Installation reference
Example manifests
The following are example manifests that contain the basic required parameters necessary to spin up the circleci-server Helm installation.
AWS
The snippet below is an example manifest of the necessary parameters for an installation of CircleCI server in an AWS environment. Note that this installation uses IAM roles for service accounts (IRSA), which is recommended. Fields with base64 encoding are marked as such.
global:
domainName: "<full-domain-name-of-your-install>"
license: '<license>'
container:
registry: cciserver.azurecr.io
org:
apiToken: "<circleci-api-token>"
sessionCookieKey: "<session-cookie-key>"
keyset:
signing: '<generated-signing-key>'
encryption: '<generated-encryption-key>'
nomad:
server:
gossip:
encryption:
key: "<nomad-gossip-encryption-key>"
rpc:
mTLS:
enabled: true
CACertificate: "<nomad-mtls-base64-ca>"
certificate: "<nomad-mtls-base64-cert>"
privateKey: "<nomad-mtls-base64-key>"
object_storage:
bucketName: '<s3-bucket-name>'
s3:
enabled: true
endpoint: "<aws-region-url>" # ex: https://s3.us-east-1.amazonaws.com
region: "<aws-region>"
irsaRole: "<arn-of-irsa-role>"
github:
clientId: "<generated-github-client-id>"
clientSecret: "<generated-github-client-secret>"
machine_provisioner:
providers:
ec2:
enabled: true
region: "<aws-region>"
subnets:
- "<subnet-id>"
securityGroupId: "<security-group-id>"
irsaRole: "<arn-of-irsa-role>"
tags:
name1: "value1"
name2: "value2"
mongodb:
auth:
rootPassword: "<mongodb-root-password>"
password: "<mongodb-password>"
postgresql:
auth:
postgresPassword: "<postgres-password>"
pusher:
secret: "<pusher-secret>"
rabbitmq:
auth:
password: "<rabbitmq-password>"
erlangCookie: "<rabbitmq-erlang-cookie>"GCP
The below is an example manifest of the necessary parameters for an installation of CircleCI server in a GCP environment. Note that this installation uses Workload Identity, which is recommended. Fields with base64 encoding are marked as such.
global:
domainName: "<full-domain-name-of-your-install>"
license: '<license-for-circleci-server>'
container:
registry: cciserver.azurecr.io
org:
apiToken: "<circleci-api-token>"
sessionCookieKey: "<session-cookie-key>"
keyset:
signing: '<generated-signing-key>'
encryption: '<generated-encryption-key>'
github:
clientId: "<generated-github-client-id>"
clientSecret: "<generated-github-client-secret>"
object_storage:
bucketName: "<gcs-bucket-name>"
gcs:
enabled: true
workloadIdentity: "<service-account-email-with-gcs-access>"
mongodb:
auth:
rootPassword: "<mongodb-root-password>"
password: "<mongodb-password>"
machine_provisioner:
providers:
gcp:
enabled: true
project_id: <gcp-project-id>
network_tags:
- <network-tag>
zones:
- <gcp-zone1>
- <gcp-zone2>
network: "<gcp-network>"
subnetwork: "" # leave blank for auto-subnetting
workloadIdentity: "<service-account-email-with-compute-access>"
pusher:
secret: "<pusher-secret>"
postgresql:
auth:
postgresPassword: "<postgres-password>"
rabbitmq:
auth:
password: "<rabbitmq-password>"
erlangCookie: "<rabbitmq-erlang-cookie>"
nomad:
server:
gossip:
encryption:
key: "<nomad-gossip-encryption-key>"
rpc:
mTLS:
enabled: true
CACertificate: "<nomad-mtls-base64-ca>"
certificate: "<nomad-mtls-base64-cert>"
privateKey: "<nomad-mtls-base64-key>"All Helm values.yaml options
| Key | Type | Default | Description |
|---|---|---|---|
api_service.replicas | int |
| Number of replicas to deploy for the api-service deployment. |
api_service.resources.limits.cpu | string |
| CPU limit for the api-service deployment. |
api_service.resources.limits.memory | string |
| Memory limit for the api-service deployment. |
audit_log_service.replicas | int |
| Number of replicas to deploy for the audit-log-service deployment. |
audit_log_service.resources.limits.cpu | string |
| CPU limit for the audit-log-service deployment. |
audit_log_service.resources.limits.memory | string |
| Memory limit for the audit-log-service deployment. |
authentication_service.auth_api.replicas | int |
| Number of replicas to deploy for the authentication-service auth api deployment. |
authentication_service.auth_api.resources.limits.cpu | int |
| CPU limit for the authentication-service auth api deployment. |
authentication_service.auth_api.resources.limits.memory | string |
| Memory limit for the authentication-service auth api deployment. |
authentication_service.login_api.replicas | int |
| Number of replicas to deploy for the authentication-service login api deployment. |
authentication_service.login_api.resources.limits.cpu | int |
| CPU limit for the authentication-service login api deployment. |
authentication_service.login_api.resources.limits.memory | string |
| Memory limit for the authentication-service login api deployment. |
branch_service.replicas | int |
| Number of replicas to deploy for the branch-service deployment. |
branch_service.resources.limits.cpu | string |
| CPU limit for the branch-service deployment. |
branch_service.resources.limits.memory | string |
| Memory limit for the branch-service deployment. |
builds_service.replicas | int |
| Number of replicas to deploy for the builds-service deployment. |
