Skip to content

Instantly share code, notes, and snippets.

@Dauliac

Dauliac/lo.yaml

Created May 27, 2019 10:28
Show Gist options
  • Save Dauliac/721e0a7741c9d133754d4069245a8cca to your computer and use it in GitHub Desktop.
Save Dauliac/721e0a7741c9d133754d4069245a8cca to your computer and use it in GitHub Desktop.
Download ZIP
Raw
lo.yaml
# Default values for jenkins.
# This is a YAML-formatted file.
# Declare name/value pairs to be passed into your templates.
# name: value
## Overrides for generated resource names
# See templates/_helpers.tpl
# nameOverride:
# fullnameOverride:
master:
# Used for label app.kubernetes.io/component
componentName: "jenkins-master"
image: "jenkins/jenkins"
imageTag: "lts"
imagePullPolicy: "Always"
imagePullSecretName:
# Optionally configure lifetime for master-container
lifecycle:
# postStart:
# exec:
# command:
# - "uname"
# - "-a"
numExecutors: 0
# configAutoReload requires UseSecurity is set to true:
useSecurity: true
# Allows to configure different SecurityRealm using Jenkins XML
securityRealm: |-
<securityRealm class="hudson.security.LegacySecurityRealm"/>
# Allows to configure different AuthorizationStrategy using Jenkins XML
authorizationStrategy: |-
<authorizationStrategy class="hudson.security.FullControlOnceLoggedInAuthorizationStrategy">
<denyAnonymousReadAccess>true</denyAnonymousReadAccess>
</authorizationStrategy>
hostNetworking: false
# When enabling LDAP or another non-Jenkins identity source, the built-in admin account will no longer exist.
# Since the AdminUser is used by configAutoReload, in order to use configAutoReload you must change the
# .master.adminUser to a valid username on your LDAP (or other) server. This user does not need
# to have administrator rights in Jenkins (the default Overall:Read is sufficient) nor will it be granted any
# additional rights. Failure to do this will cause the sidecar container to fail to authenticate via SSH and enter
# a restart loop. Likewise if you disable the non-Jenkins identity store and instead use the Jenkins internal one,
# you should revert master.adminUser to your preferred admin user:
adminUser: "admin"
# adminPassword: <defaults to random>
# adminSshKey: <defaults to auto-generated>
# If CasC auto-reload is enabled, an SSH (RSA) keypair is needed. Can either provide your own, or leave unconfigured to allow a random key to be auto-generated.
# If you supply your own, it is recommended that the values file that contains your key not be committed to source control in an unencrypted format
rollingUpdate: {}
# Ignored if Persistence is enabled
# maxSurge: 1
# maxUnavailable: 25%
resources:
requests:
cpu: "50m"
memory: "256Mi"
limits:
cpu: "2000m"
memory: "4096Mi"
# Environment variables that get added to the init container (useful for e.g. http_proxy)
# initContainerEnv:
# - name: http_proxy
# value: "http://192.168.64.1:3128"
# containerEnv:
# - name: http_proxy
# value: "http://192.168.64.1:3128"
# Set min/max heap here if needed with:
# javaOpts: "-Xms512m -Xmx512m"
# jenkinsOpts: ""
# jenkinsUrl: ""
# If you set this prefix and use ingress controller then you might want to set the ingress path below
# jenkinsUriPrefix: "/jenkins"
# Enable pod security context (must be `true` if runAsUser or fsGroup are set)
usePodSecurityContext: true
# Set runAsUser to 1000 to let Jenkins run as non-root user 'jenkins' which exists in 'jenkins/jenkins' docker image.
# When setting runAsUser to a different value than 0 also set fsGroup to the same value:
# runAsUser: <defaults to 0>
# fsGroup: <will be omitted in deployment if runAsUser is 0>
servicePort: 8080
targetPort: 8080
# For minikube, set this to NodePort, elsewhere use LoadBalancer
# Use ClusterIP if your setup includes ingress controller
serviceType: NodePort
# Jenkins master service annotations
serviceAnnotations: {}
# Jenkins master custom labels
deploymentLabels: {}
# foo: bar
# bar: foo
# Jenkins master service labels
serviceLabels: {}
# service.beta.kubernetes.io/aws-load-balancer-backend-protocol: https
# Put labels on Jenkins master pod
podLabels: {}
# Used to create Ingress record (should used with ServiceType: ClusterIP)
# nodePort: <to set explicitly, choose port between 30000-32767
# Enable Kubernetes Liveness and Readiness Probes
# ~ 2 minutes to allow Jenkins to restart when upgrading plugins. Set ReadinessTimeout to be shorter than LivenessTimeout.
