## ## Global options relating to Develocity as a whole rather than a specific subsystem. ## # # global: # # ## ## Public URL ## # # hostname: ge.example.com # Hostname used to access the web interface by web browsers, etc. Required. # externalSSLTermination: true # If we are using HTTPS but not with termination in the built-in ingress or proxy. Default false. # externalPort: 8180 # Set to specify the external port the installation is available on. Only required if not using standard ports (80/443). # # ## ## Develocity license settings ## ## Exactly one of these options must be set. ## ## If performing an online (ie not airgapped) installation that pulls images from the Gradle image registry, ## and you are setting the license via global.license.secretName, you will also need to set an imagePullSecret ## with the license in dockerconfigjson form. If setting the license via global.license.file, the image pull ## secret is generated automatically. ## # # license: # file: ABCD1234 # Full license file content as a multiline string or Base64 data part of the license. Can also be set using --set-file global.license.file=/path/to/file # # OR # secretName: my-example-license-secret # Name of Secret that contains the license. License should be in the "license" key in the secret. # # ## ## Image pull settings ## ## For airgap installations, the registry and an image pull secret that can pull from that registry are required. ## # # image: # registry: registry.example.com/gradle-enterprise # Registry to pull images from. The default is 'registry.gradle.com/develocity'. # imagePullSecret: my-example-image-pull-secret # # tag: some-custom-tag # Tag to pull. Default is the Develocity version. # imagePullPolicy: Always # Default IfNotPresent. # # ## ## Storage settings ## ## There are no defaults set. If your cluster has a default storage class, this will be used. ## Otherwise, you will need to set the storage class to be used for data and backups if ## using the embedded database. ## # # storage: # data: # class: fast-storage # backup: # class: slow-cheap-storage # # ## ## Openshift ## ## Develocity no longer supports Openshift-specific manifests. Please remove `global.openshiftInstallation` from your Helm values. ## Instead, ensure to set the Security Context Constraints to `nonroot-v2` for all Develocity service accounts. ## This can be achieved by running the following command: ## ## NAMESPACE=«your-namespace» ## for serviceaccountname in $(oc get serviceaacount -n $NAMESPACE -l "app.kubernetes.io/part-of=gradle-enterprise" -o jsonpath='{.items.*.metadata.name}'); ## do ## oc adm policy add-scc-to-user nonroot-v2 --namespace $NAMESPACE -z $serviceaccountname ## done ## ## This value is deprecated and fails the installation/upgrade process if set to "true". ## # # openshiftInstallation: false # # ## ## Unattended installation ## ## These cover autoconfiguring aspects of Develocity that are controlled by the Administration section of the application. ## Contact Gradle Support for assistance with unattended installation. ## WARNING: Making changes to the unattended configuration will *overwrite* any configuration changes made in the user interface. ## See https://gradle.com/help/helm-admin-unattended-configuration for details. ## # # unattended: # key: oijqefoijqOIQJFoijefoiqjfoij # Encryption key for secrets in the configuration, if any. Default none. # configuration: # version: 12 # advanced: # app: # heapMemory: 4608 # offHeapMemory: 1024 # params: {} # scanPayloadCacheSize: 2048 # appBackgroundProcessor: # heapMemory: 3584 # offHeapMemory: 1024 # params: {} # distributionBroker: # heapMemory: 1024 # offHeapMemory: 768 # params: {} # auth: # anonymousPermissions: # - viewScan # - publishScan # external: null # projects: # acceptAnonymousProjects: true # enabled: false # roles: # admin: # assignToNewExternalUsers: false # description: Administer Develocity # displayName: Administrator # identityProviderAttributeValue: null # permissions: # - administerGe # - administerProjects # - administerCache # - generateSupportBundle # ci-agent: # assignToNewExternalUsers: false # description: Use Develocity for CI builds # displayName: CI Agent # identityProviderAttributeValue: null # permissions: # - publishScan # - testDistribution # - predictiveTestSelection # - readCache # - writeCache # - accessAllDataWithOrWithoutAssociatedProject # - accessDataWithoutAssociatedProject # developer: # assignToNewExternalUsers: false # description: Use Develocity # displayName: Developer # identityProviderAttributeValue: null # permissions: # - viewScan # - publishScan # - testDistribution # - predictiveTestSelection # - readCache # - readCacheWriteCas # scim: # enabled: false # token: null # timeouts: # accessTokenLifespan: 10 # ssoSessionIdleTimeout: 5760 # ssoSessionMaxLifespan: 43200 # backups: null # buildCache: # allowUntrustedNodeSsl: false # storageSize: 10000 # buildScans: # diskSpaceMonitoring: # autoDeleteWhileFreeSpaceLessThanPercentage: null # rejectIncomingWhileFreeSpaceLessThanPercentage: null # sendWarningEmailWhenFreeSpaceLessThanPercentage: null # incomingStorageType: null # keepDays: null # dailyMaintenanceTime: 04:00 # edge: null # email: null # helpContact: # email: null # name: null # network: null # # systemPassword: [SYSTEM_PASSWORD_VALUE] ## ## ## Not all settings need to be set when providing an unattended config. The following example shows how to only configure an HTTP proxy: ## ## unattended: ## key: oijqefoijqOIQJFoijefoiqjfoij # Encryption key for secrets in the configuration, if any. Default none. ## configuration: ## version: 12 ## network: ## additionalTrust: # The default is 'none'. ## proxy: ## protocol: https # The default is 'http'. ## host: proxy.gradle.com ## port: 8080 # The default is '80'. ## excludedHosts: # The default is empty list. ## - some.external ## - '*.internal' ## auth: # The default is 'none' ## username: user ## password: "FEIpqflj265QEFq2efq54e" # ## ## Horizontal scaling ## # # scaling: # replicas: 5 # Default 1. # antiAffinity: # enabled: true # Default false # topologyKey: my-example-topology-key # Default "kubernetes.io/hostname" # # ## ## Network policies ## ## Whether to create network policies to restrict traffic from Develocity pods. ## By default, these are not created. ## ## NOTE: Those policies cover every pod-to-pod communication in Develocity. ## However, they can't cover pod to `kubernetes` API communications, because the configuration for them are different ## on every installation type. In that condition, deployments `gradle-monitoring` and `gradle-operator` requires an ## extra network policy created by the one in charge of the installation to reduce its egress to the `kubernetes` API. # # networkPolicies: true # Default false. # # ## ## Node selection ## # # nodeSelector: # By default no value is set. # foo: bar # tolerations: # - key: "dedicated" # By default no value is set. # operator: "Equal" # value: "node-taints" # effect: "NoSchedule" # # ## ## Pod annotations ## ## Set if you require additional pod annotations to support other Kubernetes tooling. ## # # podAnnotations: # ann1: foo # ann2: "bar.io/baz" # # ## ## End global section ## # ## ## Database section ## ## By default, Develocity will store data in an embedded database. ## To connect to a user-managed database, configure connection details here. ## # # database: # location: user-managed # Default "embedded" # # ## ## Embedded database resources and storage ## ## If using the embedded database, its resources can be configured here. ## # # resources: # requests: # cpu: 500m # Default 250m # memory: 2Gi # Default 1Gi # limits: # cpu: 4 # Default 2 # memory: 20Gi # Default 8Gi # # storage: # data: # capacity: 500Gi # Default 250Gi # backup: # capacity: 750Gi # Default 250Gi # # ## ## User-managed database connection details. ## ## Connection details can be set here directly or specified by a ConfigMap. ## # # connection: # configMapName: my-example-database-connection-config-map # # OR # host: db.example.com # Required for user-managed database if connection secret not provided. # port: 5555 # Default 