github.com/replicatedhq/ship@v0.55.0/integration/failing/init/concourse/expected/.ship/upstream/values.yaml (about)

     1  ## Default values for Concourse Helm Chart.
     2  ## This is a YAML-formatted file.
     3  ## Declare variables to be passed into your templates.
     4  
     5  ## Override the name of the Chart.
     6  ##
     7  # nameOverride:
     8  
     9  ## Concourse image.
    10  ##
    11  image: concourse/concourse
    12  
    13  ## Concourse image version.
    14  ## ref: https://hub.docker.com/r/concourse/concourse/tags/
    15  ##
    16  imageTag: "4.2.2"
    17  
    18  ## Specific image digest to use in place of a tag.
    19  ## ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images
    20  ##
    21  # imageDigest: sha256:54ea351808b55ecc14af6590732932e2a6a0ed8f6d10f45e8be3b51165d5526a
    22  
    23  ## Specify a imagePullPolicy: 'Always' if imageTag is 'latest', else set to 'IfNotPresent'.
    24  ## ref: https://kubernetes.io/docs/user-guide/images/#pre-pulling-images
    25  ##
    26  imagePullPolicy: IfNotPresent
    27  
    28  ## Optionally specify an array of imagePullSecrets.
    29  ## Secrets must be manually created in the namespace.
    30  ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
    31  ##
    32  # imagePullSecrets:
    33  #   - myRegistrKeySecretName
    34  
    35  ## Configuration values for Concourse.
    36  ## ref: https://concourse-ci.org/setting-up.html
    37  ##
    38  concourse:
    39    web:
    40      ## Minimum level of logs to see.
    41      # logLevel: info
    42      ## IP address on which to listen for web traffic.
    43      # bindIp: 0.0.0.0
    44      ## Port on which to listen for HTTP traffic.
    45      bindPort: 8080
    46      ## TLS configurations for the web component to be able to serve HTTPS traffic.
    47      ## Once enabled, consumes the certificates set via secrets.
    48      #
    49      tls:
    50        enabled: false
    51        ## Port on which to listen for HTTPS traffic.
    52        # bindPort:
    53      ## URL used to reach any ATC from the outside world.
    54      # externalUrl: http://127.0.0.1:8080
    55      ## URL used to reach this ATC from other ATCs in the cluster.
    56      # peerUrl: http://127.0.0.1:8080
    57      ## Enable encryption of pipeline configuration. Encryption keys can be set via secrets.
    58      ## See https://concourse-ci.org/encryption.html
    59      ##
    60      encryption:
    61        enabled: false
    62      localAuth:
    63        enabled: true
    64      ## IP address on which to listen for the pprof debugger endpoints.
    65      # debugBindIp: 127.0.0.1
    66      ## Port on which to listen for the pprof debugger endpoints.
    67      # debugBindPort: 8079
    68      ## Length of time for a intercepted session to be idle before terminating.
    69      # interceptIdleTimeout: 0m
    70      ## Time limit on checking for new versions of resources.
    71      # globalResourceCheckTimeout: 1h
    72      ## Interval on which to check for new versions of resources.
    73      # resourceCheckingInterval: 1m
    74      ## Interval on which to check for new versions of resource types.
    75      # resourceTypeCheckingInterval: 1m
    76      ## Method by which a worker is selected during container placement.
    77      # containerPlacementStrategy: volume-locality
    78      ## How long to wait for Baggageclaim to send the response header.
    79      # baggageclaimResponseHeaderTimeout: 1m
    80      ## Directory containing downloadable CLI binaries.
    81      # cliArtifactsDir:
    82      ## Log database queries.
    83      # logDbQueries:
    84      ## Interval on which to run build tracking.
    85      # buildTrackerInterval: 10s
    86      ## Default build logs to retain, 0 means all
    87      # defaultBuildLogsToRetain:
    88      ## Maximum build logs to retain, 0 means not specified. Will override values configured in jobs
    89      # maxBuildLogsToRetain:
    90      ## Default max number of cpu shares per task, 0 means unlimited
    91      # defaultTaskCpuLimit:
    92      ## Default maximum memory per task, 0 means unlimited
    93      # defaultTaskMemoryLimit:
    94      postgres:
    95        ## The host to connect to.
    96        host: 127.0.0.1
    97        ## The port to connect to.
