Open LukeShortCloud opened 3 years ago
Once I finish https://github.com/vmware-tanzu/tanzu-dev-portal/issues/1105 I will circle back to this new issue. You folks can go ahead and assign me to this one.
Other ideas to add:
Efficient copy-on-write storage. Use driver detect
(recommended) OR explicitly define the driver btrfs
or overlay
.
---
concourse:
worker:
baggageclaim:
driver: detect
Disable persistent storage (for testing purposes):
---
persistence:
enabled: false
postgresql:
persistence:
enabled: false
TLS certificate with cert-manager:
---
concourse:
web:
externalUrl: https://concourse.example.com
web:
ingress:
enabled: true
hosts:
- concourse.example.com
annotations:
cert-manager.io/cluster-issuer: <CLUSTERISSUER>
tls:
- hosts:
- concourse.example.com
secretName: cert-concourse-web
Without TLS certificate (HTTP only):
---
concourse:
web:
externalUrl: http://concourse.example.com
web:
ingress:
enabled: true
hosts:
- concourse.example.com
Ingress without a TLS certificate. Not recommended as Concourse web hosts will forward the login page to HTTPS for security reasons which will not work in this scenario.
---
web:
ingress:
enabled: true
hosts:
- concourse.example.com
The Concourse Helm chart does not natively expose a container registry proxy variable. Instead, we can manually modify the image name (there is only one singular "concourse" image that is used from the "concourse" project in Docker Hub) to have the proxy identified in it.
Syntax:
---
image: <CONTAINER_REGISTRY_PROXY>/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
postgresql:
image:
registry: <CONTAINER_REGISTRY_PROXY>
repository: bitnami/postgresql
Example:
---
image: harbor.example.com:443/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
postgresql:
image:
registry: harbor.example.com:443
repository: bitnami/postgresql
Create a default admin user with a password set.
---
concourse:
web:
auth:
mainTeam:
localUser: "admin"
secrets:
localUsers: "admin:<PASSWORD>"
Persistent storage enabled:
---
persistence:
worker:
storageClass: <STORAGECLASS>
postgresql:
persistence:
storageClass: <STORAGECLASS>
Remote PostgreSQL.
Syntax:
---
concourse:
web:
postgres:
host: <POTSGRESQL_HOST>
database: <POTSGRESQL_DATABASE>
secrets:
postgresUser: <POSTGRESQL_USERNAME>
postgresPassword: <POSTGRESQL_PASSWORD>
postgresql:
enabled: false
Example (assumes the Bitnami Helm chart for PostgreSQL was used to deploy it locally in the "concourse" namespace):
---
concourse:
web:
postgres:
host: postgresql.concourse.svc.cluster.local
database: postgres
secrets:
postgresUser: postgres
postgresPassword: postgres
postgresql:
enabled: false
Custom container registry proxy with a custom certificate authority.
Notes:
imagePullSecrets
object(s) specified need to be manually pre-created before installing Concourse via the Helm chart.imagePullSecrets
. Instead, consider deploying it manually.---
image: <CONTAINER_REGISTRY_PROXY>/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
concourse:
web:
baseResourceTypeDefaults: |
registry-image:
registry_mirror:
host: <CONTAINER_REGISTRY_PROXY_HOST>
username: <CONTAINER_REGISTRY_PROXY_USERNAME>
password: <CONTAINER_REGISTRY_PROXY_PASSWORD>
ca_certs:
- |
-----BEGIN CERTIFICATE-----
<CA_CERTIFICATE>
-----END CERTIFICATE-----
postgresql:
image:
registry: <CONTAINER_REGISTRY_PROXY>
repository: bitnami/postgresql
Summary of content
A new CI/CD guide that lists different common configurations for the Concourse Helm chart including:
Summary of audiences
Developers and administrators deploying and managing Concourse.
Level of content
Level of content as it pertains to the topic proposed