LukeShortCloud
commented
3 years ago Once I finish https://github.com/vmware-tanzu/tanzu-dev-portal/issues/1105 I will circle back to this new issue. You folks can go ahead and assign me to this one.
Open LukeShortCloud opened 3 years ago
LukeShortCloud
commented
3 years ago Once I finish https://github.com/vmware-tanzu/tanzu-dev-portal/issues/1105 I will circle back to this new issue. You folks can go ahead and assign me to this one.
LukeShortCloud
commented
3 years ago Other ideas to add:
LukeShortCloud
commented
3 years ago Efficient copy-on-write storage. Use driver detect (recommended) OR explicitly define the driver btrfs or overlay.
---
concourse:
worker:
baggageclaim:
driver: detectDisable persistent storage (for testing purposes):
---
persistence:
enabled: false
postgresql:
persistence:
enabled: falseTLS certificate with cert-manager:
---
concourse:
web:
externalUrl: https://concourse.example.com
web:
ingress:
enabled: true
hosts:
- concourse.example.com
annotations:
cert-manager.io/cluster-issuer: <CLUSTERISSUER>
tls:
- hosts:
- concourse.example.com
secretName: cert-concourse-webWithout TLS certificate (HTTP only):
---
concourse:
web:
externalUrl: http://concourse.example.com
web:
ingress:
enabled: true
hosts:
- concourse.example.comIngress without a TLS certificate. Not recommended as Concourse web hosts will forward the login page to HTTPS for security reasons which will not work in this scenario.
---
web:
ingress:
enabled: true
hosts:
- concourse.example.comThe Concourse Helm chart does not natively expose a container registry proxy variable. Instead, we can manually modify the image name (there is only one singular "concourse" image that is used from the "concourse" project in Docker Hub) to have the proxy identified in it.
Syntax:
---
image: <CONTAINER_REGISTRY_PROXY>/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
postgresql:
image:
registry: <CONTAINER_REGISTRY_PROXY>
repository: bitnami/postgresqlExample:
---
image: harbor.example.com:443/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
postgresql:
image:
registry: harbor.example.com:443
repository: bitnami/postgresqlCreate a default admin user with a password set.
---
concourse:
web:
auth:
mainTeam:
localUser: "admin"
secrets:
localUsers: "admin:<PASSWORD>"Persistent storage enabled:
---
persistence:
worker:
storageClass: <STORAGECLASS>
postgresql:
persistence:
storageClass: <STORAGECLASS>Remote PostgreSQL.
Syntax:
---
concourse:
web:
postgres:
host: <POTSGRESQL_HOST>
database: <POTSGRESQL_DATABASE>
secrets:
postgresUser: <POSTGRESQL_USERNAME>
postgresPassword: <POSTGRESQL_PASSWORD>
postgresql:
enabled: falseExample (assumes the Bitnami Helm chart for PostgreSQL was used to deploy it locally in the "concourse" namespace):
---
concourse:
web:
postgres:
host: postgresql.concourse.svc.cluster.local
database: postgres
secrets:
postgresUser: postgres
postgresPassword: postgres
postgresql:
enabled: falseCustom container registry proxy with a custom certificate authority.
Notes:
imagePullSecrets object(s) specified need to be manually pre-created before installing Concourse via the Helm chart.imagePullSecrets. Instead, consider deploying it manually.---
image: <CONTAINER_REGISTRY_PROXY>/concourse/concourse
imagePullSecrets:
- <IMAGE_PULL_SECRET>
concourse:
web:
baseResourceTypeDefaults: |
registry-image:
registry_mirror:
host: <CONTAINER_REGISTRY_PROXY_HOST>
username: <CONTAINER_REGISTRY_PROXY_USERNAME>
password: <CONTAINER_REGISTRY_PROXY_PASSWORD>
ca_certs:
- |
-----BEGIN CERTIFICATE-----
<CA_CERTIFICATE>
-----END CERTIFICATE-----
postgresql:
image:
registry: <CONTAINER_REGISTRY_PROXY>
repository: bitnami/postgresql
Summary of content
A new CI/CD guide that lists different common configurations for the Concourse Helm chart including:
Summary of audiences
Developers and administrators deploying and managing Concourse.
Level of content
Level of content as it pertains to the topic proposed