Skip to content
Permalink
Branch: master
Find file Copy path
Find file Copy path
1229 lines (1228 sloc) 58.3 KB
{{- if .Values.web.enabled -}}
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
name: {{ template "concourse.web.fullname" . }}
labels:
app: {{ template "concourse.web.fullname" . }}
chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
release: "{{ .Release.Name }}"
heritage: "{{ .Release.Service }}"
spec:
replicas: {{ .Values.web.replicas }}
{{- if .Values.web.strategy }}
{{ toYaml .Values.web.strategy | indent 2 }}
{{- end }}
template:
metadata:
labels:
app: {{ template "concourse.web.fullname" . }}
release: "{{ .Release.Name }}"
{{- with .Values.web.labels }}
{{ toYaml . | trim | indent 8 }}
{{- end }}
{{- if .Values.web.annotations }}
annotations:
{{ toYaml .Values.web.annotations | indent 8 }}
{{- end }}
spec:
{{- if .Values.web.nodeSelector }}
nodeSelector:
{{ toYaml .Values.web.nodeSelector | indent 8 }}
{{- end }}
serviceAccountName: {{ if .Values.rbac.create }}{{ template "concourse.web.fullname" . }}{{ else }}{{ .Values.rbac.webServiceAccountName }}{{ end }}
{{- if .Values.web.tolerations }}
tolerations:
{{ toYaml .Values.web.tolerations | indent 8 }}
{{- end }}
{{- if .Values.imagePullSecrets }}
imagePullSecrets:
{{- range .Values.imagePullSecrets }}
- name: {{ . }}
{{- end }}
{{- end }}
containers:
{{- if .Values.web.sidecarContainers }}
{{- toYaml .Values.web.sidecarContainers | nindent 8 }}
{{- end }}
- name: {{ template "concourse.web.fullname" . }}
{{- if .Values.imageDigest }}
image: "{{ .Values.image }}@{{ .Values.imageDigest }}"
{{- else }}
image: "{{ .Values.image }}:{{ .Values.imageTag }}"
{{- end }}
imagePullPolicy: {{ .Values.imagePullPolicy | quote }}
args:
- web
env:
{{- if .Values.concourse.web.clusterName }}
- name: CONCOURSE_CLUSTER_NAME
value: {{ .Values.concourse.web.clusterName | quote }}
{{- end }}
{{- if .Values.concourse.web.maxConns }}
- name: CONCOURSE_MAX_CONNS
value: {{ .Values.concourse.web.maxConns | quote }}
{{- end }}
{{- if .Values.concourse.web.enableGlobalResources }}
- name: CONCOURSE_ENABLE_GLOBAL_RESOURCES
value: {{ .Values.concourse.web.enableGlobalResources | quote }}
{{- end }}
{{- if .Values.concourse.web.enableBuildAuditing }}
- name: CONCOURSE_ENABLE_BUILD_AUDITING
value: {{ .Values.concourse.web.enableBuildAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableContainerAuditing }}
- name: CONCOURSE_ENABLE_CONTAINER_AUDITING
value: {{ .Values.concourse.web.enableContainerAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableJobAuditing }}
- name: CONCOURSE_ENABLE_JOB_AUDITING
value: {{ .Values.concourse.web.enableJobAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enablePipelineAuditing }}
- name: CONCOURSE_ENABLE_PIPELINE_AUDITING
value: {{ .Values.concourse.web.enablePipelineAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableResourceAuditing }}
- name: CONCOURSE_ENABLE_RESOURCE_AUDITING
value: {{ .Values.concourse.web.enableResourceAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableSystemAuditing }}
- name: CONCOURSE_ENABLE_SYSTEM_AUDITING
value: {{ .Values.concourse.web.enableSystemAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableTeamAuditing }}
- name: CONCOURSE_ENABLE_TEAM_AUDITING
value: {{ .Values.concourse.web.enableTeamAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableWorkerAuditing }}
- name: CONCOURSE_ENABLE_WORKER_AUDITING
value: {{ .Values.concourse.web.enableWorkerAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.enableVolumeAuditing }}
- name: CONCOURSE_ENABLE_VOLUME_AUDITING
value: {{ .Values.concourse.web.enableVolumeAuditing | quote }}
{{- end }}
{{- if .Values.concourse.web.secretRetryAttempts }}
- name: CONCOURSE_SECRET_RETRY_ATTEMPTS
value: {{ .Values.concourse.web.secretRetryAttempts | quote }}
{{- end }}
{{- if .Values.concourse.web.secretRetryInterval }}
- name: CONCOURSE_SECRET_RETRY_INTERVAL
value: {{ .Values.concourse.web.secretRetryInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.secretCacheDuration }}
- name: CONCOURSE_SECRET_CACHE_DURATION
value: {{ .Values.concourse.web.secretCacheDuration | quote }}
{{- end }}
{{- if .Values.concourse.web.secretCacheEnabled }}
- name: CONCOURSE_SECRET_CACHE_ENABLED
value: {{ .Values.concourse.web.secretCacheEnabled | quote }}
{{- end }}
{{- if .Values.concourse.web.secretCachePurgeInterval }}
- name: CONCOURSE_SECRET_CACHE_PURGE_INTERVAL
value: {{ .Values.concourse.web.secretCachePurgeInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.awsSecretsManager.region }}
- name: CONCOURSE_AWS_SECRETSMANAGER_REGION
value: {{ .Values.concourse.web.awsSecretsManager.region | quote }}
{{- end }}
{{- if .Values.concourse.web.awsSsm.region }}
- name: CONCOURSE_AWS_SSM_REGION
value: {{ .Values.concourse.web.awsSsm.region | quote }}
{{- end }}
{{- if .Values.concourse.web.metrics.bufferSize }}
- name: CONCOURSE_METRICS_BUFFER_SIZE
value: {{ .Values.concourse.web.metrics.bufferSize | quote }}
{{- end }}
{{- if .Values.concourse.web.metrics.captureErrorMetrics }}
- name: CONCOURSE_CAPTURE_ERROR_METRICS
value: {{ .Values.concourse.web.metrics.captureErrorMetrics | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.config }}
- name: CONCOURSE_MAIN_TEAM_CONFIG
value: {{ .Values.concourse.web.auth.mainTeam.config | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.bitbucketCloud.user }}
