## ## Global options relating to Develocity as a whole rather than a specific subsystem. ## # # global: # # ## ## Public URL ## # # hostname: ge.example.com # Hostname used to access the web interface by web browsers, etc. Required. # externalSSLTermination: true # If we are using HTTPS but not with termination in the built-in ingress or proxy. Default false. # externalPort: 8180 # Set to specify the external port the installation is available on. Only required if differs from `ingress.port.http(s)`. # # ## ## Develocity license settings ## ## # # license: # file: ABCD1234 # Full license file content as a multiline string or Base64 data part of the license. Can also be set using --set-file global.license.file=/path/to/file # # ## ## Image pull settings ## ## For airgap installations, the registry and an image pull secret that can pull from that registry are required. ## # # image: # registry: registry.example.com/gradle-enterprise # Registry to pull images from. Default registry.gradle.com/develocity # imagePullSecret: my-example-image-pull-secret # # tag: some-custom-tag # Tag to pull. Default is the Develocity version. # imagePullPolicy: Always # Default IfNotPresent. # # ## ## Storage settings ## ## By default Develocity will store data under /opt/gradle. ## This base directory can be configured, and separate directories for backups and logs can also be set. ## # # storage: # directory: /mnt/big-volume/ge # Default /opt/gradle # logs: # directory: /var/log/gradle-enterprise # Default (global.storage.directory)/logs # backup: # directory: /mnt/vol2/ge-backups # Default (global.storage.directory)/backups # ## ## Unattended installation ## ## These cover auto-configuring aspects of Develocity that are controlled by the Administration section of the application. ## Contact Gradle Support for assistance with unattended installation. ## WARNING: Making changes to the unattended configuration will *overwrite* any configuration changes made in the user interface. ## See https://gradle.com/help/helm-admin-unattended-configuration for details. ## # # unattended: # key: oijqefoijqOIQJFoijefoiqjfoij # Encryption key for secrets in the configuration, if any. Default none. # configuration: # version: 11 # advanced: # app: # heapMemory: 4608 # offHeapMemory: 1024 # params: {} # scanPayloadCacheSize: 2048 # appBackgroundProcessor: # heapMemory: 3584 # offHeapMemory: 1024 # params: {} # distributionBroker: # heapMemory: 1024 # offHeapMemory: 768 # params: {} # auth: # anonymousPermissions: # - viewScan # - publishScan # external: null # projects: # acceptAnonymousProjects: true # enabled: false # roles: # admin: # assignToNewExternalUsers: false # description: Administer Develocity # displayName: Administrator # identityProviderAttributeValue: null # permissions: # - administerGe # - administerProjects # - administerCache # - generateSupportBundle # ci-agent: # assignToNewExternalUsers: false # description: Use Develocity for CI builds # displayName: CI Agent # identityProviderAttributeValue: null # permissions: # - publishScan # - testDistribution # - predictiveTestSelection # - readCache # - writeCache # - accessAllDataWithOrWithoutAssociatedProject # - accessDataWithoutAssociatedProject # developer: # assignToNewExternalUsers: false # description: Use Develocity # displayName: Developer # identityProviderAttributeValue: null # permissions: # - viewScan # - publishScan # - testDistribution # - predictiveTestSelection # - readCache # - readCacheWriteCas # scim: # enabled: false # token: null # timeouts: # accessTokenLifespan: 10 # ssoSessionIdleTimeout: 5760 # ssoSessionMaxLifespan: 43200 # backups: null # buildCache: # allowUntrustedNodeSsl: false # storageSize: 10000 # buildScans: # diskSpaceMonitoring: # autoDeleteWhileFreeSpaceLessThanPercentage: null # rejectIncomingWhileFreeSpaceLessThanPercentage: null # sendWarningEmailWhenFreeSpaceLessThanPercentage: null # incomingStorageType: null # keepDays: null # dailyMaintenanceTime: 04:00 # edge: null # email: null # helpContact: # email: null # name: null # network: null # # systemPassword: [SYSTEM_PASSWORD_VALUE] ## ## ## Not all settings need to be set when providing an unattended config. The following example shows how to only configure an HTTP proxy: ## # unattended: # key: oijqefoijqOIQJFoijefoiqjfoij # Encryption key for secrets in the configuration, if any. Default none. # configuration: # version: 11 # network: # additionalTrust: # Default none. # proxy: # protocol: https # Default http # host: proxy.gradle.com # port: 8080 # Default 80 # excludedHosts: # Default empty # - some.external # - '*.internal' # auth: # Default none # username: user # password: "FEIpqflj265QEFq2efq54e" # # systemPassword: [SYSTEM_PASSWORD_VALUE] # ## ## Database section ## ## By default, Develocity will store data in an embedded database. ## To connect to a user-managed database, configure connection details here. ## # # database: # location: user-managed # Default "embedded" # # ## ## Embedded database resources and storage ## ## If using the embedded database, its resources can be configured here. ## # # storage: # data: # capacity: 500Gi # Default 250Gi # backup: # capacity: 750Gi # Default 250Gi # # ## ## User-managed database connection details ## ## Connection details can be set here directly or specified by a ConfigMap. ## # # connection: # configMapName: my-example-database-connection-config-map # # OR # host: db.example.com # Required for user-managed database if connection secret not provided. # port: 5555 # Default 5432 # databaseName: example_gradle_enterprise_prod # Required for user-managed