Example <code>values.yaml</code>
On This Page
The following snippet shows an example values.yaml
file for a Helm installation of CircleCI server in an air-gapped environment.
Resources
The chart assumes an environment with the following resources:
-
A K3s cluster for the installation of the Helm chart
-
MetalLB pre-configued on the K3s cluster for ingress
-
A private Docker registry at
docker.internal.example.com
running on port 5000 with no TLS encryption -
A Nomad instance with mTLS disabled
-
A MinIO instance running at minio.internal.example.com, with its API listening on port 9000, and no TLS
-
A TLS certificate issued for both domains
server.internal.example.com
and*.server.internal.example.com`
.
For more information about specific values, see the standard installation documentation, starting with Phase 2 - Core services.
Values.yaml
# Private docker registry at docker.internal.example.com:5000
global:
domainName: "server.internal.example.com"
license: '<<your-server-license-here>>'
container:
registry: "docker.internal.example.com:5000"
org: "<image-registry-org>"
# GitHub Enterprise
github:
hostname: "github.internal.example.com"
unsafeDisableWebhookSSLVerification: true # If using self-signed certificates
enterprise: true
selfSignedCert: true # If using self-signed certificates
# These must be generated and added manually from GitHub Enterprise
clientId: "<<github-enterprise-oauth-app-client-id>>"
clientSecret: "<<github-enterprise-oauth-app-client-secret>>"
defaultToken: "<<github-enterprise-personal-application-token>>"
# TLS with your provider
tls:
certificate: "<<your-generated-tls-certificate>>"
privateKey: "<<your-generated-tls-private-key>>"
# Object storage with Minio
object_storage:
bucketName: "circleci-data" # Update to the name of the bucket created in MinIO
expireAfter: 0
s3:
enabled: true
endpoint: "http://minio.internal.example.com:9000"
accessKey: "<<minio-username>>"
secretKey: "<<minio-password>>"
# Distributor using CircleCI Agent in Minio
distributor:
agent_base_url: http://minio.internal.example.com:9000/circleci-data
launch_agent_base_url: http://minio.internal.example.com:9000/circleci-data
# Nomad
nomad:
buildAgentImage: "docker.internal.example.com:5000/circleci/picard" # Do not provide image version, only image name and registry
server:
gossip:
encryption:
key: "<<nomad-gossip-encryption-key>>"
rpc:
mTLS:
enabled: false # mTLS is disabled - it is recommended that this be enabled
# Machine provisioner disabled - Requires cloud connectivity
machine_provisioner:
enabled: false
# Additional nginx annotations
nginx:
annotations:
# This example uses MetalLB as a k3s load balancer
metallb.universe.tf/allow-shared-ip: default
# The below values require no special modifications for an air-gapped environment
apiToken: "<<circleci-api-token>>"
sessionCookieKey: "<<circleci-session-cookie-key>>"
keyset:
signing: '<<circleci-signing-key>>'
encryption: '<<circleci-encryption-key>>'
mongodb:
auth:
rootPassword: "<<mongodb-root-password>>"
password: "<<mongodb-password>>"
pusher:
secret: "<<pusher-secret>>"
postgresql:
auth:
postgresPassword: "<<postgres-password>>"
rabbitmq:
auth:
password: "<<rabbitmq-password>>"
erlangCookie: "<<rabbitmq-erlang-cookie>>"
docker_provisioner:
enabled: false