values.yaml 11.5 KB
Newer Older
1
# Default values for gitlab/gitlab chart
2

3 4 5 6 7 8 9 10
## NOTICE
# Due to the scope and complexity of this chart, all possible values are
# not documented in this file. Extensive documentation for these values
# and more can be found at https://gitlab.com/charts/gitlab/

## Advanced Configuration
# Documentation for advanced configuration can be found under doc/advanced
# - external PostgreSQL
11
# - external Gitaly
12 13 14 15 16 17 18
# - external Redis
# - external NGINX
# - PersistentVolume configuration
# - external Object Storage providers 

## The global properties are used to configure multiple charts at once.
## Extended documenation at doc/charts/globals.md
19
global:
20
  ## GitLab operator is Alpha. Not for production use.
Ahmad Hassan's avatar
Ahmad Hassan committed
21 22
  operator:
    enabled: false
23 24 25 26 27

  ## doc/installation/deployment.md#deploy-the-community-edition
  # edition: ee

  ## doc/charts/globals.md#gitlab-version
28
  # gitlabVersion: master
29 30

  ## doc/charts/globals.md#application-resource
31
  application:
32 33
    create: false
    links: []
34
    allowClusterRoles: true
35
  ## doc/charts/globals.md#configure-host-settings
36
  hosts:
37
    domain: example.com
38
    # hostSuffix:
39
    https: true
40
    externalIP:
41
    ssh: ~
42 43

  ## doc/charts/globals.md#configure-ingress-settings
44
  ingress:
45
    configureCertmanager: true
46
    annotations: {}
47
    enabled: true
48 49
    # tls:
    #   enabled: true
50 51 52 53

  ## Initial root password for this GitLab installation
  ## Secret created according to doc/installation/secrets.md#initial-root-password
  ## If allowing shared-secrets generation, this is OPTIONAL.
54
  initialRootPassword: {}
55 56 57 58
    # secret: RELEASE-gitlab-initial-root-password
    # key: password

  ## doc/charts/globals.md#configure-postgresql-settings
59 60
  psql:
    password: {}
61 62 63
      # secret:
      # key:
    # host: postgresql.hostedsomewhere.else
64 65 66
    # port: 123
    # username: gitlab
    # database: gitlabhq_production
67 68

  ## doc/charts/globals.md#configure-redis-settings
69
  redis:
Vic Iglesias's avatar
Vic Iglesias committed
70 71
    password:
      enabled: true
72 73 74 75 76 77
      # secret:
      # key:
    # host: redis.hostedsomewhere.else
    # port: 6379

  ## doc/charts/globals.md#configure-gitaly-settings
78 79
  gitaly:
    authToken: {}
80 81
      # secret:
      # key:
Ahmad Hassan's avatar
Ahmad Hassan committed
82 83
    internal:
      names: ['default']
84
    external: []
85 86

  ## doc/charts/globals.md#configure-minio-settings
87
  minio:
88
    enabled: true
89
    credentials: {}
90 91 92 93
      # secret:

  ## doc/charts/globals.md#configure-appconfig-settings
  ## Rails based portions of this chart share many settings
94
  appConfig:
95
    ## doc/charts/globals.md#general-application-settings
96
    enableUsagePing: true
97
    enableImpersonation:
98 99
    defaultCanCreateGroup: true
    usernameChangingEnabled: true
100 101
    issueClosingPattern:
    defaultTheme:
102 103 104 105 106 107
    defaultProjectsFeatures:
      issues: true
      mergeRequests: true
      wiki: true
      snippets: true
      builds: true
108
    webhookTimeout:
109

110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127
    ## doc/charts/globals.md#cron-jobs-related-settings
    cron_jobs: {}
      # stuck_ci_jobs_worker:
      #   cron: "0 * * * *"
      # pipeline_schedule_worker:
      #   cron: "19 * * * *"
      # expire_build_artifacts_worker:
      #   cron: "50 * * * *"
      # repository_check_worker:
      #   cron: "20 * * * *"
      # admin_email_worker:
      #   cron: "0 0 * * 0"
      # repository_archive_cache_worker:
      #   cron: "0 * * * *"
      # pages_domain_verification_cron_worker:
      #   cron: "*/15 * * * *"
      # pseudonymizer_worker:
      #   cron: "0 * * * *"
128 129
      # schedule_migrate_external_diffs_worker
      #   cron: "15 * * * *"
130

131
    ## doc/charts/globals.md#gravatarlibravatar-settings
132 133 134
    gravatar:
      plainUrl:
      sslUrl:
135 136

    ## doc/charts/globals.md#hooking-analytics-services-to-the-gitlab-instance
137 138 139 140
    extra:
      googleAnalyticsId:
      piwikUrl:
      piwikSiteId:
141

