Installation reference
Example manifests
The following are example manifests that contain the basic required parameters necessary to spin up the circleci-server Helm installation.
AWS
The below is an example manifest of the necessary parameters for an installation of circleci-server in an AWS environment. Note that this installation uses IAM roles for service accounts (IRSA), which is recommended. Fields with base64 encoding are marked as such.
global:
domainName: "<full-domain-name-of-your-install>"
license: '<license>'
container:
registry: cciserver.azurecr.io
org:
apiToken: "<circleci-api-token>"
sessionCookieKey: "<session-cookie-key>"
keyset:
signing: '<generated-signing-key>'
encryption: '<generated-encryption-key>'
nomad:
server:
gossip:
encryption:
key: "<nomad-gossip-encryption-key>"
rpc:
mTLS:
enabled: true
CACertificate: "<nomad-mtls-base64-ca>"
certificate: "<nomad-mtls-base64-cert>"
privateKey: "<nomad-mtls-base64-key>"
object_storage:
bucketName: '<s3-bucket-name>'
s3:
enabled: true
endpoint: "<aws-region-url>" # ex: https://s3.us-east-1.amazonaws.com
region: "<aws-region>"
irsaRole: "<arn-of-irsa-role>"
github:
clientId: "<generated-github-client-id>"
clientSecret: "<generated-github-client-secret>"
vm_service:
providers:
ec2:
enabled: true
region: "<aws-region>"
subnets:
- "<subnet-id>"
securityGroupId: "<security-group-id>"
irsaRole: "<arn-of-irsa-role>"
mongodb:
auth:
rootPassword: "<mongodb-root-password>"
password: "<mongodb-password>"
postgresql:
auth:
postgresPassword: "<postgres-password>"
pusher:
secret: "<pusher-secret>"
rabbitmq:
auth:
password: "<rabbitmq-password>"
erlangCookie: "<rabbitmq-erlang-cookie>"
GCP
The below is an example manifest of the necessary parameters for an installation of circleci-server in a GCP environment. Note that this installation uses Workload Identity, which is recommended. Fields with base64 encoding are marked as such.
global:
domainName: "<full-domain-name-of-your-install>"
license: '<license-for-circleci-server>'
container:
registry: cciserver.azurecr.io
org:
apiToken: "<circleci-api-token>"
sessionCookieKey: "<session-cookie-key>"
keyset:
signing: '<generated-signing-key>'
encryption: '<generated-encryption-key>'
github:
clientId: "<generated-github-client-id>"
clientSecret: "<generated-github-client-secret>"
object_storage:
bucketName: "<gcs-bucket-name>"
gcs:
enabled: true
workloadIdentity: "<service-account-email-with-gcs-access>"
mongodb:
auth:
rootPassword: "<mongodb-root-password>"
password: "<mongodb-password>"
vm_service:
providers:
gcp:
enabled: true
project_id: <gcp-project-id>
network_tags:
- <network-tag>
zone: <gcp-zone>
network: "<gcp-network>"
subnetwork: "" # leave blank for auto-subnetting
workloadIdentity: "<service-account-email-with-compute-access>"
pusher:
secret: "<pusher-secret>"
postgresql:
auth:
postgresPassword: "<postgres-password>"
rabbitmq:
auth:
password: "<rabbitmq-password>"
erlangCookie: "<rabbitmq-erlang-cookie>"
nomad:
server:
gossip:
encryption:
key: "<nomad-gossip-encryption-key>"
rpc:
mTLS:
enabled: true
CACertificate: "<nomad-mtls-base64-ca>"
certificate: "<nomad-mtls-base64-cert>"
privateKey: "<nomad-mtls-base64-key>"
All Helm values.yaml
options
Key | Type | Default | Description |
---|---|---|---|
----- | ------ | --------- | |
------------- | apiToken | string | |
| API token (2 Options). <br> Option 1: Set the value here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. | api_service.replicas | |
int |
| Number of replicas to deploy for the api-service deployment. | |
audit_log_service.replicas | int |
| Number of replicas to deploy for the audit-log-service deployment. |
branch_service.replicas | int |
| |
Number of replicas to deploy for the branch-service deployment. | builds_service.replicas | int | |
| Number of replicas to deploy for the builds-service deployment. | contexts_service.replicas | |
int |
| Number of replicas to deploy for the contexts-service deployment. | |
cron_service.replicas | int |
| Number of replicas to deploy for the cron-service deployment. |
dispatcher.replicas | int |
| |
Number of replicas to deploy for the dispatcher deployment. | distributor.agent_base_url | string | |
| location of the task-agent. When air-gapped, the task-agent will need to be hosted within the air gap and this value updated | distributor.launch_agent_base_url | |
string |
| Location of the launch-agent. When air-gapped, the launch-agent will need to be hosted within the air gap and this value updated | |
