custom-environment-variables.yaml

# All values in this document are the ENVIRONMENT variable names that can override the defaults
# from `default.yaml`
---
auth:
  # A private key used for signing jwt tokens
  # Easily generate one by running
  # $ openssl genrsa -out jwt.pem 2048
  jwtPrivateKey: SECRET_JWT_PRIVATE_KEY
  # The public key used for verifying the signature
  # Generate one by running
  # $ openssl rsa -in jwt.pem -pubout -out jwt.pub
  jwtPublicKey: SECRET_JWT_PUBLIC_KEY
  # The public key used for verifying the signature of token from SD api
  jwtSDApiPublicKey: SECRET_JWT_SD_API_PUBLIC_KEY
  admins:
    __name: SECRET_ADMINS
    __format: json

executor:
    plugin: EXECUTOR_PLUGIN
    # The NPM module object(s) for the executor plugin(s)
    k8s:
      options:
        kubernetes:
            # The host or IP of the kubernetes cluster
            host: K8S_HOST
            # Privileged mode, default restricted, set to true for trusted container runtime use-case
            privileged: K8S_SECURITYCONTEXT_PRIVILEGED
            # The jwt token used for authenticating kubernetes requests
            token: K8S_TOKEN
            jobsNamespace: K8S_JOBS_NAMESPACE
            # enable docker in docker on the k8 executor
            dockerFeatureEnabled: DOCKER_FEATURE_ENABLED
            # Resources for build pod
            resources:
                # Number of cpu cores
                cpu:
                    micro: K8S_CPU_MICRO
                    low: K8S_CPU_LOW
                    high: K8S_CPU_HIGH
                    turbo: K8S_CPU_TURBO
                # Memory in GB
                memory:
                    micro: K8S_MEMORY_MICRO
                    low: K8S_MEMORY_LOW
                    high: K8S_MEMORY_HIGH
                    turbo: K8S_MEMORY_TURBO
            # Default build timeout for all builds in this cluster
            buildTimeout: K8S_BUILD_TIMEOUT
            # Default max build timeout
            maxBuildTimeout: K8S_MAX_BUILD_TIMEOUT
            lifecycleHooks:
              __name: K8S_LIFECYCLE_HOOKS
              __format: json
            # k8s node selectors for approprate build pod scheduling.
            # Value is Object of format { label: 'value' } See
            # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
            # Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
            # label-value of dedicated=screwdriver
            nodeSelectors:
              __name: K8S_NODE_SELECTORS
              __format: json
            # k8s preferred node selectors for build pod scheduling
            # See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
            preferredNodeSelectors:
              __name: K8S_PREFERRED_NODE_SELECTORS
              __format: json
            # k8s annotations
            # Value is Object of format { key: 'value' } See
            # https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
            # Eg: {"io.kubernetes.cri.untrusted-workload": "true"}
            annotations:
              __name: K8S_ANNOTATIONS
              __format: json
            # support for kata-containers-as-a-runtimeclass
            runtimeClass: K8S_RUNTIME_CLASS
        # Launcher image to use
        launchImage: LAUNCH_IMAGE
        # Launcher container tag to use
        launchVersion: LAUNCH_VERSION
        # Prefix to the pod
        prefix: EXECUTOR_PREFIX
        # Circuit breaker config
        fusebox:
            breaker:
                # in milliseconds
                timeout: CIRCUIT_TIMEOUT
        requestretry:
            # in milliseconds
            retryDelay: REQUEST_RETRYDELAY
            maxAttempts: REQUEST_MAXATTEMPTS
    k8s-vm:
      options:
        # Configuration of Docker
        kubernetes:
            # The host or IP of the kubernetes cluster
            host: K8S_HOST
            # Privileged mode, default restricted, set to true for trusted container runtime use-case
            privileged: K8S_SECURITYCONTEXT_PRIVILEGED
            # The jwt token used for authenticating kubernetes requests
            token: K8S_TOKEN
            jobsNamespace: K8S_JOBS_NAMESPACE
