Configure Helm charts

31 minute readReference

Within the Kubernetes environment, Helm charts are the primary method to configure CloudBees CD/RO components. From configuring your license information and database connections to autoscaling and platform specific implementation, these charts provide a central location to configure most aspects of CloudBees CD/RO installations.

CloudBees CD/RO releases include default Helm charts that provide the values for a basic environment you can configure into a project-specific production environment. After doing so in a project-specific myvalues.yaml, you can configure your CloudBees CD/RO Helm installation to use your values file with the helm install -f option.

For more information, including helm CLI commands for working with values files, refer to Helm values files.

You can integrate CloudBees CD/RO with various Kubernetes platform-specific providers. Some platform-specific integrations, such as OpenShift, have requirements and prerequisites that must be met to correctly install, operate, and upgrade CloudBees CD/RO.

Some requirements must be made in CloudBees CD/RO server and agent values files, while others are made within the platform configuration prior to installing CloudBees CD/RO. For more information on platform-specific integrations, refer to Kubernetes platform-specific configurations.

Additionally, CloudBees CD/RO documentation includes numerous how-tos for Kubernetes project-specific configurations. For help with CloudBees CD/RO on Kubernetes project-specific configurations, refer to Kubernetes configuration options.

CloudBees CD/RO default Helm charts

CloudBees provides server and agent Helm charts with CloudBees CD/RO default values for both demo and production installations.

CloudBees strongly recommends that you create copies of your Helm charts and place them under version control as a project-specific myvalues.yaml. This makes tracking updates and changes between releases much easier.

Demo installations

For demo installations, refer to the GitHub cloudbees-example public repository:

Production installations

A default values file (values.yaml) is released for each CloudBees CD/RO version that contains all default values for the CloudBees CD/RO server installation as part of the cloudbees-flow Helm chart. However, for production environments, there are many project-specific values that must be set in the cloudbees-flow Helm chart according to your project’s implementation.

Your project-specific values, which are only a subset of the default values, are normally set in a seperate myvalues.yaml. This has the major advantage of reducing the amount of overall configuration you must track and maintain.

During installation, you can specify your project-specific myvalues.yaml when running helm install. Doing so, overwrites the default values in the values.yaml with the project-specific values in your myvalues.yaml, while still using the default values for items you did not customize.

CloudBees provides two ways to get started with your myvalues.yaml:

You can integrate CloudBees CD/RO with various Kubernetes platform-specific providers. Some platform-specific integrations, such as OpenShift, have requirements and prerequisites that must be met to correctly install, operate, and upgrade CloudBees CD/RO.

Some requirements must be made in CloudBees CD/RO server and agent values files, while others are made within the platform configuration prior to installing CloudBees CD/RO. For more information on platform-specific integrations, refer to Kubernetes platform-specific configurations.

Additionally, CloudBees CD/RO documentation includes numerous how-tos for Kubernetes project-specific configurations. For help with CloudBees CD/RO on Kubernetes project-specific configurations, refer to Kubernetes configuration options.

Use the default values file to create your project-specific values file

To get started using the values.yaml to create your myvalues.yaml chart:

  1. Visit SonaType Nexus, find the latest release of cloudbees-flow, and download the package.

  2. Open the package and, in the top-level of the directory, locate the values.yaml.

    In the charts directory of the package, you can find charts for individual components within their subdirectory.
  3. Save the file as a project-specific myvalues.yaml.

  4. Go through your myvalues.yaml and update it to meet your project-specific needs. Specifically, configure your database, storage, license information, and CloudBees CD/RO credentials before installing it. For information on available configuration options, refer to cloudbees-flow chart configuration values.

    By default, the values.yaml includes a built-in database for testing. However, for production environments, you must configure CloudBees CD/RO to connect with your project-specific database. For information on supported databases, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

    Using a project-specific database requires a CloudBees CD/RO enterprise license. To avoid installation errors, your CloudBees CD/RO server licence and database connections should both be configured in the same installation of the cloudbees-flow values chart in your project-specific myvalues.yaml. Failing to do so generates error messages about an unsupported configuration or a license requirement, depending on which is omitted.

    To install CloudBees CD/RO with an existing database, refer to How to install CloudBees CD/RO on Kubernetes using an existing database.

    If CloudBees CD/RO is initially installed with the built-in database, you can reconfigure it to use a separate database at any time. For more information on configuring CloudBees CD/RO to use your external database, refer to Configure CloudBees CD/RO to use an alternate database.

    If your database connection fails, ensure the license is valid for CloudBees CD/RO, and the database configuration is correct. For information on configuring an external database for use by CloudBees CD/RO, refer to Configure an external database

  5. (Optional) If you are using a multi-node deployment for the CloudBees Analytics server, a common node certificate infrastructure is required. Refer to Configure CloudBees Analytics server certificates to learn how to configure common node certificate infrastructure in your project-specific values file.

  6. (Optional) Place your myvalues.yaml under version control. CloudBees strongly suggests you do this to track updates and compare changes between releases.

  7. (Optional) Any configurations not specified in your myvalues.yaml are automatically taken from the values.yaml during installation. This means, you can also delete any configuration options in your myvalues.yaml that are not specifically required by your project. This helps to reduce the overall configurations maintained in this file.

    While deleting unneeded configuration options, ensure you maintain valid tag nesting and syntax. Failing to do so may cause your installation to fail or produce unpredictable behavior on your platform.

After you have configured your myvalues.yaml, refer to Install CloudBees CD/RO production server.

Use an example production values file to create your project-specific values file

Preconfigured production Helm chart examples are available in the CloudBees examples repository to get you started. These files include:

Values file Description

cloudbees-cd-prod.yaml

File for use with production installations. You must configure your database, storage, and CloudBees CD/RO credentials in a local project-specific values file before it can be used. For information on available configuration options, refer to cloudbees-flow chart configuration values.

cloudbees-cd-defaults.yaml

File listing all Helm chart values along and their default value. Use as a reference when specifying additional configurations in your local project-specific values file. For information on available configuration options, refer to cloudbees-flow chart configuration values.

There are several platform versions of the production example Helm charts available in the CloudBees examples repository, each with prod in the YAML file name.

To create your myvalues.yaml based on the example production chart:

  1. Go to the CloudBees examples repository and save a copy of the example production chart you want to use as your project-specific myvalues.yaml.

  2. Go through your myvalues.yaml and update it to meet your project-specific needs. Specifically, configure your database, storage, license information, and CloudBees CD/RO credentials before installing it. For information on available configuration options, refer to cloudbees-flow chart configuration values.

    By default, the values.yaml includes a built-in database for testing. However, for production environments, you must configure CloudBees CD/RO to connect with your project-specific database. For information on supported databases, refer to Supported platforms for CloudBees CD/RO on Kubernetes.