distributor_cleaner.replicas | int |
| Number of replicas to deploy for the distributor-dispatcher deployment. |
distributor_dispatcher.replicas | int |
| |
Number of replicas to deploy for the distributor-dispatcher deployment. | distributor_external.replicas | int | |
| Number of replicas to deploy for the distributor-external deployment. | distributor_internal.replicas | |
int |
| Number of replicas to deploy for the distributor-internal deployment. | |
domain_service.replicas | int |
| Number of replicas to deploy for the domain-service deployment. |
frontend.replicas | int |
| |
Number of replicas to deploy for the frontend deployment. | github | object | |
| VCS Configuration details (currently limited to Github Enterprise and Github.com) | github.clientId | |
string |
| Client ID for OAuth Login via Github (2 Options). <br> Option 1: Set the value here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. <br> Create on by Navigating to Settings > Developer Settings > OAuth Apps. Your homepage should be set to | |
github.clientSecret | string |
| Client Secret for OAuth Login via Github (2 Options). <br> Option 1: Set the value here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. <br> Retrieved from the same location as specified in github.clientID. |
github.enterprise | bool |
| |
Set to true for Github Enterprise and false for Github.com | github.fingerprint | string | |
| Required when it is not possible to directly ssh-keyscan a GitHub Enterprise instance. It is not possible to proxy | github.hostname | |
string |
| Github hostname. Ignored on Github.com. This is the hostname of your Github Enterprise installation. | |
github.scheme | string |
| One of 'http' or 'https'. Ignored on Github.com. Set to 'http' if your Github Enterprise installation is not using TLS. |
github.unsafeDisableWebhookSSLVerification | bool |
| |
Disable SSL Verification in webhooks. This is not safe and shouldn’t be done in a production scenario. This is required if your Github installation does not trust the certificate authority that signed your Circle server certificates (e.g they were self signed). | global.container.org | string | |
| The registry organization to pull all images from (if in use), defaults to none. | global.container.registry | |
string |
| The registry to pull all images from, defaults to "cciserver.azurecr.io". | |
global.domainName | string |
| Domain name of your CircleCI install |
global.imagePullSecrets[0].name | string |
| |
global.license | string | ||
| License for your CircleCI install | global.scheme | |
string |
| Scheme for your CircleCI install | |
global.tracing.collector_host | string |
| |
global.tracing.enabled | bool |
| |
global.tracing.sample_rate | float | ||
| insights_service.dailyCronHour | ||
int |
| Defaults to 3AM local server time. | |
insights_service.hourlyCronMinute | int |
| Defaults to 35 minutes past the hour. |
insights_service.isEnabled | bool |
| |
Whether or not to enable the insights-service deployment. | insights_service.replicas | int | |
| Number of replicas to deploy for the insights-service deployment. | insights_service.skipPermissionsCheck | |
bool |
| Enable to skip the permissions check on the org page and show all projects | |
internal_zone | string |
| |
keyset | object |
| |
Keysets (2 Options) used to encrypt and sign artifacts generated by CircleCI. You need these values to configure server. <br> Option 1: Set the values keyset.signing and keyset.encryption here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. <br> The secret must be named 'signing-keys' and have the keys; signing-key, encryption-key. | keyset.encryption | string | |
| Encryption Key To generate an artifact ENCRYPTION key run: | keyset.signing | |
string |
| Signing Key To generate an artifact SIGNING key run: | |
kong.acme.email | string |
| |
kong.acme.enabled | bool |
| |
This setting will fetch and renew Let’s Encrypt certs for you. It defaults to false as this only works when there’s a valid DNS entry for your domain (and the app. sub domain) - so you will need to deploy with this turned off and set the DNS records first. You can then set this to true and run helm upgrade with the updated setting if you want. | kong.debug_level | string | |
| Debug level for Kong. Available levels: debug, info, warn, error, crit. Default is "notice". | kong.replicas | |
int |
| ||
kong.resources.limits.cpu | string |
| |