healthProbes: true
healthProbesLivenessTimeout: 5
healthProbesReadinessTimeout: 5
healthProbeLivenessPeriodSeconds: 10
healthProbeReadinessPeriodSeconds: 10
healthProbeLivenessFailureThreshold: 5
healthProbeReadinessFailureThreshold: 3
healthProbeLivenessInitialDelay: 90
healthProbeReadinessInitialDelay: 60
slaveListenerPort: 50000
slaveHostPort:
disabledAgentProtocols:
- JNLP-connect
- JNLP2-connect
csrf:
defaultCrumbIssuer:
enabled: true
proxyCompatability: true
cli: true
# Kubernetes service type for the JNLP slave service
# slaveListenerServiceType is the Kubernetes Service type for the JNLP slave service,
# either 'LoadBalancer', 'NodePort', or 'ClusterIP'
# Note if you set this to 'LoadBalancer', you *must* define annotations to secure it. By default
# this will be an external load balancer and allowing inbound 0.0.0.0/0, a HUGE
# security risk: https://github.com/kubernetes/charts/issues/1341
slaveListenerServiceType: "ClusterIP"
slaveListenerServiceAnnotations: {}
slaveKubernetesNamespace:
# Example of 'LoadBalancer' type of slave listener with annotations securing it
# slaveListenerServiceType: LoadBalancer
# slaveListenerServiceAnnotations:
# service.beta.kubernetes.io/aws-load-balancer-internal: "True"
# service.beta.kubernetes.io/load-balancer-source-ranges: "172.0.0.0/8, 10.0.0.0/8"
# LoadBalancerSourcesRange is a list of allowed CIDR values, which are combined with ServicePort to
# set allowed inbound rules on the security group assigned to the master load balancer
loadBalancerSourceRanges:
- 0.0.0.0/0
# Optionally assign a known public LB IP
# loadBalancerIP: 1.2.3.4
# Optionally configure a JMX port
# requires additional javaOpts, ie
# javaOpts: >
# -Dcom.sun.management.jmxremote.port=4000
# -Dcom.sun.management.jmxremote.authenticate=false
# -Dcom.sun.management.jmxremote.ssl=false
# jmxPort: 4000
# Optionally configure other ports to expose in the master container
extraPorts:
# - name: BuildInfoProxy
# port: 9000
# List of plugins to be install during Jenkins master start
installPlugins:
- kubernetes:latest
- workflow-job:latest
- workflow-aggregator:latest
- credentials-binding:latest
- git:latest
- throttle-concurrent-builds-plugin:latest
# Enable to always override the installed plugins with the values of 'master.installPlugins' on upgrade or redeployment.
# overwritePlugins: true
# Enable HTML parsing using OWASP Markup Formatter Plugin (antisamy-markup-formatter), useful with ghprb plugin.
# The plugin is not installed by default, please update master.installPlugins.
enableRawHtmlMarkupFormatter: false
# Used to approve a list of groovy functions in pipelines used the script-security plugin. Can be viewed under /scriptApproval
scriptApproval:
# - "method groovy.json.JsonSlurperClassic parseText java.lang.String"
# - "new groovy.json.JsonSlurperClassic"
# List of groovy init scripts to be executed during Jenkins master start
initScripts:
# - |
# print 'adding global pipeline libraries, register properties, bootstrap jobs...'
# Kubernetes secret that contains a 'credentials.xml' for Jenkins
# credentialsXmlSecret: jenkins-credentials
# Kubernetes secret that contains files to be put in the Jenkins 'secrets' directory,
# useful to manage encryption keys used for credentials.xml for instance (such as
# master.key and hudson.util.Secret)
# secretsFilesSecret: jenkins-secrets
# Jenkins XML job configs to provision
jobs:
# test: |-
# <<xml here>>
# Below is the implementation of Jenkins Configuration as Code. Add a key under configScripts for each configuration area,
# where each corresponds to a plugin or section of the UI. Each key (prior to | character) is just a label, and can be any value.
