Start Building for Free
CircleCI.comAcademyBlogCommunitySupport

Example values.yaml

11 months ago1 min read
Server v4.1
Server Admin
On This Page
  • Resources
  • Values.yaml

The following snippet shows an example values.yaml file for a Helm installation of CircleCI server in an air-gapped environment.

Resources

The chart assumes an environment with the following resources:

  • A K3s cluster for the installation of the Helm chart

  • MetalLB pre-configued on the K3s cluster for ingress

  • A private docker registry at docker.internal.example.com running on port 5000 with no TLS encryption

  • A Nomad instance with mTLS disabled

  • A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS

  • A TLS certificate issued for both domains server.internal.example.com and *.server.internal.example.com`.

For more information about specific values, see the standard installation documentation, starting with Phase 2 - Core services.

Values.yaml

# Private docker registry at docker.internal.example.com:5000
global:
  domainName: "server.internal.example.com"
  license: '<<your-server-license-here>>'
  container:
    registry: "docker.internal.example.com:5000"
    org: "<image-registry-org>"

# GitHub Enterprise
github:
  hostname: "github.internal.example.com"
  unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
  enterprise: true
  selfSignedCert: true # If using self-signed certificates
  # These must be generated and added manually from GitHub Enterprise
  clientId: "<<github-enterprise-oauth-app-client-id>>"
  clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
  defaultToken: "<<github-enterprise-personal-application-token>>"

# TLS with your provider
tls:
  certificate: "<<your-generated-tls-certificate>>"
  privateKey: "<<your-generated-tls-private-key>>"

# Object storage with Minio
object_storage:
  bucketName: "circleci-data" # Update to the name of the bucket created in MinIO
  expireAfter: 0
  s3:
    enabled: true
    endpoint: "http://minio.internal.example.com:9000"
    accessKey: "<<minio-username>>"
    secretKey: "<<minio-password>>"

# Distributor using CircleCI Agent in Minio
distributor:
  agent_base_url: http://minio.internal.example.com:9000/circleci-data
  launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data

# Nomad
nomad:
  buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry
  server:
    gossip:
      encryption:
        key: "<<nomad-gossip-encryption-key>>"
    rpc:
      mTLS:
        enabled: false # mTLS is disabled - it is recommended that this be enabled


# VM Service Disabled - Requires cloud connectivity
vm_service:
  enabled: false

# Additional nginx annotations
nginx:
  annotations:
    # This example uses MetalLB as a k3s load balancer
    metallb.universe.tf/allow-shared-ip: default

# The below values require no special modifications for an air-gapped environment

apiToken: "<<circleci-api-token>>"

sessionCookieKey: "<<circleci-session-cookie-key>>"

keyset:
  signing: '<<circleci-signing-key>>'
  encryption: '<<circleci-encryption-key>>'

mongodb:
  auth:
    rootPassword: "<<mongodb-root-password>>"
    password: "<<mongodb-password>>"

pusher:
  secret: "<<pusher-secret>>"

postgresql:
  auth:
    postgresPassword: "<<postgres-password>>"

rabbitmq:
  auth:
    password: "<<rabbitmq-password>>"
    erlangCookie: "<<rabbitmq-erlang-cookie>>"

Suggest an edit to this page

Make a contribution
Learn how to contribute