builds_service.resources.limits.cpu | string |
| CPU limit for the builds-service deployment. |
builds_service.resources.limits.memory | string |
| Memory limit for the builds-service deployment. |
ciam_gateway.internal_api.replicas | int |
| Number of replicas to deploy for the ciam-gateway-service internal deployment. |
ciam_gateway.internal_api.resources.limits.cpu | int |
| CPU limit for the ciam-gateway-service internal api deployment. |
ciam_gateway.internal_api.resources.limits.memory | string |
| Memory limit for the ciam-gateway-service internal api deployment. |
ciam_gateway.outgoing_api.replicas | int |
| Number of replicas to deploy for the ciam-gateway-service outgoing deployment. |
ciam_gateway.outgoing_api.resources.limits.cpu | int |
| CPU limit for the ciam-gateway-service outgoing api deployment. |
ciam_gateway.outgoing_api.resources.limits.memory | string |
| Memory limit for the ciam-gateway-service outgoing api deployment. |
ciam_gateway.public_api.replicas | int |
| Number of replicas to deploy for the ciam-gateway-service public deployment. |
ciam_gateway.public_api.resources.limits.cpu | int |
| CPU limit for the ciam-gateway-service public api deployment. |
ciam_gateway.public_api.resources.limits.memory | string |
| Memory limit for the ciam-gateway-service public api deployment. |
ciam_service.internal_admin_api.replicas | int |
| Number of replicas to deploy for the ciam-service internal admin deployment. |
ciam_service.internal_admin_api.resources.limits.cpu | int |
| CPU limit for the ciam-service internal admin api deployment. |
ciam_service.internal_admin_api.resources.limits.memory | string |
| Memory limit for the ciam-service internal admin api deployment. |
contexts_service.replicas | int |
| Number of replicas to deploy for the contexts-service deployment. |
contexts_service.resources.limits.cpu | string |
| CPU limit for the contexts-service deployment. |
contexts_service.resources.limits.memory | string |
| Memory limit for the contexts-service deployment. |
cron_service.replicas | int |
| Number of replicas to deploy for the cron-service deployment. |
cron_service.resources.limits.cpu | string |
| CPU limit for the cron-service deployment. |
cron_service.resources.limits.memory | string |
| Memory limit for the cron-service deployment. |
distributor.agent_base_url | string |
| location of the task-agent. When airgapped, the task-agent will need to be hosted within the airgap and this value updated |
distributor_cleaner.replicas | int |
| Number of replicas to deploy for the distributor-cleaner deployment. |
distributor_cleaner.resources.limits.cpu | string |
| CPU limit for the distributor-cleaner deployment. |
distributor_cleaner.resources.limits.memory | string |
| Memory limit for the distributor-cleaner deployment. |
distributor_dispatcher.replicas | int |
| Number of replicas to deploy for the distributor-dispatcher deployment. |
distributor_dispatcher.resources.limits.cpu | string |
| CPU limit for the distributor-dispatcher deployment. |
distributor_dispatcher.resources.limits.memory | string |
| Memory limit for the distributor-dispatcher deployment. |
distributor_external.replicas | int |
| Number of replicas to deploy for the distributor-external deployment. |
distributor_external.resources.limits.cpu | string |
| CPU limit for the distributor-external deployment. |
distributor_external.resources.limits.memory | string |
| Memory limit for the distributor-external deployment. |
distributor_internal.replicas | int |
| Number of replicas to deploy for the distributor-internal deployment. |
distributor_internal.resources.limits.cpu | string |
| CPU limit for the distributor-internal deployment. |
distributor_internal.resources.limits.memory | string |
| Memory limit for the distributor-internal deployment. |
docker_provisioner.agent_base_url | string |
| Location of the docker-provisioner agent. When air-gapped, the docker-provisioner agent will need to be hosted within the air-gap and this value updated |
docker_provisioner.config_path | string |
| Path to config with information about docker resource-classes |
docker_provisioner.enabled | bool |
| |
docker_provisioner.external.replicas | int |
| Number of replicas to deploy for the docker-provisioner-externalapi deployment. |
docker_provisioner.external.resources.limits.memory | string |
| Memory limit for the docker-provisioner-internalapi deployment |
docker_provisioner.internal.replicas | int |
| Number of replicas to deploy for the docker-provisioner-internalapi deployment. |
docker_provisioner.internal.resources.limits.memory | string |
| Memory limit for the docker-provisioner-internalapi deployment |
docker_provisioner.plugin_repository_url | string |
| Location of the agent plugin binaries. When air-gapped, the plugin binaries will need to be hosted within the air-gap and this value updated |
docker_provisioner.provisioner.replicas | int |
| Number of replicas to deploy for the docker-provisioner-provisioner deployment. |
docker_provisioner.provisioner.resources.limits.memory | string |
| Memory limit for the docker-provisioner-provisioner deployment |