- name: CONCOURSE_MAIN_TEAM_BITBUCKET_CLOUD_USER
value: {{ .Values.concourse.web.auth.mainTeam.bitbucketCloud.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.bitbucketCloud.team }}
- name: CONCOURSE_MAIN_TEAM_BITBUCKET_CLOUD_TEAM
value: {{ .Values.concourse.web.auth.mainTeam.bitbucketCloud.team | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.bitbucketCloud.enabled }}
- name: CONCOURSE_BITBUCKET_CLOUD_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: bitbucket-cloud-client-id
- name: CONCOURSE_BITBUCKET_CLOUD_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: bitbucket-cloud-client-secret
{{- end }}
{{- if .Values.concourse.web.logLevel }}
- name: CONCOURSE_LOG_LEVEL
value: {{ .Values.concourse.web.logLevel | quote }}
{{- end }}
{{- if .Values.concourse.web.bindPort }}
- name: CONCOURSE_BIND_PORT
value: {{ .Values.concourse.web.bindPort | quote }}
{{- end }}
{{- if .Values.concourse.web.bindIp }}
- name: CONCOURSE_BIND_IP
value: {{ .Values.concourse.web.bindIp | quote }}
{{- end }}
{{- if .Values.concourse.web.localAuth.enabled }}
- name: CONCOURSE_ADD_LOCAL_USER
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: local-users
{{- end }}
{{- if .Values.concourse.web.tls.enabled }}
- name: CONCOURSE_TLS_BIND_PORT
value: {{ .Values.concourse.web.tls.bindPort | quote }}
- name: CONCOURSE_TLS_CERT
value: "{{ .Values.web.tlsSecretsPath }}/client.cert"
- name: CONCOURSE_TLS_KEY
value: "{{ .Values.web.tlsSecretsPath }}/client.key"
{{- end }}
{{- if .Values.concourse.web.tls.enabled }}
- name: CONCOURSE_EXTERNAL_URL
value: {{ required "Must specify HTTPS external URL when concourse.web.tls.enabled is true" .Values.concourse.web.externalUrl | quote }}
{{- else }}
{{- if .Values.concourse.web.externalUrl }}
- name: CONCOURSE_EXTERNAL_URL
value: {{ .Values.concourse.web.externalUrl | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.encryption.enabled }}
- name: CONCOURSE_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: encryption-key
- name: CONCOURSE_OLD_ENCRYPTION_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: old-encryption-key
{{- end }}
{{- if .Values.concourse.web.debugBindIp }}
- name: CONCOURSE_DEBUG_BIND_IP
value: {{ .Values.concourse.web.debugBindIp | quote }}
{{- end }}
{{- if .Values.concourse.web.debugBindPort }}
- name: CONCOURSE_DEBUG_BIND_PORT
value: {{ .Values.concourse.web.debugBindPort | quote }}
{{- end }}
{{- if .Values.concourse.web.interceptIdleTimeout }}
- name: CONCOURSE_INTERCEPT_IDLE_TIMEOUT
value: {{ .Values.concourse.web.interceptIdleTimeout | quote }}
{{- end }}
{{- if .Values.concourse.web.globalResourceCheckTimeout }}
- name: CONCOURSE_GLOBAL_RESOURCE_CHECK_TIMEOUT
value: {{ .Values.concourse.web.globalResourceCheckTimeout | quote }}
{{- end }}
{{- if .Values.concourse.web.resourceCheckingInterval }}
- name: CONCOURSE_RESOURCE_CHECKING_INTERVAL
value: {{ .Values.concourse.web.resourceCheckingInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.resourceTypeCheckingInterval }}
- name: CONCOURSE_RESOURCE_TYPE_CHECKING_INTERVAL
value: {{ .Values.concourse.web.resourceTypeCheckingInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.containerPlacementStrategy }}
- name: CONCOURSE_CONTAINER_PLACEMENT_STRATEGY
value: {{ .Values.concourse.web.containerPlacementStrategy | quote }}
{{- end }}
{{- if .Values.concourse.web.limitActiveTasks }}
- name: CONCOURSE_MAX_ACTIVE_TASKS_PER_WORKER
value: {{ .Values.concourse.web.limitActiveTasks | quote }}
{{- end}}
{{- if .Values.concourse.web.baggageclaimResponseHeaderTimeout }}
- name: CONCOURSE_BAGGAGECLAIM_RESPONSE_HEADER_TIMEOUT
value: {{ .Values.concourse.web.baggageclaimResponseHeaderTimeout | quote }}
{{- end }}
{{- if .Values.concourse.web.cliArtifactsDir }}
- name: CONCOURSE_CLI_ARTIFACTS_DIR
value: {{ .Values.concourse.web.cliArtifactsDir | quote }}
{{- end }}
{{- if .Values.concourse.web.logDbQueries }}
- name: CONCOURSE_LOG_DB_QUERIES
value: {{ .Values.concourse.web.logDbQueries | quote }}
{{- end }}
{{- if .Values.concourse.web.buildTrackerInterval }}
- name: CONCOURSE_BUILD_TRACKER_INTERVAL
value: {{ .Values.concourse.web.buildTrackerInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.defaultBuildLogsToRetain }}
- name: CONCOURSE_DEFAULT_BUILD_LOGS_TO_RETAIN
value: {{ .Values.concourse.web.defaultBuildLogsToRetain | quote }}
{{- end }}
{{- if .Values.concourse.web.maxBuildLogsToRetain }}
- name: CONCOURSE_MAX_BUILD_LOGS_TO_RETAIN
value: {{ .Values.concourse.web.maxBuildLogsToRetain | quote }}
{{- end }}
{{- if .Values.concourse.web.defaultDaysToRetainBuildLogs }}
- name: CONCOURSE_DEFAULT_DAYS_TO_RETAIN_BUILD_LOGS
value: {{ .Values.concourse.web.defaultDaysToRetainBuildLogs | quote }}
{{- end }}
{{- if .Values.concourse.web.maxDaysToRetainBuildLogs }}
- name: CONCOURSE_MAX_DAYS_TO_RETAIN_BUILD_LOGS
value: {{ .Values.concourse.web.maxDaysToRetainBuildLogs | quote }}
{{- end }}
{{- if .Values.concourse.web.defaultTaskCpuLimit }}
- name: CONCOURSE_DEFAULT_TASK_CPU_LIMIT
value: {{ .Values.concourse.web.defaultTaskCpuLimit | quote }}
{{- end }}
{{- if .Values.concourse.web.defaultTaskMemoryLimit }}
- name: CONCOURSE_DEFAULT_TASK_MEMORY_LIMIT
value: {{ .Values.concourse.web.defaultTaskMemoryLimit | quote }}
{{- end }}
{{- if .Values.postgresql.enabled }}
- name: CONCOURSE_POSTGRES_HOST
value: {{ template "concourse.postgresql.fullname" . }}