    98        port: 5432
    99        ## Path to a UNIX domain socket to connect to.
   100        # socket:
   101        ## Whether or not to use SSL.
   102        sslmode: disable
   103        ## Dialing timeout. (0 means wait indefinitely)
   104        connectTimeout: 5m
   105        ## The name of the database to use.
   106        database: atc
   107  
   108      kubernetes:
   109  
   110        ## Enable the use of in-cluster Kubernetes Secrets.
   111        ##
   112        enabled: true
   113  
   114        ## Prefix to use for Kubernetes namespaces under which secrets will be looked up. Defaults to
   115        ## the Release name hyphen, e.g. "my-release-" produces namespace "my-release-main" for the
   116        ## "main" Concourse team.
   117        ##
   118        ## namespacePrefix:
   119  
   120        ## Teams to create namespaces for to hold secrets.
   121        teams:
   122          - main
   123  
   124        ## Create the Kubernetes namespace for each team listed above.
   125        createTeamNamespaces: true
   126  
   127        ## When true, namespaces are not deleted when the release is deleted.
   128        ## Irrelevant if the namespaces are not created by this chart.
   129        keepNamespaces: true
   130  
   131        ## Path to Kubernetes config when running ATC outside Kubernetes.
   132        # configPath:
   133  
   134      awsSecretsManager:
   135        ## Enable the use of AWS Secrets Manager.
   136        ##
   137        enabled: false
   138  
   139        ## AWS region to use when reading from Secrets Manager
   140        ##
   141        # region:
   142  
   143        ## pipeline-specific template for Secrets Manager parameters, defaults to: /concourse/{team}/{pipeline}/{secret}
   144        ##
   145        # pipelineSecretTemplate:
   146  
   147        ## team-specific template for Secrets Manager parameters, defaults to: /concourse/{team}/{secret}
   148        ##
   149        # teamSecretTemplate: ''
   150  
   151      awsSsm:
   152        ## Enable the use of AWS SSM.
   153        ##
   154        enabled: false
   155  
   156        ## AWS region to use when reading from SSM
   157        ##
   158        # region:
   159  
   160        ## pipeline-specific template for SSM parameters, defaults to: /concourse/{team}/{pipeline}/{secret}
   161        ##
   162        # pipelineSecretTemplate:
   163  
   164        ## team-specific template for SSM parameters, defaults to: /concourse/{team}/{secret}
   165        ##
   166        # teamSecretTemplate: ''
   167  
   168  
   169      vault:
   170        enabled: false
   171  
   172        ## URL pointing to vault addr (i.e. http://vault:8200).
   173        ##
   174        # url:
   175  
   176        ## vault path under which to namespace credential lookup, defaults to /concourse.
   177        ##
   178        pathPrefix: /concourse
   179  
   180        ## if the Vault server is using a self-signed certificate, set this to true,
   181        ## and provide a value for the cert in secrets.
   182        ##
   183        # useCaCert:
   184  
   185        ## vault authentication backend, leave this blank if using an initial periodic token
   186        ## currently supported backends: token, approle, cert.
   187        ##
   188        # authBackend:
   189  
   190        ## Cache returned secrets for their lease duration in memory
   191        # cache:
   192        ## If the cache is enabled, and this is set, override secrets lease duration with a maximum value
   193        # maxLease:
   194        ## Path to a directory of PEMEncoded CA cert files to verify the vault server SSL cert.
   195        # caPath:
   196        ## If set, is used to set the SNI host when connecting via TLS.
   197        # serverName:
   198        ## Enable insecure SSL verification.
   199        # insecureSkipVerify:
   200          ## Client token for accessing secrets within the Vault server.
   201          # clientToken:
   202        ## Auth backend to use for logging in to Vault.
   203        # authBackend:
   204        ## Time after which to force a reLogin. If not set, the token will just be continuously renewed.
   205        # authBackendMaxTtl:
   206        ## The maximum time between retries when logging in or reAuthing a secret.
   207        retryMax: 5m
   208        ## The initial time between retries when logging in or reAuthing a secret.
   209        retryInitial: 1s
   210      ## Don't actually do any automatic scheduling or checking.
   211      # noop:
   212      staticWorker:
   213        enabled: false
   214        ## A Garden API endpoint to register as a worker.