142
    ## doc/charts/globals.md#lfs-artifacts-uploads-packages-external-mr-diffs
143 144 145
    lfs:
      bucket: git-lfs
      connection: {}
146 147
        # secret:
        # key:
148 149 150
    artifacts:
      bucket: gitlab-artifacts
      connection: {}
151 152
        # secret:
        # key:
153 154 155
    uploads:
      bucket: gitlab-uploads
      connection: {}
156 157
        # secret:
        # key:
158 159 160
    packages:
      bucket: gitlab-packages
      connection: {}
161
    externalDiffs:
162
      when:
163 164
      bucket: gitlab-mr-diffs
      connection: {}
165 166

    ## doc/charts/globals.md#pseudonymizer-settings
167 168 169 170
    pseudonymizer:
      configMap:
      bucket: gitlab-pseudo
      connection: {}
171 172
        # secret:
        # key:
173 174
    backups:
      bucket: gitlab-backups
175
      tmpBucket: tmp
176 177 178

    ## doc/charts/globals.md#incoming-email-settings
    ## doc/installation/deployment.md#incoming-email
179 180 181 182 183 184 185 186 187 188 189 190 191
    incomingEmail:
      enabled: false
      address: ""
      host: "imap.gmail.com"
      port: 993
      ssl: true
      startTls: false
      user: ""
      password:
        secret: ""
        key: password
      mailbox: inbox
      idleTimeout: 60
192 193

    ## doc/charts/globals.md#ldap
194 195
    ldap:
      servers: {}
196
      ## 'main' is the GitLab 'provider ID' of this LDAP server
197 198 199 200 201 202
      # main:
      #   label: 'LDAP'
      #   host: '_your_ldap_server'
      #   port: 636
      #   uid: 'sAMAccountName'
      #   bind_dn: '_the_full_dn_of_the_user_you_will_bind_with'
203 204 205
      #   password:
      #     secret: _the_secret_containing_your_ldap_password
      #     key: _the_key_which_holds_your_ldap_password
206
      #   encryption: 'plain'
207 208

    ## doc/charts/globals.md#omniauth
209 210 211 212 213 214 215 216 217 218 219 220 221
    omniauth:
      enabled: false
      autoSignInWithProvider:
      syncProfileFromProvider: []
      syncProfileAttributes: ['email']
      allowSingleSignOn: ['saml']
      blockAutoCreatedUsers: true
      autoLinkLdapUser: false
      autoLinkSamlUser: false
      externalProviders: []
      providers: []
      # - secret: gitlab-google-oauth2
      #   key: provider
222
  ## End of global.appConfig
223 224

  ## doc/charts/globals.md#configure-gitlab-shell-settings
225 226
  shell:
    authToken: {}
227 228
      # secret:
      # key:
229
    hostKeys: {}
230 231 232 233 234
      # secret:

  ## Rails application secrets 
  ## Secret created according to doc/installation/secrets.md#gitlab-rails-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
235
  railsSecrets: {}
236 237 238
    # secret:

  ## doc/charts/globals.md#configure-registry-settings
239
  registry:
240
    bucket: registry
241
    certificate: {}
242
      # secret:
243
    httpSecret: {}
244 245 246 247 248 249
      # secret:
      # key:

  ## GitLab Runner
  ## Secret created according to doc/installation/secrets.md#gitlab-runner-secret
  ## If allowing shared-secrets generation, this is OPTIONAL.
250 251
  runner:
    registrationToken: {}
252 253 254 255
      # secret:

  ## doc/installation/deployment.md#outgoing-email
  ## Outgoing email server settings
Corey O'Brien's avatar
Corey O'Brien committed
256 257 258 259 260
  smtp:
    enabled: false
    address: smtp.mailgun.org
    port: 2525
    user_name: ""
261
    ## doc/installation/secrets.md#smtp-password
Corey O'Brien's avatar
Corey O'Brien committed
262 263 264 265 266 267 268
    password:
      secret: ""
      key: password
    # domain:
    authentication: "plain"
    starttls_auto: false
    openssl_verify_mode: "peer"
269 270 271

  ## doc/installation/deployment.md#outgoing-email
  ## Email persona used in email sent by GitLab
272 273 274 275 276
  email:
    from: ''
    display_name: GitLab
    reply_to: ''
    subject_suffix: ''
277 278

  ## Timezone for containers.
279
  time_zone: UTC
280 281

  ## Global Service Annotations
282 283
  service:
    annotations: {}
284

Corey O'Brien's avatar
Corey O'Brien committed
285
  antiAffinity: soft
286 287

  ## doc/installation/secrets.md#gitlab-workhorse-secret
288
  workhorse: {}
289 290 291 292
    # secret:
    # key:

  ## doc/charts/globals.md#custom-certificate-authorities
293 294 295 296
  # configuration of certificates container & custom CA injection
  certificates:
    image:
      repository: registry.gitlab.com/gitlab-org/build/cng/alpine-certificates
297
      tag: 20171114-r3
298 299 300
    customCAs: []
    # - secret: custom-CA
    # - secret: more-custom-CAs
301
## End of global
302