domain_service.replicas | int |
| Number of replicas to deploy for the domain-service deployment. |
domain_service.resources.limits.cpu | string |
| CPU limit for the domain-service deployment. |
domain_service.resources.limits.memory | string |
| Memory limit for the domain-service deployment. |
execution_gateway.api.replicas | int |
| Number of replicas to deploy for the execution-gateway-api deployment. |
execution_gateway.api.resources.limits.memory | string |
| Memory limit for the execution-gateway-api deployment |
execution_gateway.force_legacy_ui | string |
| |
execution_gateway.plan_concurrency | int |
| Maximum concurrency you wish to permit per org in your environment |
execution_gateway.public_api.replicas | int |
| Number of replicas to deploy for the execution-gateway-public-api deployment. |
execution_gateway.public_api.resources.limits.memory | string |
| Memory limit for the execution-gateway-publicapi deployment |
feature_flags_api.replicas | int |
| Number of replicas to deploy for the feature-flags-api deployment. |
feature_flags_api.resources.limits.memory | string |
| Memory limit for the feature-flags-api deployment. |
frontend.jvmHeapSize | string |
| |
frontend.replicas | int |
| Number of replicas to deploy for the frontend deployment. |
frontend.resources.limits.cpu | string |
| CPU limit for the frontend deployment. |
frontend.resources.limits.memory | string |
| Memory limit for the frontend deployment. |
github | object |
| VCS Configuration details (currently limited to Github Enterprise and Github.com) |
github.clientId | string |
| Client ID for OAuth Login via Github (2 Options). Create on by Navigating to Settings > Developer Settings > OAuth Apps. Your homepage should be set to |
github.clientSecret | string |
| Client Secret for OAuth Login via Github (2 Options). |
github.enterprise | bool |
| Set to |
github.fingerprint | string |
| Required when it is not possible to directly |
github.hostname | string |
| Github hostname. Ignored on Github.com. This is the hostname of your Github Enterprise installation. |
github.scheme | string |
| One of ‘http’ or ‘https’. Ignored on Github.com. Set to ‘http’ if your Github Enterprise installation is not using TLS. |
github.unsafeDisableWebhookSSLVerification | bool |
| Disable SSL Verification in webhooks. This is not safe and shouldn’t be done in a production scenario. This is required if your Github installation does not trust the certificate authority that signed your Circle server certificates (e.g they were self signed). |
global.container.org | string |
| The registry organization to pull all images from (if in use), defaults to none. |
global.container.registry | string |
| The registry to pull all images from, defaults to “cciserver.azurecr.io”. |
global.domainName | string |
| Domain name of your CircleCI install |
global.imagePullSecrets[0] | string |
| |
global.license | string |
| License (2 Options) For your CircleCI Installation |
global.nodeAffinity | object |
| NodeAffinity template to apply to all CircleCI pods |
global.nodeSelector | object |
| NodeSelector template to apply to all CircleCI pods |
global.scheme | string |
| Scheme for your CircleCI install |
global.tolerations | object |
| Tolerations to apply to all CircleCI pods |
global.tracing.collector_host | string |
| |
global.tracing.enabled | bool |
| |
global.tracing.sample_rate | float |
| |
insights_service.dailyCronHour | int |
| Defaults to 3AM local server time. |
insights_service.hourlyCronMinute | int |
| Defaults to 35 minutes past the hour. |
insights_service.isEnabled | bool |
| Whether or not to enable the insights-service deployment. |
insights_service.replicas | int |
| Number of replicas to deploy for the insights-service deployment. |
insights_service.skipPermissionsCheck | bool |
| Enable to skip the permissions check on the org page and show all projects |
keyset | object |
| Keysets (2 Options) used to encrypt and sign artifacts generated by CircleCI. You need these values to configure server. |
keyset.encryption | string |
| Encryption Key To generate an artifact ENCRYPTION key run: |
keyset.signing | string |
| Signing Key To generate an artifact SIGNING key run: |
kong.acme.email | string |
| |
kong.acme.enabled | bool |
| This setting will fetch and renew Let’s Encrypt certs for you. It defaults to false as this only works when there’s a valid DNS entry for your domain (and the app. sub domain) - so you will need to deploy with this turned off and set the DNS records first. You can then set this to true and run |
kong.debug_level | string |
| Debug level for Kong. Available levels: |
kong.image.repository | string |
| The Docker image repository for Kong. Note this repository is not managed by CircleCI. |
kong.image.tag | string |
| The Kong image tag. Kong has been tested against this specific version tag; edit this value at your own risk. |
kong.nginx_worker_processes | int |
| Determines the number of worker processes spawned by Nginx. |
kong.replicas | int |
| |
kong.resources.limits.cpu | string |
| CPU limit for the kong deployment. |
kong.resources.limits.memory | string |