   215        gardenUrl:
   216        ## A Baggageclaim API endpoint to register with the worker.
   217        baggageclaimUrl:
   218        ## A resource type to advertise for the worker. Can be specified multiple times.
   219        resource:
   220      metrics:
   221        ## Host string to attach to emitted metrics.
   222        hostName:
   223        ## A keyValue attribute to attach to emitted metrics. Can be specified multiple times.
   224        attribute:
   225      datadog:
   226        enabled: false
   227        ## Use IP of node the pod is scheduled on, overrides `agentHost`
   228        agentHostUseHostIP: false
   229        ## Datadog agent host to expose dogstatsd metrics
   230        agentHost: 127.0.0.1
   231        ## Datadog agent port to expose dogstatsd metrics
   232        agentPort: 8125
   233        ## Prefix for all metrics to easily find them in Datadog
   234        # prefix: concoursedev
   235      influxdb:
   236        enabled: false
   237        ## InfluxDB server address to emit points to.
   238        url: http://127.0.0.1:8086
   239        ## InfluxDB database to write points to.
   240        database: concourse
   241        ## InfluxDB server username.
   242        # username:
   243        ## Skip SSL verification when emitting to InfluxDB.
   244        insecureSkipVerify: false
   245      ## Emit metrics to logs.
   246      # emitToLogs:
   247      newrelic:
   248        enabled: false
   249        ## New Relic Account ID
   250        # accountId:
   251        ## New Relic Insights API Key
   252        # apiKey:
   253        ## An optional prefix for emitted New Relic events
   254        # servicePrefix:
   255      prometheus:
   256        enabled: false
   257        ## IP to listen on to expose Prometheus metrics.
   258        bindIp: "0.0.0.0"
   259        ## Port to listen on to expose Prometheus metrics.
   260        bindPort: 9391
   261      riemann:
   262        enabled: false
   263        ## Riemann server address to emit metrics to.
   264        # host:
   265        ## Port of the Riemann server to emit metrics to.
   266        port: 5555
   267        ## An optional prefix for emitted Riemann services
   268        # servicePrefix:
   269        ## Tag to attach to emitted metrics. Can be specified multiple times.
   270        # tag:
   271      ## The value to set for XFrame-Options. If omitted, the header is not set.
   272      # xFrameOptions:
   273      gc:
   274        overrideDefaults: false
   275        ## Interval on which to perform garbage collection.
   276        interval: 30s
   277        ## Grace period before reaping oneOff task containers
   278        oneOffGracePeriod: 5m
   279      syslog:
   280        enabled: false
   281        ## Client hostname with which the build logs will be sent to the syslog server.
   282        hostName: atc-syslog-drainer
   283        ## Remote syslog server address with port (Example: 0.0.0.0:514).
   284        # address:
   285        ## Transport protocol for syslog messages (Currently supporting tcp, udp & tls).
   286        # transport:
   287        ## Interval over which checking is done for new build logs to send to syslog server (duration measurement units are s/m/h; eg. 30s/30m/1h)
   288        drainInterval: 30s
   289        ## if the syslog server is using a self-signed certificate, set this to true,
   290        ## and provide a value for the cert in secrets.
   291        useCaCert: false
   292      auth:
   293        ## Force sending secure flag on http cookies
   294        # cookieSecure:
   295        ## Length of time for which tokens are valid. Afterwards, users will have to log back in.
   296        # duration: 24h
   297        mainTeam:
   298          ## List of whitelisted local concourse users. These are the users you've added at atc startup with the addLocalUser setting.
   299          localUser: "test"
   300          ## Setting this flag will whitelist all logged in users in the system. ALL OF THEM. If, for example, you've configured GitHub, any user with a GitHub account will have access to your team.
   301          # allowAllUsers:
   302          ## Authentication (Main Team) (CloudFoundry)
   303          cf:
   304            ## List of whitelisted CloudFoundry users.