5432 # databaseName: example_gradle_enterprise_prod # Required for user-managed database if connection secret not provided. # params: "?ssl=false" # No default. # ## ## User-managed database credentials. ## ## Credentials details can be set here directly or specified by secrets. ## ## Typically only a superuser account credential is required - Develocity can then create other ## necessary accounts and schemas for the app automatically. ## ## It is also possible to instead set up the database using a script and only configure the more restricted ## application account credentials here. ## ## If you specify the name a secret that isn't managed by the Develocity Helm installation, your ## installation won't be automatically restarted during `helm upgrade` when the underlying secret value changes. ## When the secret value changes, you need to restart all the pods in the Develocity Helm installation, ## to take this change into account. # # provider: # Database provider. Default is generic. # credentials: # # type: irsa # Authentication method you will use for Database Connection. # # * `irsa` leverages "IAM Roles for Service Accounts" to authenticate the container. # # This required value specifies the authentication configuration block you must provide. # # irsa: # Additional properties when `irsa` type is used. # serviceAccountAnnotations: # Additional annotations added to every component connected to the database # # This value must be in sync with the `objectStorage.s3.credentials.irsa.serviceAccountAnnotations` if both are used. # eks.amazonaws.com/role-arn: «Amazon EKS cluster IAM role ARN» # # # superuser: # secretName: my-example-db-superuser-secret # # OR # username: postgres # password: "superS3cret!" # # # OR # app: # secretName: my-example-db-app-secret # # OR # password: "superS3cret!" # migrator: # secretName: my-example-db-migrator-secret # # OR # password: "superS3cret!" # ## ## End database section ## # ## ## Ingress section ## ## By default, Develocity does not create an Ingress to route traffic. ## A built-in ingress can be enabled and configured here. ## # # ingress: # enabled: true # Default false # ingressClassName: my-example-ingress-class # No default, use the default ingress provided by the cluster, if any. # pathType: ImplementationSpecific # Use 'ImplementationSpecific' to delegate path matching to the IngressClass; default is 'Prefix' # annotations: # Set of custom ingress annotations. Default none, applied to every ingress object. # ann1: foo # ann2: "bar.io/baz" # ## ## Ingress SSL settings ## ## By default, the generated Ingress will have HTTPS support and use self-signed SSL certificates. ## Both of these can be changed. Certificates can be set directly here, set using ## --set-file ingress.ssl.key=keyfile --set-file ingress.ssl.cert=certfile ## or set in a Secret. ## # # ssl: # enabled: false # Default true except if `global.externalSSLTermination: true` # # OR # key: | # -----BEGIN RSA PRIVATE KEY----- # MIIEpQIBAAKCAQEA4qV8JlqDMi7y85Ykq8dn7uIsi609D6KuFtlc+UvNYjatz0+u # ... # G7tI0qQ6F20e5R4tPpEDKCFZykyvgGMhfLzsvVlrgaVW8QbVK4YWNtQ= # -----END RSA PRIVATE KEY----- # cert: | # -----BEGIN CERTIFICATE----- # MIIDKjCCAhKgAwIBAgIRAPNTIHf6/oUuzMKm3ffGNOgwDQYJKoZIhvcNAQELBQAw # .. # z+P5RmRxU/kaaFB+Vuw1pRezbaAtZNorVgXnBwrdseY4zLGyhAcGcR9v+VtCiQ== # -----END CERTIFICATE----- # # OR # secretName: my-example-ingress-ssl-cert-secret # # ## ## HTTP Ingress settings ## ## Some features of Develocity that use HTTP (REST API, GraphQL) may require a specific ## configuration to be compatible with the Ingress implementation in-use in your Kubernetes cluster. ## For this section, we recommend you to consult the official documentation of your Ingress Controller ## # http: ## Set of custom ingress annotations. Default none, applied to ingress objects in charge of http rules ## Those annotations have precedence over `ingress.annotations` in case of conflict. # annotations: # nginx.ingress.kubernetes.io/proxy-body-size: "0" # nginx.ingress.kubernetes.io/proxy-request-buffering: "off" # serviceAnnotations: # Set of custom service annotations. Default 'none' is applied to a service backed by a GRPC-compatible component. # projectcontour.io/upstream-protocol.h2c: "http" # ## ## GRPC Ingress settings ## ## Some features of Develocity that use GRPC (e.g. Bazel build scans) may require a specific ## configuration to be compatible with the Ingress implementation in-use in your Kubernetes cluster. ## GRPC calls are internally using `Http2 without TLS`, also called `h2c`. ## For this section, we recommend you to consult the official documentation of your Ingress Controller and specifically ## the section about GRPC support. # grpc: ## Set of custom ingress annotations. Default none, applied to ingress objects in charge of grpc rules ## Those annotations have precedence over `ingress.annotations` in case of conflict. # annotations: # nginx.ingress.kubernetes.io/backend-protocol: "GRPC" # serviceAnnotations: # Set of custom service annotations. Default 'none' is applied to a service backed by a GRPC-compatible component. # projectcontour.io/upstream-protocol.h2c: "grpc" # ## ## End ingress section ## # ## ## Proxy section ## ## The proxy is the main entrypoint for web-based traffic into Develocity. ## If not using the default Ingress, you should route traffic to the gradle-proxy service ## using a service with an external ip, a node port, a load balancer, an OpenShift route ## or some other method. ## # # proxy: ## ## Proxy resources. ## ## Resources used by the proxy pod. ## # # resources: # requests: # cpu: 1000m # Default 1000m # memory: 512Mi # Default 512Mi # limits: # cpu: 1000m # Default 1000m # memory: 1Gi # Default 1Gi # ## ## End proxy section ## # ## ## Operator section ## # operator: # resources: # requests: # cpu: 1 # Default 1 # memory: 512Mi # Default 512Mi # limits: # cpu: 2 # Default 2 # memory: 1024Mi # Default 1024Mi # ## ## End operator section ## # ## ## Enterprise app section ## ## The amount of memory allocated to Java based application should consider Heap Memory, Off Heap memory and some buffer for bookkeeping ## If configured wrongly OutOfMemory errors are likely to happen. ## # enterprise: # resources: # requests: # cpu: 2 # Default 1 # # Heap and Off Heap memory is configured in Develocity UI, under Administration -> Advanced section -> App # memory: 8Gi # [Heap memory] + [Off Heap Memory] *1.05; Default 6Gi # limits: # cpu: 2 # Default 2 # memory: 8Gi # Greater than or equal to requested memory. We suggest keeping them the same. The default is 6Gi. # ## For both, token and key: the default value is empty and then uses the previously set value or, if this is not available, generates random value. ## If a fixed value is required it can be specified here. ## To generate a value, `cat /dev/urandom | head -c | base64` can be used, for example. # session: # # token used for signing the data associated with client sessions. Should be a secret key of 64 byte length, base64 encoded. # token: "qaxBECWMJdPAScgrYCQPnC5PYcvR2hhAURLFMjbsHaD1noARpuZWshHImA1CqA4tKGjedAmD2mAgrQmNJGkk4A==" # Default empty # # key is a symmetric encryption key used for client-side session data. Should be a cryptographically secure byte value of length 16, base64 encoded. # key: "5gwiAUmjpq6f2dniGPQ5Kg==" # Default empty # bazel: ## Used to configure access to a non-Develocity Bazel cache for use by Bazel Build Scans. # remoteCacheConnection: ## Can be either GRPC or GRPCS. # url: grpc://cache.example.com:9090 # authType: bearerToken # The default is 'none'. ## There should only be one block under this # auth: # tls: # cert: |- # -----BEGIN CERTIFICATE----- # MIIDKjCCAhKgAwIBAgIRAPNTIHf6/oUuzMKm3ffGNOgwDQYJKoZIhvcNAQELBQAw # .. # z+P5RmRxU/kaaFB+Vuw1pRezbaAtZNorVgXnBwrdseY4zLGyhAcGcR9v+VtCiQ== # -----END CERTIFICATE----- # key: |- # -----BEGIN RSA PRIVATE KEY----- # MIIEpQIBAAKCAQEA4qV8JlqDMi7y85Ykq8dn7uIsi609D6KuFtlc+UvNYjatz0+u # ... # G7tI0qQ6F20e5R4tPpEDKCFZykyvgGMhfLzsvVlrgaVW8QbVK4YWNtQ= # -----END RSA PRIVATE KEY----- # # OR # secretName: tls-secret # Must be a TLS secret # bearerToken: # token: ar3rgsdgggsafrertregrgrbgvrb ## ## End enterprise app section ## # ## ## Enterprise app background processor section ## # enterpriseBackgroundProcessor: # enabled: true # Default false # resources: # requests: # cpu: 2 # Default 1 # memory: 8Gi # Should be same as enterprise.resources.requests.memory; Default 4Gi # limits: # cpu: 2 # Default 1 # memory: 8Gi # Should be same as enterprise.resources.limits.memory; Default 4Gi # scaling: # replicas: 5 # Default global.scaling.replicas ## ## End Enterprise app background processor section ## # ## ## Test distribution section ## ## The amount of storage allocated to the test distribution broker can be set here. ## ## The amount of memory allocated to Java based application should consider Heap Memory, Off Heap memory and some buffer for bookkeeping ## If configured wrongly OutOfMemory errors are likely to happen. ## # # testDistribution: # storage: # data: # capacity: 100Gi # Default 10Gi # # resources: # requests: # cpu: 2 # Default 1 ## # Heap and Off Heap memory configured in Develocity UI, under Administration -> Advanced section -> Test Distribution broker # memory: 8Gi # [Heap memory] + [Off Heap memory] * 1.05; The default is 2Gi. # limits: # cpu: 2 # Default 2 # memory: 8Gi # Greater than or equal to requested memory. We suggest keeping them the same. The default is 2Gi. ## ## End test distribution section ## # ## ## Metrics section ## ## Controls the legacy metrics components of Develocity (VictoriaMetrics). ## # # metrics: # storage: # data: # capacity: 20Gi # Default 20Gi # # resources: # Controls resources for the container storing the metrics. # requests: # cpu: 1 # Default 50m # memory: 1Gi # Default 256Mi # limits: # cpu: 2 # Default 250m # memory: 2Gi # Default 500Mi # # support: # Controls resources for the container used to extract metrics during the support bundle generation. # resources: # requests: # cpu: 1 # Default 500m # memory: 1Gi # Default 256Mi # limits: # cpu: 2 # Default 500m # memory: 2Gi # Default 256Mi # # ## ## End metrics section ## # # ## ## Monitoring section ## ## Controls the monitoring components (capturing logs and Prometheus metrics) of Develocity. ## # # monitoring: # enabled: false # The default is 'true'. Controls all components of the monitoring. # # metrics: # enabled: false # The default is 'true'. Controls the metrics components of the monitoring. # # scraper: # resources: # Controls resources allocated to the metrics scraper container (alloy). # limits: # cpu: 500m # The default is 250m. # memory: 1024Mi # The default is 768Mi. # requests: # cpu: 500m # The default is 250m. # memory: 921Mi # The default is 691Mi, 10% smaller than limits. # # database: # resources: # Controls resources allocated to the metrics database container (mimir). # limits: # cpu: 1000m # The default is 500m. # memory: 921Mi # The default is 768Mi. # requests: # cpu: 1000m # The default is 500m. # memory: 921Mi # The default is 691Mi, 10% smaller than limits. # # logging: # enabled: false # The default is 'true'. Controls the logging components of the monitoring # # resources: # Controls resources allocated to the logging container (loki). # limits: # cpu: 500m # The default is 500m. # memory: 256Mi # The default is 256Mi. # requests: # cpu: 500m # The default is 500m. # memory: 230Mi # The default is 230Mi, 10% smaller than limits. # # storage: # Controls the storage allocated to the monitoring components. # data: # capacity: 50Gi # The default is 20Gi. # ## ## End monitoring section ## # # ## ## Authentication broker section ## ## Resources allocated to the authentication broker can be set here. ## ## If you specify the name a secret that isn't managed by the Develocity Helm installation, your ## installation won't be automatically restarted during `helm upgrade` when the underlying secret value changes. ## When the secret value changes, you need to restart all the pods in the Develocity Helm installation, ## to take this change into account. # # authenticationBroker: # resources: # requests: # cpu: 1 # Default 500m # memory: 2Gi # Default 