kong.resources.limits.memory | string |
| |
kong.resources.requests.cpu | string | ||
| kong.resources.requests.memory | ||
string |
| ||
kong.status_page | bool |
| Set to true for public health check page (kong) for loadbalancers to hit |
legacy_notifier.replicas | int |
| |
Number of replicas to deploy for the legacy-notifier deployment. | mongodb.architecture | string | |
| mongodb.auth.database | ||
string |
| ||
mongodb.auth.existingSecret | string |
| |
mongodb.auth.mechanism | string |
| |
mongodb.auth.password | string | ||
| mongodb.auth.rootPassword | ||
string |
| ||
mongodb.auth.username | string |
| |
mongodb.fullnameOverride | string |
| |
mongodb.hosts | string | ||
| MongoDB host. This can be a comma-separated list of multiple hosts for sharded instances. | mongodb.image.tag | |
string |
| ||
mongodb.internal | bool |
| Set to false if you want to use an externalized MongoDB instance. |
mongodb.labels.app | string |
| |
mongodb.labels.layer | string | ||
| mongodb.options | ||
string |
| ||
mongodb.persistence.size | string |
| |
mongodb.podAnnotations."backup.velero.io/backup-volumes" | string |
| |
mongodb.podLabels.app | string | ||
| mongodb.podLabels.layer | ||
string |
| ||
mongodb.ssl | bool |
| |
mongodb.tlsInsecure | bool |
| |
If using an SSL connection with custom CA or self-signed certs, set this to true | mongodb.useStatefulSet | bool | |
| nginx.annotations."service.beta.kubernetes.io/aws-load-balancer-cross-zone-load-balancing-enabled" | ||
string |
| ||
nginx.annotations."service.beta.kubernetes.io/aws-load-balancer-type" | string |
| Use "nlb" for Network Load Balancer and "clb" for Classic Load Balancer. See https://aws.amazon.com/elasticloadbalancing/features/ for feature comparison |
nginx.aws_acm.enabled | bool |
| |
⚠️ WARNING: Enabling this will recreate frontend’s service which will recreate the load balancer. If you are updating your deployed settings, then you will need to route your frontend domain to the new loadbalancer. You will also need to add | nginx.loadBalancerIp | string | |
| Load Balancer IP: To use a static IP for the provisioned load balancer with GCP, set to a reserved static ipv4 address | nginx.private_load_balancers | |
bool |
| ||
nginx.replicas | int |
| |
nginx.resources.limits.cpu | string |
| |
nginx.resources.limits.memory | string | ||
| nginx.resources.requests.cpu | ||
string |
| ||
nginx.resources.requests.memory | string |
| |
nomad.auto_scaler.aws.accessKey | string |
| |
AWS Authentication Config (3 Options). <br> Option 1: Set accessKey and secretKey here, and CircleCI will create the secret for you. <br> Option 2: Leave accessKey and secretKey blank, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave accessKey and secretKey blank, and set the irsaRole field (IAM roles for service accounts). | nomad.auto_scaler.aws.autoScalingGroup | string | |
| nomad.auto_scaler.aws.enabled | ||
bool |
| ||
nomad.auto_scaler.aws.irsaRole | string |
| |
nomad.auto_scaler.aws.region | string |
| |
nomad.auto_scaler.aws.secretKey | string | ||
| nomad.auto_scaler.enabled | ||
bool |
| ||
nomad.auto_scaler.gcp.enabled | bool |
| |
nomad.auto_scaler.gcp.mig_name | string |
| |
nomad.auto_scaler.gcp.project_id | string | ||
| nomad.auto_scaler.gcp.region | ||
string |
| The GCP region where the Managed Instance Group resides. Providing this parameter indicates the MIG is regional. If set, do not provide a zone | |
nomad.auto_scaler.gcp.service_account | object |
| GCP Authentication Config (3 Options). <br> Option 1: Set service_account with the service account JSON (raw JSON, not a string), and CircleCI will create the secret for you. <br> Option 2: Leave the service_account field as its default, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave the service_account field as its default, and set the workloadIdentity field with a service account email to use workload identities. |
nomad.auto_scaler.gcp.workloadIdentity | string |
| |
Workload Identity (GCP Service Account) for K8s service account | nomad.auto_scaler.gcp.zone | string | |
| The GCP zone where the Managed Instance Group resides. Providing this parameter indicates the MIG is zonal. If set, do not provide a region | nomad.auto_scaler.image.repository | |
string |
| ||
nomad.auto_scaler.scaling.max | int |
| |
nomad.auto_scaler.scaling.min | int |
| |
nomad.auto_scaler.scaling.node_drain_deadline | string | ||
| nomad.buildAgentImage | ||
string |