            baseImage: K8S_BASE_IMAGE
            # Resources for build pod
            resources:
                # Number of cpu cores
                cpu:
                    micro: K8S_CPU_MICRO
                    low: K8S_CPU_LOW
                    high: K8S_CPU_HIGH
                    turbo: K8S_CPU_TURBO
                    # upper bound for user custom cpu
                    max: K8S_CPU_MAX
                # Memory in GB
                memory:
                    micro: K8S_MEMORY_MICRO
                    low: K8S_MEMORY_LOW
                    high: K8S_MEMORY_HIGH
                    turbo: K8S_MEMORY_TURBO
                    # upper bound for user custom memory
                    max: K8S_MEMORY_MAX
                disk:
                  space: K8S_DISK_LABEL
                  speed: K8S_DISK_SPEED_LABEL
            # Default build timeout for all builds in this cluster
            buildTimeout: K8S_VM_BUILD_TIMEOUT
            # Default max build timeout
            maxBuildTimeout: K8S_VM_MAX_BUILD_TIMEOUT
            # k8s node selectors for approprate build pod scheduling.
            # Value is Object of format { label: 'value' } See
            # https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
            # Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
            # label-value of dedicated=screwdriver
            nodeSelectors:
              __name: K8S_VM_NODE_SELECTORS
              __format: json
            # k8s preferred node selectors for build pod scheduling
            # See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
            preferredNodeSelectors:
              __name: K8S_VM_PREFERRED_NODE_SELECTORS
              __format: json
        # Launcher image to use
        launchImage: LAUNCH_IMAGE
        # Launcher container tag to use
        launchVersion: LAUNCH_VERSION
        # Prefix to the container
        prefix: EXECUTOR_PREFIX
        # Circuit breaker config
        fusebox:
            breaker:
                # in milliseconds
                timeout: CIRCUIT_TIMEOUT
        requestretry:
            # in milliseconds
            retryDelay: REQUEST_RETRYDELAY
            maxAttempts: REQUEST_MAXATTEMPTS
    jenkins:
      options:
        jenkins:
            host: EXECUTOR_JENKINS_HOST
            port: EXECUTOR_JENKINS_PORT
            username: EXECUTOR_JENKINS_USERNAME
            # Jenkins password/token used for authenticating jenkins requests
            password: EXECUTOR_JENKINS_PASSWORD
            # Node labels of Jenkins slaves
            nodeLabel: EXECUTOR_JENKINS_NODE_LABEL
            # Default build timeout
            buildTimeout: EXECUTOR_JENKINS_BUILD_TIMEOUT
            # Default max build timeout
            maxBuildTimeout: EXECUTOR_JENKINS_MAX_BUILD_TIMEOUT
        docker:
            # The path to the docker-compose command
            composeCommand: EXECUTOR_JENKINS_DOCKER_COMPOSE_COMMAND
            # Prefix to the container
            prefix: EXECUTOR_JENKINS_DOCKER_PREFIX
            # Launcher container tag to use
            launchVersion: EXECUTOR_JENKINS_LAUNCH_VERSION
            # Memory limit (docker run `--memory` option)
            memory: EXECUTOR_JENKINS_DOCKER_MEMORY
            # Memory limit include swap (docker run `--memory-swap` option)
            memoryLimit: EXECUTOR_JENKINS_DOCKER_MEMORY_LIMIT
        # The command to start build
        buildScript: EXECUTOR_JENKINS_BUILD_SCRIPT
        # The command to clean up build system
        cleanupScript: EXECUTOR_JENKINS_CLEANUP_SCRIPT
        # Time (seconds) to destroy the job
        cleanupTimeLimit: EXECUTOR_JENKINS_CLEANUP_TIME_LIMIT
        # Interval to detect the stopped job (seconds)
        cleanupWatchInterval: EXECUTOR_JENKINS_CLEANUP_WATCH_INTERVAL

httpd:
  # Port to listen on
  port: PORT
  # Host to listen on (set to 0.0.0.0 to accept all connections)
  host: HOST
  # Externally routable URI (usually your load balancer or CNAME)
  uri: URI
  # TLS configuration (key, cert, etc.)
  # https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
  tls:
    __name: HTTPD_TLS
    __format: json