- name: CONCOURSE_POSTGRES_USER
value: {{ .Values.postgresql.postgresqlUsername | quote }}
- name: CONCOURSE_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "concourse.postgresql.fullname" . }}
key: postgresql-password
- name: CONCOURSE_POSTGRES_DATABASE
value: {{ .Values.postgresql.postgresqlDatabase | quote }}
{{- else }}
{{- if .Values.concourse.web.postgres.host }}
- name: CONCOURSE_POSTGRES_HOST
value: {{ .Values.concourse.web.postgres.host | quote }}
{{- end }}
{{- if .Values.concourse.web.postgres.port }}
- name: CONCOURSE_POSTGRES_PORT
value: {{ .Values.concourse.web.postgres.port | quote }}
{{- end }}
{{- if .Values.concourse.web.postgres.socket }}
- name: CONCOURSE_POSTGRES_SOCKET
value: {{ .Values.concourse.web.postgres.socket | quote }}
{{- end }}
- name: CONCOURSE_POSTGRES_USER
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: postgresql-user
- name: CONCOURSE_POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: postgresql-password
{{- if .Values.concourse.web.postgres.sslmode }}
- name: CONCOURSE_POSTGRES_SSLMODE
value: {{ .Values.concourse.web.postgres.sslmode | quote }}
{{- end }}
{{- if .Values.secrets.postgresCaCert }}
- name: CONCOURSE_POSTGRES_CA_CERT
value: "{{ .Values.web.postgresqlSecretsPath }}/ca.cert"
{{- end }}
{{- if .Values.secrets.postgresClientCert }}
- name: CONCOURSE_POSTGRES_CLIENT_CERT
value: "{{ .Values.web.postgresqlSecretsPath }}/client.cert"
{{- end }}
{{- if .Values.secrets.postgresClientKey }}
- name: CONCOURSE_POSTGRES_CLIENT_KEY
value: "{{ .Values.web.postgresqlSecretsPath }}/client.key"
{{- end }}
{{- if .Values.concourse.web.postgres.connectTimeout }}
- name: CONCOURSE_POSTGRES_CONNECT_TIMEOUT
value: {{ .Values.concourse.web.postgres.connectTimeout | quote }}
{{- end }}
{{- if .Values.concourse.web.postgres.database }}
- name: CONCOURSE_POSTGRES_DATABASE
value: {{ .Values.concourse.web.postgres.database | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.kubernetes.enabled }}
- name: CONCOURSE_KUBERNETES_IN_CLUSTER
value: "true"
- name: CONCOURSE_KUBERNETES_NAMESPACE_PREFIX
value: {{ template "concourse.namespacePrefix" . }}
{{- else}}
{{- if .Values.concourse.web.kubernetes.configPath }}
- name: CONCOURSE_KUBERNETES_CONFIG_PATH
value: {{ .Values.concourse.web.kubernetes.configPath | quote }}
{{- end }}
{{- if .Values.concourse.web.kubernetes.namespacePrefix }}
- name: CONCOURSE_KUBERNETES_NAMESPACE_PREFIX
value: {{ .Values.concourse.web.kubernetes.namespacePrefix | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.awsSecretsManager.enabled }}
{{- if .Values.concourse.web.awsSecretsManager.keyAuth.enabled }}
- name: CONCOURSE_AWS_SECRETSMANAGER_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-secretsmanager-access-key
- name: CONCOURSE_AWS_SECRETSMANAGER_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-secretsmanager-secret-key
{{- if .Values.concourse.web.awsSecretsManager.keyAuth.useSessionToken }}
- name: CONCOURSE_AWS_SECRETSMANAGER_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-secretsmanager-session-token
{{- end }}
{{- end }}
{{- if .Values.concourse.web.awsSecretsManager.pipelineSecretTemplate }}
- name: CONCOURSE_AWS_SECRETSMANAGER_PIPELINE_SECRET_TEMPLATE
value: {{ .Values.concourse.web.awsSecretsManager.pipelineSecretTemplate | quote }}
{{- end }}
{{- if .Values.concourse.web.awsSecretsManager.teamSecretTemplate }}
- name: CONCOURSE_AWS_SECRETSMANAGER_TEAM_SECRET_TEMPLATE
value: {{ .Values.concourse.web.awsSecretsManager.teamSecretTemplate | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.awsSsm.enabled }}
{{- if .Values.concourse.web.awsSsm.keyAuth.enabled }}
- name: CONCOURSE_AWS_SSM_ACCESS_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-ssm-access-key
- name: CONCOURSE_AWS_SSM_SECRET_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-ssm-secret-key
{{- if .Values.concourse.web.awsSsm.keyAuth.useSessionToken }}
- name: CONCOURSE_AWS_SSM_SESSION_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: aws-ssm-session-token
{{- end }}
{{- end }}
{{- if .Values.concourse.web.awsSsm.pipelineSecretTemplate }}
- name: CONCOURSE_AWS_SSM_PIPELINE_SECRET_TEMPLATE
value: {{ .Values.concourse.web.awsSsm.pipelineSecretTemplate | quote }}
{{- end }}
{{- if .Values.concourse.web.awsSsm.teamSecretTemplate }}
- name: CONCOURSE_AWS_SSM_TEAM_SECRET_TEMPLATE
value: {{ .Values.concourse.web.awsSsm.teamSecretTemplate | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.vault.enabled }}
- name: CONCOURSE_VAULT_URL
value: {{ .Values.concourse.web.vault.url | quote }}
- name: CONCOURSE_VAULT_PATH_PREFIX
value: {{ .Values.concourse.web.vault.pathPrefix | quote }}
{{- if.Values.concourse.web.vault.sharedPath }}
- name: CONCOURSE_VAULT_SHARED_PATH
value: {{ .Values.concourse.web.vault.sharedPath | quote }}
{{- end }}
- name: CONCOURSE_VAULT_AUTH_BACKEND
value: {{ .Values.concourse.web.vault.authBackend | quote }}
{{- if .Values.concourse.web.vault.useCaCert }}
- name: CONCOURSE_VAULT_CA_CERT
value: "{{ .Values.web.vaultSecretsPath }}/ca.cert"
{{- end }}
{{- if eq .Values.concourse.web.vault.authBackend "token" }}
- name: CONCOURSE_VAULT_CLIENT_TOKEN
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: vault-client-token
{{- end }}
{{- if eq .Values.concourse.web.vault.authBackend "cert" }}
- name: CONCOURSE_VAULT_CLIENT_CERT
value: "{{ .Values.web.vaultSecretsPath }}/client.cert"