| By default, Dockerhub is assumed to be the image registry unless otherwise specified eg: registry.example.com/organization/repository | |
nomad.clients | object |
| |
nomad.clusterDomain | string |
| |
nomad.server.gossip.encryption.enabled | bool | ||
| nomad.server.gossip.encryption.key | ||
string |
| ||
nomad.server.pdb.enabled | bool |
| |
nomad.server.pdb.minAvailable | int |
| |
nomad.server.replicas | int | ||
| nomad.server.rpc.mTLS | ||
object |
| mTLS is strongly suggested for RPC communication. It encrypts traffic but also authenticates clients to ensure no unauthenticated clients can join the cluster as workers. Base64 encoded PEM encoded certificates are expected here. | |
nomad.server.rpc.mTLS.CACertificate | string |
| base64 encoded nomad mTLS certificate authority |
nomad.server.rpc.mTLS.certificate | string |
| |
base64 encoded nomad mTLS certificate | nomad.server.rpc.mTLS.privateKey | string | |
| base64 encoded nomad mTLS private key | nomad.server.service.unsafe_expose_api | |
bool |
| ||
object_storage | object |
| Object storage for build artifacts, audit logs, test results and more. One of object_storage.s3.enabled or object_storage.gcs.enabled must be true for the chart to function. |
object_storage.expireAfter | int |
| |
Number of days after which artifacts will expire. | object_storage.gcs.service_account | object | |
| GCP Storage (GCS) Authentication Config (3 Options). <br> Option 1: Set service_account with the service account JSON (raw JSON, not a string), and CircleCI will create the secret for you. <br> Option 2: Leave the service_account field as its default, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave the service_account field as its default, and set the workloadIdentity field with a service account email to use workload identities. | object_storage.s3 | |
object |
| S3 Configuration for Object Storage. Authentication methods: AWS Access/Secret Key, and IRSA Role | |
object_storage.s3.accessKey | string |
| AWS Authentication Config (3 Options). <br> Option 1: Set accessKey and secretKey here, and CircleCI will create the secret for you. <br> Option 2: Leave accessKey and secretKey blank, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave accessKey and secretKey blank, and set the irsaRole field (IAM roles for service accounts), also set region: "your-aws-region". |
object_storage.s3.endpoint | string |
| |
API endpoint for S3. If in AWS us-west-2, for example, this would be the regional endpoint https://s3.us-west-2.amazonaws.com. If using S3 compatible storage, specify the API endpoint of your object storage server | orb_service.replicas | int | |
| Number of replicas to deploy for the orb-service deployment. | output_processor.replicas | |
int |
| Number of replicas to deploy for the output-processor deployment. | |
permissions_service.replicas | int |
| Number of replicas to deploy for the permissions-service deployment. |
postgresql.auth.existingSecret | string |
| |
postgresql.auth.password | string | ||
| Use only when postgresql.internal is false, this is the password of your externalized postgres user Ignored if | postgresql.auth.postgresPassword | |
string |
| Use only when postgresql.internal is true. This is the password for the internal postgres instance. Ignored if | |
postgresql.auth.username | string |
| Use only when postgresql.internal is false, then this is the username used to connect with your externalized postgres instance |
postgresql.fullnameOverride | string |
| |
postgresql.image.tag | string | ||
| postgresql.internal | ||
bool |
| ||
postgresql.persistence.existingClaim | string |
| |
postgresql.persistence.size | string |
| |
postgresql.postgresqlHost | string | ||
| postgresql.postgresqlPort | ||
int |
| ||
postgresql.primary.extendedConfiguration | string |
| |
postgresql.primary.podAnnotations."backup.velero.io/backup-volumes" | string |
| |
prometheus.alertmanager.enabled | bool | ||
| prometheus.enabled | ||
bool |
| ||
prometheus.extraScrapeConfigs | string |
| |
prometheus.fullnameOverride | string |
| |
prometheus.nodeExporter.fullnameOverride | string | ||
| prometheus.pushgateway.enabled | ||
bool |
| ||
prometheus.server.emptyDir.sizeLimit | string |
| |
prometheus.server.fullnameOverride | string |
| |
prometheus.server.persistentVolume.enabled | bool | ||
| proxy.enabled | ||
bool |
| If false, all proxy settings are ignored | |
proxy.http | object |
| Proxy for HTTP requests |
proxy.https | object |