# Keys are only used to give the section a meaningful name. The only restriction is they may only contain RFC 1123 \ DNS label
# characters: lowercase letters, numbers, and hyphens. The keys become the name of a configuration yaml file on the master in
# /var/jenkins_home/casc_configs (by default) and will be processed by the Configuration as Code Plugin. The lines after each |
# become the content of the configuration yaml file. The first line after this is a JCasC root element, eg jenkins, credentials,
# etc. Best reference is https://<jenkins_url>/configuration-as-code/reference. The example below creates a welcome message:
JCasC:
enabled: true
pluginVersion: 1.5
supportPluginVersion: 1.5
configScripts:
jcasc: |
jenkins:
- "JNLP4-connect"
- "Ping"
authorizationStrategy:
loggedInUsersCanDoAnything:
allowAnonymousRead: false
clouds:
- kubernetes:
containerCapStr: "10"
credentialsId: "98f59924-ecac-44e7-912c-5111d9457272"
jenkinsTunnel: "sfhbuild-jenkins-agent:50000"
jenkinsUrl: "http://sfhbuild-jenkins:8080"
maxRequestsPerHostStr: "32"
name: "kubernetes"
namespace: "default"
serverUrl: "https://kubernetes.default"
templates:
- containers:
- args: "${computer.jnlpmac} ${computer.name}"
envVars:
- containerEnvVar:
key: "JENKINS_URL"
value: "http://sfhbuild-jenkins.default.svc.cluster.local:8080"
image: "jenkins/jnlp-slave:3.27-1"
livenessProbe:
failureThreshold: 0
initialDelaySeconds: 0
periodSeconds: 0
successThreshold: 0
timeoutSeconds: 0
name: "jnlp"
resourceLimitCpu: "200m"
resourceLimitMemory: "256Mi"
resourceRequestCpu: "200m"
resourceRequestMemory: "256Mi"
label: "sfhbuild-jenkins-slave "
name: "default"
nodeUsageMode: "NORMAL"
serviceAccount: "default"
volumes:
- hostPathVolume:
hostPath: "/var/run/docker.sock"
mountPath: "/var/run/docker.sock"
workspaceVolume:
emptyDirWorkspaceVolume:
memory: false
- name: "java"
workspaceVolume:
emptyDirWorkspaceVolume:
memory: false
crumbIssuer:
standard:
excludeClientIPFromCrumb: true
disableRememberMe: false
markupFormatter: "plainText"
mode: NORMAL
myViewsTabBar: "standard"
numExecutors: 0
primaryView:
all:
name: "all"
projectNamingStrategy: "standard"
quietPeriod: 5
remotingSecurity:
enabled: true
scmCheckoutRetryCount: 0
views:
- all:
name: "all"
viewsTabBar: "standard"
credentials:
system:
domainCredentials:
- basicSSHUserPrivateKey:
id: "bitbucket-ssh-privkey"
privateKeySource:
directEntry:
privateKey: "{AQAAABAAAAaQdemC28qdEkqfLdzMSHNKci47Kh53PCG8iP2yJkrG1avXa3SMvH/Od/LHc5sFVKM5A730GspnEjRfweu3q0WhnhcyNUmfqIg4HQ0p+NjJ8RBjNnQ2JVbrZ/Kv2B/2B9M8C1h0HaFOZo9len3dA964A1+9Qqgruo5cqF3zzHjpsLDVnEHtf2b9ZHWqiXdHDGlCUBHjtHLgehR0RbVlmkXath83wRNn/iJVD9QsH5pFLr3ilYmAxcFPStolWtzwxKFZn3bp4qORHRTejHCxw8/xae/PoAkSCBhx7kpAWW/sr7a7Gzil8Sk4kwI8u9gjbuEYX93yfwKCxuT1uqqdU4NYk37S8svb/6fYLafTzqsoxdQ9jnfPzS7J/ktjJqdsOwM+SpbFead0Lntb4TEFkdFnU0YJz4WVe99FB7Gd4k2uNVKZHykJPGAT6gHUaDkeFUYKxANQkULhLWN/pz3FimdYkdl6L8xcp8jcLHBknsS7JeN7VLrIv8c/4Ji8Vu53AcH+rNsniYWFDMrYQUwXROWTZS6iUdsNLYOalCITi2RGYYl4WFSyGdzmZ9UOYlDBonHtkxxsfqRW0a6YNI+KzHBVRqHwNu57u/cZP/mXPbv3bhXKRJMjuUghjIUzrGdS5Fk6p5gBNC4G2vucdXkzbMViSPVjSVQQpEDakjmJ2Wk6gXXohsDfJGhKUKipR915UZOh4ujSPj7bvNddsTb9jIHjvm/VPQDpruxlRbS0aFQnzwjlsARFHA3H00A+6Vu2LDfGd3cjYcYlGTAIb2Yt26hMI9A25fhRfvjJtVjCln35XRn57GnKoekpk4zCV3eFwl9JsMtOK/2IfWUf1daxKZyqjCipOZPgh8dwl8kDb+dNREkDTDtl5VLFU0tljmYN5gxxbf8s54Lpi/IV7DhH8CmxmMrwJb9tPPmLfqafZweNpnMPH7QTfEsAvd/oo07sYhzCo46dpEcvDelitlOalBYb8PyWhjSo3xVHiPaquy/YPo9sdKIMbnIXovGkt16PNwPaVCWzZrW9QueXfdIo5jpr/RNOY55Hl7K7V/HHZj8AHy+6Ae7FB0bq88emCnvD+jWrDY7OwOQqPx40vsoEOLusy5axqtCtgsGbcR/MzJB9b+CgItETtwRI6bl99KI8iDOWPE8wpjCo+HUxlse+ln9NNmDclxUUxig0PzR+lgj2jC0AcAAXGcG1WnCZ+5OAmTNZbVkSkZ3dNafjQHBfuXTVzBgpgif7dI6z8gSWN7n7G7OAQgNZVsMfwujvTymutTkTnN4k1Emd9GRP0FCjiO4S5XiRyQGENu8orOjONrCfuotTy+034oR6W1ko8qbyppbRcFd39hVn1Y5wBC7puckcTEsFZK8sZOFnGa7qMG82gk2bM62W48Fg0cFHXqVuK7sWuJk0XYQZlpCMbSHkTAOjfjSmFr/1bFjrFgOsF/cUPCndgQpbuCd41EGjMePhQvOpcpna88kvMliz7VChiUjIXiZIC1bkYcUoDQ/b1REGi3wWjrHLRw6cKjAJU1rp47B7I6OMV/8LTgJqnH8J/yvJ/lX63zLpWTSo3ilSQ8AygVNLtHPf3fvs3B7h0J2qqKvup+Txslw61IIQEYBluDjH86rs8ZHmrD+dPeVcfSbZnA6idAfC/B/y7lh2GAffcY70CYBDstE74xRuEA7+Z556xzeLccsYgUVpkbH0ii/dpgOXofC+rYiA3EmF/vUVf8moh5cmZkSJ66qOFuZea8zbISG630Tioufv8N7ErNYcukbBk5ZIA6SERGyHK/vYDgfTyE6t6dTImwGzaS4h34O0OahalMHmsn/xmuI3o8fP5D6iDXvtsWF9lkcFnqozdQSe3TjQ/pF+e4NNn+BHOSmAA5d6QIzSfQJ6+FNnyA9cX5V49j8mqK7jc4z9AxWgsseG9YpylSOe5zde7gTlOo1GwJkfvklBgqt5D/RQWHgpBJtzfmh06ZACPt0NRv5hwv1BdUkKCPUVI384ZUJwibhMr9J03+chbU+B7vZ3k2aTsN5ySG1s1lLdlbP/Kuvg+psQTEyW8jj1/Ad2J62tST/7gcjiTbq4lyYRziznp1Wke5qEy3FVICn+zSacymT69erAgBOazeryI+aRPxLmW7DIA+M3UVfCsomhEPop7pJWxaD2Xmn1Yq59qwiD8C/gx9bfho3r6usn4ey0RUx92WQPgNQwbko0Djv6+usq6l1Giqp/IBufT0OQ676KZH47ssw5fBDFc1eXp6urxLT766shVA==}"
scope: GLOBAL
username: "jenkins"
security:
apiToken:
creationOfLegacyTokenEnabled: false
tokenGenerationOnCreationEnabled: false
usageStatisticsEnabled: true
downloadSettings:
useBrowser: false
sSHD:
port: -1
unclassified:
gitSCM:
createAccountBasedOnEmail: false
location:
adminAddress: "[email protected]"
url: "https://jenkins.nofreedisk.space/"
mailer:
adminAddress: "[email protected]"
charset: "UTF-8"
useSsl: false
pollSCM:
pollingThreadCount: 10
# Optionally specify additional init-containers
customInitContainers: []
# - name: custom-init
# image: "alpine:3.7"
# imagePullPolicy: Always
# command: [ "uname", "-a" ]
sidecars:
configAutoReload:
# If enabled: true, Jenkins Configuration as Code will be reloaded on-the-fly without a reboot. If false or not-specified,
# jcasc changes will cause a reboot and will only be applied at the subsequent start-up. Auto-reload uses the Jenkins CLI
# over SSH to reapply config when changes to the configScripts are detected. The admin user (or account you specify in
# master.adminUser) will have a random SSH private key (RSA 4096) assigned unless you specify adminSshKey. This will be saved to a k8s secret.