   305            user:
   306            ## List of whitelisted CloudFoundry orgs
   307            org:
   308            ## List of whitelisted CloudFoundry spaces
   309            space:
   310            ## (Deprecated) List of whitelisted CloudFoundry space guids
   311            spaceGuid:
   312          ## Authentication (Main Team) (GitHub)
   313          github:
   314            ## List of whitelisted GitHub users
   315            user:
   316            ## List of whitelisted GitHub orgs
   317            org:
   318            ## List of whitelisted GitHub teams
   319            team:
   320          ## Authentication (Main Team) (GitLab)
   321          gitlab:
   322            ## List of whitelisted GitLab users
   323            user:
   324            ## List of whitelisted GitLab groups
   325            group:
   326          ## Authentication (Main Team) (LDAP)
   327          ldap:
   328            ## List of whitelisted LDAP users
   329            user:
   330            ## List of whitelisted LDAP groups
   331            group:
   332          ## Authentication (Main Team) (OAuth2)
   333          oauth:
   334            ## List of whitelisted OAuth2 users
   335            user:
   336            ## List of whitelisted OAuth2 groups
   337            group:
   338          ## Authentication (Main Team) (OIDC)
   339          oidc:
   340            ## List of whitelisted OIDC users
   341            user:
   342            ## List of whitelisted OIDC groups
   343            group:
   344        ## Authentication (CloudFoundry)
   345        cf:
   346          enabled: false
   347          ## (Required) The base API URL of your CF deployment. It will use this information to discover information about the authentication provider.
   348          # apiUrl: https://api.run.pivotal.io
   349          ## CA Certificate
   350          # useCaCert:
   351          ## Skip SSL validation
   352          # skipSslValidation:
   353        ## Authentication (GitHub)
   354        github:
   355          enabled: false
   356          ## Hostname of GitHub Enterprise deployment (No scheme, No trailing slash)
   357          # host:
   358          ## CA certificate of GitHub Enterprise deployment
   359          # useCaCert:
   360        ## Authentication (GitLab)
   361        gitlab:
   362          enabled: false
   363          ## Hostname of Gitlab Enterprise deployment (Include scheme, No trailing slash)
   364          # host:
   365        ## Authentication (LDAP)
   366        ldap:
   367          enabled: false
   368          ## The auth provider name displayed to users on the login page
   369          # displayName:
   370          ## (Required) The host and optional port of the LDAP server. If port isn't supplied, it will be guessed based on the TLS configuration. 389 or 636.
   371          # host:
   372          ## (Required) Bind DN for searching LDAP users and groups. Typically this is a readOnly user.
   373          # bindDn:
   374          ## (Required) Bind Password for the user specified by 'bindDn'
   375          # bindPw:
   376          ## Required if LDAP host does not use TLS.
   377          # insecureNoSsl:
   378          ## Skip certificate verification
   379          # insecureSkipVerify:
   380          ## Start on insecure port, then negotiate TLS
   381          # startTls:
   382          ## CA certificate
   383          # useCaCert:
   384          ## BaseDN to start the search from. For example 'cn=users,dc=example,dc=com'
   385          # userSearchBaseDn:
   386          ## Optional filter to apply when searching the directory. For example '(objectClass=person)'
   387          # userSearchFilter:
   388          ## Attribute to match against the inputted username. This will be translated and combined with the other filter as '(<attr>=<username>)'.
   389          # userSearchUsername:
   390          ## Can either be: 'sub'  search the whole sub tree or 'one' - only search one level. Defaults to 'sub'.
   391          # userSearchScope:
   392          ## A mapping of attributes on the user entry to claims. Defaults to 'uid'.
   393          # userSearchIdAttr:
   394          ## A mapping of attributes on the user entry to claims. Defaults to 'mail'.
   395          # userSearchEmailAttr:
   396          ## A mapping of attributes on the user entry to claims.
   397          # userSearchNameAttr:
   398          ## BaseDN to start the search from. For example 'cn=groups,dc=example,dc=com'
   399          # groupSearchBaseDn:
   400          ## Optional filter to apply when searching the directory. For example '(objectClass=posixGroup)'
   401          # groupSearchFilter:
   402          ## Can either be: 'sub'  search the whole sub tree or 'one' - only search one level. Defaults to 'sub'.
   403          # groupSearchScope:
   404          ## Adds an additional requirement to the filter that an attribute in the group match the user's attribute value. The exact filter being added is: (<groupAttr>=<userAttr value>)
   405          # groupSearchUserAttr:
   406          ## Adds an additional requirement to the filter that an attribute in the group match the user's attribute value. The exact filter being added is: (<groupAttr>=<userAttr value>)
   407          # groupSearchGroupAttr:
   408          ## The attribute of the group that represents its name.