| |
Proxy for HTTPS requests | proxy.no_proxy | list | |
| List of hostnames, IP CIDR blocks exempt from proxying. Loopback and intra-service traffic is never proxied. | pusher.key | |
string |
| ||
pusher.secret | string |
| |
rabbitmq.auth.erlangCookie | string |
| |
Either Provide the password or secret name for existingErlangSecret | rabbitmq.auth.existingErlangSecret | string | |
| Secret must contain a value for rabbitmq-erlang-cookie key | rabbitmq.auth.existingPasswordSecret | |
string |
| Must contain a value for rabbitmq-password key | |
rabbitmq.auth.password | string |
| Either Provide the password or secret name for existingPasswordSecret |
rabbitmq.auth.username | string |
| |
rabbitmq.fullnameOverride | string | ||
| rabbitmq.image.tag | ||
string |
| ||
rabbitmq.podAnnotations."backup.velero.io/backup-volumes" | string |
| |
rabbitmq.podLabels.app | string |
| |
rabbitmq.podLabels.layer | string | ||
| rabbitmq.replicaCount | ||
int |
| ||
rabbitmq.statefulsetLabels.app | string |
| |
rabbitmq.statefulsetLabels.layer | string |
| |
redis.cluster.enabled | bool | ||
| redis.cluster.slaveCount | ||
int |
| ||
redis.fullnameOverride | string |
| |
redis.image.tag | string |
| |
redis.master.persistence.size | string | ||
| To increase PVC size, follow this guide: https://circleci.com/docs/server/v4.1/operator/expanding-internal-database-volumes | redis.master.podAnnotations."backup.velero.io/backup-volumes" | |
string |
| ||
redis.podLabels.app | string |
| |
redis.podLabels.layer | string |
| |
redis.slave.persistence.size | string | ||
| To increase PVC size, follow this guide: https://circleci.com/docs/server/v4.1/operator/expanding-internal-database-volumes | redis.slave.podAnnotations."backup.velero.io/backup-volumes" | |
string |
| ||
redis.statefulset.labels.app | string |
| |
redis.statefulset.labels.layer | string |
| |
redis.usePassword | bool | ||
| schedulerer.replicas | ||
int |
| Number of replicas to deploy for the schedulerer deployment. | |
serveUnsafeArtifacts | bool |
| ⚠️ WARNING: Changing this to true will serve HTML artifacts instead of downloading them. This can allow specially-crafted artifacts to gain control of users' CircleCI accounts. |
sessionCookieKey | string |
| |
Session Cookie Key (2 Options). <br> NOTE: Must be exactly 16 bytes. <br> Option 1: Set the value here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. | smtp | object | |
| Email notification settings | smtp.port | |
int |
| Outbound connections on port 25 are blocked on most cloud providers. Should you select this default port, be aware that your notifications may fail to send. | |
smtp.tls | bool |
| StartTLS is used to encrypt mail by default. Only disable this if you can otherwise guarantee the confidentiality of traffic. |
soketi.replicas | int |
| |
Number of replicas to deploy for the soketi deployment. | telegraf.args[0] | string | |
| telegraf.args[1] | ||
string |
| ||
telegraf.args[2] | string |
| |
telegraf.args[3] | string |
| |
telegraf.config.agent.flush_interval | string | ||
| telegraf.config.agent.interval | ||
string |
| ||
telegraf.config.agent.omit_hostname | bool |
| |
telegraf.config.custom_config_file | string |
| |
telegraf.config.inputs[0].statsd.datadog_extensions | bool | ||
| telegraf.config.inputs[0].statsd.max_ttl | ||
string |
| ||
telegraf.config.inputs[0].statsd.metric_separator | string |
| |
telegraf.config.inputs[0].statsd.percentile_limit | int |
| |
telegraf.config.inputs[0].statsd.percentiles[0] | int | ||
| telegraf.config.inputs[0].statsd.percentiles[1] | ||
int |
| ||
telegraf.config.inputs[0].statsd.percentiles[2] | int |
| |
telegraf.config.inputs[0].statsd.service_address | string |
| |
telegraf.config.outputs[0].prometheus_client.listen | string | ||
| telegraf.fullnameOverride | ||
string |
| ||
telegraf.mountPoints[0].mountPath | string |
| |
telegraf.mountPoints[0].name | string |
| |
telegraf.resources.limits.memory | string | ||
| telegraf.resources.requests.cpu | ||
string |
| ||
telegraf.resources.requests.memory | string |
| |
telegraf.volumes[0].configMap.name | string |
| |
telegraf.volumes[0].name | string | ||
| test_results_service.replicas | ||
int |
| Number of replicas to deploy for the test-results-service deployment. | |
tink | object |