1Gi # limits: # cpu: 4 # Default 2 # memory: 4Gi # Default 2Gi # # adminPassword: # secretName: my-example-admin-password-secret # Being the key keycloak.admin.password # # OR # value: "superS3cret!" # clientSecret: # secretName: my-example-client-secret-secret # Being the key keycloak.client.secret # # OR # value: "superS3cret!" # ## ## End authentication broker section ## # # ## ## Object Storage section ## ## If no Object Storage provider is specified, `embedded` Object Storage is used by default. ## # # objectStorage: # type: "embedded" # Supported values: `embedded`, `s3`, `googleCloudStorage`, `azureBlobStorage`. # # Default: `embedded`. # # embedded: # # storage: # Storage configuration for each subcomponent using the embedded Object Storage. # # Capacities are by default configured using the Gi unit, and all must use the same Unit. # internalBuffer: # capacity: 5Gi # Internal buffer storage space used by the embedded Object Storage. # # Default set to 5Gi, should be adjusted if the customer-support team # # recommends it. # buildCache: # capacity: 10Gi # Capacity offered to the data hosted for the build-cache feature. # # Default set to 10Gi. # monitoring: # capacity: 20Gi # Capacity offered to the data hosted for the monitoring component. # # Default set to 20Gi. # # credentials: # app: # secretName: "my-embedded-app-credentials-secret" # # OR # password: "my-embedded-app-password" # migrator: # secretName: "my-embedded-migrator-credentials-secret" # # OR # password: "my-embedded-migrator-password" # superuser: # secretName: "my-embedded-superuser-credentials-secret" # # OR # password: "my-embedded-superuser-password" # resources: # requests: # cpu: 1.5 # Default 1 # memory: 1Gi # Default 1Gi # limits: # cpu: 2.8 # Default 2 # memory: 2Gi # Default 2Gi # # s3: # This block configures the connection and location where `build-scan` and `build-cache` data are stored. # bucket: "develocity-application-data" # Bucket used for `build-scan` and `build-cache` data. # region: "aws-region" # Region used for `build-scan` and `build-cache` data. # # OR # endpoint: "https://my-s3-endpoint.aws.com" # Endpoint used for `build-scan` and `build-cache` data. # credentials: # type: # Authentication method you will use for Object Storage Connection. # # * `irsa` leverages "IAM Roles for Service Accounts" to authenticate the container. # # * `keys` uses a combo of `accessKey` and `secretKey`. # # This required value specifies the authentication configuration block you must provide. # # irsa: # Additional properties when `irsa` type is used. # serviceAccountAnnotations: # Additional annotations added to every component using "application" bucket in S3 Object Storage. # # This value must be in sync with the `database.credentials.irsa.serviceAccountAnnotations` if both are used. # eks.amazonaws.com/role-arn: «Amazon EKS cluster IAM role ARN» # # keys: # secretName: "my-s3-credentials-secret" # # OR # accessKey: "my-s3-access-key" # secretKey: "my-s3-secret-key" # # advancedParams: # List of advanced parameters used to fine-tune the client library. # # You should only configure advanced parameters if you have been directed to do so by Develocity support. # client.maxConcurrency: 200 # client.useCrt: "true" # presignedUrl.enabled: "true" # presignedUrl.expiresAfter: "PT5M" # # monitoring: # This mandatory block configures the connection and location where `monitoring` data are stored. # # Those values can be the same as `objectStorage.s3` to share the same bucket # # and credentials, or different if you want to separate application data (build cache, build scans) # # from monitoring data (metrics). # # bucket: "develocity-monitoring-data" # Bucket used for `monitoring` data, stored by the `monitoring` component. # region: "aws-region" # Region used for `monitoring` data. # # OR # endpoint: "https://my-s3-endpoint.aws.com" # Endpoint used for `monitoring` data, stored by the `monitoring` component. # # credentials: # type: # Authentication method you will use for Object Storage Connection. # # * `irsa` leverages "IAM