Phase 3 - Install CircleCI server
On This Page
With prerequisites installed, and object storage configured, you can now copy over and install the CircleCI Helm deployment to the Kubernetes cluster in your air-gapped environment.
1. Prepare values.yaml
values.yaml file for installing CircleCI should be prepared according to the Create Helm values section of the regular installation guide. Once this is complete, you will modify the fields listed in the steps below for air-gapped installation compatibility.
a. Configure global values
global.container section of your
domainNamevalue to the internal domain name of the installation
container.registryto the internal registry hostname (and port if using a non-standard port) of your instance
global: ... domainName: "server.internal.example.com" container: registry: "docker.internal.example.com:5000" org: "<image-registry-org>"
b. Configure GitHub Enterprise
github section of your
values.yaml file, configure settings for your GitHub Enterprise installation.
hostname value should be the internal hostname of your GitHub enterprise installation. The
enterprise value should be set to true.
If this instance is not using TLS or self-signed certificates, make sure to set the
unsafeDisableWebhookSSLVerification: true and
selfSignedCert: true values.
Additionally, an OAuth application and a personal access token should be set in GitHub enterprise and values provided as shown below. For more information about this process, see the documentation for creating a GitHub OAuth application.
# GitHub Enterprise github: hostname: "github.internal.example.com" unsafeDisableWebhookSSLVerification: true # If using self-signed certificates enterprise: true selfSignedCert: true # If using self-signed certificates # These must be generated and added manually from GitHub Enterprise clientId: "<<github-enterprise-oauth-app-client-id>>" clientSecret: "<<github-enterprise-oauth-app-client-secret>>" defaultToken: "<<github-enterprise-personal-application-token>>"
c. Configure MinIO Object Storage
object_storage section of the
values.yaml file, add the following configuration, modifying ports as necessary.
object_storage: bucketName: circleci-data expireAfter: 0 s3: enabled: true endpoint: http://<minio-internal-hostname>:9000 accessKey: <minio-root-user> secretKey: <minio-root-password>
| Update the endpoint protocol to |
d. Configure MinIO Build Agent
In the distributor section of the
values.yaml file, point
launch_agent_base_url to the
circleci-data bucket you created in your MinIO installation.
distributor: agent_base_url: http://<minio-internal-hostname>:9000/circleci-data/ launch_agent_base_url: http://<minio-internal-hostname>:9000/circleci-data/
|Port 9000 is referenced here as that is a default for MinIO. If your MinIO instance is configured differently, this port will need to be updated.|
| Update the protocol to |
e. Configure the Nomad build agent image
Specify the location of the Nomad build agent image within your registry, copied during phase 1, modifying the port as necessary.
nomad: ... buildAgentImage: "<your-internal-registry-hostname>:5000/circleci/picard"
|Update the port on your Docker registry hostname as necessary|
f. Disable VM Service
vm_service section of
false to disable it. This feature requires cloud connectivity.
# VM Service Disabled - Requires cloud connectivity vm_service: enabled: false
g. Add Additional Nginx Annotations
Add any additional Nginx annotations as necessary depending on your installation to provision a load balancer. In this example, MetalLB is used. For more information, see the Service Type Load Balancers in K3s section on the Additional considerations page.
# Additional nginx annotations nginx: annotations: # This example uses MetalLB as a k3s load balancer metallb.universe.tf/allow-shared-ip: default
2. Install CircleCI server
With your completed
values.yaml file and the copied Helm chart, run the Helm install command in your air-gapped environment to install CircleCI server.
We recommend first creating a namespace (
circleci-server) and deploying the chart into that namespace.
helm install circleci-server ./circleci-server/ -n <kubernetes-namespace> --version 4.1.1 -f <path-to-values.yaml>
3. Post Installation Steps
After the helm deployment, depending on your installation, it may be necessary to manually patch the circleci-proxy Load Balancer service (such as when using MetalLB). For more information, see the Service Type Load Balancers in K3s section on the Additional considerations page.
Once the steps on this page are complete, go to the Phase 4 - Configure Nomad clients guide.
Help make this document better
This guide, as well as the rest of our docs, are open source and available on GitHub. We welcome your contributions.
- Suggest an edit to this page (please read the contributing guide first).
- To report a problem in the documentation, or to submit feedback and comments, please open an issue on GitHub.
- CircleCI is always seeking ways to improve your experience with our platform. If you would like to share feedback, please join our research community.
Our support engineers are available to help with service issues, billing, or account related questions, and can help troubleshoot build configurations. Contact our support engineers by opening a ticket.
You can also visit our support site to find support articles, community forums, and training resources.
CircleCI Documentation by CircleCI is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License.