   409          # groupSearchNameAttr:
   410        ## Authentication (OAuth2)
   411        oauth:
   412          enabled: false
   413          ## The auth provider name displayed to users on the login page
   414          # displayName:
   415          ## (Required) Authorization URL
   416          # authUrl:
   417          ## (Required) Token URL
   418          # tokenUrl:
   419          ## UserInfo URL
   420          # userinfoUrl:
   421          ## Any additional scopes that need to be requested during authorization
   422          # scope:
   423          ## The groups key indicates which claim to use to map external groups to Concourse teams.
   424          # groupsKey:
   425          ## CA Certificate
   426          # useCaCert:
   427          ## Skip SSL validation
   428          # skipSslValidation:
   429        ## Authentication (OIDC)
   430        oidc:
   431          enabled: false
   432          ## The auth provider name displayed to users on the login page
   433          # displayName:
   434          ## (Required) An OIDC issuer URL that will be used to discover provider configuration using the .wellKnown/openid-configuration
   435          # issuer:
   436          ## Any additional scopes that need to be requested during authorization
   437          # scope:
   438          ## The groups key indicates which claim to use to map external groups to Concourse teams.
   439          # groupsKey:
   440          ## CA Certificate
   441          # useCaCert:
   442          ## Skip SSL validation
   443          # skipSslValidation:
   444      tsa:
   445        ## Minimum level of logs to see.
   446        # logLevel: info
   447        ## IP address on which to listen for SSH.
   448        # bindIp: 0.0.0.0
   449        ## Port on which to listen for SSH.
   450        bindPort: 2222
   451        ## Port on which to listen for TSA pprof server.
   452        # bindDebugPort: 8089
   453        ## IP address of this TSA, reachable by the ATCs. Used for forwarded worker addresses.
   454        # peerIp:
   455        ## Path to private key to use for the SSH server.
   456        # hostKey:
   457        ## Path to file containing keys to authorize, in SSH authorized_keys format (one public key per line).
   458        # authorizedKeys:
   459        ## Path to file containing keys to authorize, in SSH authorized_keys format (one public key per line).
   460        # teamAuthorizedKeys:
   461        ## ATC API endpoints to which workers will be registered.
   462        # atcUrl:
   463        ## Path to private key to use when signing tokens in reqests to the ATC during registration.
   464        # sessionSigningKey:
   465        ## interval on which to heartbeat workers to the ATC
   466        # heartbeatInterval: 30s
   467    worker:
   468      ## The name to set for the worker during registration. If not specified, the hostname will be used.
   469      # name:
   470      ## A tag to set during registration. Can be specified multiple times.
   471      # tag:
   472      ## The name of the team that this worker will be assigned to.
   473      # team:
   474      ## HTTP proxy endpoint to use for containers.
   475      # http_proxy:
   476      ## HTTPS proxy endpoint to use for containers.
   477      # https_proxy:
   478      ## Blacklist of addresses to skip the proxy when reaching.
   479      # no_proxy:
   480      ## If set, the worker will be immediately removed upon stalling.
   481      # ephemeral:
   482      ## Port on which to listen for beacon pprof server.
   483      # bindDebugPort: 9099
   484      ## Version of the worker. This is normally baked in to the binary, so this flag is hidden.
   485      # version:
   486      ## Directory in which to place container data.
   487      workDir: /concourse-work-dir
   488      ## IP address on which to listen for the Garden server.
   489      # bindIp: 127.0.0.1
   490      ## Port on which to listen for the Garden server.
   491      # bindPort: 7777
   492      ## IP used to reach this worker from the ATC nodes.
   493      # peerIp:
   494      ## Minimum level of logs to see.
   495      # logLevel: info
   496      tsa:
   497        ## TSA host to forward the worker through. Can be specified multiple times.
   498        host: 127.0.0.1:2222
   499        ## File containing a public key to expect from the TSA.
   500        # publicKey:
   501        ## File containing the private key to use when authenticating to the TSA.
   502        # workerPrivateKey:
   503      garden:
   504        ## Minimum level of logs to see.
   505        # logLevel: info
   506        ## format of log timestamps
   507        # timeFormat: unix-epoch
   508        ## Bind with TCP on the given IP.
   509        # bindIp:
   510        ## Bind with TCP on the given port.
   511        bindPort: 7777
   512        ## Bind with Unix on the given socket path.