- name: CONCOURSE_VAULT_CLIENT_KEY
value: "{{ .Values.web.vaultSecretsPath }}/client.key"
{{- end }}
{{- if eq .Values.concourse.web.vault.authBackend "approle" }}
- name: CONCOURSE_VAULT_AUTH_PARAM
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: vault-client-auth-param
{{- end }}
{{- if .Values.concourse.web.vault.authBackendMaxTtl }}
- name: CONCOURSE_VAULT_AUTH_BACKEND_MAX_TTL
value: {{ .Values.concourse.web.vault.authBackendMaxTtl | quote }}
{{- end }}
{{- if .Values.concourse.web.vault.caPath }}
- name: CONCOURSE_VAULT_CA_PATH
value: {{ .Values.concourse.web.vault.caPath | quote }}
{{- end }}
{{- if .Values.concourse.web.vault.insecureSkipVerify }}
- name: CONCOURSE_VAULT_INSECURE_SKIP_VERIFY
value: {{ .Values.concourse.web.vault.insecureSkipVerify | quote }}
{{- end }}
{{- if .Values.concourse.web.vault.retryInitial }}
- name: CONCOURSE_VAULT_RETRY_INITIAL
value: {{ .Values.concourse.web.vault.retryInitial | quote }}
{{- end }}
{{- if .Values.concourse.web.vault.retryMax }}
- name: CONCOURSE_VAULT_RETRY_MAX
value: {{ .Values.concourse.web.vault.retryMax | quote }}
{{- end }}
{{- if .Values.concourse.web.vault.serverName }}
- name: CONCOURSE_VAULT_SERVER_NAME
value: {{ .Values.concourse.web.vault.serverName | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.credhub.enabled }}
{{- if .Values.concourse.web.credhub.useCaCert }}
- name: CONCOURSE_CREDHUB_CA_CERT
value: "{{ .Values.web.credhubSecretsPath }}/ca.cert"
{{- end }}
- name: CONCOURSE_CREDHUB_URL
value: {{ .Values.concourse.web.credhub.url | quote }}
{{- if.Values.concourse.web.credhub.pathPrefix }}
- name: CONCOURSE_CREDHUB_PATH_PREFIX
value: {{ .Values.concourse.web.credhub.pathPrefix | quote }}
{{- end }}
{{- if .Values.concourse.web.credhub.insecureSkipVerify }}
- name: CONCOURSE_CREDHUB_INSECURE_SKIP_VERIFY
value: {{ .Values.concourse.web.credhub.insecureSkipVerify | quote }}
{{- end }}
{{- if (eq .Values.concourse.web.credhub.authenticationMode "secrets") }}
- name: CONCOURSE_CREDHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: credhub-client-id
- name: CONCOURSE_CREDHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: credhub-client-secret
{{- else if (eq .Values.concourse.web.credhub.authenticationMode "mtls") }}
- name: CONCOURSE_CREDHUB_CLIENT_CERT
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: credhub-client-cert
- name: CONCOURSE_CREDHUB_CLIENT_KEY
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: credhub-client-key
{{- end }}
{{- end }}
{{- if .Values.concourse.web.noop }}
- name: CONCOURSE_NOOP
value: {{ .Values.concourse.web.noop | quote }}
{{- end }}
{{- if .Values.concourse.web.staticWorker.enabled }}
{{- if .Values.concourse.web.staticWorker.gardenUrl }}
- name: CONCOURSE_WORKER_GARDEN_URL
value: {{ .Values.concourse.web.staticWorker.gardenUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.staticWorker.baggageclaimUrl }}
- name: CONCOURSE_WORKER_BAGGAGECLAIM_URL
value: {{ .Values.concourse.web.staticWorker.baggageclaimUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.staticWorker.resource }}
- name: CONCOURSE_WORKER_RESOURCE
value: {{ .Values.concourse.web.staticWorker.resource | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.metrics.hostName }}
- name: CONCOURSE_METRICS_HOST_NAME
value: {{ .Values.concourse.web.metrics.hostName | quote }}
{{- end }}
{{- if .Values.concourse.web.metrics.attribute }}
- name: CONCOURSE_METRICS_ATTRIBUTE
value: {{ .Values.concourse.web.metrics.attribute | quote }}
{{- end }}
{{- if .Values.concourse.web.datadog.enabled }}
- name: CONCOURSE_DATADOG_AGENT_HOST
{{- if .Values.concourse.web.datadog.agentHostUseHostIP }}
valueFrom:
fieldRef:
fieldPath: status.hostIP
{{- else }}
value: {{ .Values.concourse.web.datadog.agentHost | quote }}
{{- end }}
- name: CONCOURSE_DATADOG_AGENT_PORT
value: {{ .Values.concourse.web.datadog.agentPort | quote }}
{{- if .Values.concourse.web.datadog.prefix }}
- name: CONCOURSE_DATADOG_PREFIX
value: {{ .Values.concourse.web.datadog.prefix | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.influxdb.enabled }}
- name: CONCOURSE_INFLUXDB_URL
value: {{ .Values.concourse.web.influxdb.url | quote }}
{{- if .Values.concourse.web.influxdb.batchSize }}
- name: CONCOURSE_INFLUXDB_BATCH_SIZE
value: {{.Values.concourse.web.influxdb.batchSize | quote }}
{{- end }}
{{- if .Values.concourse.web.influxdb.batchDuration }}
- name: CONCOURSE_INFLUXDB_BATCH_DURATION
value: {{.Values.concourse.web.influxdb.batchDuration | quote }}
{{- end }}
- name: CONCOURSE_INFLUXDB_DATABASE
value: {{ .Values.concourse.web.influxdb.database | quote }}
- name: CONCOURSE_INFLUXDB_USERNAME
value: {{ .Values.concourse.web.influxdb.username | quote }}
- name: CONCOURSE_INFLUXDB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: influxdb-password
- name: CONCOURSE_INFLUXDB_INSECURE_SKIP_VERIFY
value: {{ .Values.concourse.web.influxdb.insecureSkipVerify | quote}}
{{- end }}
{{- if .Values.concourse.web.emitToLogs }}
- name: CONCOURSE_EMIT_TO_LOGS
value: {{ .Values.concourse.web.emitToLogs | quote }}
{{- end }}
{{- if .Values.concourse.web.newrelic.enabled }}
{{- if .Values.concourse.web.newrelic.accountId }}
- name: CONCOURSE_NEWRELIC_ACCOUNT_ID
value: {{ .Values.concourse.web.newrelic.accountId | quote }}
{{- end }}
{{- if .Values.concourse.web.newrelic.apiKey }}
- name: CONCOURSE_NEWRELIC_API_KEY