enabled: true
image: shadwell/k8s-sidecar:0.0.2
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 100m
memory: 100Mi
requests:
cpu: 50m
memory: 50Mi
# SSH port value can be set to any unused TCP port. The default, 1044, is a non-standard SSH port that has been chosen at random.
# Is only used to reload jcasc config from the sidecar container running in the Jenkins master pod.
# This TCP port will not be open in the pod (unless you specifically configure this), so Jenkins will not be
# accessible via SSH from outside of the pod. Note if you use non-root pod privileges (runAsUser & fsGroup),
# this must be > 1024:
sshTcpPort: 1044
# folder in the pod that should hold the collected dashboards:
folder: "/var/jenkins_home/casc_configs"
# If specified, the sidecar will search for JCasC config-maps inside this namespace.
# Otherwise the namespace in which the sidecar is running will be used.
# It's also possible to specify ALL to search in all namespaces:
# searchNamespace:
# Allows you to inject additional/other sidecars
other:
## The example below runs the client for https://smee.io as sidecar container next to Jenkins,
## that allows to trigger build behind a secure firewall.
## https://jenkins.io/blog/2019/01/07/webhook-firewalls/#triggering-builds-with-webhooks-behind-a-secure-firewall
##
## Note: To use it you should go to https://smee.io/new and update the url to the generete one.
# - name: smee
# image: docker.io/twalter/smee-client:1.0.2
# args: ["--port", "{{ .Values.master.servicePort }}", "--path", "/github-webhook/", "--url", "https://smee.io/new"]
# resources:
# limits:
# cpu: 50m
# memory: 128Mi
# requests:
# cpu: 10m
# memory: 32Mi
# Node labels and tolerations for pod assignment
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
# ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#taints-and-tolerations-beta-feature
nodeSelector: {}
tolerations: []