ecosystem:
    # URL for the User Interface
    ui: ECOSYSTEM_UI
    # URL for the API
    api: ECOSYSTEM_API
    # Externally routable URL for the Artifact Store
    store: ECOSYSTEM_STORE
    # Pushgateway URL for Prometheus
    pushgatewayUrl: ECOSYSTEM_PUSHGATEWAY_URL
    # build cache strategies: s3, disk, with s3 as default option to store cache
    cache:
        strategy: CACHE_STRATEGY
        path: CACHE_PATH
        compress: CACHE_COMPRESS
        md5check: CACHE_MD5CHECK
        max_size_mb: CACHE_MAX_SIZE_MB

queue:
  redisConnection:
    host: REDIS_HOST
    port: REDIS_PORT
    options:
      password: REDIS_PASSWORD
      tls: REDIS_TLS_ENABLED
    database: REDIS_DB_NUMBER
  prefix: REDIS_QUEUE_PREFIX

plugins:
    blockedBy:
        # re-enqueue in _ mins if blocked
        reenqueueWaitTime: PLUGIN_BLOCKEDBY_REENQUEUE_WAIT_TIME
        # job is blocking for maximum _ mins
        blockTimeout: PLUGIN_BLOCKEDBY_BLOCK_TIMEOUT
        # job block by itself
        blockedBySelf: PLUGIN_BLOCKEDBY_BLOCKED_BY_SELF
        # by default collapse builds or not
        collapse: PLUGIN_BLOCKEDBY_COLLAPSE

worker:
    # https://github.com/taskrabbit/node-resque#multiworker-options
    # minimum number of workers to spawn
    minTaskProcessors: WORKER_MIN_TASK_PROCESSORS
    # maximum number of workers to spawn
    maxTaskProcessors: WORKER_MAX_TASK_PROCESSORS
    # how often to check if the event loop is blocked (ms)
    checkTimeout: WORKER_CHECK_TIMEOUT
    # how long the event loop has to be delayed before considering it blocked (ms)
    maxEventLoopDelay: WORKER_MAX_EVENT_LOOP_DELAY

# Run queue-worker as a scheduler, instead of calling executor to start/stop builds, push it to rabbitmq
scheduler:
    # Enabled schduler mode or not
    enabled: SCHEDULER_ENABLED
    # To enable schduler mode, you need rabbitmq server and consumer
    rabbitmq:
        # Host of rabbitmq cluster
        host: RABBITMQ_HOST
        # Port of rabbitmq cluster
        port: RABBITMQ_PORT
        # User to push to rabbitmq
        username: RABBITMQ_USERNAME
        # Password to connect to rabbitmq cluster
        password: RABBITMQ_PASSWORD
        # Protocol for rabbitmq server, use amqps for ssl
        protocol: RABBITMQ_PROTOCOL
        # Exchange / router name for rabbitmq
        exchange: RABBITMQ_EXCHANGE
        # Virtual host to connect to
        vhost: RABBITMQ_VHOST
        # Connection options
        connectOptions: RABBITMQ_CONNECT_OPTIONS
kafka:
  # flag for kafka broker
  enabled: KAFKA_ENABLED
  # kafka brokers list
  hosts: KAFKA_BROKERS_LIST
  # sasl options
  sasl:
    # sasl mechanism
    mechanism: SASL_MECHANISM
    # secret id for sasl/scram
    secretId: SASL_AWS_SECRET_ID
  # client id of the producer
  clientId: KAFKA_CLIENT_ID
  # Amazon access key
  accessKeyId: KAFKA_ACCESS_KEY_ID
  # Amazon secret access key
  secretAccessKey: KAFKA_ACCESS_KEY_SECRET
  # AWS region
  region: AWS_REGION
  # Flag to use Short Region Name like use2,usw2
  shortRegion : USE_SHORT_REGION_NAME
	# All values in this document are the ENVIRONMENT variable names that can override the defaults
	# from `default.yaml`
	---
	auth:
	# A private key used for signing jwt tokens
	# Easily generate one by running
	# $ openssl genrsa -out jwt.pem 2048
	jwtPrivateKey: SECRET_JWT_PRIVATE_KEY
	# The public key used for verifying the signature
	# Generate one by running
	# $ openssl rsa -in jwt.pem -pubout -out jwt.pub
	jwtPublicKey: SECRET_JWT_PUBLIC_KEY
	# The public key used for verifying the signature of token from SD api
	jwtSDApiPublicKey: SECRET_JWT_SD_API_PUBLIC_KEY
	admins:
	__name: SECRET_ADMINS
	__format: json

