On This Page
The following snippet shows an example
values.yaml file for a Helm installation of CircleCI server in an air-gapped environment.
The chart assumes an environment with the following resources:
A K3s cluster for the installation of the Helm chart
MetalLB pre-configued on the K3s cluster for ingress
A private docker registry at docker.internal.example.com running on port 5000 with no TLS encryption
A Nomad instance with mTLS disabled
A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS
A TLS certificate issued for both domains
For more information about specific values, see the standard installation documentation, starting with Phase 2 - Core services.
# Private docker registry at docker.internal.example.com:5000 global: domainName: "server.internal.example.com" license: '<<your-server-license-here>>' container: registry: "docker.internal.example.com:5000" org: "<image-registry-org>" # GitHub Enterprise github: hostname: "github.internal.example.com" unsafeDisableWebhookSSLVerification: true # If using self-signed certificates enterprise: true selfSignedCert: true # If using self-signed certificates # These must be generated and added manually from GitHub Enterprise clientId: "<<github-enterprise-oauth-app-client-id>>" clientSecret: "<<github-enterprise-oauth-app-client-secret>>" defaultToken: "<<github-enterprise-personal-application-token>>" # TLS with your provider tls: certificate: "<<your-generated-tls-certificate>>" privateKey: "<<your-generated-tls-private-key>>" # Object storage with Minio object_storage: bucketName: "circleci-data" # Update to the name of the bucket created in MinIO expireAfter: 0 s3: enabled: true endpoint: "http://minio.internal.example.com:9000" accessKey: "<<minio-username>>" secretKey: "<<minio-password>>" # Distributor using CircleCI Agent in Minio distributor: agent_base_url: http://minio.internal.example.com:9000/circleci-data launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data # Nomad nomad: buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry server: gossip: encryption: key: "<<nomad-gossip-encryption-key>>" rpc: mTLS: enabled: false # mTLS is disabled - it is recommended that this be enabled # VM Service Disabled - Requires cloud connectivity vm_service: enabled: false # Additional nginx annotations nginx: annotations: # This example uses MetalLB as a k3s load balancer metallb.universe.tf/allow-shared-ip: default # The below values require no special modifications for an air-gapped environment apiToken: "<<circleci-api-token>>" sessionCookieKey: "<<circleci-session-cookie-key>>" keyset: signing: '<<circleci-signing-key>>' encryption: '<<circleci-encryption-key>>' mongodb: auth: rootPassword: "<<mongodb-root-password>>" password: "<<mongodb-password>>" pusher: secret: "<<pusher-secret>>" postgresql: auth: postgresPassword: "<<postgres-password>>" rabbitmq: auth: password: "<<rabbitmq-password>>" erlangCookie: "<<rabbitmq-erlang-cookie>>"
Help make this document better
This guide, as well as the rest of our docs, are open source and available on GitHub. We welcome your contributions.
- Suggest an edit to this page (please read the contributing guide first).
- To report a problem in the documentation, or to submit feedback and comments, please open an issue on GitHub.
- CircleCI is always seeking ways to improve your experience with our platform. If you would like to share feedback, please join our research community.
Our support engineers are available to help with service issues, billing, or account related questions, and can help troubleshoot build configurations. Contact our support engineers by opening a ticket.
You can also visit our support site to find support articles, community forums, and training resources.
CircleCI Documentation by CircleCI is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.