| Memory limit for the kong deployment. |
kong.resources.requests.cpu | string |
| CPU request for the kong deployment. |
kong.resources.requests.memory | string |
| Memory request for the kong deployment. |
kong.status_page | bool |
| Set to true for public health check page (kong) for load balancers to hit |
legacy_notifier.replicas | int |
| Number of replicas to deploy for the legacy-notifier deployment. |
legacy_notifier.resources.limits.cpu | string |
| CPU limit for the legacy-notifier deployment. |
legacy_notifier.resources.limits.memory | string |
| Memory limit for the legacy-notifier deployment. |
machine_provisioner.agent_base_url | string |
| Location of the machine-provisioner agent. When air-gapped, the machine-provisioner agent will need to be hosted within the air-gap and this value updated |
machine_provisioner.agent_download_timeout_seconds | int |
| Timeout when attempting to download task-agent or docker-agent (remote docker) in machine-agent |
machine_provisioner.config_path | string |
| Path to config with information about images/providers/resource-classes |
machine_provisioner.demandFudgeFactor | int |
| demandFudgeFactor multiplies the demand from distributor with an additional factor |
machine_provisioner.dlcDockerDiskSizeGB | int |
| dlcDockerDiskSizeGB Configure size of docker disk size. Used for ratio to prune on |
machine_provisioner.dlcMaxDiskThresholdGB | int |
| dlcMaxDiskThresholdGB configure dlc max disk threshold |
machine_provisioner.dlcUnusedLifespanDays | int |
| dlcUnusedLifespanDays Configure how long to keep dlc images and build cache for |
machine_provisioner.enabled | bool |
| |
machine_provisioner.external.replicas | int |
| Number of replicas to deploy for the machine-provisioner-externalapi deployment. |
machine_provisioner.external.resources.limits.memory | string |
| Memory limit for the machine-provisioner-externalapi deployment |
machine_provisioner.fudgeConstantTerm | int |
| fudgeConstantTerm adds to the results for the forecast rules. |
machine_provisioner.fudgeScaleFactor | float |
| fudgeScaleFactor multiplies the results for the forecast rules. |
machine_provisioner.installID | string |
| Unique tag machine provisioner applies to machines it manages. |
machine_provisioner.internal.replicas | int |
| Number of replicas to deploy for the machine-provisioner-internalapi deployment. |
machine_provisioner.internal.resources.limits.memory | string |
| Memory limit for the machine-provisioner-internalapi deployment |
machine_provisioner.leader.replicas | int |
| Number of replicas to deploy for the machine-provisioner-leader deployment. |
machine_provisioner.leader.resources.limits.memory | string |
| Memory limit for the machine-provisioner-leader deployment |
machine_provisioner.machine_agent_download_timeout_seconds | int |
| Timeout when attempting to download machine-agent onto a VM |
machine_provisioner.plugin_repository_url | string |
| Location of the agent plugin binaries. When air-gapped, the plugin binaries will need to be hosted within the air-gap and this value updated |
machine_provisioner.providers | object |
| Provider configuration for Machine Provisioner. |
machine_provisioner.providers.ec2.accessKey | string |
| EC2 Authentication Config (3 Options). Option 2: Leave accessKey and secretKey blank, and create the secret yourself. CircleCI will assume it exists. |
machine_provisioner.providers.ec2.enabled | bool |
| Set to enable EC2 as a virtual machine provider |
machine_provisioner.providers.gcp.enabled | bool |
| Set to enable GCP Compute as a VM provider |
machine_provisioner.providers.gcp.service_account | object |
| GCP Compute Authentication Config (3 Options). |
machine_provisioner.provisioner.replicas | int |
| Number of replicas to deploy for the machine-provisioner-provisioner deployment. |
machine_provisioner.provisioner.resources.limits.memory | string |
| Memory limit for the machine-provisioner-leader deployment |
machine_provisioner.terminatePendingLinuxAfter | string |
| Linux pending machine timeout. Machine instances will be terminted if they take longer than this to start |
machine_provisioner.terminatePendingWindowsAfter | string |
| Windows pending machine timeout. Machine instances will be terminted if they take longer than this to start |
mongodb.architecture | string |
| |
mongodb.auth.database | string |
| |
mongodb.auth.existingSecret | string |
| |
mongodb.auth.mechanism | string |
| |
mongodb.auth.password | string |
| |
mongodb.auth.rootPassword | string |
| |
mongodb.auth.username | string |
| |
mongodb.fullnameOverride | string |
| |
mongodb.hosts | string |
| MongoDB host. This can be a comma-separated list of multiple hosts for sharded instances. |
mongodb.image.tag | string |
| |
mongodb.injectBotToken.image.repository | string |
| The Docker image repository for MongoDB used by the |
mongodb.injectBotToken.image.tag | float |
| The |
mongodb.internal | bool |
| Set to false if you want to use an externalized MongoDB instance. |
mongodb.labels.app | string |
| |
mongodb.labels.layer | string |
| |
mongodb.options | string |
| |
mongodb.persistence.size | string |