value: {{ .Values.concourse.web.newrelic.apiKey | quote }}
{{- end }}
{{- if .Values.concourse.web.newrelic.servicePrefix }}
- name: CONCOURSE_NEWRELIC_SERVICE_PREFIX
value: {{ .Values.concourse.web.newrelic.servicePrefix | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.prometheus.enabled }}
- name: CONCOURSE_PROMETHEUS_BIND_IP
value: {{ .Values.concourse.web.prometheus.bindIp | quote }}
- name: CONCOURSE_PROMETHEUS_BIND_PORT
value: {{ .Values.concourse.web.prometheus.bindPort | quote }}
{{- end }}
{{- if .Values.concourse.web.riemann.enabled }}
{{- if .Values.concourse.web.riemann.host }}
- name: CONCOURSE_RIEMANN_HOST
value: {{ .Values.concourse.web.riemann.host | quote }}
{{- end }}
{{- if .Values.concourse.web.riemann.port }}
- name: CONCOURSE_RIEMANN_PORT
value: {{ .Values.concourse.web.riemann.port | quote }}
{{- end }}
{{- if .Values.concourse.web.riemann.servicePrefix }}
- name: CONCOURSE_RIEMANN_SERVICE_PREFIX
value: {{ .Values.concourse.web.riemann.servicePrefix | quote }}
{{- end }}
{{- if .Values.concourse.web.riemann.tag }}
- name: CONCOURSE_RIEMANN_TAG
value: {{ .Values.concourse.web.riemann.tag | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.xFrameOptions }}
- name: CONCOURSE_X_FRAME_OPTIONS
value: {{ .Values.concourse.web.xFrameOptions | quote }}
{{- end }}
{{- if .Values.concourse.web.gc.interval }}
- name: CONCOURSE_GC_INTERVAL
value: {{ .Values.concourse.web.gc.interval | quote }}
{{- end }}
{{- if .Values.concourse.web.gc.oneOffGracePeriod }}
- name: CONCOURSE_GC_ONE_OFF_GRACE_PERIOD
value: {{ .Values.concourse.web.gc.oneOffGracePeriod | quote }}
{{- end }}
{{- if .Values.concourse.web.gc.missingGracePeriod }}
- name: CONCOURSE_GC_MISSING_GRACE_PERIOD
value: {{ .Values.concourse.web.gc.missingGracePeriod | quote }}
{{- end }}
{{- if .Values.concourse.web.syslog.enabled }}
{{- if .Values.concourse.web.syslog.hostname }}
- name: CONCOURSE_SYSLOG_HOSTNAME
value: {{ .Values.concourse.web.syslog.hostname | quote }}
{{- end }}
{{- if .Values.concourse.web.syslog.address }}
- name: CONCOURSE_SYSLOG_ADDRESS
value: {{ .Values.concourse.web.syslog.address | quote }}
{{- end }}
{{- if .Values.concourse.web.syslog.transport }}
- name: CONCOURSE_SYSLOG_TRANSPORT
value: {{ .Values.concourse.web.syslog.transport | quote }}
{{- end }}
{{- if .Values.concourse.web.syslog.drainInterval }}
- name: CONCOURSE_SYSLOG_DRAIN_INTERVAL
value: {{ .Values.concourse.web.syslog.drainInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.syslog.useCaCert }}
- name: CONCOURSE_SYSLOG_CA_CERT
value: "{{ .Values.web.syslogSecretsPath }}/ca.cert"
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.cookieSecure }}
- name: CONCOURSE_COOKIE_SECURE
value: {{ .Values.concourse.web.auth.cookieSecure | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.duration }}
- name: CONCOURSE_AUTH_DURATION
value: {{ .Values.concourse.web.auth.duration | quote }}
{{- end }}
- name: CONCOURSE_SESSION_SIGNING_KEY
value: "{{ .Values.web.keySecretsPath }}/session_signing_key"
{{- if .Values.concourse.web.auth.mainTeam.localUser }}
- name: CONCOURSE_MAIN_TEAM_LOCAL_USER
value: {{ .Values.concourse.web.auth.mainTeam.localUser | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.cf.org }}
- name: CONCOURSE_MAIN_TEAM_CF_ORG
value: {{ .Values.concourse.web.auth.mainTeam.cf.org | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.cf.space }}
- name: CONCOURSE_MAIN_TEAM_CF_SPACE
value: {{ .Values.concourse.web.auth.mainTeam.cf.space | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.cf.spaceGuid }}
- name: CONCOURSE_MAIN_TEAM_CF_SPACE_GUID
value: {{ .Values.concourse.web.auth.mainTeam.cf.spaceGuid | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.cf.user }}
- name: CONCOURSE_MAIN_TEAM_CF_USER
value: {{ .Values.concourse.web.auth.mainTeam.cf.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.github.user }}
- name: CONCOURSE_MAIN_TEAM_GITHUB_USER
value: {{ .Values.concourse.web.auth.mainTeam.github.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.github.org }}
- name: CONCOURSE_MAIN_TEAM_GITHUB_ORG
value: {{ .Values.concourse.web.auth.mainTeam.github.org | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.github.team }}
- name: CONCOURSE_MAIN_TEAM_GITHUB_TEAM
value: {{ .Values.concourse.web.auth.mainTeam.github.team | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.gitlab.user }}
- name: CONCOURSE_MAIN_TEAM_GITLAB_USER
value: {{ .Values.concourse.web.auth.mainTeam.gitlab.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.gitlab.group }}
- name: CONCOURSE_MAIN_TEAM_GITLAB_GROUP
value: {{ .Values.concourse.web.auth.mainTeam.gitlab.group | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.ldap.user }}
- name: CONCOURSE_MAIN_TEAM_LDAP_USER
value: {{ .Values.concourse.web.auth.mainTeam.ldap.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.ldap.group }}
- name: CONCOURSE_MAIN_TEAM_LDAP_GROUP
value: {{ .Values.concourse.web.auth.mainTeam.ldap.group | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.oauth.user }}
- name: CONCOURSE_MAIN_TEAM_OAUTH_USER
value: {{ .Values.concourse.web.auth.mainTeam.oauth.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.oauth.group }}
- name: CONCOURSE_MAIN_TEAM_OAUTH_GROUP
value: {{ .Values.concourse.web.auth.mainTeam.oauth.group | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.oidc.group }}
- name: CONCOURSE_MAIN_TEAM_OIDC_GROUP