# Leverage a priorityClass to ensure your pods survive resource shortages
# ref: https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/
# priorityClass: system-cluster-critical
podAnnotations: {}
# The below two configuration-related values are deprecated and replaced by Jenkins Configuration as Code (see above
# JCasC key). They will be deleted in an upcoming version.
customConfigMap: false
# By default, the configMap is only used to set the initial config the first time
# that the chart is installed. Setting `overwriteConfig` to `true` will overwrite
# the jenkins config with the contents of the configMap every time the pod starts.
# This will also overwrite all init scripts
overwriteConfig: false
# By default, the Jobs Map is only used to set the initial jobs the first time
# that the chart is installed. Setting `overwriteJobs` to `true` will overwrite
# the jenkins jobs configuration with the contents of Jobs every time the pod starts.
overwriteJobs: false
ingress:
enabled: false
# For Kubernetes v1.14+, use 'networking.k8s.io/v1beta1'
apiVersion: "extensions/v1beta1"
labels: {}
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
# Set this path to jenkinsUriPrefix above or use annotations to rewrite path
# path: "/jenkins"
# configures the hostname e.g. jenkins.example.com
hostName:
tls:
# - secretName: jenkins.cluster.local
# hosts:
# - jenkins.cluster.local
# Openshift route
route:
enabled: false
labels: {}
annotations: {}
# path: "/jenkins"
additionalConfig: {}
# master.hostAliases allows for adding entries to Pod /etc/hosts:
# https://kubernetes.io/docs/concepts/services-networking/add-entries-to-pod-etc-hosts-with-host-aliases/
hostAliases: []
# - ip: 192.168.50.50
# hostnames:
# - something.local
# - ip: 10.0.50.50
# hostnames:
# - other.local
agent:
enabled: true
image: "jenkins/jnlp-slave"
imageTag: "3.27-1"
customJenkinsLabels: []
# name of the secret to be used for image pulling
imagePullSecretName:
componentName: "jenkins-slave"
privileged: false
resources:
requests:
cpu: "200m"
memory: "256Mi"
limits:
cpu: "200m"
memory: "256Mi"
# You may want to change this to true while testing a new image
alwaysPullImage: false
# Controls how slave pods are retained after the Jenkins build completes
# Possible values: Always, Never, OnFailure
podRetention: "Never"
# You can define the volumes that you want to mount for this container
# Allowed types are: ConfigMap, EmptyDir, HostPath, Nfs, Pod, Secret
# Configure the attributes as they appear in the corresponding Java class for that type
# https://github.com/jenkinsci/kubernetes-plugin/tree/master/src/main/java/org/csanchez/jenkins/plugins/kubernetes/volumes
# Pod-wide ennvironment, these vars are visible to any container in the slave pod
envVars:
# - name: PATH
# value: /usr/local/bin
volumes:
# - type: Secret
# secretName: mysecret
# mountPath: /var/myapp/mysecret
nodeSelector: {}
# Key Value selectors. Ex:
# jenkins-agent: v1
# Executed command when side container gets started
command:
args:
# Side container name
sideContainerName: "jnlp"
# Doesn't allocate pseudo TTY by default
TTYEnabled: false
# Max number of spawned agent
containerCap: 10
# Pod name
podName: "default"
# Allows the Pod to remain active for reuse until the configured number of
# minutes has passed since the last step was executed on it.
idleMinutes: 0
# Raw yaml template for the Pod. For example this allows usage of toleration for agent pods.
# https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
# https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
yamlTemplate:
# yamlTemplate: |-
# apiVersion: v1
# kind: Pod
# spec:
# tolerations:
# - key: "key"
# operator: "Equal"
# value: "value"
persistence:
enabled: true
## A manually managed Persistent Volume and Claim
## Requires persistence.enabled: true
## If defined, PVC must be created manually before volume will be bound
existingClaim: sfhbuild-disk
# storageClassName: jenkins-disk
## jenkins data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
storageClass:
annotations: {}
accessMode: "ReadWriteOnce"
size: "8Gi"
volumes:
# - name: nothing
# emptyDir: {}
mounts:
# - mountPath: /var/nothing
# name: nothing
# readOnly: true
networkPolicy:
# Enable creation of NetworkPolicy resources.
enabled: false
# For Kubernetes v1.4, v1.5 and v1.6, use 'extensions/v1beta1'
# For Kubernetes v1.7, use 'networking.k8s.io/v1'
apiVersion: networking.k8s.io/v1
## Install Default RBAC roles and bindings
rbac:
create: true
serviceAccount:
create: true
# The name of the service account is autogenerated by default
name:
annotations: {}
serviceAccountAgent:
# Specifies whether a ServiceAccount should be created
create: false
# The name of the ServiceAccount to use.
# If not set and create is true, a name is generated using the fullname template
name:
annotations: {}
## Backup cronjob configuration
## Ref: https://github.com/nuvo/kube-tasks
backup:
# Backup must use RBAC
# So by enabling backup you are enabling RBAC specific for backup
enabled: false
# Used for label app.kubernetes.io/component
componentName: "backup"
# Schedule to run jobs. Must be in cron time format
# Ref: https://crontab.guru/
schedule: "0 2 * * *"
annotations:
# Example for authorization to AWS S3 using kube2iam
# Can also be done using environment variables
iam.amazonaws.com/role: "jenkins"
image:
repository: "nuvo/kube-tasks"
tag: "0.1.2"
# Additional arguments for kube-tasks
# Ref: https://github.com/nuvo/kube-tasks#simple-backup
extraArgs: []
# Add additional environment variables
env:
# Example environment variable required for AWS credentials chain
- name: "AWS_REGION"
value: "us-east-1"
resources:
requests:
memory: 1Gi
cpu: 1
limits:
memory: 1Gi
cpu: 1
# Destination to store the backup artifacts
# Supported cloud storage services: AWS S3, Minio S3, Azure Blob Storage
# Additional support can added. Visit this repository for details
# Ref: https://github.com/nuvo/skbn
destination: "s3://nuvo-jenkins-data/backup"
checkDeprecation: true
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment