Example <code>values.yaml</code>

5 months ago1 min read
Last updated • Read time
Server v4.3
This document is applicable to CircleCI Server v4.3
Server Admin
This document is applicable to CircleCI Server Admin

The following snippet shows an example values.yaml file for a Helm installation of CircleCI server in an air-gapped environment.

Resources

The chart assumes an environment with the following resources:

  • A K3s cluster for the installation of the Helm chart

  • MetalLB pre-configued on the K3s cluster for ingress

  • A private Docker registry at docker.internal.example.com running on port 5000 with no TLS encryption

  • A Nomad instance with mTLS disabled

  • A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS

  • A TLS certificate issued for both domains server.internal.example.com and *.server.internal.example.com`.

For more information about specific values, see the standard installation documentation, starting with Phase 2 - Core services.

values.yaml

# Private docker registry at docker.internal.example.com:5000
global:
  domainName: "server.internal.example.com"
  license: '<<your-server-license-here>>'
  container:
    registry: "docker.internal.example.com:5000"
    org: "<image-registry-org>"

# GitHub Enterprise
github:
  hostname: "github.internal.example.com"
  unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
  enterprise: true
  selfSignedCert: true # If using self-signed certificates
  # These must be generated and added manually from GitHub Enterprise
  clientId: "<<github-enterprise-oauth-app-client-id>>"
  clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
  defaultToken: "<<github-enterprise-personal-application-token>>"

# TLS with your provider
tls:
  certificate: "<<your-generated-tls-certificate>>"
  privateKey: "<<your-generated-tls-private-key>>"

# Object storage with Minio
object_storage:
  bucketName: "circleci-data" # Update to the name of the bucket created in MinIO
  expireAfter: 0
  s3:
    enabled: true
    endpoint: "http://minio.internal.example.com:9000"
    accessKey: "<<minio-username>>"
    secretKey: "<<minio-password>>"

# Distributor using CircleCI Agent in Minio
distributor:
  agent_base_url: http://minio.internal.example.com:9000/circleci-data
  launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data

# Nomad
nomad:
  buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry
  server:
    gossip:
      encryption:
        key: "<<nomad-gossip-encryption-key>>"
    rpc:
      mTLS:
        enabled: false # mTLS is disabled - it is recommended that this be enabled


# Machine provisioner disabled - Requires cloud connectivity
machine_provisioner:
  enabled: false

# Additional nginx annotations
nginx:
  annotations:
    # This example uses MetalLB as a k3s load balancer
    metallb.universe.tf/allow-shared-ip: default

# The below values require no special modifications for an air-gapped environment

apiToken: "<<circleci-api-token>>"

sessionCookieKey: "<<circleci-session-cookie-key>>"

keyset:
  signing: '<<circleci-signing-key>>'
  encryption: '<<circleci-encryption-key>>'

mongodb:
  auth:
    rootPassword: "<<mongodb-root-password>>"
    password: "<<mongodb-password>>"

pusher:
  secret: "<<pusher-secret>>"

postgresql:
  auth:
    postgresPassword: "<<postgres-password>>"

rabbitmq:
  auth:
    password: "<<rabbitmq-password>>"
    erlangCookie: "<<rabbitmq-erlang-cookie>>"

docker_provisioner:
  enabled: false