garm-helm-chart/values.yaml at main · igrikus/garm-helm-chart · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
## -- GARM application configuration
garm:
  ## -- Enable the GARM web UI.
  ui:
    enabled: true

  ## -- GARM admin user credentials. These will be stored in a Kubernetes secret.
  admin:
    ## -- The name of the secret containing the admin credentials.
    ## -- If not set, a secret will be created with a generated password.
    secretName: ""
    ## -- The default admin username to use when generating the secret.
    defaultUsername: "admin"
    ## -- The default admin email address to use when generating the secret.
    defaultEmail: "admin@example.com"
    ## -- The key in the secret for the admin username.
    usernameKey: "username"
    ## -- The key in the secret for the admin password.
    passwordKey: "password"
    ## -- The key in the secret for the admin email.
    emailKey: "email"
    ## -- The key in the secret for the JWT secret.
    jwtSecretKey: "jwt-secret"
    ## -- The key in the secret for the database passphrase.
    dbPassphraseKey: "db-passphrase"

  ## -- The base URL for the GARM service. This can be used for the Ingress and for GARM's own configuration.
  url: "https://garm.example.com"
  ## -- Specify callback URL (with correct URI path). If empty, garm.url will be used.
  callbackUrl: ""
  ## -- Specify metadata URL (with correct URI path). If empty, garm.url will be used.
  metadataUrl: ""
  ## -- Specify webhook URL (with correct URI path). If empty, garm.url will be used.
  webhookUrl: ""

  ## -- TLS configuration for the GARM API server.
  ## -- This is optional. A reverse proxy or Ingress with TLS termination can be used instead.
  ## -- If enabled, you must provide a secret containing the TLS certificate and key
  ## -- and mount it using extraVolumes and extraVolumeMounts.
  tls:
    enabled: false
    ## -- In-container path to the TLS certificate file.
    ## -- NOTE: If your certificate is signed by an intermediary CA, this file
    ## -- must contain the entire certificate bundle.
    ## -- See: https://github.com/cloudbase/garm/blob/main/doc/config.md#the-api-server-config-section
    certPath: ""
    ## -- In-container path to the TLS key file.
    keyPath: ""

## -- Image configuration for GARM and its components.
image:
  ## -- GARM image repository.
  repository: "ghcr.io/cloudbase/garm"
  ## -- GARM image pull policy.
  pullPolicy: "Always"
  ## -- GARM image tag. Overrides the chart's appVersion.
  tag: ""

## -- Overrides for the chart name.
nameOverride: ""
## -- Overrides for the full chart name.
fullnameOverride: ""

## -- ServiceAccount configuration.
serviceAccount:
  ## -- Specifies whether a service account should be created.
  create: true
  ## -- Automatically mount a ServiceAccount's API credentials.
  automount: true
  ## -- Annotations to add to the service account.
  annotations: {}
  ## -- The name of the service account to use.
  ## -- If not set and create is true, a name is generated using the fullname template.
  name: ""

## -- Annotations for both the server and operator Pods.
podAnnotations: {}
## -- Labels for both the server and operator Pods.
podLabels: {}

## -- Service configuration.
service:
  ## -- Kubernetes service type.
  type: ClusterIP
  ## -- The port for the GARM service.
  port: 9997
  annotations: {}

## -- Deployment strategy type.
strategyType: "RollingUpdate"

## -- Ingress configuration.
ingress:
  ## -- Enable or disable the Ingress resource.
  enabled: false
  ## -- The public-facing host for the Ingress resource. Required if ingress.enabled is true.
  host: ""
  ## -- IngressClassName for the Ingress resource.
  className: ""
  ## -- Annotations for the Ingress resource.
  annotations: {}
  ## -- TLS configuration for the Ingress.
  tls:
    ## -- The name of the secret containing the TLS certificate.
    secretName: ""

## -- Resource requests and limits for the containers.
resources:
  ## -- Resources for the main GARM container.
  garm:
    limits:
      cpu: 200m
      memory: 512Mi
    requests:
      cpu: 100m
      memory: 512Mi
  ## -- Resources for the substitute-config init container.
  substituteConfig:
    limits:
      cpu: 50m
      memory: 64Mi
    requests:
      cpu: 25m
      memory: 32Mi
  ## -- Resources for the config-init init container.
  configInit:
    limits:
      cpu: 100m
      memory: 256Mi
    requests:
      cpu: 50m
      memory: 128Mi

## -- Additional volumes to mount in the Pod.
extraVolumes: []
# - name: foo
#   secret:
#     secretName: mysecret
#     optional: false

## -- Additional volume mounts for the GARM container.
extraVolumeMounts: []
# - name: foo
#   mountPath: "/etc/foo"
#   readOnly: true

## -- Persistence configuration for the GARM database.
persistence:
  ## -- Enable or disable persistence.
  enabled: true
  ## -- Annotations for the PVC.
  annotations:
    helm.sh/resource-policy: keep
  ## -- The storage class to use for the PVC.
  storageClassName: ""
  ## -- The access modes for the PVC.
  accessModes:
    - ReadWriteOnce
  ## -- The size of the PVC.
  size: 1Gi

## -- A list of runner templates to create.
## -- NOTE: If you deploy templates and then remove this field then templates will NOT be deleted from GARM server.
## -- This is because templates might be in use by runner pools and tracking all dependencies is not feasible.
runnerTemplates: []
  ## -- NOTE: The name must be a valid RFC 1123 subdomain name (e.g., 'my-template').
  ## -- It can only contain lowercase letters, numbers, and hyphens (-).
  ## -- Underscores (_) are not allowed as the name is used for Kubernetes resources.
  # - name: "linux-cache-server"
  #   description: "Configuring external cache server before runner is started"
  #   forgeType: "gitea" # or github
  #   osType: "linux"
  #   ## -- The content of the runner template script.
  #   ## -- You can provide the content directly as a multi-line string:
  #   ## -- Or you can use 'helm --set-file' to load the content from a file:
  #   ## -- helm install --set-file "runnerTemplates[0].content=./path/to/your/script.sh"
  #   content: |
  #     #!/bin/bash
  #     echo "Your script below"

## -- Configuration for different git forges.
forges:
  ## -- Gitea server configurations.
  gitea:
    ## -- A list of Gitea credentials. If empty, Gitea integration is not initialized.
    credentials: []
      # - name: "my-gitea"
      #   secretName: "garm-gitea-config"
      #   baseUrlKey: "server-url"
      #   # -- If this field is empty, then baseUrlKey will be used.
      #   apiUrlKey: ""
      #   tokenKey: "access-token"

    ## -- A list of Gitea organizations to create.
    organizations: []
      # - name: "MyGiteaOrg"
      #   ## -- Reference to credential from the 'credentials' list above.
      #   credName: "my-gitea"

    ## -- A list of Gitea runner pools to create.
    ## -- Pools are re-created on every deployment (e.g helm upgrade) to always match the configuration.
    ## -- NOTE: Before re-deploying make sure that this pool does not have any runners, otherwise you will get an error.
    pools: []
      ## -- Reference to organization from the 'organizations' list above.
      # - orgName: "MyGiteaOrg"
      #   ## -- Reference to provider from the 'providers' list below.
      #   providerName: "gcp"
      #   image: ""
      #   flavor: ""
      #   minIdleRunners: 0
      #   maxRunners: 5
      #   ## -- Specify tags to be applied to the runners created in this pool.
      #   tags:
      #     - "my-garm-runner"
      #   ## -- Specify any extra_spec supported by your provider.
      #   ## -- It will be converted to JSON
      #   extraSpec:
      #     custom_labels:
      #       my-custom-label: "my-value"
      #     disable_updates: true
      #   ## -- The name or ID of the runner install template to use for this pool.
      #   runnerInstallTemplate: ""

  ## -- GitHub server configurations.
  github:
    ## -- A list of GitHub servers/credentials. If empty, GitHub integration is not initialized.
    credentials: []
    # - name: "my-github"
    #   secretName: "my-github-secret"
    # -- If this field is empty, the default GitHub endpoint will be used.
    #   urlKey: ""
    # -- Allowed values: 'pat' or 'app'
    #   authType: "pat"
    # -- Specify this key only if authType is 'pat'
    #   tokenKey: "token"
    # -- Specify values below only if authType is 'app'
    #   appIdKey: "app-id"
    #   appInstallationIdKey: "app-installation-id"
    #   privateKeyKey: "private-key"

## -- Configuration for different providers.
providers: []
  # - name: "gcp"
  #   type: "external"
  #   description: "GCP provider"
  #   executable: "/opt/garm/providers.d/garm-provider-gcp"
  #
  #   ## -- Dynamic configuration for the provider's .toml file.
  #   ## -- You can add any keys here, and they will be added to the ConfigMap.
  #   config:
  #     project_id: "my-project"
  #     zone: "us-central1-a"
  #     network_id: "projects/my-project/global/networks/default"
  #     subnetwork_id: "projects/my-project/regions/us-central1/subnetworks/default"
  #     external_ip_access: true

## -- Array of extra objects to deploy with the release
## -- It can be in "string" or "object" format
extraManifests: []