-
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconfig.yaml
More file actions
207 lines (179 loc) · 5.84 KB
/
config.yaml
File metadata and controls
207 lines (179 loc) · 5.84 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
options:
mode:
description: |
Deployment mode for this unit:
- 'auto': Leader runs web, non-leaders run workers (recommended for multi-unit)
- 'all': Run both web and worker on this unit (default for single-unit)
- 'web': Only run web server
- 'worker': Only run worker
Default: auto
default: "auto"
type: string
version:
description: |
Concourse CI version to deploy (e.g., 7.14.3).
Leave empty to use the latest stable version.
default: ""
type: string
shared-storage:
description: |
Shared storage mode for LXC testing:
- 'none': Disable shared storage, each unit downloads independently (default)
- 'lxc': Enable LXC-mounted shared storage (requires .lxc_shared_storage marker)
When set to 'lxc', units will wait for the marker file before proceeding.
Default: none
default: "none"
type: string
web-port:
description: |
Port for Concourse web UI and API server.
Supports dynamic changes with automatic service restart.
Privileged ports (< 1024) are supported via CAP_NET_BIND_SERVICE.
Default: 8080
default: 8080
type: int
worker-procs:
description: |
Number of worker processes to spawn on this unit.
Controls parallelism for job execution.
Default: 1
default: 1
type: int
external-url:
description: |
External URL for Concourse web UI (used for redirects and webhooks).
If not set, automatically detects and uses http://<unit-ip>:<web-port>
Important: Set this to your actual external URL if behind a proxy/NAT.
default: ""
type: string
tls-enabled:
description: |
Enable TLS/HTTPS for Concourse web UI.
Requires TLS certificate relation (future enhancement).
Default: false
default: false
type: boolean
initial-admin-username:
description: |
Initial admin user for Concourse authentication.
Default: admin
default: admin
type: string
log-level:
description: |
Logging level for Concourse components (debug, info, warn, error).
Default: info
default: info
type: string
enum:
- debug
- info
- warn
- error
enable-metrics:
description: |
Enable Prometheus metrics endpoint on port 9391 and per-job status exporter on port 9358.
When enabled, installs and runs concourse-exporter service that exposes job-level metrics.
Default: false
default: false
type: boolean
max-concurrent-downloads:
description: |
Maximum number of concurrent resource downloads.
Default: 10
default: 10
type: int
container-placement-strategy:
description: |
Container placement strategy (volume-locality, random, fewest-build-containers).
Default: volume-locality
default: volume-locality
type: string
containerd-dns-proxy-enable:
description: |
Enable containerd DNS proxy for container name resolution.
Set to false to use external DNS servers directly.
Default: false
default: false
type: boolean
containerd-dns-server:
description: |
DNS servers for containerd containers (comma-separated).
Used when containerd-dns-proxy-enable is false.
Default: 1.1.1.1,8.8.8.8
default: "1.1.1.1,8.8.8.8"
type: string
compute-runtime:
description: |
GPU compute runtime to enable: 'none', 'cuda', or 'rocm'.
- 'none': No GPU support (default)
- 'cuda': Enable NVIDIA CUDA GPU support
- 'rocm': Enable AMD ROCm GPU support
When enabled, automatically installs container toolkit and configures GPU passthrough.
Worker will be tagged with GPU capabilities for job targeting.
Default: none
default: "none"
type: string
gpu-device-ids:
description: |
GPU device IDs to expose to worker (comma-separated).
Use "all" to expose all GPUs, or specify devices like "0,1".
Only used when compute-runtime is set to 'cuda' or 'rocm'.
Default: all
default: "all"
type: string
tag:
description: |
Comma-separated list of tags to assign to this worker. These are added to
CONCOURSE_TAG and merged with any GPU-generated tags.
Example: "gpu,high-mem,ssd"
default: ""
type: string
vault-url:
description: "URL of the Vault server. If set, enables Vault credential management. Example: https://vault.example.com:8200"
default: ""
type: string
vault-auth-backend:
description: "Vault authentication backend (e.g., 'approle', 'token')."
default: ""
type: string
vault-auth-backend-max-ttl:
description: "Maximum TTL for the Vault authentication backend token. Example: '1h'"
default: ""
type: string
vault-auth-param:
description: "Comma-separated key-value pairs for the selected auth backend. Example: 'role_id:...,secret_id:...'"
default: ""
type: string
vault-ca-cert:
description: "Path to a PEM-encoded CA cert file to use for TLS to Vault."
default: ""
type: string
vault-client-cert:
description: "Path to a PEM-encoded client certificate for TLS authentication to Vault."
default: ""
type: string
vault-client-key:
description: "Path to an unencrypted, PEM-encoded private key for TLS authentication to Vault."
default: ""
type: string
vault-client-token:
description: "Vault client token."
default: ""
type: string
vault-lookup-templates:
description: "Vault lookup templates."
default: ""
type: string
vault-namespace:
description: "Vault namespace."
default: ""
type: string
vault-path-prefix:
description: "Prefix for all secret paths in Vault (e.g., '/concourse/my-team')."
default: ""
type: string
vault-shared-path:
description: "Shared path for Vault."
default: ""
type: string