| To increase PVC size, follow this guide: https://circleci.com/docs/server/operator/expanding-internal-database-volumes |
mongodb.podAnnotations.”backup.velero.io/backup-volumes” | string |
| |
mongodb.podLabels.app | string |
| |
mongodb.podLabels.layer | string |
| |
mongodb.ssl | bool |
| |
mongodb.tlsInsecure | bool |
| If using an SSL connection with custom CA or self-signed certs, set this to true |
mongodb.useStatefulSet | bool |
| |
nginx.annotations.”service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled” | string |
| |
nginx.annotations.”service.beta.kubernetes.io/aws-load-balancer-type” | string |
| Use |
nginx.aws_acm.enabled | bool |
| ⚠️ WARNING: Enabling this will recreate frontend’s service which will recreate the load balancer. If you are updating your deployed settings, then you will need to route your frontend domain to the new loadbalancer. You will also need to add |
nginx.image.repository | string |
| The Docker image repository for NGINX. Note this repository is not managed by CircleCI. |
nginx.image.tag | string |
| Nginx has been tested against this specific version tag; edit this value at your own risk. |
nginx.loadBalancerIp | string |
| Load Balancer IP. To use a static IP for the provisioned load balancer with GCP, set to a reserved static ipv4 address |
nginx.loadBalancerSourceRanges | list |
| Load Balancer Source IP CIDRs List of IP CIDRs allowed access to load balancer |
nginx.private_load_balancers | bool |
| |
nginx.replicas | int |
| |
nginx.resources.limits.cpu | string |
| CPU limit for the nginx deployment. |
nginx.resources.limits.memory | string |
| Memory limit for the nginx deployment. |
nginx.resources.requests.cpu | string |
| CPU request for the nginx deployment. |
nginx.resources.requests.memory | string |
| Memory request for the nginx deployment. |
nomad.auto_scaler.aws.accessKey | string |
| AWS Authentication Config (3 Options). |
nomad.auto_scaler.aws.autoScalingGroup | string |
| |
nomad.auto_scaler.aws.enabled | bool |
| |
nomad.auto_scaler.aws.irsaRole | string |
| |
nomad.auto_scaler.aws.region | string |
| |
nomad.auto_scaler.aws.secretKey | string |
| |
nomad.auto_scaler.enabled | bool |
| |
nomad.auto_scaler.gcp.enabled | bool |
| |
nomad.auto_scaler.gcp.mig_name | string |
| |
nomad.auto_scaler.gcp.project_id | string |
| |
nomad.auto_scaler.gcp.region | string |
| |
nomad.auto_scaler.gcp.service_account | object |
| GCP Authentication Config (3 Options). |
nomad.auto_scaler.gcp.workloadIdentity | string |
| |
nomad.auto_scaler.gcp.zone | string |
| |
nomad.auto_scaler.image.repository | string |
| The Docker image repository for the Nomad Autoscaler. Note this repository is not managed by CircleCI. |
nomad.auto_scaler.image.tag | string |
| Nomad Autoscaler has been tested against this specific version tag; edit this value at your own risk. |
nomad.auto_scaler.scaling.cooldown | string |
| A time interval after a scaling action during which no additional scaling will be performed on the resource. |
nomad.auto_scaler.scaling.evaluation_interval | string |
| Defines how often the policy is evaluated by the Autoscaler. |
nomad.auto_scaler.scaling.max | int |
| |
nomad.auto_scaler.scaling.min | int |
| |
nomad.auto_scaler.scaling.node_drain_deadline | string |
| |
nomad.buildAgentImage | string |
| By default, Dockerhub is assumed to be the image registry unless otherwise specified eg: registry.example.com/organization/repository |
nomad.clients | object |
| |
nomad.clusterDomain | string |
| |
nomad.server.gossip.encryption.enabled | bool |
| |
nomad.server.pdb.enabled | bool |
| |
nomad.server.pdb.minAvailable | int |
| |
nomad.server.replicas | int |
| |
nomad.server.rpc.mTLS | object |
| Nomad mTLS (3 Options), strongly suggested for RPC communication |
nomad.server.service.unsafe_expose_api | bool |
| |
object_storage | object |
| Object storage for build artifacts, audit logs, test results and more. One of object_storage.s3.enabled or object_storage.gcs.enabled must be true for the chart to function. |
object_storage.expireAfter | int |
| Number of days after which artifacts will expire from the UI |
object_storage.gcs.service_account | object |
| GCP Storage (GCS) Authentication Config (3 Options). |
object_storage.s3 | object |
| S3 Configuration for Object Storage. Authentication methods: AWS Access/Secret Key, and IRSA Role |
object_storage.s3.accessKey | string |
| AWS Authentication Config (3 Options). |
object_storage.s3.endpoint | string |
| API endpoint for S3. If in AWS us-west-2, for example, this would be the regional endpoint https://s3.us-west-2.amazonaws.com. If using S3 compatible storage, specify the API endpoint of your object storage server |
object_storage.s3.presigned | bool |
| When true object storage will be handled with presigned URLs. When false direct bucket access will be used instead. Direct access requires storageRole to be non-empty. |
object_storage.s3.storageRole | string |
| A role that can be assumed to provide direct bucket access credentials. Required if presigned is false |
oidc_service.isEnabled | bool |
| Whether or not to enable oidc support. |
