Documentation structure for LLMs (llms.txt)
CircleCI Logo

Example values.yaml

13 days ago
Server 4.9 Server Admin

The following snippet shows an example values.yaml file for a Helm installation of CircleCI Server in an air-gapped environment.

Resources

The chart assumes an environment with the following resources:

  • A K3s cluster for the installation of the Helm chart

  • MetalLB pre-configued on the K3s cluster for ingress

  • A private Docker registry at docker.internal.example.com running on port 5000 with no TLS encryption

  • A Nomad instance with mTLS disabled

  • An S3 compatible storage instance running at s3.internal.example.com, with its API listening on port 9000, and no TLS

  • A TLS certificate issued for both domains server.internal.example.com and *.server.internal.example.com`.

For more information about specific values, see the standard installation documentation, starting with the following:

Values.yaml


# Private docker registry at docker.internal.example.com:5000
global:
  domainName: "server.internal.example.com"
  license: '<<your-server-license-here>>'
  container:
    registry: "docker.internal.example.com:5000"
    org: "<image-registry-org>"

# GitHub Enterprise
github:
  hostname: "github.internal.example.com"
  unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
  enterprise: true
  selfSignedCert: true # If using self-signed certificates
  # These must be generated and added manually from GitHub Enterprise
  clientId: "<<github-enterprise-oauth-app-client-id>>"
  clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
  defaultToken: "<<github-enterprise-personal-application-token>>"

# TLS with your provider
tls:
  certificate: "<<your-generated-tls-certificate>>"
  privateKey: "<<your-generated-tls-private-key>>"

# Object storage
object_storage:
  bucketName: "circleci-data" # Update to the name of the bucket created in Object Store
  expireAfter: 0
  s3:
    enabled: true
    endpoint: "http://s3.internal.example.com:<port>"
    accessKey: "<<s3-username>>"
    secretKey: "<<s3-password>>"

# Distributor using CircleCI Agent Stored in Object Store
distributor:
  agent_base_url: http://s3.internal.example.com:<port>/circleci-data
  launch_agent_base_url: http://s3.internal.example.com:<port>/circleci-data


# Nomad
nomad:
  buildAgentImage: "docker.internal.example.com:<port>/circleci/picard" # Do not provide image version, only image name and registry
  server:
    gossip:
      encryption:
        key: "<<nomad-gossip-encryption-key>>"
    rpc:
      mTLS:
        enabled: false # mTLS is disabled - it is recommended that this be enabled


# Machine provisioner disabled - Requires cloud connectivity
machine_provisioner:
  enabled: false

docker_provisioner:
  enabled: false

# Additional nginx annotations
nginx:
  annotations:
    # This example uses MetalLB as a k3s load balancer
    metallb.universe.tf/allow-shared-ip: default

# The below values require no special modifications for an air-gapped environment

keyset:
  signing: '<<circleci-signing-key>>'
  encryption: '<<circleci-encryption-key>>'

mongodb:
  auth:
    rootPassword: "<<mongodb-root-password>>"
    password: "<<mongodb-password>>"

pusher:
  secret: "<<pusher-secret>>"

postgresql:
  auth:
    postgresPassword: "<<postgres-password>>"

rabbitmq:
  auth:
    password: "<<rabbitmq-password>>"
    erlangCookie: "<<rabbitmq-erlang-cookie>>"