value: {{ .Values.concourse.web.auth.mainTeam.oidc.group | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.mainTeam.oidc.user }}
- name: CONCOURSE_MAIN_TEAM_OIDC_USER
value: {{ .Values.concourse.web.auth.mainTeam.oidc.user | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.cf.enabled }}
- name: CONCOURSE_CF_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: cf-client-id
- name: CONCOURSE_CF_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: cf-client-secret
{{- if .Values.concourse.web.auth.cf.apiUrl }}
- name: CONCOURSE_CF_API_URL
value: {{ .Values.concourse.web.auth.cf.apiUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.cf.useCaCert }}
- name: CONCOURSE_CF_CA_CERT
value: "{{ .Values.web.authSecretsPath }}/cf_ca.cert"
{{- end }}
{{- if .Values.concourse.web.auth.cf.skipSslValidation }}
- name: CONCOURSE_CF_SKIP_SSL_VALIDATION
value: {{ .Values.concourse.web.auth.cf.skipSslValidation | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.github.enabled }}
- name: CONCOURSE_GITHUB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: github-client-id
- name: CONCOURSE_GITHUB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: github-client-secret
{{- if .Values.concourse.web.auth.github.host }}
- name: CONCOURSE_GITHUB_HOST
value: {{ .Values.concourse.web.auth.github.host | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.github.useCaCert }}
- name: CONCOURSE_GITHUB_CA_CERT
value: "{{ .Values.web.authSecretsPath }}/github_ca.cert"
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.gitlab.enabled }}
- name: CONCOURSE_GITLAB_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: gitlab-client-id
- name: CONCOURSE_GITLAB_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: gitlab-client-secret
{{- if .Values.concourse.web.auth.gitlab.host }}
- name: CONCOURSE_GITLAB_HOST
value: {{ .Values.concourse.web.auth.gitlab.host | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.enabled }}
{{- if .Values.concourse.web.auth.ldap.bindDn }}
- name: CONCOURSE_LDAP_BIND_DN
value: {{ .Values.concourse.web.auth.ldap.bindDn | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.bindPw }}
- name: CONCOURSE_LDAP_BIND_PW
value: {{ .Values.concourse.web.auth.ldap.bindPw | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.useCaCert }}
- name: CONCOURSE_LDAP_CA_CERT
value: "{{ .Values.web.authSecretsPath }}/ldap_ca.cert"
{{- end }}
{{- if .Values.concourse.web.auth.ldap.displayName }}
- name: CONCOURSE_LDAP_DISPLAY_NAME
value: {{ .Values.concourse.web.auth.ldap.displayName | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchBaseDn }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_BASE_DN
value: {{ .Values.concourse.web.auth.ldap.groupSearchBaseDn | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchFilter }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_FILTER
value: {{ .Values.concourse.web.auth.ldap.groupSearchFilter | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchGroupAttr }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_GROUP_ATTR
value: {{ .Values.concourse.web.auth.ldap.groupSearchGroupAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchNameAttr }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_NAME_ATTR
value: {{ .Values.concourse.web.auth.ldap.groupSearchNameAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchScope }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_SCOPE
value: {{ .Values.concourse.web.auth.ldap.groupSearchScope | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.groupSearchUserAttr }}
- name: CONCOURSE_LDAP_GROUP_SEARCH_USER_ATTR
value: {{ .Values.concourse.web.auth.ldap.groupSearchUserAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.host }}
- name: CONCOURSE_LDAP_HOST
value: {{ .Values.concourse.web.auth.ldap.host | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.insecureNoSsl }}
- name: CONCOURSE_LDAP_INSECURE_NO_SSL
value: {{ .Values.concourse.web.auth.ldap.insecureNoSsl | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.insecureSkipVerify }}
- name: CONCOURSE_LDAP_INSECURE_SKIP_VERIFY
value: {{ .Values.concourse.web.auth.ldap.insecureSkipVerify | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.startTls }}
- name: CONCOURSE_LDAP_START_TLS
value: {{ .Values.concourse.web.auth.ldap.startTls | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchBaseDn }}
- name: CONCOURSE_LDAP_USER_SEARCH_BASE_DN
value: {{ .Values.concourse.web.auth.ldap.userSearchBaseDn | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchEmailAttr }}
- name: CONCOURSE_LDAP_USER_SEARCH_EMAIL_ATTR
value: {{ .Values.concourse.web.auth.ldap.userSearchEmailAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchFilter }}
- name: CONCOURSE_LDAP_USER_SEARCH_FILTER
value: {{ .Values.concourse.web.auth.ldap.userSearchFilter | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchIdAttr }}
- name: CONCOURSE_LDAP_USER_SEARCH_ID_ATTR
value: {{ .Values.concourse.web.auth.ldap.userSearchIdAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchNameAttr }}
- name: CONCOURSE_LDAP_USER_SEARCH_NAME_ATTR
value: {{ .Values.concourse.web.auth.ldap.userSearchNameAttr | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchScope }}
- name: CONCOURSE_LDAP_USER_SEARCH_SCOPE
value: {{ .Values.concourse.web.auth.ldap.userSearchScope | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.ldap.userSearchUsername }}