    Using a project-specific database requires a CloudBees CD/RO enterprise license. To avoid installation errors, your CloudBees CD/RO server licence and database connections should both be configured in the same installation of the cloudbees-flow values chart in your project-specific myvalues.yaml. Failing to do so generates error messages about an unsupported configuration or a license requirement, depending on which is omitted.

    To install CloudBees CD/RO with an existing database, refer to How to install CloudBees CD/RO on Kubernetes using an existing database.

    If CloudBees CD/RO is initially installed with the built-in database, you can reconfigure it to use a separate database at any time. For more information on configuring CloudBees CD/RO to use your external database, refer to Configure CloudBees CD/RO to use an alternate database.

    If your database connection fails, ensure the license is valid for CloudBees CD/RO, and the database configuration is correct. For information on configuring an external database for use by CloudBees CD/RO, refer to Configure an external database

  3. (Optional) If you are using a multi-node deployment for the CloudBees Analytics server, a common node certificate infrastructure is required. Refer to Configure CloudBees Analytics server certificates to learn how to configure common node certificate infrastructure in your project-specific values file.

  4. (Optional) Place your myvalues.yaml under version control. CloudBees strongly suggests you do this to track updates and compare changes between releases.

After you have configured your myvalues.yaml, refer to Install CloudBees CD/RO production server.

cloudbees-flow chart configuration values

The following tables list common configurable parameters of the cloudbees-flow chart and their default values.

Global values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Global configurations section.

Global default values
### Global configurations section ### --------------------------------------------- ## Please, note that this will override the parameters, including sub-charts, ## configured to use the global value over local values global: cloudbees: imageRegistry: imageTag: ## Enable `imagePullSecrets` if you are using a private registry. ## Secrets must be manually created or already exist in the namespace. ## `imagePullSecrets: <secret-name>` imagePullSecrets:

Images values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Common images configurations section.

Image default values
##--------------------------------------------- ## Common images configurations section ##--------------------------------------------- images: # Image registry to pull the images from. # E.g., registry: "123456789012.dkr.ecr.us-east-1.amazonaws.com" registry: "docker.io/cloudbees" # Image tag of the image to pull tag: "<refer_to_latest_release>" # The image pull policy to use pullPolicy: IfNotPresent # Image pull secrets # Enable this option when using a private registry. # Secrets must be manually created in the namespace. # imagePullSecrets: <secret-name> imagePullSecrets: # (Optional) Array of `imagePullSecrets` containing private registry credentials. # Reference to one or more secrets to use when pulling images. # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ # imagePullSecrets: # - name: "docker-registry" ## The name of the CloudBees CD/RO flow-server. ## Usually, a fully-qualified domain name, where the server ## is available for all agents (resources) and other components. ## By default, it is the internal cluster hostname for the K8S flow-server ## service. ## By default, the CloudBees CD/RO flow-server is not fully ## accessible to components outside the Kubernetes cluster. However, ## CloudBees CD/RO agents can also be installed in different namespaces ## and configured to communicate with the flow-server service across namespaces ## using their DNS name. For more information on connecting to agents in ## different namespaces, refer to: ## https://docs.cloudbees.com/docs/cloudbees-cd/latest/install-k8s/installation#_install_cloudbees_cdro_agents_in_different_namespaces serverName: flow-server

Ingress values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Ingress configuration section.

Ingress default values
### -------------------------------------------- ### Ingress configuration section ### --------------------------------------------- ingress: ## Flag that dictates the ingress workload and its accompanying services are installed. enabled: true host: ## CloudBees CD/RO flow-web ingress annotations. ## Nginx is used, but any ingress that supports ## sticky sessions will suffice. annotations: nginx.ingress.kubernetes.io/affinity: "cookie" nginx.ingress.kubernetes.io/affinity-mode: "persistent" nginx.ingress.kubernetes.io/session-cookie-name: "route" nginx.ingress.kubernetes.io/session-cookie-hash: "sha1" nginx.ingress.kubernetes.io/proxy-body-size: "10G" nginx.ingress.kubernetes.io/secure-backends: "false" nginx.ingress.kubernetes.io/proxy-read-timeout: "4000" nginx.ingress.kubernetes.io/proxy-stream-timeout: "4000" ## If you are using EKS with ALB, enable the follow annotations: # alb.ingress.kubernetes.io/scheme: internet-facing # alb.ingress.kubernetes.io/certificate-arn: "<acm certificate arn>" ## Set to the same value as `nginx-ingress.controller.ingressClass` if enabled. ## Set to the same value as `ingress-nginx.controller.ingressClassResource.name` if enabled. class: flow-ingress ## If using EKS and need to deploy ALB load balancer with alb controller enabled, set to `alb`. # class: alb ## Certificate for CloudBees flow-web ingress. ## You can also set using `helm install --set-file`. # ingress.certificate.key=path/to/key` `--set-file # ingress.certificate.crt=path/to/certificate` ## Example structure to configure an ingress certificate for TLS. certificate: existingSecret: key: crt: ## Create an OpenShift route rather than a generic ingress. route: false ## Enables platform-specific settings. ## Platform-specific values are: `eks`, `aws`, `gke`, `aks`, `openshift` ## NOTE: `openshift` maps to OpenShift 4.x. platform: standard

CloudBees CD/RO server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server configuration section.

Flow server default values
### -------------------------------------------- ### Flow server configuration section ### --------------------------------------------- server: ## Flag that dictates the cbflow-server workload and its accompanying services are installed. enabled: true ## The `imageRepository` in the `images.registry` to pull component image from. imageRepository: cbflow-server ## Number of replicas of this component to create. replicas: 1 ## `expose: true` allows cbflow-server service ingress ports `8443` and `61613` ## to be accessed from outside the cluster. expose: true ## The default loglevel for cbflow-server. logLevel: DEBUG zk: host: zookeeper port: 2181 ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "--serverInitMemoryMB=4096 --serverMaxMemoryMB=4096" ## Specify the resources to request for this component. resources: limits: cpu: 4 memory: 6Gi requests: cpu: 2 memory: 6Gi nodeSelector: {} tolerations: [] affinity: {} ## Kubernetes Liveness Probes: livenessProbe: initialDelaySeconds: 90 periodSeconds: 60 failureThreshold: 10 timeoutSeconds: 10 ## Kubernetes Readiness Probes: readinessProbe: initialDelaySeconds: 60 periodSeconds: 10 failureThreshold: 10 timeoutSeconds: 10 ## Specify additional volumes to mount in the cbflow-server container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the cbflow-server container. additionalVolumeMounts: [] ## Specify additional containers to mount for cbflow-server. additionalContainers: # - name: container-name # image: image-version # command: # - "/container-command" ## Specify any additional environment variables to set for cbflow-server. extraEnvs: [] # extraEnvs: # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource ## Enable or disable sending telemetry data to CloudBees. ## NOTE: This option only works for the initial installation of the cbflow-server. ## If your server is already initialized, you can configure this setting in the *Server Setting*. telemetryData: enabled: true ## Requires `server.expose.enable: true` and ports `8443` and `61613` to be open and externally exposed. ## Creates extra Kubernetes service with type LoadBalancer. externalService: enabled: false ## server LoadBalancer service annotations for ## creating internal LoadBalancer on GCP or AWS. annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ## Enable or disable creating init container for volume permissions for cbflow-server. volumesPermissionsInitContainer: enabled: true ## Horizontal Pod Autoscaling configuration for cbflow-server. ## This is only supported when `clusteredMode:true`. autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] ## Specify custom or additional autoscaling metrics. ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m jobInit: annotations: "helm.sh/hook": "post-install,post-upgrade" "helm.sh/hook-weight": "1" "helm.sh/hook-delete-policy": hook-succeeded,before-hook-creation nodeSelector: {} tolerations: [] affinity: {}

CloudBees CD/RO web server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow web server configuration section.