Roles for Service Accounts" to authenticate the container. # # * `keys` uses a combo of `accessKey` and `secretKey`. # # This required value specifies the authentication configuration block you must provide. # # irsa: # Additional properties when `irsa` type is used. # serviceAccountAnnotations: # Additional annotations added to every component using "monitoring" bucket in S3 Object Storage. # # This value is independent of the `database.credentials.irsa.serviceAccountAnnotations` and `objectStorage.s3.credentials.irsa.serviceAccountAnnotations`. # # It can use the same value if role separation is not required. # eks.amazonaws.com/role-arn: «Amazon EKS cluster IAM role ARN» # # keys: # secretName: "my-s3-monitoring-credentials-secret" # # OR # accessKey: "my-s3-monitoring-access-key" # secretKey: "my-s3-monitoring-secret-key" # # # advancedParams cannot be configured in the monitoring block. # # googleCloudStorage: # This block configures the connection and location where `build-scan` and `build-cache` data are stored. # bucket: "develocity-application-data" # Bucket used for `build-scan` and `build-cache` data. # # credentials: # type: # Authentication method you will use for Object Storage Connection. # # * `workloadIdentity` leverages "IAM allow policies for Service Accounts" to authenticate the container. # # * `serviceAccount` uses the service account key JSON file. # # This required value specifies the authentication configuration block you must provide. # # workloadIdentity: # Additional properties when `workloadIdentity` type is used. # serviceAccountAnnotations: # Additional annotations added to every component using "application" bucket in GCS Object Storage. # # Only required if using an alternative way of binding accounts: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#kubernetes-sa-to-iam # # Not needed if using recommended way: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to # iam.gke.io/gcp-service-account: IAM_SA_NAME@IAM_SA_PROJECT_ID.iam.gserviceaccount.com # # serviceAccount: # The content of the service account key JSON file or the secret name which has the `serviceAccountKey`. # secretName: "my-google-cloud-storage-secret" # # OR # key: "my-google-cloud-storage-service-account-json-file" # # advancedParams: # List of advanced parameters used to fine-tune the client library. # # You should only configure advanced parameters if you have been directed to do so by Develocity support. # blockSize: "8000000" # maxConcurrency: 5 # presignedUrl.enabled: "true" # presignedUrl.expiresAfter: "PT5M" # # monitoring: # This mandatory block configures the connection and location where `monitoring` data are stored. # # Those values can be the same as `objectStorage.googleCloudStorage` to share the same bucket # # and credentials, or different if you want to separate application data (build cache, build scans) # # from monitoring data (metrics). # # bucket: "develocity-monitoring-data" # Bucket used for `monitoring` data, stored by the `monitoring` component. # # credentials: # type: # Authentication method used for Object Storage, where `monitoring` data are stored. # # * `workloadIdentity` leverages "IAM allow policies for Service Accounts" to authenticate the container. # # * `serviceAccount` uses the service account key JSON file. # # This required value specifies the authentication configuration block you must provide. # # workloadIdentity: # Additional properties when `workloadIdentity` type is used. # serviceAccountAnnotations: # Additional annotations added to every component using "monitoring" bucket in GCS Object Storage. # # Only required if using an alternative way of binding accounts: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#kubernetes-sa-to-iam # # Not needed if using recommended way: https://cloud.google.com/kubernetes-engine/docs/how-to/workload-identity#authenticating_to # iam.gke.io/gcp-service-account: IAM_SA_NAME@IAM_SA_PROJECT_ID.iam.gserviceaccount.com # # serviceAccount: # The content of the service account key JSON file or the name of the secret which