	executor:
	plugin: EXECUTOR_PLUGIN
	# The NPM module object(s) for the executor plugin(s)
	k8s:
	options:
	kubernetes:
	# The host or IP of the kubernetes cluster
	host: K8S_HOST
	# Privileged mode, default restricted, set to true for trusted container runtime use-case
	privileged: K8S_SECURITYCONTEXT_PRIVILEGED
	# The jwt token used for authenticating kubernetes requests
	token: K8S_TOKEN
	jobsNamespace: K8S_JOBS_NAMESPACE
	# enable docker in docker on the k8 executor
	dockerFeatureEnabled: DOCKER_FEATURE_ENABLED
	# Resources for build pod
	resources:
	# Number of cpu cores
	cpu:
	micro: K8S_CPU_MICRO
	low: K8S_CPU_LOW
	high: K8S_CPU_HIGH
	turbo: K8S_CPU_TURBO
	# Memory in GB
	memory:
	micro: K8S_MEMORY_MICRO
	low: K8S_MEMORY_LOW
	high: K8S_MEMORY_HIGH
	turbo: K8S_MEMORY_TURBO
	# Default build timeout for all builds in this cluster
	buildTimeout: K8S_BUILD_TIMEOUT
	# Default max build timeout
	maxBuildTimeout: K8S_MAX_BUILD_TIMEOUT
	lifecycleHooks:
	__name: K8S_LIFECYCLE_HOOKS
	__format: json
	# k8s node selectors for approprate build pod scheduling.
	# Value is Object of format { label: 'value' } See
	# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
	# Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
	# label-value of dedicated=screwdriver
	nodeSelectors:
	__name: K8S_NODE_SELECTORS
	__format: json
	# k8s preferred node selectors for build pod scheduling
	# See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
	preferredNodeSelectors:
	__name: K8S_PREFERRED_NODE_SELECTORS
	__format: json
	# k8s annotations
	# Value is Object of format { key: 'value' } See
	# https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations
	# Eg: {"io.kubernetes.cri.untrusted-workload": "true"}
	annotations:
	__name: K8S_ANNOTATIONS
	__format: json
	# support for kata-containers-as-a-runtimeclass
	runtimeClass: K8S_RUNTIME_CLASS
	# Launcher image to use
	launchImage: LAUNCH_IMAGE
	# Launcher container tag to use
	launchVersion: LAUNCH_VERSION
	# Prefix to the pod
	prefix: EXECUTOR_PREFIX
	# Circuit breaker config
	fusebox:
	breaker:
	# in milliseconds
	timeout: CIRCUIT_TIMEOUT
	requestretry:
	# in milliseconds
	retryDelay: REQUEST_RETRYDELAY
	maxAttempts: REQUEST_MAXATTEMPTS
	k8s-vm:
	options:
	# Configuration of Docker
	kubernetes:
	# The host or IP of the kubernetes cluster
	host: K8S_HOST
	# Privileged mode, default restricted, set to true for trusted container runtime use-case
	privileged: K8S_SECURITYCONTEXT_PRIVILEGED
	# The jwt token used for authenticating kubernetes requests
	token: K8S_TOKEN
	jobsNamespace: K8S_JOBS_NAMESPACE
	baseImage: K8S_BASE_IMAGE
	# Resources for build pod
	resources:
	# Number of cpu cores
	cpu:
	micro: K8S_CPU_MICRO
	low: K8S_CPU_LOW
	high: K8S_CPU_HIGH