| Tink Configuration: <br> Tink is given precedence over vault. If tink.enabled is true, vault will not be deployed. Tink or vault must be set once at install and cannot be changed. <br> Option 1: Set the values tink.keyset here and CircleCI will create the secret automatically. <br> Option 2: Leave this blank, and create the secret yourself. CircleCI will assume it exists. <br> The secret must be named 'tink' and have the key; keyset. generate a keyset via: |
tls.certificate | string |
| |
Base64 encoded certificate, leave empty to use self-signed certificates | tls.certificates | list | |
| List of base64’d certificates that will be imported into the system | tls.import | |
list |
| List of host:port from which to import certificates | |
tls.privateKey | string |
| Base64 encoded private key, leave empty to use self-signed certificates |
vault | object |
| |
External Services configuration | vault.internal | bool | |
| Disables this charts Internal Vault instance | vault.token | |
string |
| This token is required when | |
vault.transitPath | string |
| When |
vm_gc.replicas | int |
| |
Number of replicas to deploy for the vm-gc deployment. | vm_scaler.prescaled | list | |
| Configuration options for, and numbers of, prescaled instances. | vm_scaler.replicas | |
int |
| Number of replicas to deploy for the vm-scaler deployment. | |
vm_service.dlc_lifespan_days | int |
| Number of days to keep DLC volumes before pruning them. |
vm_service.enabled | bool |
| |
vm_service.providers | object | ||
| Provider configuration for the VM service. | vm_service.providers.ec2.accessKey | |
string |
| EC2 Authentication Config (3 Options). <br> Option 1: Set accessKey and secretKey here, and CircleCI will create the secret for you. <br> Option 2: Leave accessKey and secretKey blank, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave accessKey and secretKey blank, and set the irsaRole field (IAM roles for service accounts). | |
vm_service.providers.ec2.enabled | bool |
| Set to enable EC2 as a virtual machine provider |
vm_service.providers.ec2.linuxAMI | string |
| |
Leave blank to use the default Linux AMIs | vm_service.providers.ec2.subnets | list | |
| Subnets must be in the same availability zone | vm_service.providers.ec2.tags | |
list |
| List of tags to apply to all VMs; "key","value","foo","bar" will turn into "key": "value", "foo": "bar" | |
vm_service.providers.ec2.windowsAMI | string |
| Leave blank if you don’t have one |
vm_service.providers.gcp.enabled | bool |
| |
Set to enable GCP Compute as a VM provider | vm_service.providers.gcp.linuxImage | string | |
| Leave blank to use the default Linux AMIs | vm_service.providers.gcp.service_account | |
object |
| GCP Compute Authentication Config (3 Options). <br> Option 1: Set service_account with the service account JSON (raw JSON, not a string), and CircleCI will create the secret for you. <br> Option 2: Leave the service_account field as its default, and create the secret yourself. CircleCI will assume it exists. <br> Option 3: Leave the service_account field as its default, and set the workloadIdentityField with a service account email to use workload identities. | |
vm_service.providers.gcp.subnetwork | string |
| Put an empty string here if you use auto-subnetting |
vm_service.providers.gcp.windowsImage | string |
| |
Leave blank if you don’t have one | vm_service.replicas | int | |
| Number of replicas to deploy for the vm-service deployment. | web_ui.replicas | |
int |
| Number of replicas to deploy for the web-ui deployment. | |
web_ui_404.replicas | int |
| Number of replicas to deploy for the web-ui-404 deployment. |
web_ui_insights.replicas | int |
| |
Number of replicas to deploy for the web-ui-insights deployment. | web_ui_onboarding.replicas | int | |
| Number of replicas to deploy for the web-ui-onboarding deployment. | web_ui_org_settings.replicas | |
int |
| Number of replicas to deploy for the web-ui-org-settings deployment. | |
web_ui_project_settings.replicas | int |
| Number of replicas to deploy for the web-ui-project-settings deployment. |
web_ui_server_admin.replicas | int |
| |
Number of replicas to deploy for the web-ui-server-admin deployment. | web_ui_user_settings.replicas | int | |
| Number of replicas to deploy for the web-ui-user-settings deployment. | webhook_service.isEnabled | |
bool |
| ||
webhook_service.replicas | int |
| Number of replicas to deploy for the webhook-service deployment. |
workflows_conductor_event_consumer.replicas | int |
| |
Number of replicas to deploy for the workflows-conductor-event-consumer deployment. | workflows_conductor_grpc.replicas | int |