- name: CONCOURSE_LDAP_USER_SEARCH_USERNAME
value: {{ .Values.concourse.web.auth.ldap.userSearchUsername | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.enabled }}
{{- if .Values.concourse.web.auth.oauth.displayName }}
- name: CONCOURSE_OAUTH_DISPLAY_NAME
value: {{ .Values.concourse.web.auth.oauth.displayName | quote }}
{{- end }}
- name: CONCOURSE_OAUTH_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: oauth-client-id
- name: CONCOURSE_OAUTH_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: oauth-client-secret
{{- if .Values.concourse.web.auth.oauth.authUrl }}
- name: CONCOURSE_OAUTH_AUTH_URL
value: {{ .Values.concourse.web.auth.oauth.authUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.tokenUrl }}
- name: CONCOURSE_OAUTH_TOKEN_URL
value: {{ .Values.concourse.web.auth.oauth.tokenUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.userinfoUrl }}
- name: CONCOURSE_OAUTH_USERINFO_URL
value: {{ .Values.concourse.web.auth.oauth.userinfoUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.scope }}
- name: CONCOURSE_OAUTH_SCOPE
value: {{ .Values.concourse.web.auth.oauth.scope | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.groupsKey }}
- name: CONCOURSE_OAUTH_GROUPS_KEY
value: {{ .Values.concourse.web.auth.oauth.groupsKey | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.useCaCert }}
- name: CONCOURSE_OAUTH_CA_CERT
value: "{{ .Values.web.authSecretsPath }}/oauth_ca.cert"
{{- end }}
{{- if .Values.concourse.web.auth.oauth.skipSslValidation }}
- name: CONCOURSE_OAUTH_SKIP_SSL_VALIDATION
value: {{ .Values.concourse.web.auth.oauth.skipSslValidation | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.userNameKey }}
- name: CONCOURSE_OAUTH_USER_NAME_KEY
value: {{ .Values.concourse.web.auth.oauth.userNameKey | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oauth.userIdKey }}
- name: CONCOURSE_OAUTH_USER_ID_KEY
value: {{ .Values.concourse.web.auth.oauth.userIdKey | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.enabled }}
{{- if .Values.concourse.web.auth.oidc.displayName }}
- name: CONCOURSE_OIDC_DISPLAY_NAME
value: {{ .Values.concourse.web.auth.oidc.displayName | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.issuer }}
- name: CONCOURSE_OIDC_ISSUER
value: {{ .Values.concourse.web.auth.oidc.issuer | quote }}
{{- end }}
- name: CONCOURSE_OIDC_CLIENT_ID
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: oidc-client-id
- name: CONCOURSE_OIDC_CLIENT_SECRET
valueFrom:
secretKeyRef:
name: {{ template "concourse.web.fullname" . }}
key: oidc-client-secret
{{- if .Values.concourse.web.auth.oidc.scope }}
- name: CONCOURSE_OIDC_SCOPE
value: {{ .Values.concourse.web.auth.oidc.scope | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.groupsKey }}
- name: CONCOURSE_OIDC_GROUPS_KEY
value: {{ .Values.concourse.web.auth.oidc.groupsKey | quote}}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.hostedDomains }}
- name: CONCOURSE_OIDC_HOSTED_DOMAINS
value: {{ .Values.concourse.web.auth.oidc.hostedDomains | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.useCaCert }}
- name: CONCOURSE_OIDC_CA_CERT
value: "{{ .Values.web.authSecretsPath }}/oidc_ca.cert"
{{- end }}
{{- if .Values.concourse.web.auth.oidc.skipSslValidation }}
- name: CONCOURSE_OIDC_SKIP_SSL_VALIDATION
value: {{ .Values.concourse.web.auth.oidc.skipSslValidation | quote }}
{{- end }}
{{- if .Values.concourse.web.auth.oidc.userNameKey }}
- name: CONCOURSE_OIDC_USER_NAME_KEY
value: {{ .Values.concourse.web.auth.oidc.userNameKey | quote }}
{{- end }}
{{- end }}
{{- if .Values.concourse.web.peerAddress }}
- name: CONCOURSE_PEER_ADDRESS
value: {{ .Values.concourse.web.peerAddress | quote }}
{{- else }}
- name: POD_IP
valueFrom:
fieldRef:
fieldPath: status.podIP
- name: CONCOURSE_PEER_ADDRESS
value: "$(POD_IP)"
{{- end }}
{{- if .Values.concourse.web.tsa.logLevel }}
- name: CONCOURSE_TSA_LOG_LEVEL
value: {{ .Values.concourse.web.tsa.logLevel | quote }}
{{- end }}
{{- if .Values.concourse.web.tsa.bindIp }}
- name: CONCOURSE_TSA_BIND_IP
value: {{ .Values.concourse.web.tsa.bindIp | quote }}
{{- end }}
- name: CONCOURSE_TSA_BIND_PORT
value: {{ .Values.concourse.web.tsa.bindPort | quote }}
{{- if .Values.concourse.web.tsa.debugBindIp }}
- name: CONCOURSE_TSA_DEBUG_BIND_IP
value: {{ .Values.concourse.web.tsa.debugBindIp | quote }}
{{- end }}
{{- if .Values.concourse.web.tsa.debugBindPort }}
- name: CONCOURSE_TSA_DEBUG_BIND_PORT
value: {{ .Values.concourse.web.tsa.debugBindPort | quote }}
{{- end }}
- name: CONCOURSE_TSA_HOST_KEY
value: "{{ .Values.web.keySecretsPath }}/host_key"
- name: CONCOURSE_TSA_AUTHORIZED_KEYS
value: "{{ .Values.web.keySecretsPath }}/worker_key.pub"
{{- if .Values.secrets.teamAuthorizedKeys }}
- name: CONCOURSE_TSA_TEAM_AUTHORIZED_KEYS
value: "{{- $root := . -}}{{- range $i, $v := .Values.secrets.teamAuthorizedKeys }}{{- if $i}},{{- end}}{{ $v.team }}:{{ $root.Values.web.teamSecretsPath }}/{{ $v.team }}-authorized-key.pub{{- end }}"
{{- end }}
{{- if .Values.concourse.web.tsa.atcUrl }}
- name: CONCOURSE_TSA_ATC_URL
value: {{ .Values.concourse.web.tsa.atcUrl | quote }}
{{- end }}
{{- if .Values.concourse.web.tsa.sessionSigningKey }}
- name: CONCOURSE_TSA_SESSION_SIGNING_KEY
value: {{ .Values.concourse.web.tsa.sessionSigningKey | quote }}
{{- end }}
{{- if .Values.concourse.web.tsa.heartbeatInterval }}
- name: CONCOURSE_TSA_HEARTBEAT_INTERVAL