	turbo: K8S_CPU_TURBO
	# upper bound for user custom cpu
	max: K8S_CPU_MAX
	# Memory in GB
	memory:
	micro: K8S_MEMORY_MICRO
	low: K8S_MEMORY_LOW
	high: K8S_MEMORY_HIGH
	turbo: K8S_MEMORY_TURBO
	# upper bound for user custom memory
	max: K8S_MEMORY_MAX
	disk:
	space: K8S_DISK_LABEL
	speed: K8S_DISK_SPEED_LABEL
	# Default build timeout for all builds in this cluster
	buildTimeout: K8S_VM_BUILD_TIMEOUT
	# Default max build timeout
	maxBuildTimeout: K8S_VM_MAX_BUILD_TIMEOUT
	# k8s node selectors for approprate build pod scheduling.
	# Value is Object of format { label: 'value' } See
	# https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#step-one-attach-label-to-the-node
	# Eg: { dedicated: 'screwdriver' } to schedule pods on nodes having
	# label-value of dedicated=screwdriver
	nodeSelectors:
	__name: K8S_VM_NODE_SELECTORS
	__format: json
	# k8s preferred node selectors for build pod scheduling
	# See https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#node-affinity-beta-feature
	preferredNodeSelectors:
	__name: K8S_VM_PREFERRED_NODE_SELECTORS
	__format: json
	# Launcher image to use
	launchImage: LAUNCH_IMAGE
	# Launcher container tag to use
	launchVersion: LAUNCH_VERSION
	# Prefix to the container
	prefix: EXECUTOR_PREFIX
	# Circuit breaker config
	fusebox:
	breaker:
	# in milliseconds
	timeout: CIRCUIT_TIMEOUT
	requestretry:
	# in milliseconds
	retryDelay: REQUEST_RETRYDELAY
	maxAttempts: REQUEST_MAXATTEMPTS
	jenkins:
	options:
	jenkins:
	host: EXECUTOR_JENKINS_HOST
	port: EXECUTOR_JENKINS_PORT
	username: EXECUTOR_JENKINS_USERNAME
	# Jenkins password/token used for authenticating jenkins requests
	password: EXECUTOR_JENKINS_PASSWORD
	# Node labels of Jenkins slaves
	nodeLabel: EXECUTOR_JENKINS_NODE_LABEL
	# Default build timeout
	buildTimeout: EXECUTOR_JENKINS_BUILD_TIMEOUT
	# Default max build timeout
	maxBuildTimeout: EXECUTOR_JENKINS_MAX_BUILD_TIMEOUT
	docker:
	# The path to the docker-compose command
	composeCommand: EXECUTOR_JENKINS_DOCKER_COMPOSE_COMMAND
	# Prefix to the container
	prefix: EXECUTOR_JENKINS_DOCKER_PREFIX
	# Launcher container tag to use
	launchVersion: EXECUTOR_JENKINS_LAUNCH_VERSION
	# Memory limit (docker run `--memory` option)
	memory: EXECUTOR_JENKINS_DOCKER_MEMORY
	# Memory limit include swap (docker run `--memory-swap` option)
	memoryLimit: EXECUTOR_JENKINS_DOCKER_MEMORY_LIMIT
	# The command to start build
	buildScript: EXECUTOR_JENKINS_BUILD_SCRIPT
	# The command to clean up build system
	cleanupScript: EXECUTOR_JENKINS_CLEANUP_SCRIPT
	# Time (seconds) to destroy the job
	cleanupTimeLimit: EXECUTOR_JENKINS_CLEANUP_TIME_LIMIT
	# Interval to detect the stopped job (seconds)
	cleanupWatchInterval: EXECUTOR_JENKINS_CLEANUP_WATCH_INTERVAL