Flow web server default values
### -------------------------------------------- ### Flow web server configuration section ### --------------------------------------------- web: ## Flag that dictates the cbflow-web workload and its accompanying services are installed. enabled: true ## The `imageRepository` in the `images.registry` to pull component image from. imageRepository: cbflow-web ## Number of replicas of this component to create. replicas: 1 service: type: ClusterIP ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "" ## Specify the resources to request for this component. resources: limits: cpu: 1 memory: 512Mi requests: cpu: 0.25 memory: 256Mi nodeSelector: {} tolerations: [] affinity: {} ## Additional environment variables to set for cbflow-web. extraEnvs: [] # extraEnvs: # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource ## Enable shared plugin volume mount (PVC) on flow-web pods. ## Mounts empty dir instead if `sharedPluginsEnabled` is false. sharedPluginsEnabled: true ## Specify additional volumes to mount in the cbflow-web container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the cbflow-web container. additionalVolumeMounts: [] ## Specify additional containers to mount for cbflow-web. additionalContainers: # - name: container-name # image: image-version # command: # - "/container-command" ## Horizontal Pod Autoscaling configuration for cbflow-web. ## This is only supported when `clusteredMode: true`. autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] ## Specify custom or additional autoscaling metrics. ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m

Repository values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow repository configuration section.

Flow repository default values
### -------------------------------------------- ### Flow repository configuration section ### --------------------------------------------- repository: ## Flag that dictates the cbflow-repository workload and its accompanying services are installed. enabled: true ## The `imageRepository` in the `images.registry` to pull component image from. imageRepository: cbflow-repository ## Number of replicas of this component to create. replicas: 1 ## `expose: true` allows cbflow-repository service ingress port `8200` ## to be accessed from outside the cluster. expose: true ## The zone (must exist in the flow-server instance) assigned ## to the repository instance created in the flow-server to represent this ## repository instance. zoneName: ## The endpoint for the cbflow-repository service. ## ## If `cbflow-server.enabled:true` this setting is OPTIONAL, and ## the service name is automatically determined based on `.serverName` value. ## ## If `cbflow-server.enabled:false` and the cbflow-repository should be connected to ## a cbflow-server outside of this deployment, `serviceEndpoint` is *REQUIRED.* ## ## Usual helm templates may be used for `serviceEndpoint`. serviceEndpoint: ## The default loglevel for cbflow-repository. logLevel: DEBUG ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "--repositoryInitMemoryMB=512 --repositoryMaxMemoryMB=1024" ## Specify the resources to request for this component. resources: requests: cpu: 0.25 memory: 1024Mi limits: cpu: 0.25 memory: 2048Mi nodeSelector: {} tolerations: [] affinity: {} ## Additional environment variables to set for cbflow-repository. extraEnvs: [] # extraEnvs: # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource ## Requires `repository.expose.enable: true` and port `8200` to be open and externally exposed. ## Creates extra Kubernetes service with type LoadBalancer. externalService: enabled: false ## repository LoadBalancer service annotations for ## creating internal LoadBalancer on GCP or AWS. annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ## Enable or disable creating init container for volume permissions for cbflow-repository. volumesPermissionsInitContainer: enabled: true ## Specify additional volumes to mount in the cbflow-repository container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the cbflow-repository container. additionalVolumeMounts: [] ## Specify additional containers to mount for cbflow-repository. additionalContainers: # - name: container-name # image: image-version # command: # - "/container-command" ## Horizontal Pod Autoscaling configuration for cbflow-repository. ## This is only supported when `clusteredMode: true`. autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] ## Specify custom or additional autoscaling metrics. ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m

CloudBees Analytics server values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow DevOps Insight configuration section.