value: {{ .Values.concourse.web.tsa.heartbeatInterval | quote }}
{{- end }}
{{- if .Values.concourse.web.letsEncrypt.enabled }}
- name: CONCOURSE_ENABLE_LETS_ENCRYPT
value: {{ .Values.concourse.web.letsEncrypt.enabled | quote }}
{{- end }}
{{- if .Values.concourse.web.letsEncrypt.acmeURL }}
- name: CONCOURSE_LETS_ENCRYPT_ACME_URL
value: {{ .Values.concourse.web.letsEncrypt.acmeURL | quote }}
{{- end }}
{{- if .Values.web.env }}
{{ toYaml .Values.web.env | indent 12 }}
{{- end }}
ports:
- name: atc
containerPort: {{ .Values.concourse.web.bindPort }}
{{- if .Values.concourse.web.tls.enabled }}
- name: atc-tls
containerPort: {{ .Values.concourse.web.tls.bindPort }}
{{- end }}
- name: tsa
containerPort: {{ .Values.concourse.web.tsa.bindPort }}
{{- if .Values.concourse.web.debugBindPort }}
- name: atc-debug
containerPort: {{ .Values.concourse.web.debugBindPort }}
{{- end }}
{{- if .Values.concourse.web.tsa.bindDebugPort }}
- name: tsa-debug
containerPort: {{ .Values.concourse.web.tsa.bindDebugPort }}
{{- end }}
{{- if .Values.concourse.web.prometheus.enabled }}
- name: prometheus
containerPort: {{ .Values.concourse.web.prometheus.bindPort }}
{{- end }}
{{- if .Values.web.livenessProbe }}
livenessProbe:
{{ toYaml .Values.web.livenessProbe | indent 12 }}
{{- end }}
{{- if .Values.web.readinessProbe }}
readinessProbe:
{{ toYaml .Values.web.readinessProbe | indent 12 }}
{{- end }}
{{- if .Values.web.resources }}
resources:
{{ toYaml .Values.web.resources | indent 12 }}
{{- end }}
volumeMounts:
{{- if .Values.web.additionalVolumeMounts }}
{{ toYaml .Values.web.additionalVolumeMounts | indent 12 }}
{{- end }}
- name: concourse-keys
mountPath: {{ .Values.web.keySecretsPath | quote }}
readOnly: true
{{- if .Values.secrets.teamAuthorizedKeys }}
- name: team-authorized-keys
mountPath: {{ .Values.web.teamSecretsPath | quote }}
readOnly: true
{{- end }}
{{- if .Values.concourse.web.tls.enabled }}
- name: web-tls
mountPath: {{ .Values.web.tlsSecretsPath | quote }}
readOnly: true
{{- end }}
{{- if .Values.concourse.web.vault.enabled }}
- name: vault-keys
mountPath: {{ .Values.web.vaultSecretsPath | quote }}
readOnly: true
{{- end }}
{{- if .Values.concourse.web.credhub.enabled }}
- name: credhub-keys
mountPath: {{ .Values.web.credhubSecretsPath | quote }}
readOnly: true
{{- end }}
{{- if not (eq .Values.concourse.web.postgres.sslmode "disable") }}
- name: postgresql-keys
mountPath: {{ .Values.web.postgresqlSecretsPath | quote }}
readOnly: true
{{- end }}
{{- if .Values.concourse.web.syslog.enabled }}
- name: syslog-keys
mountPath: {{ .Values.web.syslogSecretsPath | quote }}
readOnly: true
{{- end }}
- name: auth-keys
mountPath: {{ .Values.web.authSecretsPath | quote }}
readOnly: true
{{- if .Values.web.additionalAffinities }}
affinity:
{{ toYaml .Values.web.additionalAffinities | indent 8 }}
{{- end }}
volumes:
{{- if .Values.web.additionalVolumes }}
{{ toYaml .Values.web.additionalVolumes | indent 8 }}
{{- end }}
- name: concourse-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
- key: host-key
path: host_key
- key: session-signing-key
path: session_signing_key
- key: worker-key-pub
path: worker_key.pub
{{- if .Values.secrets.teamAuthorizedKeys }}
- name: team-authorized-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
{{- range .Values.secrets.teamAuthorizedKeys }}
- key: {{ .team }}-team-authorized-key
path: {{ .team }}-authorized-key.pub
{{- end }}
{{- end }}
{{- if .Values.concourse.web.tls.enabled }}
- name: web-tls
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
- key: web-tls-cert
path: client.cert
- key: web-tls-key
path: client.key
{{- end }}
{{- if .Values.concourse.web.vault.enabled }}
- name: vault-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
{{- if .Values.concourse.web.vault.useCaCert }}
- key: vault-ca-cert
path: ca.cert
{{- end }}
{{- if (eq .Values.concourse.web.vault.authBackend "cert") }}
- key: vault-client-cert
path: client.cert
- key: vault-client-key
path: client.key
{{- end }}
{{- end }}
{{- if .Values.concourse.web.credhub.enabled }}
- name: credhub-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
{{- if .Values.concourse.web.credhub.useCaCert }}
- key: credhub-ca-cert
path: ca.cert
{{- end }}
{{- end }}
{{- if not (eq .Values.concourse.web.postgres.sslmode "disable") }}
- name: postgresql-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
- key: postgresql-ca-cert
path: ca.cert
- key: postgresql-client-cert
path: client.cert
- key: postgresql-client-key
path: client.key
{{- end }}
{{- if .Values.concourse.web.syslog.enabled }}
- name: syslog-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
- key: syslog-ca-cert
path: ca.cert
{{- end }}
- name: auth-keys
secret:
secretName: {{ template "concourse.web.fullname" . }}
defaultMode: 0400
items:
{{- if .Values.concourse.web.auth.cf.useCaCert }}
- key: cf-ca-cert
path: cf_ca.cert
{{- end }}
{{- if .Values.concourse.web.auth.github.useCaCert }}
- key: github-ca-cert
path: github_ca.cert
{{- end }}
{{- if .Values.concourse.web.auth.ldap.useCaCert }}
- key: ldap-ca-cert
path: ldap_ca.cert
{{- end }}
{{- if .Values.concourse.web.auth.oauth.useCaCert }}
- key: oauth-ca-cert
path: oauth_ca.cert
{{- end }}
{{- if .Values.concourse.web.auth.oidc.useCaCert }}
- key: oidc-ca-cert
path: oidc_ca.cert
{{- end }}
{{- end }}
You can’t perform that action at this time.