oidc_service.json_web_keys | string |
| The json web key (JWK) or key set (JWKS) used for signing ID tokens. Value should be base64 encoded. |
oidc_service.replicas | int |
| Number of replicas to deploy for the oidc-service deployment. |
oidc_service.resources | object |
| Resource configuration for the oidc-service deployment. |
oidc_service.token_max_ttl | string |
| Maximum time-to-live for newly minted ID tokens. |
oidc_tasks_service.replicas | int |
| Number of replicas to deploy for the oidc-tasks-service deployment. |
oidc_tasks_service.resources | object |
| Resource configuration for the oidc-tasks-service deployment. |
orb_service.replicas | int |
| Number of replicas to deploy for the orb-service deployment. |
orb_service.resources.limits.cpu | string |
| CPU limit for the orb-service deployment. |
orb_service.resources.limits.memory | string |
| Memory limit for the orb-service deployment. |
output.internal.replicas | string |
| Number of replicas to deploy for the output-internal deployment. |
output.internal.resources.limits.memory | string |
| Memory limit for the output-internal deployment. |
output.public | object |
| Number of replicas to deploy for the output-public deployment. |
output.public.resources.limits.memory | string |
| Memory limit for the output-public deployment. |
output.receiver | object |
| Number of replicas to deploy for the output-receiver deployment. |
output.receiver.resources.limits.memory | string |
| Memory limit for the output-receiver deployment. |
permissions_service.replicas | int |
| Number of replicas to deploy for the permissions-service deployment. |
permissions_service.resources.limits.cpu | string |
| CPU limit for the permissions-service deployment. |
permissions_service.resources.limits.memory | string |
| Memory limit for the permissions-service deployment. |
policy_service.replicas | int |
| Number of replicas to deploy for the policy-service deployment. |
policy_service.resources.limits.cpu | string |
| CPU limit for the policy-service deployment. |
policy_service.resources.limits.memory | string |
| Memory limit for the policy-service deployment. |
policy_service_internal.replicas | int |
| Number of replicas to deploy for the policy-service-internal deployment. |
policy_service_internal.resources.limits.cpu | string |
| CPU limit for the policy-service-internal deployment. |
policy_service_internal.resources.limits.memory | string |
| Memory limit for the policy-service-internal deployment. |
postgresql.auth.existingSecret | string |
| |
postgresql.auth.password | string |
| Use only when postgresql.internal is false, this is the password of your externalized postgres user Ignored if |
postgresql.auth.postgresPassword | string |
| Password for the “postgres” admin user on the internal postgres instance. Use only when postgresql.internal is true. Ignored if |
postgresql.auth.username | string |
| Use only when postgresql.internal is false, then this is the username used to connect with your externalized postgres instance |
postgresql.fullnameOverride | string |
| |
postgresql.image.pullSecrets[0] | string |
| |
postgresql.image.registry | string |
| |
postgresql.image.repository | string |
| |
postgresql.image.tag | string |
| |
postgresql.internal | bool |
| |
postgresql.postgresqlHost | string |
| |
postgresql.postgresqlPort | int |
| |
postgresql.primary.extendedConfiguration | string |
| |
postgresql.primary.labels.app | string |
| |
postgresql.primary.labels.layer | string |
| |
postgresql.primary.persistence.existingClaim | string |
| To increase PVC size, follow this guide: https://circleci.com/docs/server/operator/expanding-internal-database-volumes |
postgresql.primary.persistence.size | string |
| |
postgresql.primary.podAnnotations.”backup.velero.io/backup-volumes” | string |
| |
postgresql.primary.podLabels.app | string |
| |
postgresql.primary.podLabels.layer | string |
| |
postgresql.readReplicas.labels.app | string |
| |
postgresql.readReplicas.labels.layer | string |
| |
postgresql.readReplicas.podLabels.app | string |
| |
postgresql.readReplicas.podLabels.layer | string |
| |
proxy.enabled | bool |
| If false, all proxy settings are ignored |
proxy.http | object |
| Proxy for HTTP requests |
proxy.https | object |
| Proxy for HTTPS requests |
proxy.no_proxy | list |
| List of hostnames, IP CIDR blocks exempt from proxying. Loopback and intra-service traffic is never proxied. |
pusher.key | string |
| |
rabbitmq.auth.erlangCookie | string |
| |
rabbitmq.auth.existingErlangSecret | string |
| |
rabbitmq.auth.existingPasswordSecret | string |
| |
rabbitmq.auth.password | string |
| |
rabbitmq.auth.username | string |
| |
rabbitmq.fullnameOverride | string |
| |
rabbitmq.host | string |
| When |
rabbitmq.image.tag | string |
| |
rabbitmq.internal | bool |
| Disables this charts Internal RabbitMQ instance |
rabbitmq.management_gui_port | int |
| When |
rabbitmq.persistence.existingClaim | string |
| To increase PVC size, follow this guide: https://circleci.com/docs/server/operator/expanding-internal-database-volumes |
rabbitmq.persistence.size | string |
| |
rabbitmq.podAnnotations.”backup.velero.io/backup-volumes” | string |