Flow DevOps Insight default values
### -------------------------------------------- ### Analytics server / Flow DevOps Insight (DOIS/dois) configuration section ### --------------------------------------------- dois: ## Flag that dictates the cbflow-dois workload and its accompanying services are installed. enabled: true ## The `imageRepository` in the `images.registry` to pull component image from. imageRepository: cbflow-dois ## Number replicas of Elasticsearch nodes to create. replicas: 1 ## `expose: true` allows cbflow-dois service ingress ports `9200` ## to be accessed from outside the cluster. expose: true ## The DOIS service endpoint configured on the remote CloudBees CD/RO server. ## It is assumed the remote CloudBees CD/RO server is located in the same ## Kubernetes cluster. serviceEndpoint: "flow-devopsinsight.{{ .Release.Namespace }}" ## The name of the Elasticsearch cluster. esClusterName: ## Minimum number of master-eligible nodes that must be visible in order to ## form an Elasticsearch cluster. esMinMasterNodes: 1 ## The number of primary shards that an index should have. esNumberOfShards: ## DOIS credentials ## Specify either: ## * The secret where the report user password and the admin user ## password will be stored (Recommended for production). ## or ## * The reportUserPassword and adminPassword values. ## ## When using the secret: ## * Store the `reportUser` password under the `CBF_DOIS_PASSWORD` key. ## * Store the `adminPassword` under the `CBF_DOIS_ADMIN_PASSWORD` key. ## ## ## IMPORTANT: If the `adminPassword` is left empty, *no admin user is created*, ## and administrative access is *not* granted to any user. credentials: existingSecret: adminPassword: ## If `reportUserPassword` is an empty string, a random 20 characters password is generated. reportUserPassword: ## The heap size in MB for Elasticsearch and Logstash services. esRam: 1024 ## Specify the resources to request for this component. resources: limits: cpu: 1 memory: 3Gi requests: cpu: 0.1 memory: 2Gi nodeSelector: {} tolerations: [] affinity: {} ## Adds an OpenShift node tuning label to DOIS pods that ## configures the 'vm.max_map_count' value required to run Elasticsearch. ## For more information, refer to: ## https://developers.redhat.com/blog/2019/11/12/using-the-red-hat-openshift-tuned-operator-for-elasticsearch/ openshiftNodeTuning: false ## Additional environment variables to set for cbflow-dois. extraEnvs: [] # extraEnvs: # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource ## DOIS Readiness probe variables: healthProbeReadinessPeriodSeconds: 5 healthProbeReadinessFailureThreshold: 3 healthProbeReadinessInitialDelaySeconds: 60 ## DOIS Liveness probe variables: healthProbeLivenessPeriodSeconds: 20 healthProbeLivenessFailureThreshold: 3 healthProbeLivenessInitialDelaySeconds: 60 ## Enable or disable a *privileged* `sysctlInitContainer` if ## the sysctl `vm.max_map_count setting` is set by another method. sysctlInitContainer: enabled: true ## The `sysctlInitContainer.imageRepository` sysctlInitContainer image repository. imageRepository: busybox ## The `sysctlInitContainer.imageTag` sysctlInitContainer image tag . imageTag: stable ## Enable or disable creating an init container for cbflow-dois volume permissions. volumesPermissionsInitContainer: enabled: true ## Enable or disable creating a backup of cbflow-dois data. backup: ## NOTE: If you change `dois.backup.enabled` for an existing installation, ## you must delete the statefulset for the installation prior to upgrading. ## To do so, you can use `kubectl delete statefulset flow-devopsinsight`. enabled: false schedule_cron: "0 */12 * * *" retentionDays: 15 location: "/es-backups" ## The `imageRepository` in the `images.registry` to pull component image from. imageRepository: cbflow-tools cleanupImageRepository: "python" cleanupImageTag: "3.7.7" restoreSnapshot: false restoreSnapshotName: externalRepo: ## Enable if you are backing up in Amazon S3 or GCS. enabled: false ## Type can be Amazon S3 or GCS. type: s3 # Name of bucket in Amazon S3 or GCS bucketName: ## Use GKE Workload Identity with Kubernetes service account to impersonate a Google Cloud ## Use The AWS IAM roles for service accounts to impersonate access to a S3 ## Enable serviceAccountsIdentity or provide IAM or GCS credentials below serviceAccountsIdentity: false ## For `existingSecret`, either: ## * Specify where the AWS or GCS credentials are stored. ## or ## * Provide the secret in the values file. ## ## For AWS S3: ## Create a secret for AWS S3 with permission to read/write ## to the bucket policy with keys `AWS_ACCESS_KEY` and `AWS_SECRET_KEY`. ## Example: ## `kubectl create secret generic s3awssecret --from-literal=AWS_ACCESS_KEY="XXXXX" --from-literal=AWS_SECRET_KEY="XXXXX"` ## ## For GCS: ## Create a secret for GCS with permission to read/write ## to the bucket policy using `KEY GCS_SA_KEY` referencing ## the file with the service account key. ## Example: ## `kubectl create secret generic gcssasecret --from-file=GCS_SA_KEY=/tmp/gke-credentials.json` existingSecret: secret: ## Provide *only* if type is AWS S3. awsAccessKey: awsSecretKey: ## Provide *only* if type is GCS. gcsSaKey: ## Region of the AWS S3 or GCS bucket. Example: us-east-1 region: ## Requires `dois.expose.enable: true` and ports `9200` to be open and externally exposed. ## Creates extra Kubernetes service with type LoadBalancer. externalService: enabled: false ## cbflow-dois LoadBalancer service annotations for ## creating internal LoadBalancer on GCP or AWS. annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0" ## For `dois.certificates`, you must provide either: ## * The certificates for ca, sign, node, admin, ## and bundle in the fields below. ## or ## * A `dois.certificates.existingSecret` that references ## where the ca, sign, node, admin, and bundle are stored. ## IMPORTANT: ## If you have cbflow-dois replicas, you must define one of ## the following supported certificate options: ## * Define certificates.bundle. ## * Define certificates.ca.crt and certificates.ca.key. ## * Define certificates.ca.crt and certificates.sign.crt, and certificates.sign.key. ## * Define certificates.ca.crt, certificates.sign.crt, certificates.node.crt, certificates.node.key, ## certificates.admin.crt, and certificates.admin.key. ## For more information, refer to: ## https://docs.cloudbees.com/docs/cloudbees-cd/latest/install-k8s/installation#_configure_cloudbees_analytics_server_certificates ## cbflow-dois supported certificates: certificates: ca: crt: key: sign: crt: key: node: crt: key: admin: crt: key: dname: bundle: ## For `dois.certificates.existingSecret`: ## Specify the secret where the certificates ca, sign, node, ## admin, and bundle are stored (recommended for production). existingSecret: ## When using the existingSecret use the following keys: ## Store the 'ca.crt' value under CBF_DOIS_CA_CRT key. ## Store the 'ca.key' value under CBF_DOIS_CA_KEY key. ## Store the 'sign.crt' value under CBF_DOIS_SIGN_CRT key. ## Store the 'sign.key' value under CBF_DOIS_SIGN_KEY key. ## Store the 'node.crt' value under CBF_DOIS_NODE_CRT key. ## Store the 'node.key' value under CBF_DOIS_NODE_KEY key. ## Store the 'admin.crt' value under CBF_DOIS_ADMIN_CRT key. ## Store the 'admin.key' value under CBF_DOIS_ADMIN_KEY key. ## Store the 'bundle' value under CBF_DOIS_CRT_BUNDLE key. ## NOTE: Do not store your 'admin.dnname' in any secret. Instead, pass it as a value. ## Specify additional containers. additionalContainers: null # additionalContainers: # - name: container-name # image: image-version # command: # - "/container-command"

Bound agent values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow bound agent configuration section.

If you are using a flowCredentials.existingSecret, you must configure the same existingSecret for the bound agent. For more information, refer to Kubernetes configuration options.
Flow bound agent default values
### -------------------------------------------- ### Flow bound agent configuration section ### --------------------------------------------- ## This is an internal component that serves the cbflow-web and the cbflow-repository ## connections to the cbflow-server. It is automatically enabled or disabled if ## deployment of cbflow-web and cbflow-repository are enabled. boundAgent: ## Number of replicas of this component to create. replicas: 1 ## The default loglevel for cbflow-agent. logLevel: DEBUG flowCredentials: ## Enable `serverSecretReference` to re-use flow-server secrets in the agent charts. serverSecretReference: true releaseNamePrefix: cb-flow-bound-agent resourceName: local resourcePools: default service: publicHostName: cb-flow-bound-agent name: cb-flow-bound-agent ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "--agentInitMemoryMB=256 --agentMaxMemoryMB=256" ## Specify the resources to request for this component. resources: limits: cpu: 0.25 memory: 1024Mi requests: cpu: 0.25 memory: 512Mi nodeSelector: {} tolerations: [] affinity: {} storage: volumes: agentWorkspace: ## Set `volumes.enable: true` to use Persistent Volume for the bound agent workspace. enabled: false name: flow-bound-agent-workspace accessMode: ReadWriteOnce storage: 5Gi ## To use a custom storage class, provide the `storageClass` name. storageClass: ## To use an existing PVC, set: ## * Set `storage.volumes.repositoryStorage.name` to your PVC name. ## * Set `existingClaim: true`. ## If you are using a PVC, it *must be* `ReadWriteMany` accessible. existingClaim: false ## Additional environment variables to set for cbflow-agent. extraEnvs: [] # - name: FOO # value: "BAR" # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource ## Enable or disable creating init container for volume permissions for cbflow-agent. volumePermissions: enabled: true ## Specify additional volumes to mount in the cbflow-agent container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the cbflow-agent container. additionalVolumeMounts: [] ## Specify additional containers. additionalContainers: # - name: container-name # image: image-version # command: # - "/container-command"

Server storage values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow storage configuration section.