   513        # bindSocket: /tmp/garden.sock
   514        ## Bind the debug server on the given IP.
   515        # debugBindIp:
   516        ## Bind the debug server to the given port.
   517        # debugBindPort: 17013
   518        ## Skip the preparation part of the host that requires root privileges
   519        # skipSetup:
   520        ## Directory in which to store container data.
   521        # depot: /var/run/gdn/depot
   522        ## Path in which to store properties.
   523        # propertiesPath:
   524        ## Path in which to store temporary sockets
   525        # consoleSocketsPath:
   526        ## Clean up proccess dirs on first invocation of wait
   527        # cleanupProcessDirsOnWait:
   528        ## Disable creation of privileged containers
   529        # disablePrivilegedContainers:
   530        ## The lowest numerical subordinate user ID the user is allowed to map
   531        # uidMapStart: 1
   532        ## The number of numerical subordinate user IDs the user is allowed to map
   533        # uidMapLength:
   534        ## The lowest numerical subordinate group ID the user is allowed to map
   535        # gidMapStart: 1
   536        ## The number of numerical subordinate group IDs the user is allowed to map
   537        # gidMapLength:
   538        ## Default rootfs to use when not specified on container creation.
   539        # defaultRootfs:
   540        ## Default time after which idle containers should expire.
   541        # defaultGraceTime:
   542        ## Clean up all the existing containers on startup.
   543        # destroyContainersOnStartup:
   544        ## Apparmor profile to use for unprivileged container processes
   545        # apparmor:
   546        ## Directory in which to extract packaged assets
   547        # assetsDir: /var/gdn/assets
   548        ## Path to the 'dadoo' binary.
   549        # dadooBin:
   550        ## Path to the 'nstar' binary.
   551        # nstarBin:
   552        ## Path to the 'tar' binary.
   553        # tarBin:
   554        ## path to the iptables binary
   555        # iptablesBin: /sbin/iptables
   556        ## path to the iptables-restore binary
   557        # iptablesRestoreBin: /sbin/iptables-restore
   558        ## Path execute as pid 1 inside each container.
   559        # initBin:
   560        ## Path to the runtime plugin binary.
   561        # runtimePlugin: runc
   562        ## Extra argument to pass to the runtime plugin. Can be specified multiple times.
   563        # runtimePluginExtraArg:
   564        ## Directory on which to store imported rootfs graph data.
   565        # graph:
   566        ## Disk usage of the graph dir at which cleanup should trigger, or -1 to disable graph cleanup.
   567        # graphCleanupThresholdInMegabytes: -1
   568        ## Image that should never be garbage collected. Can be specified multiple times.
   569        # persistentImage:
   570        ## Path to image plugin binary.
   571        # imagePlugin:
   572        ## Extra argument to pass to the image plugin to create unprivileged images. Can be specified multiple times.
   573        # imagePluginExtraArg:
   574        ## Path to privileged image plugin binary.
   575        # privilegedImagePlugin:
   576        ## Extra argument to pass to the image plugin to create privileged images. Can be specified multiple times.
   577        # privilegedImagePluginExtraArg:
   578        ## Docker registry API endpoint.
   579        # dockerRegistry: registry-1.docker.io
   580        ## Docker registry to allow connecting to even if not secure. Can be specified multiple times.
   581        # insecureDockerRegistry:
   582        ## Network range to use for dynamically allocated container subnets.
   583        # networkPool: 10.254.0.0/22
   584        ## Allow network access to the host machine.
   585        # allowHostAccess:
   586        ## Network ranges to which traffic from containers will be denied. Can be specified multiple times.
   587        # denyNetwork:
   588        ## DNS server IP address to use instead of automatically determined servers. Can be specified multiple times.
   589        # dnsServer:
   590        ## DNS server IP address to append to the automatically determined servers. Can be specified multiple times.
   591        # additionalDnsServer:
   592        ## Per line hosts entries. Can be specified multiple times and will be appended verbatim in order to /etc/hosts
   593        # additionalHostEntry:
   594        ## IP address to use to reach container's mapped ports. Autodetected if not specified.
   595        # externalIp:
   596        ## Start of the ephemeral port range used for mapped container ports.
   597        # portPoolStart: 61001
   598        ## Size of the port pool used for mapped container ports.