has the `serviceAccountKey`. # secretName: "my-google-cloud-storage-secret-for-monitoring" # # OR # key: "my-google-cloud-storage-service-account-json-file-for-monitoring" # # # advancedParams cannot be configured in the monitoring block. # # azureBlobStorage: # This block configures the connection and location where `build-scan` and `build-cache` data are stored. # container: "develocity-application-data" # Container used for `build-scan` and `build-cache` data. # # credentials: # type: # Authentication method you will use for Object Storage Connection, where `build-scan` and `build-cache` data are stored. # # * `workloadIdentity` leverages "Federated identity credential" to authenticate the container. # # * `accountInformation` uses a combo of `accountName` and `accountKey`. # # This required value specifies the authentication configuration block you must provide. # # workloadIdentity: # Additional properties when `workloadIdentity` type is used. # accountName: "my-azure-account-name" # serviceAccountAnnotations: # Additional annotations added to every component using "application" container in ABS Object Storage. # azure.workload.identity/client-id: "your-client-id" # # accountInformation: # The `accountKey` and `accountName` of the Azure Blob Storage account. # secretName: "my-azure-blob-storage-secret" # or the name of the secret which has the `accountKey` and `accountName`. # # OR # accountName: "my-azure-account-name" # accountKey: "my-azure-account" # endpointSuffix: "my-azure-endpoint-suffix" # The endpoint suffix, default is `core.windows.net`. # # advancedParams: # List of advanced parameters used to fine-tune the client library. # # You should only configure advanced parameters if you have been directed to do so by Develocity support. # blockSize: "8000000" # maxConcurrency: 5 # # monitoring: # This mandatory block configures the connection and location where `monitoring` data are stored. # # Those values can be the same as `objectStorage.azureBlobStorage` to share the same bucket # # and credentials, or different if you want to separate application data (build cache, build scans) # # from monitoring data (metrics). # # container: "develocity-monitoring-data" # Container used for `monitoring` data, stored by the `monitoring` component. # # credentials: # type: # Authentication method used for Object Storage, where `monitoring` data are stored. # # * `workloadIdentity` leverages "Federated identity credential" to authenticate the container. # # * `accountInformation` uses a combo of `accountName`, `accountKey`. # # This required value specifies the authentication configuration block you must provide. # # workloadIdentity: # Additional properties when `workloadIdentity` type is used. # accountName: "my-azure-account-name" # serviceAccountAnnotations: # Additional annotations added to every component using "monitoring" container in ABS Object Storage. # azure.workload.identity/client-id: "your-client-id" # # accountInformation: # The account information of the Azure Blob Storage account. # secretName: "my-azure-blob-storage-secret" # or the name of the secret which has the account information. # # OR # accountName: "my-azure-account-name" # The account name. # accountKey: "my-azure-account-key" # The account key. # endpointSuffix: "my-azure-endpoint-suffix" # The endpoint suffix, default is `core.windows.net`. # # # advancedParams cannot be configured in the monitoring block. ## ## End objectStorage section ## # # ## ## Access control section ## ## Develocity will use a set of access control policies that are secure by default. ## The settings can be customized to better match your organization's policies. ## # # accessControl: # accessKeys: # maxLifespan: # Policy for requiring access key expiration; can be disabled # enabled: false # Whether the maximum access key lifespan policy should be enabled; default true # duration: P30D # The maximum access key lifespan to allow when the policy is enabled; ISO 8601 duration with default of "P365D" (365 days) # ## ## End access control section ## #