Flow storage default values
### -------------------------------------------- ### Flow storage configuration section ### --------------------------------------------- storage: volumes: ## Storage configuration for plugins directory, which: ## * Is shared across all cbflow-server and cbflow-web replicas. ## * *Must be* `ReadWriteMany` accessible. ## ## To use an existing PVC, set: ## * Set `storage.volumes.serverPlugins.name` to your PVC name. ## * Set `existingClaim: true`. ## If you are using a PVC, it *must be* `ReadWriteMany` accessible. serverPlugins: name: flow-server-shared accessMode: ReadWriteMany ## To use a custom storage class, provide the storageClass name. storageClass: storage: 5Gi existingClaim: false ## To use an existing PVC, set: ## * Set `storage.volumes.repositoryStorage.name` to your PVC name. ## * Set `existingClaim: true`. ## If you are using a PVC, it *must be* `ReadWriteMany` accessible. repositoryStorage: name: flow-repo-artifacts accessMode: ReadWriteOnce storage: 20Gi ## To use a custom storage class, provide the storageClass name. storageClass: existingClaim: false doisStorage: name: elasticsearch-data accessMode: ReadWriteOnce storage: 10Gi ## To use a custom storage class, provide the storageClass name. storageClass:

Database values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server database configuration section.

Flow server database default values
### -------------------------------------------- ### Flow server database configuration section ### --------------------------------------------- ## Db endpoint, `database` or `schema`, principal with full privileges on ## that schema (rw access) - `dbUser` and `dbPassword`. database: ## URL of you external Db. # externalEndpoint: "my.db.somewhere.com" ## Use this option if your database resides in the same k8s cluster ## as the flow-server with the notation as <db-service>.<namespace>. ## If deploying into the same namespace, `.<namespace>` can be omitted. # clusterEndpoint: "<db-service>.<namespace>" ## Use this option if you have an existing credentials or will deploy the ## secret yourself. The value *must* given in the format: ## existingSecret: server-secrets.yaml::dbSecret # existingSecret: <my-existing-secret> dbName: dbUser: ## If dbPassword is an empty string, a random 20 characters password is generated. dbPassword: ## Remote database port to connect to. dbPort: ## Database type for flow persistence to work with. ## Must be one of: ## * `mysql` - MYSQL ## * `mariadb` - MariaDB ## * `sqlserver` - MSSQLServer ## * `oracle` - Oracle ## * `postgresql` - PostgreSql ## For more information on supported databases, refer to ## https://docs/cloudbees/com/docs/cloudbees-common/latest/supported-platforms/cloudbees-cd-k8s#database-plat: dbType: ## External Mysql Connector URL to download during CloudBees CD/RO installation. mysqlConnector: enabled: true externalUrl: ## configure the database connection to use either built-in database authentication or IAM database authentication ## using customDatabaseUrl . ## example customDatabaseUrl=jdbc:postgresql:///<DB_NAME>?cloudSqlInstance=<YOUR_GCP_PROJECT_ID>:<REGION_ID>:<INSTANCE_CONNECTION_NAME>&socketFactory=com.google.cloud.sql.postgres.SocketFactory&ipTypes=PRIVATE ## for more information on supported configuration, refer to ## https://docs.cloudbees.com/docs/cloudbees-cd/latest/install-k8s/k8s-platform-specific-configurations#_using_cloudbees_cdro_with_google_cloud_sql # customDatabaseUrl:

CloudBees CD/RO credential values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server credentials configuration section.

Flow server credentials default values
### -------------------------------------------- ### Flow server credentials configuration section ### --------------------------------------------- flowCredentials: ## Specify either: ## * The secret where the admin user password is stored using ## the 'CBF_SERVER_ADMIN_PASSWORD' key (recommended for production). ## or ## * The adminPassword. existingSecret: ## If `adminPassword` is an empty string, a random 20 characters password is generated. adminPassword:

CloudBees CD/RO server license values (optional)

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow server license configuration section.

Flow server license default values
### -------------------------------------------- ### Flow server license configuration optional section ### --------------------------------------------- ## This optional section allows you to configure licenses with flow-server during the ## first initialization only. Allows you to either create a secret from this chart or supply ## your own pre-created one. ## IMPORTANT: Pre-created secrets must have a single field named CBF_LICENSE with value ## containing the license file contents, *REQUIRED* to use with `flowLicense.existingSecret`. ## TIP: For installations or upgrades, licence automations ## can be created using the following API: ## https://docs.cloudbees.com/docs/cloudbees-cd-api/latest/flow-api/apiserver flowLicense: ## Provide your existing secret name with license data. ## For `existingSecret`, must have `CBF_LICENSE` field with value of license file contents. existingSecret: ## TIP: Your `licenseData` can be passed as an XML file path or ## passed with the `helm --set-file` option. licenseData:

Pods security context values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Pods security context section.

Pods security context default values
### -------------------------------------------- ### Pods security context ### --------------------------------------------- securityContext: enabled: false fsGroup: 1000 allowPrivilegeEscalation: false runAsUser: 1000 readOnlyRootFilesystem: true runAsNonRoot: true capabilities: drop: ["ALL"] seccompProfile: type: "RuntimeDefault" volumePermissions: enabled: true

RBAC resources values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the RBAC resources section.

RBAC resources default values
### -------------------------------------------- ### RBAC resources ### --------------------------------------------- rbac: ## Specify if RBAC resources should be created. create: false serviceAccountName: annotations: {} role: ## Rules to create RBAC resources. rules: []

Network isolation values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Network isolation configuration section.

Network isolation default values
### -------------------------------------------- ### Network isolation configuration ### --------------------------------------------- networkIsolation: ## Enabled network policies for CloudBees CD/RO components. Set `networkPolicies.enabled: false` to ## implement custom network policies. ## IMPORTANT: If `networkPolicies.enabled: false`, you must provide the `additionalIngressSelector` for ## CloudBees CD/RO components. ## For more information on network policies, refer to: ## https://docs.cloudbees.com/docs/cloudbees-cd/latest/install-k8s/cdro-k8s-how-tos networkPolicies: enabled: true ## `allowFromCidr` allows you to define a CIDR allowed ## to make connections to all exposed CloudBees CD/RO endpoints. allowFromCidr: "0.0.0.0/0" ## Additional ingress selectors for network policies. ## Example: ## web: ## additionalIngressSelector: ## - namespaceSelector: ## matchLabels: ## kubernetes.io/metadata.name: kube-system web: additionalIngressSelector: [] server: additionalIngressSelector: [] zookeeper: additionalIngressSelector: [] repository: additionalIngressSelector: [] dois: additionalIngressSelector: []

Zookeeper values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Zookeeper configuration section.

Zookeeper default values
### -------------------------------------------- ### Zookeeper configuration section ### --------------------------------------------- ## CloudBees CD/RO includes a bundled ZooKeeper installation. ## If you already have an available ZooKeeper installation, or ## your security policy demands, you can disable this ZooKeeper. ## If you disable the bundled ZooKeeper, enter your ZooKeeper endpoint ## address into `workloads.server.zk.host` and `workloads.server.zk.port`. ## ## IMPORTANT: Currently, CloudBees CD/RO *can not* share a ZooKeeper ## with any other application. zookeeper: image: ## Container repository to pull ZooKeeper image from. repository: docker.io/cloudbees/cbflow-tools ## Zookeeper image tag to pull. tag: "<REFER-TO-LATEST-RELEASE_TAG>" fullnameOverride: zookeeper replicaCount: 3 podLabels: ownerApp: "cloudbees-flow" role: "cluster-coordinator" mode: "private" ## Specify the resources to request for this component. resources: limits: cpu: "250m" memory: "1Gi" requests: memory: "512Mi" cpu: "250m" livenessProbe: initialDelaySeconds: 20 periodSeconds: 30 timeoutSeconds: 5 failureThreshold: 2 successThreshold: 1 readinessProbe: initialDelaySeconds: 10 periodSeconds: 10 timeoutSeconds: 5 failureThreshold: 6 successThreshold: 1

CloudBees CD/RO flow ingress values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Flow ingress configuration section.

CloudBees CD/RO’s flow-server requires the flow-repository and flow-devopsinsight servers to be exposed as externally available services to access them. By default, ingress requires the following ports to access these servers:

  • 61613 (flow-server)

  • 8443 (flow-server)

  • 8200 (flow-repository)

  • 9200 (flow-devopsinsight)

  • 9500 (flow-devopsinsight)

Per Kubernetes ingress specification, this is not supported. However, this is available as a non-standard extension of nginx-ingress, which is why ingress is bundled with CloudBees CD/RO.

Nginx-ingress values (Kubernetes versions 1.21 and earlier)

nginx-ingress default values
nginx-ingress: enabled: false defaultBackend: service: ## Disable to omit the clusterIP from the controller service. omitClusterIP: true controller: ingressClass: flow-ingress ## `publishService` allows you to customize the external service ## nginx-ingress is bound to via DNS. publishService: enabled: true scope: enabled: true # extraArgs: ## Additional log messages that may be useful for debugging. ## Shows diff details about changes in the nginx-ingress configuration. # v: 2 ## Shows details about the service, ingress rule, endpoint changes, and ## dumps the nginx-ingress configuration in JSON format. # v: 3 ## Configures NGINX in debug mode # v: 5 config: ## Ingress must support long-running requests without resetting the connection. ## By default, nginx reset connections to TCP/UDP services after `600` seconds of ## inactivity between two successive read or write operations. This setting ## extends the timeout to `4000` seconds. proxy-stream-timeout: "4000s" ## `error-log-level` allows you to increase the detail of the error log, which ## may be useful for debugging. # error-log-level: debug ## Ingress must support long-running requests without resetting the connection. ## By default, AWS ELB resets connections after `60` seconds of inactivity. With ## this annotation, the timeout will be increased to `4000` seconds. This is ## the maximum timeout supported by AWS ELB. service: annotations: service.beta.kubernetes.io/aws-load-balancer-connection-idle-timeout: 4000 omitClusterIP: true tcp: 8200: "{{ .Release.Namespace }}/flow-repository:8200" 8443: "{{ .Release.Namespace }}/flow-server:8443" 61613: "{{ .Release.Namespace }}/flow-server:61613" ## Additional TCP ports to access DOIS Elasticsearch over ingress endpoint. # 7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800" # 9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200" ## Additional port to enable external agents to connect to flow-server. # 8000: "{{ .Release.Namespace }}/flow-server:8000" ## **Only use ingress-nginx for Kubernetes installations v1.22 or later.** ## IMPORTANT: If you are upgrading from K8s v1.21 or earlier ## to v1.22 or later, ensure you configure `nginx-ingress.enabled: false` ## and `ingress-nginx.enabled: true` before upgrading. ## For more information this type of upgrade, refer to: ## https://docs.cloudbees.com/docs/cloudbees-cd/latest/upgrade/overview-k8s-environment#Prereq_upgrading_from_K8s_1.21_or_less_to_1.22_or_above

Ingress-nginx values (Kubernetes versions 1.22 and later)

ingress-nginx default values
ingress-nginx: ## `ingress-nginx.enabled: true` installs the following ingress-nginx controller: ## https://github.com/kubernetes/ingress-nginx/tree/master/charts/ingress-nginx ## (OPTIONAL) Enable this section if you don't have an existing ingress-nginx controller installation. enabled: true controller: service: externalTrafficPolicy: Local ingressClassResource: name: flow-ingress ## `publishService` allows you to customize the external service ## ingress-nginx is bound to via DNS. publishService: enabled: true scope: enabled: true # Set the default `admissionWebhooks.port`. admissionWebhooks: port: 8445 # extraArgs: ## Additional log messages that may be useful for debugging. ## Shows diff detail about changes in the nginx-ingress configuration. # v: 2 ## Shows details about the service, Ingress rule, endpoint changes, and ## dumps the nginx-ingress configuration in JSON format. # v: 3 ## Configures NGINX in debug mode # v: 5 config: ## Ingress must support long-running requests without resetting the connection. ## By default, AWS ELB resets connections after `60` seconds of inactivity. With ## this annotation, the timeout will be increased to `4000` seconds. This is ## the maximum timeout supported by AWS ELB. proxy-stream-timeout: "4000s" ## `error-log-level` allows you to increase the detail of the error log, which ## may be useful for debugging. # error-log-level: debug tcp: 8200: "{{ .Release.Namespace }}/flow-repository:8200" 8443: "{{ .Release.Namespace }}/flow-server:8443" 61613: "{{ .Release.Namespace }}/flow-server:61613" ## Additional TCP ports to access DOIS Elasticsearch over the ingress endpoint: # 7800: "{{ .Release.Namespace }}/gateway-external-agent-flow-agents:7800" # 9200: "{{ .Release.Namespace }}/flow-devopsinsight:9200" ## Additional port to enable external agents to connect to flow-server. # 8000: "{{ .Release.Namespace }}/flow-server:8000"

CloudBees CD/RO miscellaneous values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow values referenced in the values.yaml under the Miscellaneous configuration section.

