Example values.yaml
On This Page
The following snippet shows an example values.yaml file for a Helm installation of CircleCI server in an air-gapped environment.
Resources
The chart assumes an environment with the following resources:
-
A K3s cluster for the installation of the Helm chart
-
MetalLB pre-configued on the K3s cluster for ingress
-
A private docker registry at docker.internal.example.com running on port 5000 with no TLS encryption
-
A Nomad instance with mTLS disabled
-
A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS
-
A TLS certificate issued for both domains
server.internal.example.comand*.server.internal.example.com`.
For more information about specific values, see the standard installation documentation, starting with Phase 2 - Core services.
Values.yaml
# Private docker registry at docker.internal.example.com:5000
global:
domainName: "server.internal.example.com"
license: '<<your-server-license-here>>'
container:
registry: "docker.internal.example.com:5000"
org: "<image-registry-org>"
# GitHub Enterprise
github:
hostname: "github.internal.example.com"
unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
enterprise: true
selfSignedCert: true # If using self-signed certificates
# These must be generated and added manually from GitHub Enterprise
clientId: "<<github-enterprise-oauth-app-client-id>>"
clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
defaultToken: "<<github-enterprise-personal-application-token>>"
# TLS with your provider
tls:
certificate: "<<your-generated-tls-certificate>>"
privateKey: "<<your-generated-tls-private-key>>"
# Object storage with Minio
object_storage:
bucketName: "circleci-data" # Update to the name of the bucket created in MinIO
expireAfter: 0
s3:
enabled: true
endpoint: "http://minio.internal.example.com:9000"
accessKey: "<<minio-username>>"
secretKey: "<<minio-password>>"
# Distributor using CircleCI Agent in Minio
distributor:
agent_base_url: http://minio.internal.example.com:9000/circleci-data
launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data
# Nomad
nomad:
buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry
server:
gossip:
encryption:
key: "<<nomad-gossip-encryption-key>>"
rpc:
mTLS:
enabled: false # mTLS is disabled - it is recommended that this be enabled
# VM Service Disabled - Requires cloud connectivity
vm_service:
enabled: false
# Additional nginx annotations
nginx:
annotations:
# This example uses MetalLB as a k3s load balancer
metallb.universe.tf/allow-shared-ip: default
# The below values require no special modifications for an air-gapped environment
apiToken: "<<circleci-api-token>>"
sessionCookieKey: "<<circleci-session-cookie-key>>"
keyset:
signing: '<<circleci-signing-key>>'
encryption: '<<circleci-encryption-key>>'
mongodb:
auth:
rootPassword: "<<mongodb-root-password>>"
password: "<<mongodb-password>>"
pusher:
secret: "<<pusher-secret>>"
postgresql:
auth:
postgresPassword: "<<postgres-password>>"
rabbitmq:
auth:
password: "<<rabbitmq-password>>"
erlangCookie: "<<rabbitmq-erlang-cookie>>"Help make this document better
This guide, as well as the rest of our docs, are open source and available on GitHub. We welcome your contributions.
- Suggest an edit to this page (please read the contributing guide first).
- To report a problem in the documentation, or to submit feedback and comments, please open an issue on GitHub.
- CircleCI is always seeking ways to improve your experience with our platform. If you would like to share feedback, please join our research community.
Need support?
Our support engineers are available to help with service issues, billing, or account related questions, and can help troubleshoot build configurations. Contact our support engineers by opening a ticket.
You can also visit our support site to find support articles, community forums, and training resources.
CircleCI Documentation by CircleCI is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.