   599        # portPoolSize: 4534
   600        ## Path in which to store port pool properties.
   601        # portPoolPropertiesPath:
   602        ## MTU size for container network interfaces. Defaults to the MTU of the interface used for outbound access by the host. Max allowed value is 1500.
   603        # mtu:
   604        ## Path to network plugin binary.
   605        # networkPlugin:
   606        ## Extra argument to pass to the network plugin. Can be specified multiple times.
   607        # networkPluginExtraArg:
   608        ## Maximum number of microseconds each cpu share assigned to a container allows per quota period
   609        # cpuQuotaPerShare: 0
   610        ## Set hard limit for the tcp buf memory, value in bytes
   611        # tcpMemoryLimit: 0
   612        ## Default block IO weight assigned to a container
   613        # defaultContainerBlockioWeight: 0
   614        ## Maximum number of containers that can be created.
   615        # maxContainers: 0
   616        ## Disable swap memory limit
   617        # disableSwapLimit:
   618        ## Interval on which to emit metrics.
   619        # metricsEmissionInterval: 1m
   620        ## Origin identifier for Dropsonde-emitted metrics.
   621        # dropsondeOrigin: garden-linux
   622        ## Destination for Dropsonde-emitted metrics.
   623        # dropsondeDestination: 127.0.0.1:3457
   624        ## Path to a containerd socket.
   625        # containerdSocket:
   626        ## Use containerd to run processes in containers.
   627        # useContainerdForProcesses:
   628        ## Enable proxy DNS server.
   629        # dnsProxyEnable:
   630      baggageclaim:
   631        ## Minimum level of logs to see.
   632        # logLevel: info
   633        ## IP address on which to listen for API traffic.
   634        # bindIp: 127.0.0.1
   635        ## Port on which to listen for API traffic.
   636        # bindPort: 7788
   637        ## Port on which to listen for baggageclaim pprof server.
   638        # bindDebugPort: 8099
   639        ## Directory in which to place volume data.
   640        # volumes:
   641        ## Driver to use for managing volumes.
   642        driver: naive
   643        ## Path to btrfs binary
   644        # btrfsBin: btrfs
   645        ## Path to mkfs.btrfs binary
   646        # mkfsBin: mkfs.btrfs
   647        ## Path to directory in which to store overlay data
   648        # overlaysDir:
   649        ## Interval on which to reap expired volumes.
   650        # reapInterval: 10s
   651  
   652  ## Configuration values for Concourse Web components.
   653  ##
   654  web:
   655    ## Override the components name (defaults to web).
   656    ##
   657    # nameOverride:
   658  
   659    ## Number of replicas.
   660    ##
   661    replicas: 1
   662  
   663    ## Configures the liveness probe used to determine
   664    ## if the Web component is up.
   665    ## Note.: if you're upgrading Concourse from one version
   666    ## to another, the probe will probably fail for some time
   667    ## before migrations are finished - in such situations,
   668    ## either consider bumping the values set here.
   669    livenessProbe:
   670      failureThreshold: 5
   671      httpGet:
   672        path: /api/v1/info
   673        port: atc
   674      initialDelaySeconds: 10
   675      periodSeconds: 15
   676      timeoutSeconds: 3
   677  
   678    ## Configures the readiness probes.
   679    readinessProbe:
   680      httpGet:
   681        path: /api/v1/info
   682        port: atc
   683  
   684    ## Configure resource requests and limits.
   685    ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   686    ##
   687    resources:
   688      requests:
   689        cpu: "100m"
   690        memory: "128Mi"
   691  
   692    ## Configure additional environment variables for the
   693    ## web containers.
   694    # env:
   695    #   - name: CONCOURSE_LOG_LEVEL
   696    #     value: "debug"
   697    #   - name: CONCOURSE_TSA_LOG_LEVEL
   698    #     value: "debug"
   699  
   700    ## For managing where secrets should be mounted for the web agents
   701    keySecretsPath: "/concourse-keys"
   702    authSecretsPath: "/concourse-auth"
   703    vaultSecretsPath: "/concourse-vault"
   704    postgresqlSecretsPath: "/concourse-postgresql"
   705    syslogSecretsPath: "/concourse-syslog"
   706    tlsSecretsPath: "/concourse-web-tls"
   707  
   708    ## Configure additional volumes for the
   709    ## web container(s)
   710    ##
   711    # additionalVolumes:
   712    #   - name: my-team-authorized-keys
   713    #     configMap:
   714    #       name: my-team-authorized-keys-config
   715  
   716    ## Configure additional volumeMounts for the
   717    ## web container(s)
   718    ##
   719    # additionalVolumeMounts:
   720    #   - name: my-team-authorized-keys
   721    #     mountPath: /my-team-authorized-keys
   722  
   723    ## Additional affinities to add to the web pods.