303
## Settings to for the Let's Encrypt ACME Issuer
304
# certmanager-issuer:
305 306
  ## The email address to register certificates requested from Let's Encrypt.
  ## Required if using Let's Encrypt.
Joshua Lambert's avatar
Joshua Lambert committed
307
  # email: email@example.com
308

309 310
## Installation & configuration of stable/cert-manager
## See requirements.yaml for current version
311 312 313
certmanager:
  # Install cert-manager chart. Set to false if you already have cert-manager
  # installed or if you are not using cert-manager.
314
  install: true
315 316 317 318
  # Other cert-manager configurations from upstream
  # See https://github.com/kubernetes/charts/tree/master/stable/cert-manager#configuration
  rbac:
    create: true
319

320 321 322
## doc/charts/nginx/index.md
## doc/architecture/decisions.md#nginx-ingress
## Installation & configuration of charts/nginx
323
nginx-ingress:
324
  enabled: true
325 326 327 328 329 330 331 332 333 334
  tcpExternalConfig: "true"
  controller:
    config:
      hsts-include-subdomains: "false"
      server-name-hash-bucket-size: "256"
      enable-vts-status: "true"
      use-http2: "false"
      ssl-ciphers: "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"
      ssl-protocols: "TLSv1.1 TLSv1.2"
      server-tokens: "false"
335 336
    extraArgs:
      force-namespace-isolation: ""
337 338 339 340 341
    service:
      externalTrafficPolicy: "Local"
    resources:
      requests:
        cpu: 100m
342
        memory: 100Mi
343 344 345 346 347 348
    publishService:
      enabled: true
    replicaCount: 3
    minAvailable: 2
    scope:
      enabled: true
349 350 351 352 353 354 355 356
    stats:
      enabled: true
    metrics:
      enabled: true
      service:
        annotations:
          prometheus.io/scrape: "true"
          prometheus.io/port: "10254"
357 358 359
  defaultBackend:
    minAvailable: 1
    replicaCount: 2
360 361 362 363
    resources:
      requests:
        cpu: 5m
        memory: 5Mi
364
  rbac:
365 366 367
    create: true
  serviceAccount:
    create: true
368

369 370
## Installation & configuration of stable/prometheus
## See requirements.yaml for current version
371 372 373 374
prometheus:
  install: true
  rbac:
    create: true
375 376 377 378 379 380 381 382
  alertmanager:
    enabled: false
  alertmanagerFiles:
    alertmanager.yml: {}
  kubeStateMetrics:
    enabled: false
  nodeExporter:
    enabled: false
383 384
  pushgateway:
    enabled: false
385

386 387 388 389
## Configuration of Redis
## doc/architecture/decisions.md#redis
## doc/charts/redis
# redis:
390
#   enabled: true
391 392
## doc/architecture/decisions.md#redis-ha
## doc/charts/redis-ha
393
redis-ha:
394
  enabled: false
395
  nameOverride: redis
396

397 398
## Instllation & configuration of stable/prostgresql
## See requirements.yaml for current version
399 400 401 402 403 404
postgresql:
  install: true
  postgresUser: gitlab
  postgresDatabase: gitlabhq_production
  imageTag: 9.6.8
  usePasswordFile: true
405
  existingSecret: 'secret'
406 407 408 409
  metrics:
    enabled: true
    ## Optionally define additional custom metrics
    ## ref: https://github.com/wrouesnel/postgres_exporter#adding-new-metrics-via-a-config-file
410

411 412 413
## Installation & configuration charts/registry
## doc/architecture/decisions.md#registry
## doc/charts/registry/
414 415
# registry:
#   enabled: false
416

417 418 419 420

## Automatic shared secret generation
## doc/installation/secrets.md
## doc/charts/shared-secrets
421
shared-secrets:
422
  enabled: true
423 424
  rbac:
    create: true
425

426 427
## Installation & configuration of gitlab/gitlab-runner
## See requirements.yaml for current version
428 429
gitlab-runner:
  install: true
430 431
  rbac:
    create: true
432
  runners:
433
    locked: false
434 435 436 437 438 439 440
    cache:
      cacheType: s3
      s3BucketName: runner-cache
      cacheShared: true
      s3BucketLocation: us-east-1
      s3CachePath: gitlab-runner
      s3CacheInsecure: false
441 442 443

## Settings for individual sub-charts under GitLab
## Note: Many of these settings are configurable via globals
444
# gitlab:
445
## doc/charts/gitlab/migrations
446 447
#   migrations:
#     enabled: false
448
## doc/charts/gitlab/unicorn 
449 450
#   unicorn:
#     enabled: false
451
## doc/charts/gitlab/sidekiq 
452 453
#   sidekiq:
#     enabled: false
454
## doc/charts/gitlab/gitaly 
455 456
#   gitaly:
#     enabled: false
457
## doc/charts/gitlab/gitlab-shell
458 459
#   gitlab-shell:
#     enabled: false