	httpd:
	# Port to listen on
	port: PORT
	# Host to listen on (set to 0.0.0.0 to accept all connections)
	host: HOST
	# Externally routable URI (usually your load balancer or CNAME)
	uri: URI
	# TLS configuration (key, cert, etc.)
	# https://nodejs.org/api/tls.html#tls_tls_createserver_options_secureconnectionlistener
	tls:
	__name: HTTPD_TLS
	__format: json

	ecosystem:
	# URL for the User Interface
	ui: ECOSYSTEM_UI
	# URL for the API
	api: ECOSYSTEM_API
	# Externally routable URL for the Artifact Store
	store: ECOSYSTEM_STORE
	# Pushgateway URL for Prometheus
	pushgatewayUrl: ECOSYSTEM_PUSHGATEWAY_URL
	# build cache strategies: s3, disk, with s3 as default option to store cache
	cache:
	strategy: CACHE_STRATEGY
	path: CACHE_PATH
	compress: CACHE_COMPRESS
	md5check: CACHE_MD5CHECK
	max_size_mb: CACHE_MAX_SIZE_MB

	queue:
	redisConnection:
	host: REDIS_HOST
	port: REDIS_PORT
	options:
	password: REDIS_PASSWORD
	tls: REDIS_TLS_ENABLED
	database: REDIS_DB_NUMBER
	prefix: REDIS_QUEUE_PREFIX

	plugins:
	blockedBy:
	# re-enqueue in _ mins if blocked
	reenqueueWaitTime: PLUGIN_BLOCKEDBY_REENQUEUE_WAIT_TIME
	# job is blocking for maximum _ mins
	blockTimeout: PLUGIN_BLOCKEDBY_BLOCK_TIMEOUT
	# job block by itself
	blockedBySelf: PLUGIN_BLOCKEDBY_BLOCKED_BY_SELF
	# by default collapse builds or not
	collapse: PLUGIN_BLOCKEDBY_COLLAPSE

	worker:
	# https://github.com/taskrabbit/node-resque#multiworker-options
	# minimum number of workers to spawn
	minTaskProcessors: WORKER_MIN_TASK_PROCESSORS
	# maximum number of workers to spawn
	maxTaskProcessors: WORKER_MAX_TASK_PROCESSORS
	# how often to check if the event loop is blocked (ms)
	checkTimeout: WORKER_CHECK_TIMEOUT
	# how long the event loop has to be delayed before considering it blocked (ms)
	maxEventLoopDelay: WORKER_MAX_EVENT_LOOP_DELAY

	# Run queue-worker as a scheduler, instead of calling executor to start/stop builds, push it to rabbitmq
	scheduler:
	# Enabled schduler mode or not
	enabled: SCHEDULER_ENABLED
	# To enable schduler mode, you need rabbitmq server and consumer
	rabbitmq:
	# Host of rabbitmq cluster
	host: RABBITMQ_HOST
	# Port of rabbitmq cluster
	port: RABBITMQ_PORT
	# User to push to rabbitmq
	username: RABBITMQ_USERNAME
	# Password to connect to rabbitmq cluster
	password: RABBITMQ_PASSWORD
	# Protocol for rabbitmq server, use amqps for ssl
	protocol: RABBITMQ_PROTOCOL
	# Exchange / router name for rabbitmq
	exchange: RABBITMQ_EXCHANGE
	# Virtual host to connect to
	vhost: RABBITMQ_VHOST
	# Connection options
	connectOptions: RABBITMQ_CONNECT_OPTIONS
	kafka:
	# flag for kafka broker
	enabled: KAFKA_ENABLED
	# kafka brokers list
	hosts: KAFKA_BROKERS_LIST
	# sasl options
	sasl:
	# sasl mechanism
	mechanism: SASL_MECHANISM
	# secret id for sasl/scram
	secretId: SASL_AWS_SECRET_ID
	# client id of the producer
	clientId: KAFKA_CLIENT_ID
	# Amazon access key
	accessKeyId: KAFKA_ACCESS_KEY_ID
	# Amazon secret access key
	secretAccessKey: KAFKA_ACCESS_KEY_SECRET
	# AWS region
	region: AWS_REGION
	# Flag to use Short Region Name like use2,usw2
	shortRegion : USE_SHORT_REGION_NAME