This repository has been archived by the owner on Jun 27, 2020. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathk8s_jcasc_mgmt.cnf
112 lines (83 loc) · 6.81 KB
/
k8s_jcasc_mgmt.cnf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
# log level can be INFO | NONE | DEBUG
LOG_LEVEL=INFO
# defines the file, in which the ip addresses for each namespace should be stored
IP_CONFIG_FILE=./config/ip_config.cnf
# Dummy prefix for reserved IPs. If a namespace was prefixed with this, it will not be used for actions that are working with the IP_CONFIG_FILE (like global update of credentials)
IP_CONFIG_FILE_DUMMY_PREFIX=dummy
# directory, where the projects are located. Must contain a trailing slash!
PROJECTS_BASE_DIRECTORY=./projects/
# directory for templates. If own templates should be used, it is possible to store them in a separate repository and to configure the path to this repo here.
TEMPLATES_BASE_DIRECTORY=./templates/
# Use this file as a global secrets file. If you want to use different secrets for each project, comment this line.
# If this line is commented, then the secrets will be stored under PROJECTS_DIRECTORY/secrets.sh.enc
GLOBAL_SECRETS_FILE=./config/secrets.sh
# This variable configures the URL, where the Jenkins configuration was checked in. This URL must have public access!
# You can use the '##PROJECT_DIRECTORY##' template variable here to
JENKINS_JCASC_CONFIGURATION_URL=https://raw.githubusercontent.com/Ragin-LundF/k8s-jcasc-project-config/master/##PROJECT_DIRECTORY##/jcasc_config.yaml
# If this variable is set, it is possible to add only the URI of the JobDSL configuration instead the full URL.
# Leave empty if only full URLs are allowed
JENKINS_JOBDSL_BASE_URL=http://github.com
# Validation pattern for Jenkins JobDSL URI/URL
JENKINS_JOBDSL_REPO_VALIDATE_PATTERN=".*\.git"
# Default admin password for Jenkins if security configuration in the jcasc_config should not be used
JENKINS_MASTER_ADMIN_PASSWORD=admin
# Default password with bcrypt for security configuration as code (jcasc_config)
JENKINS_MASTER_ADMIN_PASSWORD_ENCRYPTED='$2a$04$UNxiNvJN6R3me9vybVQr/OzpMhgobih8qbxDpGy3lZmmmwc6t48ty'
JENKINS_MASTER_PROJECT_USER_PASSWORD_ENCRYPTED='$2a$04$BFPq6fSa9KGKrlIktz/C8eSFrrG/gglnW1eXWMSjgtCSx36mMOSNm'
# Default label for the jenkins master to execute the seed job, which will be bind to this label.
JENKINS_MASTER_DEFAULT_LABEL=jenkins-master-for-seed
# Deny or allow anonymous read access to the Jenkins master
JENKINS_MASTER_DENY_ANONYMOUS_READ_ACCESS=false
# Default prefix for each jenkins instance on the Kubernetes cluster.
# This value defines the path, that has to specified for the ingress routing and ensures, that this "proxy" will be correctly used by Jenkins.
JENKINS_MASTER_DEFAULT_URI_PREFIX=/jenkins
# Jenkins Master deployment name. This will be configured globally, which makes it easier to cleanup.
JENKINS_MASTER_DEPLOYMENT_NAME=jenkins-master
# Define the persistence storage class for the Kubernetes
JENKINS_MASTER_PERSISTENCE_STORAGE_CLASS=nfs-client
# Define the Jenkins master accessMode for the PVC (ReadWriteMany or ReadWriteOnce)
JENKINS_MASTER_PERSISTENCE_ACCESS_MODE=ReadWriteOnce
# Define the default storage size for the Jenkins master
JENKINS_MASTER_PERSISTENCE_STORAGE_SIZE=8Gi
# Image of the Jenkins Master
JENKINS_MASTER_CONTAINER_IMAGE=jenkins/jenkins
JENKINS_MASTER_CONTAINER_IMAGE_TAG=lts
JENKINS_MASTER_CONTAINER_PULL_POLICY=Always
JENKINS_MASTER_CONTAINER_IMAGE_PULL_SECRET_NAME=
# Image of the Nginx ingress controller
NGINX_INGRESS_CONTROLLER_CONTAINER_IMAGE=bitnami/nginx-ingress-controller:latest
NGINX_INGRESS_CONTROLLER_CONTAINER_PULL_SECRETS=
# Deploy Nginx ingress controller for each namespace
NGINX_INGRESS_CONTROLLER_FOR_NAMESPACE=false
# Name of the nginx-ingress-controller deployment
# This name will also be used as prefix for roles/rolebindings...
NGINX_INGRESS_DEPLOYMENT_NAME=nginx-ingress
# Annotation for ingress class. Default is nginx.
NGINX_INGRESS_ANNOTATION_CLASS=nginx
# enable loadbalancer
NGINX_LOADBALANCER_ENABLED=false
NGINX_LOADBALANCER_HTTP_PORT=80
NGINX_LOADBALANCER_HTTP_TARGETPORT=80
NGINX_LOADBALANCER_HTTPS_PORT=443
NGINX_LOADBALANCER_HTTPS_TARGETPORT=443
# Certificate of the Kubernetes server
KUBERNETES_SERVER_CERTIFICATE=LS0tLS1DeUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUM3akNDQWRhZ0F4SUJBZ0lCQURBTkJna3Foa2lHOXcwQkFRc0ZBREFvTVJJd0VBWURWUVFLRXdsMGFHVXQKY21GdVkyZ3hFakFRQmdOVkJBTVRDV05oZEhSc1pTMWpZVEFlRncweE9URXdNalV3TnpNMU5UaGFGdzB5T1RFdwpNakl3TnpNMU5UaGFNQ2d4RWpBUUJnTlZCQW9UQ1hSb1pTMXlZVzVqYURFU01CQUdBMVVFQXhNSlkyRjBkR3hsCkxXTmhNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DQVE4QU1JSUJDZ0tDQVFFQXZmSU5NdFJCN1liRzVvbEsKL0lpckdFZlZVbWxhZXcyR0RzMm5od2NOZC9Ha09NdmVMdThySDUzdUMwRm1QTXYvd21CdWRKMGJ0anF3RldxQgpubHlVL0VPQWhzeUN3Z1FFeE0xY2ZmQTUzRDZlQncyVHVsZ3ZudTNoYzRmbmZvTEdVbUNyTVNiVXplMjBncm43CjI4UWdmcXBxcVRQMm42b21OUzlLSm9obmp4VDZpaVVYZExwS29nNEhhcndiUVNmdmdnWHFrTGNRVmpucjllWkYKTEhGY1hpanpVK1pES3BIT2tyNGlsc1FiOFhiT2xpK01Sa0p2OWVOdEhYajRoeVFYakpBdHdzUUhTeXdja1lYUQpGUFRFQi9IejBQUUJpTC9jaTk0dGUrWHRSNDJMNFgrZlh2eUpIOGFNQ09VMTZkaEhuUjBxOW1jLzJjTlZMYjJ0CmxOWWVWUUlEQVFBQm95TXdJVEFPQmdOVkhROEJBZjhFQkFNQ0FxUXdEd1lEVlIwVEFRSC9CQVV3QXdFQi96QU4KQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZ3UzSDVkRHA5d0FNZlg0V0pUSWlEGUxjTU0wSElkMFJGbDhaTU9oUgowRTB0YnUrbkduaHh0d3lIMUE5UFRjRm9pU3h1THNNNktrSWNZL1ZLallqRnBPemxXZVJuVW12WnpTdDkyaTRuCjRoa2duA8ZEa1l6bzVPb1FEF21nRXhFVlpsRnJKaXFZYjYwR3Z6Q0RHblZUc3ljT2xqaVJmeGdWSFQvR8t6bkEKbG9scTY4Z2VlVGFZMWZjdWZTK3FPcHBKcm9CNjZvZENtenhuMExVZE4yRU9ucDJYZUdIZ0hjRzRFcFVXODdXcQpJZVZTTkY3SDFIYVlqY0Z2ZD3SZHFseVVpRjkvaWwxMFJYVHTSbzNPa3loZ3BzWnPUNWRBTk9jOXA0M0MKNHF0CjNwZDJvN2hHRGxVc3g4cFpsaZZHamo4ZA8rVy9qRXY1K1VTQzVPQ09kRHJJU2c9PQotLS0tLUVORCBDRVJUSUZMR0FUSS0tBT0t
# Default Docker registry credentialsId
KUBERNETES_DOCKER_REGISTRY_CREDENTIALS_ID=docker-registry-credentialsid
# Maven repository secrets credentialsId of the maven repository service account/technical user, if a private repository should be used.
# if you do not need this: look into the 'jcasc_config.yaml' file and remove the environment variable settings
MAVEN_REPOSITORY_SECRETS_CREDENTIALS_ID=repository-credentialsid
# NPM repository secrets credentialsId of the npm repository service account/technical user, if a private repository should be used.
# if you do not need this: look into the 'jcasc_config.yaml' file and remove the environment variable settings
NPM_REPOSITORY_SECRETS_CREDENTIALS_ID=repository-credentialsid
# NPM repository secrets credentialsId of the npm repository service account/technical user, if a private repository should be used.
# if you do not need this: look into the 'jcasc_config.yaml' file and remove the environment variable settings
VCS_REPOSITORY_SECRETS_CREDENTIALS_ID=vcs-notification-credentialsid
# URL to the seed job script, that creates/deletes jobs from a simple repository file
JENKINS_JOBDSL_SEED_JOB_SCRIPT_URL=https://github.com/Ragin-LundF/jenkins-jobdsl-remote.git
# activate version check to get informed about new version
K8S_MGMT_VERSION_CHECK=true
# To check the version, you can choose between curl and wget
K8S_MGMT_VERSION_CHECK_TOOL=curl
# Which encryption should k8s-jcasc-mgmt use (openssl, gpg)
K8S_MGMT_ENCRYPTION_TOOL=gpg