/
values.yaml
181 lines (168 loc) · 6.21 KB
/
values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# This is the main configuration file for the Brigade chart.
# To override values here, specify them in your own YAML file, and override
# during install or upgrade:
#
# $ helm install -n brigade -f myValues.yaml brigade/brigade
#
# By default, the chart will install without RBAC. To install with
# RBAC, set `rbac.enabled` to `true`.
#
# To disable the GitHub gateway, set `gw.enabled` to `false`. This will mean
# that no GitHub hooks will work, though scripts will still be able to mount
# GitHub projects based on the Project configuration.
#
# Advanced Configuration
#
# Developers may wish to override the location of Docker images. For each
# deployment, `registry` controls the image registry, and `name` controls
# the image name. If unspecified, the Chart.yaml's appVersion field will be
# used to pull the tag. If you override the `tag` value, that version will
# be used instead.
#
# Note that if `rbac.enabled` is turned on, the chart will install a set of
# RBAC objects that are designed to give a moderate set of permissions to the
# Brigade core components. However, even if RBACs are not enabled, this chart
# will create service accounts for each entity that we install.Security experts
# may prefer to apply their own RBACs instead of the ones supplied by the chart.
# Provided that the service accounts remain the same, this chart should provide
# compatibility with custom rules.
# If enabled, roles, role bindings will be turned on.
# IMPORTANT: The RBAC system is complex, and if you are using RBACs in your
# cluster, you may need to evaluate existing rules and accounts in addition
# to the rules created here. We recommend that you understand RBACs
# before enabling this.
rbac:
enabled: false
# controller is the main event processor in Brigade.
controller:
registry: deis
name: brigade-controller
# tag should only be specified if you want to override Chart.appVersion
# The default tag is the value of .Chart.AppVersion
#tag:
#pullPolicy: IfNotPresent
# api is the API server. It is technically not needed for the operation of the
# Brigade controller, but it is used by tools to learn about the state of the
# cluster.
#
# If you disable it, Brigade will still process events, but extra tooling (like
# brig) may not be able to learn about it.
api:
enabled: true
registry: deis
name: brigade-api
# tag:
service:
name: brigade-api
type: ClusterIP
externalPort: 7745
internalPort: 7745
# Configure liveness probes except `httpGet` and the belongings
#livenessProbe:
# initialDelaySeconds: 20
# Configure readiness probes except `httpGet` and the belongings
#readinessProbe:
# initialDelaySeconds: 20
ingress:
enabled: false
hosts: []
paths:
- /
# worker is the JavaScript worker. These are created on demand by the controller.
worker:
registry: deis
name: brigade-worker
serviceAccount:
create: true
name: brigade-worker
#tag:
#pullPolicy: IfNotPresent
# gw is the GitHub gateway.
gw:
enabled: true
registry: deis
name: brigade-github-gateway
#tag:
#pullPolicy: IfNotPresent
# The author associations who are allowed to have PRs built
# Classes are: COLLABORATOR, CONTRIBUTOR, OWNER, NONE, MEMBER, FIRST_TIMER, FIRST_TME_CONTRIBUTOR
# See https://developer.github.com/v4/reference/enum/commentauthorassociation/
# To completely disable pull request builds, leave this list blank.
allowedAuthorRoles:
- OWNER
- MEMBER
- COLLABORATOR
# DEPRECATED: As of Brigade v0.10.0, this is a no-op. Use allowedAuthorRoles
# isntead.
#buildForkedPullRequests: true
# These values are for the Container Registry (CR) gateway.
# Enabling this will start a service that handles webhooks from container
# registries like DockerHub and ACR. Note that these registries do not have
# strong auth built in, so enabling this gateway could result in repeated
# bogus requests from an unauthenticated source. This could pose a security
# risk for poorly written scripts, and could be an opening for DOS-style
# attacks on your cluster.
cr:
enabled: false
registry: deis
name: brigade-cr-gateway
#tag: latest
service:
name: brigade-cr-service
type: ClusterIP # Change to LoadBalancer if you want this externally available.
externalPort: 80
internalPort: 8000
# The vacuum periodically cleans up old builds.
# Brigade does not delete builds on completion. Instead, it leaves builds around
# for a period of time, providing you with an opportunity to inspect builds for
# data.
# The vacuum will sweep the system at intervals and clear out old builds.
#
# To globally turn of the vacuum, set enabled=false
vacuum:
enabled: true
# Set a schedule for how frequently this check is run.
# Note that a run of the vacuum typically takes at least a minute. Finer-level
# granularity than that may result in multiple vacuums running at once.
# Format follows accepted Cron formats: https://en.wikipedia.org/wiki/Cron
schedule: "@hourly"
registry: "deis"
name: "brigade-vacuum"
# tag: latest
# Age tells the vacuum how old a thing may be before it is considered ready to
# be vacuumed. The format is an integer followed by the suffix h (hours), m (minutes)
# or s (seconds).
# The default is 30 days (720 hours)
age: "720h"
# maxBuilds tells the vacuum what the absolute maximum number of builds may be stored
# at a time. Where possible, we recommend using age rather than builds.
# -1 means no limit is imposed.
#
# If both age and maxBuilds are provided, age is applied first, then maxBuilds.
maxBuilds: -1
serviceAccount:
create: true
name:
# The service is for the Brigade gateway. If you do not want to have Brigade
# listening for incomming GitHub requests, disable this.
service:
name: brigade-service
type: LoadBalancer
externalPort: 7744
internalPort: 7744
# By default, this is off. If you enable it, you might want to change the
# service.type to ClusterIP
ingress:
enabled: false
hosts: []
paths:
- /
# Add TLS configuration
# tls: <TLS_CONFIG>
# Add custom annotations
# annotations:
# name: value
# DEVELOPMENT ONLY: Use this for off-ACS development
# Before enabling this, log into the acr registry with Docker and then
# run `scripts/generate-acr-secret.sh`
#privateRegistry: brigade-registry