Miscellaneous default values
### -------------------------------------------- ### Miscellaneous configuration section ### --------------------------------------------- clusteredMode: true ## Flag used to configure the cloudbees-sda chart. ## Should not be used from a standalone CloudBees CD/RO installation. sda: false mariadb: enabled: false image: tag: "10.11.2-debian-11-r19" fullnameOverride: mariadb replication: enabled: false volumePermissions: enabled: true initdbScriptsConfigMap: mariadb-initdb-scripts existingSecret: mariadb-initdb-secret ## You *must* provide the same `db.user` name as `database.dbUser`(default is "flow"). db: user: "" rootUser: ## MariaDB admin password ## If `rootuser.password` is an empty string, a random 10 characters password is generated. ## ref: https://github.com/bitnami/bitnami-docker-mariadb#setting-the-root-password-on-first-run password: "" master: nodeSelector: kubernetes.io/os: linux ## cloudbees-flow-agent chart configuration to create ## an internal gateway agent. internalGatewayAgent: enabled: false releaseNamePrefix: gateway-default-agent resourceName: gateway-default-agent ## Number of replicas of this component to create. replicas: 1 trustedAgent: false flowCredentials: ## Enable `serverSecretReference` to re-use flow-server secrets in agents chart. serverSecretReference: true ## Horizontal Pod Autoscaling configuration for internalGatewayAgent. ## IMPORTANT: This is only supported when `clusteredMode: true`. autoscaling: enabled: false minReplicas: 1 maxReplicas: 2 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 gateway: ## Recognize as internal gateway agent. enabled: true ## cloudbees-flow-agent chart configurations used for creating an ## external gateway agent. externalGatewayAgent: enabled: false releaseNamePrefix: gateway-external-agent resourceName: gateway-external-agent ## Number of replicas of this component to create. replicas: 1 trustedAgent: false zoneName: external service: ## External DNS hostname external agents use to communicate ## with the external gateway agent publicHostName: ## Configure gateway using external gateway agent. gateway: ## Configure gateway using this agent. enabled: true ## Name of the gateway to create. name: external ## Name of the gateway agent to pair with as gateway resource 2. pairedResourceName: gateway-default-agent flowCredentials: ## Enable `serverSecretReference` to re-use flow-server secrets in agents chart. serverSecretReference: true ## Horizontal Pod Autoscaling configuration for externalGatewayAgent. ## This is only supported when `clusteredMode: true`. autoscaling: enabled: false minReplicas: 1 maxReplicas: 2 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 gitops: enabled: false repo: ## Specify either: ## Your gitToken gitToken: ## or ## * Your secret where the git access token is stored under the 'CBF_GIT_TOKEN' key (recommended for production) existingSecret: ## (OPTIONAL) CloudBees CD/RO Sidecar injector configuration ## Sidecar injectors are useful when running infrastructure (GitHub Enterprise, Nexus, etc.) using a self-signed certificate. ## They allow you to inject certificate bundles in pods running in CloudBees CD/RO, so they can trust provided certificates ## without having to build custom docker images. ## ## IMPORTANT: If you are using SDA and CI has `sidecarinjector.enabled` you can *not* enable cdsidecarinjector. ## As both refer to same chart, and this generates name conflicts. ## ## To enable sidecar-injector, label your namespace with `sidecar-injector-cd=enabled`: ## `kubectl label namespace mynamespace cdsidecarinjector=enabled` ## Use `helm inspect readme cloudbees/cloudbees-sidecar-injector` to read more on sidecar injectors. cdsidecarinjector: ## `cdsidecarinjector.enabled: true` installs sidecar injector. enabled: false caBundleName: ca-bundles injectionCaCertificates: - /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem injectionJavaKeystore: ## Alpine/Debian/Ubuntu/Gentoo etc. - /opt/cbflow/jre/lib/security/cacerts namespaceLabel: sidecar-injector annotationPrefix: com.cloudbees.sidecar-injector ## Use `batch/v1beta1` if using Kubernetes v1.22 or later. batchApiVersion: batch/v1 ## Helm tests configuration helmTests: image: mwendler/wget

cloudbees-flow-agent chart configuration values

The following tables list configurable parameters of the cloudbees-flow-agent chart and their default values.

The cloudbees-flow and cloudbees-flow-agent each have their own values.yaml. To get the latest cloudbees-flow-agent values file:

  1. Visit SonaType Nexus.

  2. Find the latest release of cloudbees-flow-agent and download the package.

  3. Open the package, and in the top-level of the directory, locate the values.yaml.

CloudBees CD/RO agent image values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml under the Common images configurations section.

Agent image default values
### -------------------------------------------- ### Common images configurations section ### -------------------------------------------- images: ## Image registry to pull CloudBees CD/RO images from. ## Example: registry: "123456789012.dkr.ecr.us-east-1.amazonaws.com" registry: "docker.io/cloudbees" ## The `imageRepository` in the `images.registry` to pull the agent image from. imageRepository: "cbflow-agent" ## CloudBees CD/RO flow-server image tag to pull. tag: "<REFER-TO-LATEST-RELEASE_TAG>" ## The image pull policy to use: pullPolicy: IfNotPresent ## Enable `imagePullSecrets` if you are using a private registry. ## Secrets must be manually created or already exist in the namespace. ## `imagePullSecrets: <secret-name>` imagePullSecrets: ## (OPTIONAL) Create an array of `imagePullSecrets` containing private registry credentials. ## when you have one or more secrets to use when pulling images. ## NOTE: Only one instance of `imagePullSecrets:` can be present. ## Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ # imagePullSecrets: # - name: "docker-registry" ## The name of the CloudBees CD/RO flow-server you are installing the agent for. ## Usually, a fully-qualified domain name, where the server ## is available for all agents (resources) and other components. ## By default, it is the internal cluster hostname for the K8S flow-server ## service. However, the CloudBees CD/RO flow-server will not be fully ## accessible to non-cluster components if this is the default. ## NOTE: If you are installing this agent in different namespace than ## flow-server, you must provide the `serverEndpoint` as `service-name.namespace`. ## Here it is assumed the server and agent are in the same namespace. serverEndpoint: flow-server

CloudBees CD/RO agent configuration values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Flow agent configuration section.