| |
rabbitmq.podLabels.app | string |
| |
rabbitmq.podLabels.layer | string |
| |
rabbitmq.port | int |
| When |
rabbitmq.replicaCount | int |
| |
rabbitmq.statefulsetLabels.app | string |
| |
rabbitmq.statefulsetLabels.layer | string |
| |
redis.cluster.enabled | bool |
| |
redis.cluster.slaveCount | int |
| |
redis.fullnameOverride | string |
| |
redis.image.tag | string |
| |
redis.master.extraEnvVars[0].name | string |
| |
redis.master.extraEnvVars[0].value | string |
| |
redis.master.persistence.size | string |
| To increase PVC size, follow this guide: https://circleci.com/docs/server/operator/expanding-internal-database-volumes |
redis.master.podAnnotations.”backup.velero.io/backup-volumes” | string |
| |
redis.podLabels.app | string |
| |
redis.podLabels.layer | string |
| |
redis.slave.extraEnvVars[0].name | string |
| |
redis.slave.extraEnvVars[0].value | string |
| |
redis.slave.persistence.size | string |
| To increase PVC size, follow this guide: https://circleci.com/docs/server/operator/expanding-internal-database-volumes |
redis.slave.podAnnotations.”backup.velero.io/backup-volumes” | string |
| |
redis.statefulset.labels.app | string |
| |
redis.statefulset.labels.layer | string |
| |
redis.usePassword | bool |
| |
runner_admin.cleaner.replicas | int |
| Number of replicas to deploy for the radm-cleaner deployment. |
runner_admin.cleaner.resources.limits.cpu | string |
| CPU limit for the radm-cleaner deployment |
runner_admin.cleaner.resources.limits.memory | string |
| Memory limit for the radm-cleaner deployment |
runner_admin.cleaner.resources.requests.cpu | string |
| CPU request for the radm-cleaner deployment |
runner_admin.cleaner.resources.requests.memory | string |
| Memory request for the radm-cleaner deployment |
runner_admin.external.launch_agent_base_url | string |
| Location of the launch-agent binaries. When using an air-gapped environment, the launch-agent binaries will need to be hosted within the air gap and this value updated. |
runner_admin.external.replicas | int |
| Number of replicas to deploy for the radm-external deployment. |
runner_admin.external.resources.limits.cpu | string |
| CPU limit for the radm-external deployment |
runner_admin.external.resources.limits.memory | string |
| Memory limit for the radm-external deployment |
runner_admin.external.resources.requests.cpu | string |
| CPU request for the radm-external deployment |
runner_admin.external.resources.requests.memory | string |
| Memory request for the radm-external deployment |
runner_admin.internal.replicas | int |
| Number of replicas to deploy for the radm-internal deployment. |
runner_admin.internal.resources.limits.cpu | string |
| CPU limit for the radm-internal deployment |
runner_admin.internal.resources.limits.memory | string |
| Memory limit for the radm-internal deployment |
runner_admin.internal.resources.requests.cpu | string |
| CPU request for the radm-internal deployment |
runner_admin.internal.resources.requests.memory | string |
| Memory request for the radm-internal deployment |
schedulerer.replicas | int |
| Number of replicas to deploy for the schedulerer deployment. |
serveUnsafeArtifacts | bool |
| ⚠️ WARNING: Changing this to true will serve HTML artifacts instead of downloading them. This can allow specially-crafted artifacts to gain control of users’ CircleCI accounts. |
smtp | object |
| Email notification settings |
smtp.port | int |
| Outbound connections on port 25 are blocked on most cloud providers. Should you select this default port, be aware that your notifications may fail to send. |
smtp.tls | bool |
| StartTLS is used to encrypt mail by default. Only disable this if you can otherwise guarantee the confidentiality of traffic. |
soketi.image.repository | string |
| The Soketi image repository for NGINX. Note this repository is not managed by CircleCI. |
soketi.image.tag | string |
| Soketi has been tested against this specific version tag; edit this value at your own risk. |
soketi.replicas | int |
| Number of replicas to deploy for the soketi deployment. |
step.internal.replicas | int |
| Number of replicas to deploy for the step-internal deployment. |
step.internal.resources.limits.cpu | int |
| CPU limit for the step-internal deployment |
step.internal.resources.limits.memory | string |
| Memory limit for the step-internal deployment |
step.receiver.replicas | int |
| Number of replicas to deploy for the step-receiver deployment. |
step.receiver.resources.limits.cpu | int |
| CPU limit for the step-receiver deployment |
step.receiver.resources.limits.memory | string |
| Memory limit for the step-receiver deployment |
telegraf.args[0] | string |
| |
telegraf.args[1] | string |
| |
telegraf.args[2] | string |
| |
telegraf.args[3] | string |
| |
telegraf.config.agent.flush_interval | string |
| |
telegraf.config.agent.interval | string |
| |
telegraf.config.agent.omit_hostname | bool |
| |
telegraf.config.custom_config_file | string |
| |
telegraf.config.inputs[0].statsd.datadog_extensions | bool |
| |
telegraf.config.inputs[0].statsd.max_ttl | string |
| |
