used
    # ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run
    #
    password: ""
  master:
    nodeSelector:
      kubernetes.io/os: linux

# cloudbees-flow-agent chart configurations used for creating the
# internal agent for the gateway.
internalGatewayAgent:
    enabled: false
    releaseNamePrefix: gateway-default-agent
    resourceName: gateway-default-agent
    replicas: 1
    trustedAgent: false
    flowCredentials:
      # Enable `serverSecretReference` to re-use flow-server secrets in agents chart.
      serverSecretReference: true
    autoscaling:
      enabled: false
      minReplicas: 1
      maxReplicas: 2
      targetCPUUtilizationPercentage: 80
      targetMemoryUtilizationPercentage: 80
    gateway:
      # considering this as internal gateway agent
      enabled: true

# cloudbees-flow-agent chart configurations used for creating the
# external agent for the gateway.
externalGatewayAgent:
    enabled: false
    releaseNamePrefix: gateway-external-agent
    resourceName: gateway-external-agent
    replicas: 1
    trustedAgent: false
    zoneName: external
    service:
      # External DNS hostname that the external agents will communicate
      # with the external gateway agent.
      publicHostName:

    # Configure gateway using external gateway agent:
    gateway:
      # Configure gateway using this agent:
      enabled: true
      # Name of the gateway to create:
      name: external
      # Name of gateway agent to pair with as gateway resource 2:
      pairedResourceName: gateway-default-agent

    flowCredentials:
      # Enable `serverSecretReference` to re-use flow-server secrets in agents chart.
      serverSecretReference: true
    autoscaling:
      enabled: false
      minReplicas: 1
      maxReplicas: 2
      targetCPUUtilizationPercentage: 80
      targetMemoryUtilizationPercentage: 80

gitops:
  enabled: false
  repo:
# Either specify the secret where the gitToken is stored under
# the 'CBF_GIT_TOKEN' key (recommended for production), or specify:
  gitToken:
  existingSecret:

# CD Sidecar injector (optional)
# Useful when running infrastructure (GitHub Enterprise, Nexus, etc.) using a self-signed certificate.
# This allows you to inject certificate bundles into pods running in CloudBees CD/RO
# so that they can trust provided certificates without having to build custom docker images.
# Label your namespace with `sidecar-injector-cd=enabled` to
# enable sidecar-injector to work
# `kubectl label namespace mynamespace sidecar-injector-cd=enabled`
# Use helm inspect readme cloudbees/cloudbees-sidecar-injector to read more on this optional components.
# Note: If you are using SDA and CI with `sidecarinjector: enabled`,
# you can`t enable cdsidecarinjector because the same charts are referenced,
# and contains conflicting  names.
cdsidecarinjector:
  # Use `cdsidecarinjector.enabled` to enable installation of sidecar injector.
  enabled: false
  caBundleName: ca-bundles
  injectionCaCertificates:
    - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem

  injectionJavaKeystore:
    - /opt/cbflow/jre/lib/security/cacerts # Alpine/Debian/Ubuntu/Gentoo etc.

  namespaceLabel: sidecar-injector
  annotationPrefix: com.cloudbees.sidecar-injector
  batchApiVersion: batch/v1 # Use batch/v1beta1 if using Kubernetes < 1.22

cloudbees-flow-agent chart configuration values

The following tables list configurable parameters of the cloudbees-flow-agent chart and their default values.

The cloudbees-flow and cloudbees-flow-agent each have their own values.yaml. To get the latest cloudbees-flow-agent values file:

  1. Visit SonaType Nexus.

  2. Find the latest release of cloudbees-flow-agent and download the package.

  3. Open the package, and in the top-level of the directory, locate the values.yaml.

CloudBees CD/RO agent image values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the top level of the file.

Agent image default values 
# Default values for cloudbees-flow-agent chart.
#
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

images:
  registry: "docker.io/cloudbees"
  imageRepository: "cbflow-agent"
  tag: "<refer_to_latest_release>"
  pullPolicy: IfNotPresent

  # Image pull secrets
  # Enable `imagePullSecrets` when using a private registry.
  # Secrets must be manually created in the namespace.
  # imagePullSecrets: <secret-name>

  # (Optional) Array of `imagePullSecrets` containing private registry credentials.
  # Reference to one or more secrets used when pulling images.
  # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
  # imagePullSecrets:
  # - name: "docker-registry"

  imagePullSecrets:

# Provide the flow-server endpoint here. If installing in different namespace than server,
# the service name must be stated in the notation `service-name.namespace`.
# Here, we assume the same namespace.
serverEndpoint: flow-server

CloudBees CD/RO agent configuration values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Flow agent configuration section.