database if connection secret not provided. # params: "?ssl=false" # No default. # # ## ## User-managed database credentials ## ## Credentials details can be set here directly or specified by secrets. ## ## Typically only a superuser account credential is required - Develocity can then create other ## necessary accounts and schemas for the app automatically. ## ## It is also possible to instead set up the database using a script and only configure the more restricted ## application account credentials here. ## # # credentials: # # superuser: # username: postgres # password: "superS3cret!" # # # OR # app: # password: "superS3cret!" # migrator: # password: "superS3cret!" # # ## ## End database section ## # ## ## Ingress section ## ## Develocity creates an Ingress to route traffic. ## # # ingress: # ## ## Ingress SSL settings ## ## By default, the generated Ingress will have HTTPS support and use self-signed SSL certificates. ## Both of these can be changed. Certificates can be set directly here, set using ## --set-file ingress.ssl.key=keyfile --set-file ingress.ssl.cert=certfile ## # # ssl: # enabled: false # Default true except if `global.externalSSLTermination: true` # # OR # key: | # -----BEGIN RSA PRIVATE KEY----- # MIIEpQIBAAKCAQEA4qV8JlqDMi7y85Ykq8dn7uIsi609D6KuFtlc+UvNYjatz0+u # ... # G7tI0qQ6F20e5R4tPpEDKCFZykyvgGMhfLzsvVlrgaVW8QbVK4YWNtQ= # -----END RSA PRIVATE KEY----- # cert: | # -----BEGIN CERTIFICATE----- # MIIDKjCCAhKgAwIBAgIRAPNTIHf6/oUuzMKm3ffGNOgwDQYJKoZIhvcNAQELBQAw # .. # z+P5RmRxU/kaaFB+Vuw1pRezbaAtZNorVgXnBwrdseY4zLGyhAcGcR9v+VtCiQ== # -----END CERTIFICATE----- # # ## ## Ingress TCP ports ## ## The ports that the application accepts traffic on can be altered from the default of 443 (or 80 if ## accepting plain HTTP): ## # # port: # http: 8080 # default 80 # https: 8443 # default 443 # # ## ## End ingress section ## # ## ## Authentication broker section ## # authenticationBroker: # adminPassword: # value: "superS3cret!" # clientSecret: # value: "superS3cret!" # ## ## End authentication broker section # # # objectStorage: # type: "embedded" # Supported values: `embedded`, `s3`, `googleCloudStorage`, `azureBlobStorage`. # # Default: `embedded`. # # embedded: # credentials: # app: # password: "my-embedded-app-password" # migrator: # password: "my-embedded-migrator-password" # superuser: # password: "my-embedded-superuser-password" # resources: # requests: # cpu: 1 # Default 1 # memory: 1Gi # Default 1Gi # limits: # cpu: 2 # Default 2 # memory: 2Gi # Default 2Gi # # s3: # This block configures the connection and location where `build-scan` and `build-cache` data are stored # bucket: "my-s3-bucket" # bucket used for `build-scan` and `build-cache` data # region: "my-s3-region" # region used for `build-scan` and `build-cache` data # # OR # endpoint: "my-s3-endpoint" # endpoint used for `build-scan` and `build-cache` data # credentials: # type: # Authentication method you will use for object Storage Connection. # # * `instanceProfile` leverages role associated to the EC2 instance # # * `keys` uses a combo of `accessKey` and `secretKey` # # This required value specifies the authentication configuration block you must provide. # keys: # accessKey: "my-s3-access-key" # secretKey: "my-s3-secret-key" # # advancedParams: # List of advanced parameters # - foo # - bar # # googleCloudStorage: # This block configures the connection and location where `build-scan` and `build-cache` data are stored # bucket: "my-google-cloud-storage-bucket" # bucket used for `build-scan` and `build-cache` data # advancedParams: # List of advanced parameters # - foo # - bar # credentials: # type: # Authentication method you will use for object Storage Connection. # # * `serviceAccount` uses the service account key json file # # This required value specifies the authentication configuration block you must provide. # # serviceAccount: # The contents of the service account key json file # key: "my-google-cloud-storage-service-account-json-file" # # azureBlobStorage: # This block configures the connection and location where `build-scan` and `build-cache` data are stored # container: "my-azure-container" # container used for `build-scan` and `build-cache` data # advancedParams: # List of advanced parameters # - foo # - bar # credentials: # type: # Authentication method you will use for object Storage Connection, where `build-scan` and `build-cache` data are stored. # # * `accountInformation` uses a combo of `accountName` and `accountKey` # # This required value specifies the authentication configuration block you must provide. # # accountInformation: # The `accountKey` and `accountName` of the Azure Blob Storage account # accountName: "my-azure-account-name" # accountKey: "my-azure-account" ## ## End objectStorage section ## # ## ## Enterprise app section ## ## # enterprise: # bazel: ## Used to configure access to a non-Develocity Bazel cache for use by Bazel Build Scans # remoteCacheConnection: ## Can be either GRPC or GRPCS # url: grpc://cache.example.com:9090 # authType: bearerToken # Default none ## There should only be one block under this # auth: # tls: # cert: |- # -----BEGIN CERTIFICATE----- # MIIDKjCCAhKgAwIBAgIRAPNTIHf6/oUuzMKm3ffGNOgwDQYJKoZIhvcNAQELBQAw # .. # z+P5RmRxU/kaaFB+Vuw1pRezbaAtZNorVgXnBwrdseY4zLGyhAcGcR9v+VtCiQ== # -----END CERTIFICATE----- # key: |- # -----BEGIN RSA PRIVATE KEY----- # MIIEpQIBAAKCAQEA4qV8JlqDMi7y85Ykq8dn7uIsi609D6KuFtlc+UvNYjatz0+u # ... # G7tI0qQ6F20e5R4tPpEDKCFZykyvgGMhfLzsvVlrgaVW8QbVK4YWNtQ= # -----END RSA PRIVATE KEY----- # bearerToken: # token: ar3rgsdgggsafrertregrgrbgvrb ## ## End enterprise app section ## # #