telegraf.config.inputs[0].statsd.metric_separator | string |
| |
telegraf.config.inputs[0].statsd.percentile_limit | int |
| |
telegraf.config.inputs[0].statsd.percentiles[0] | int |
| |
telegraf.config.inputs[0].statsd.percentiles[1] | int |
| |
telegraf.config.inputs[0].statsd.percentiles[2] | int |
| |
telegraf.config.inputs[0].statsd.service_address | string |
| |
telegraf.config.outputs[0].file.files[0] | string |
| |
telegraf.fullnameOverride | string |
| |
telegraf.mountPoints[0].mountPath | string |
| |
telegraf.mountPoints[0].name | string |
| |
telegraf.resources.limits.memory | string |
| Memory limit for the telegraf deployment. |
telegraf.resources.requests.cpu | string |
| CPU request for the telegraf deployment. |
telegraf.resources.requests.memory | string |
| Memory request for the telegraf deployment. |
telegraf.volumes[0].configMap.name | string |
| |
telegraf.volumes[0].name | string |
| |
tink | object |
| Tink Configuration + Tink is given precedence over vault. If tink.enabled is true, vault will not be deployed. Tink or vault must be set once at install and cannot be changed. |
tink.enabled | bool |
| When enabled, Tink will be used instead of Vault for contexts encryption. |
tink.keyset | string |
| The keyset generated the Tink CLI to be used for contexts encryption. |
tls.certificate | string |
| Base64 encoded certificate must be provided if kong.acme.enabled is false |
tls.certificates | list |
| List of base64’d certificates that will be imported into the system |
tls.import | list |
| List of host:port from which to import certificates |
tls.privateKey | string |
| Base64 encoded private key must be provided if kong.acme.enabled is false |
vault | object |
| External Services configuration |
vault.internal | bool |
| Disables this charts Internal Vault instance |
vault.token | string |
| This token is required when |
vault.transitPath | string |
| When |
web_ui.replicas | int |
| Number of replicas to deploy for the web-ui deployment. |
web_ui.resources.limits.memory | string |
| Memory limit configuration for the web-ui deployment |
web_ui_authentication.replicas | int |
| Number of replicas to deploy for the web-ui-authentication deployment. |
web_ui_authentication.resources.limits.memory | string |
| Memory limit configuration for the web-ui-authentication deployment |
web_ui_insights.replicas | int |
| Number of replicas to deploy for the web-ui-insights deployment. |
web_ui_insights.resources.limits.memory | string |
| Memory limit configuration for the web-ui-insights deployment |
web_ui_onboarding.replicas | int |
| Number of replicas to deploy for the web-ui-onboarding deployment. |
web_ui_onboarding.resources.limits.memory | string |
| Memory limit configuration for the web-ui-onboarding deployment |
web_ui_org_settings.replicas | int |
| Number of replicas to deploy for the web-ui-org-settings deployment. |
web_ui_org_settings.resources.limits.memory | string |
| Memory limit configuration for the web-ui-org-settings deployment. |
web_ui_project_settings.replicas | int |
| Number of replicas to deploy for the web-ui-project-settings deployment. |
web_ui_project_settings.resources.limits.memory | string |
| Memory limit configuration for the web-ui-project-settings deployment. |
web_ui_runners.replicas | int |
| Number of replicas to deploy for the web-ui-project-settings deployment. |
web_ui_runners.resources.limits.memory | string |
| Memory limit configuration for the web-ui-project-settings deployment. |
web_ui_server_admin.replicas | int |
| Number of replicas to deploy for the web-ui-server-admin deployment. |
web_ui_server_admin.resources.limits.memory | string |
| Memory limit configuration for the web-ui-server-admin deployment. |
web_ui_user_settings.replicas | int |
| Number of replicas to deploy for the web-ui-user-settings deployment. |
web_ui_user_settings.resources.limits.memory | string |
| Memory limit configuration for the user-settings deployment. |
webhook_service.isEnabled | bool |
| |
webhook_service.replicas | int |
| Number of replicas to deploy for the webhook-service deployment. |
webhook_service.resources.limits.cpu | int |
| CPU limit configuration for the webhook-service deployment. |
webhook_service.resources.limits.memory | string |
| Memory limit configuration for the webhook-service deployment. |
workflows_conductor_event_consumer.replicas | int |
| Number of replicas to deploy for the workflows-conductor-event-consumer deployment. |
workflows_conductor_event_consumer.resources.limits.cpu | string |
| CPU limit configuration for the workflows-conductor-event-consumer deployment. |
workflows_conductor_event_consumer.resources.limits.memory | string |
| Memory limit configuration for the workflows-conductor-event-consumer deployment. |
workflows_conductor_grpc.replicas | int |
| Number of replicas to deploy for the workflows-conductor-grpc deployment. |
workflows_conductor_grpc.resources.limits.cpu | string |
| CPU limit configuration for the workflows-conductor-grpc deployment. |
workflows_conductor_grpc.resources.limits.memory | string |
| Memory limit configuration for the workflows-conductor-grpc deployment. |