Agent configuration default values
### -------------------------------------------- ### Flow agent configuration section ### --------------------------------------------- ## Provide the resource pools you want your agents to attempt to register ## with when initializing and connecting with the flow-server. resourcePools: ## Flow resource name that agents in this deployment will be assigned to (defaults to hostname). ## You can use ordinary Helm template values. ## For example: ## {{ .Release.Name }}, {{ .Release.Namespace }}, etc. ## ## Additionally, the following special templates are allowed here: ## {{ hostname }} - will be replaced by the actual resource hostname ## {{ ordinalIndex }} - will be replaced by a serial replica index in StatefulSet ## ## Example resourceName: ## resourceName: "myResource - {{ .Release.Name }} - {{ ordinalIndex }}" ## resourceName: ## Release name prefix added to support this chart to launch as multiple sub-chart in CD deployment ## NOTE: Leave `releaseNamePrefix` empty for standalone deployments. releaseNamePrefix: ## Number of agent replicas to create. replicas: 1 ## The default is to deploy all pods one at a time. By setting `podManagementPolicy: "Parallel"` ## all pods are started at the same time. podManagementPolicy: "Parallel" ## The zone for resources created in the flow-server for the agent(s). ## This zone must exist in your flow-server instance. zoneName: ## The zone for workspace created in the flow-server for the agent(s). ## This zone must exist in your flow-server instance. workspaceName: ## Set `trustedAgent: true` to configure the agent as a trusted agent. ## NOTE This restricts the agent to one flow-server deployment. trustedAgent: false ## Type of resource to create on the remote flow-server. ## This argument is relevant only when the ## flow-server is using a mixed-mode license with ## concurrent resources and registered hosts. ## ## Valid options for `resourceType` are: ## `resourceType: concurrent` ## or ## `resourceType: registered` resourceType:

CloudBees CD/RO agent pod scheduling values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Pod scheduling settings section.

Agent pod scheduling settings default values
### -------------------------------------------- ### Pod scheduling settings ### --------------------------------------------- nodeSelector: {} tolerations: [] affinity: {} ## Interpreted as if passed to the CloudBees ecconfigure utility within the container. ecconfigure: "--agentInitMemoryMB=16 --agentMaxMemoryMB=64" ## The default loglevel for the agent. logLevel: DEBUG service: type: ClusterIP clusterIP: "None" ## External DNS hostname to set to as the agent service name. ## Used for Gateway Agent configuration. publicHostName: null ## (OPTIONAL) Provide a service name for the agent pod. name: ## Gateway Agents require port `7800` (by default) to be open externally ## to communicate with external agents. ## Creates extra Kubernetes service with type LoadBalancer ## Enabling `externalService` creates a Load Balancer Kubernetes service named `<prefix>-flow-agents-external`. ## Use your LoadBalancer Endpoint or DNS Endpoint (DNS Entry added for LB Endpoint) as the Resource Agent Host Name for ## the External Gateway Agent in CD/RO resources. ## If `service.publicHostName` is configured with a DNS Endpoint (DNS Entry added for LB Endpoint), an ## External Gateway Agent with the specified Agent Host Name is automatically created. externalService: enabled: false ## agent LoadBalancer service annotations for ## creating internal LoadBalancer on GCP or AWS. annotations: # networking.gke.io/load-balancer-type: "Internal" # service.beta.kubernetes.io/aws-load-balancer-internal: "0.0.0.0/0"

CloudBees CD/RO agent storage and resources values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Flow agent storage and resources configuration section.

Agent storage and resources default values
### -------------------------------------------- ### Flow agent storage and resources configuration section ### --------------------------------------------- storage: volumes: agentWorkspace: name: flow-agent-workspace ## `access-mode` is either: ## NFS: `accessMode: ReadWriteMany` ## Traditional volume mount `accessMode: ReadWriteOnce` accessMode: ReadWriteOnce storage: 5Gi ## To use any custom storage class just uncomment the line and state required storageClass name # storageClass: my-class ## Configure `existingClaim: true` if you have agents already deployed with a shared workspace or PVC. existingClaim: false resources: limits: cpu: 1 memory: 1024Mi requests: cpu: 0.25 memory: 512Mi ## Additional environment variables to set for agent. extraEnvs: [] # extraEnvs: # - name: FOO # valueFrom: # secretKeyRef: # key: FOO # name: secret-resource # - name: FOO # value: BAR

CloudBees CD/RO agent credential values

CloudBees CD/RO server credentials are used to register your agent as a resource on the CloudBees CD/RO server. The admin user is used by default. However, you may use a different user if desired. The user must have modify permissions on CloudBees CD/RO server resources.

You can find these cloudbees-flow-agent values referenced in the agent values.yaml.of the under the Flow server credentials configuration section.

Agent server credentials default values
### -------------------------------------------- ### Flow server credentials configuration section ### --------------------------------------------- ## CloudBees flow-server credentials used to register the agent as a resource on the flow-server. flowCredentials: ## If you are using an `existingSecret`, provide the name of the secret containing the flow-user credentials. ## The data field must contain base64 encoded values for keys 'CBF_SERVER_USER' and 'CBF_SERVER_PASSWORD'. ## You can modify and use the following command to create them: ## E.g., kubectl create secret generic your-flow-user-secret --from-literal=CBF_SERVER_USER='admin' --from-literal=CBF_SERVER_ADMIN_PASSWORD='XXXXXXX' -n your-release-namespace existingSecret: ## `serverSecretReference` is added to support case where agents need to refer flow servers existing admin credentials serverSecretReference: false ## `flowCredentials.user: admin` is used by default, you can specify a different user if desired. ## IMPORTANT: The `flowCredentials.user` must have `modify` permissions for `resources` on the flow-server. user: admin password:

CloudBees CD/RO agent pod security context values

For the default CloudBees CD/RO Helm charts, refer to CloudBees CD/RO default Helm charts. You can find these cloudbees-flow-agent values referenced in the agent values.yaml in the Pods security context section.

Agent pod security context default values
### -------------------------------------------- ### Pods security context ### --------------------------------------------- securityContext: enabled: false fsGroup: 1000 runAsUser: 1000 rbac: ## Specifies if RBAC resources should be created. create: false serviceAccountName: role: ## RBAC rules to create. rules: [] volumePermissions: enabled: true gateway: ## Install this agent as a gateway agent. enabled: false ## Name of the gateway to create. name: external ## Name of the gateway agent to pair with as gateway resource 2. pairedResourceName: ## Specify additional containers to mount for agent. additionalContainers: # - name: container-name # image: image:version # command: # - "/container-command" ## Horizontal Pod Autoscaling configuration for agent. autoscaling: enabled: false minReplicas: 1 maxReplicas: 3 targetCPUUtilizationPercentage: 80 targetMemoryUtilizationPercentage: 80 templates: [] ## Specify custom or additional autoscaling metrics. ## Ref: https://kubernetes.io/docs/tasks/run-application/horizontal-pod-autoscale/#support-for-custom-metrics # - type: Pods # pods: # metric: # name: server_process_requests_total # target: # type: AverageValue # averageValue: 10000m ## Specify additional volumes to mount in the agent container. additionalVolumes: [] ## Specify where your additional volumes are mounted in the agent container. additionalVolumeMounts: [] ## Helm tests configuration helmTests: image: mwendler/wget