Agent configuration default values 
#---------------------------------------------
# Flow agent configuration section
#---------------------------------------------

# List of resource pools agents will try to register with when initializing and registering with server.
resourcePools:

# Flow resource name that agents of this deployment will be assigned to (defaults to hostname).
#
# Ordinary Helm template values are allowed here. For example: {{ .Release.Name }},
# {{ .Release.Namespace }} etc. Also, 2 special templates are allowed here:
#
#     {{ hostname }} - is replaced by the actual resource hostname.
#     {{ ordinalIndex }} - is replaced by a serial replica index in StatefulSet.
#
# Sample:
#
#     resourceName: "myResource - {{ .Release.Name }} - {{ ordinalIndex }}"
#
resourceName:

# Release name prefix added to support this chart to launch as
# multiple sub-charts in CloudBees CD/RO deployment.
# Keep this empty for standalone deployments
releaseNamePrefix:

# Number of replicas.
replicas: 1

# The default is to deploy all pods serially. By setting this to parallel,
# all pods are started at the same time.
podManagementPolicy: "Parallel"

# The zone (must exist in CloudBees Flow server instance) for
# the resources created in the Flow server for the agent(s).
zoneName:

# The default workspace (must exist in CloudBees Flow server instance) for
# the resources created in the Flow server for the agent(s).
workspaceName:

# Set to `true` to configure the agent as a trusted agent, which
# restricts the agent to one CloudBees Flow server deployment
trustedAgent: false

# Type of resource to create on the remote CloudBees
# Flow server. This argument is relevant only when the
# CloudBees Flow server is using a mixed-mode license
# (concurrent resources and registered hosts).
# Valid options for this argument are 'concurrent'
# or 'registered'.
resourceType:

CloudBees CD/RO agent storage and resources values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Flow agent storage and resources configuration section.

Agent server credentials default values 
#---------------------------------------------
# Flow agent storage and resources configuration section
#---------------------------------------------

# Agent workspace volume related settings: volume-name,
# access-mode (either nfs(aka ReadWriteMany), or traditional volume mount(aka ReadWriteOnce)).
# and storage amount
storage:
  volumes:
    agentWorkspace:
      name: flow-agent-workspace
      accessMode: ReadWriteOnce
      storage: 5Gi
# To use any non-"platform-default" or custom storage class uncomment
# `storageClass: my-class` line and provide the required `storageClass` name.
#     storageClass: my-class
#
# Defined as `true` if any agent is already deployed with shared workspace
# and PVC already exist.
      existingClaim: false


resources:
  limits:
    cpu: 1
    memory: 1024Mi
  requests:
    cpu: 0.25
    memory: 512Mi

CloudBees CD/RO agent credential values

CloudBees CD/RO server credentials are used to register your agent as a resource on the CloudBees CD/RO server. The admin user is used by default. However, you may use a different user if desired. The user must have modify permissions on CloudBees CD/RO server resources.

You can find these cloudbees-flow-agent values referenced in the agent values.yaml.of the under the Flow server credentials configuration section.

Agent server credentials default values 
#---------------------------------------------
# Flow server credentials configuration section
#---------------------------------------------

# Flow server credentials to use to register with agent as a resource on the Flow server.
# 'admin' user is used by default. You may use a different user if desired. The user must have:
# `modify` permissions on `resources` on the Flow server.
# `serverSecretReference` is added to support instances where agents need to refer to flow servers existing admin credentials.
flowCredentials:
  ## In case of Existing Secret Name of the secret containing the Flow user credentials to use.
  ## The data field must contain base64 encoded value for keys 'CBF_SERVER_USER' and 'CBF_SERVER_PASSWORD'.
  ## E.g., kubectl create secret generic your-flow-user-secret --from-literal=CBF_SERVER_USER='admin' --from-literal=CBF_SERVER_ADMIN_PASSWORD='XXXXXXX' -n your-release-namespace
  ##
  existingSecret:
  serverSecretReference: false
  user: admin
  password:

Miscellaneous agent values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml.

Miscellaneous agent default values 
#---------------------------------------------
# Pod scheduling settings
#---------------------------------------------

nodeSelector: {}
tolerations: []
affinity: {}

# This line is interpreted as if passed to the CloudBees ecconfigure
# utility within the container.
ecconfigure: "--agentInitMemoryMB=16 --agentMaxMemoryMB=64"

# Master loglevel for com.electriccloud package.
logLevel: DEBUG


service:
  type: ClusterIP
  clusterIP: "None"
# For Gateway Agent configuration.
# External DNS hostname to set to as agent service name.
  publicHostName: null

# Creates extra Kubernetes service with type `LoadBalancer`.
# Gateway Agents require (by default) port 7800 to be public
# to communicate with external agents.
externalService:
  enabled: false

#---------------------------------------------
# Pods security context
#---------------------------------------------

securityContext:
  enabled: false
  fsGroup: 1000
  runAsUser: 1000

rbac:
  ## Specifies whether RBAC resources should be created.
  ##
  create: false
  serviceAccountName:
  role:
    ## Rules to create.
    rules: []


volumePermissions:
  enabled: true

gateway:
  # Install this agent as gateway agent:
  enabled: false
  # Name of the gateway to create
  name: external
  # Name of gateway agent to pair with as gateway resource 2
  pairedResourceName:

additionalContainers:
  #   - name: container-name
  #     image: image:version
  #     command:
  #       - "/container-command"

# Horizontal Pod Autoscaling configuration for agent.
autoscaling:
  enabled: false
  minReplicas: 1
  maxReplicas: 3
  targetCPUUtilizationPercentage: 80
  targetMemoryUtilizationPercentage: 80
  templates: []
  # Custom or additional autoscaling metrics:
  # ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics
  # - type: Pods
  #   pods:
  #     metric:
  #       name: server_process_requests_total
  #     target:
  #       type: AverageValue
  #       averageValue: 10000m

## Specify additional volumes to mount in the agent container.
additionalVolumes: []

## Specify where the additional volumes are mounted in the agent container.
additionalVolumeMounts: []
Installation
Platform-specific configurations