   724    ##
   725    # additionalAffinities:
   726    #   nodeAffinity:
   727    #     preferredDuringSchedulingIgnoredDuringExecution:
   728    #       - weight: 50
   729    #         preference:
   730    #           matchExpressions:
   731    #             - key: spot
   732    #               operator: NotIn
   733    #               values:
   734    #                 - "true"
   735  
   736    ## Annotations for the web nodes.
   737    ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
   738    annotations: {}
   739    # annotations:
   740    #   key1: "value1"
   741    #   key2: "value2"
   742  
   743    ## Node selector for web nodes.
   744    nodeSelector: {}
   745  
   746    ## Tolerations for the web nodes.
   747    ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
   748    tolerations: []
   749    # tolerations:
   750    #  - key: "toleration=key"
   751    #    operator: "Equal"
   752    #    value: "value"
   753    #    effect: "NoSchedule"
   754  
   755    ## Service configuration.
   756    ## ref: https://kubernetes.io/docs/user-guide/services/
   757    ##
   758    service:
   759      ## For minikube, set this to ClusterIP, elsewhere use LoadBalancer or NodePort
   760      ## ref: https://kubernetes.io/docs/user-guide/services/#publishing-services---service-types
   761      ##
   762      type: ClusterIP
   763  
   764      ## When using web.service.type: LoadBalancer, sets the user-specified load balancer IP
   765      # loadBalancerIP: 172.217.1.174
   766  
   767      # # Additional Labels to be added to the web service.
   768      # labels:
   769  
   770      ## Annotations to be added to the web service.
   771      ##
   772      # annotations:
   773      #   prometheus.io/probe: "true"
   774      #   prometheus.io/probe_path: "/"
   775      #
   776      #   ## When using web.service.type: LoadBalancer, enable HTTPS with an ACM cert
   777      #   service.beta.kubernetes.io/aws-load-balancer-ssl-cert: "arn:aws:acm:eu-west-1:123456789:certificate/abc123-abc123-abc123-abc123"
   778      #   service.beta.kubernetes.io/aws-load-balancer-backend-protocol: "http"
   779      #   service.beta.kubernetes.io/aws-load-balancer-backend-port: "atc"
   780      #   service.beta.kubernetes.io/aws-load-balancer-ssl-ports: "443"
   781      #
   782      # ## When using web.service.type: LoadBalancer, whitelist the load balancer to particular IPs
   783      # loadBalancerSourceRanges:
   784      #   - 192.168.1.10/32
   785  
   786    # When using web.service.type: NodePort, sets the nodePort for atc
   787    #  atcNodePort: 30150
   788    #
   789    # When using web.service.type: NodePort, sets the nodePort for atc tls
   790    #  atcTlsNodePort: 30151
   791    #
   792    # When using web.service.type: NodePort, sets the nodePort for tsa
   793    #  tsaNodePort: 30152
   794  
   795    ## Ingress configuration.
   796    ## ref: https://kubernetes.io/docs/user-guide/ingress/
   797    ##
   798    ingress:
   799      ## Enable Ingress.
   800      ##
   801      enabled: false
   802  
   803      ## Annotations to be added to the web ingress.
   804      ##
   805      # annotations:
   806      #   kubernetes.io/ingress.class: nginx
   807      #   kubernetes.io/tls-acme: 'true'
   808  
   809      ## Hostnames.
   810      ## Must be provided if Ingress is enabled.
   811      ##
   812      # hosts:
   813      #   - concourse.domain.com
   814  
   815      ## TLS configuration.
   816      ## Secrets must be manually created in the namespace.
   817      ##
   818      # tls:
   819      #   - secretName: concourse-web-tls
   820      #     hosts:
   821      #       - concourse.domain.com
   822      #
   823      #
   824  
   825  ## Configuration values for Concourse Worker components.
   826  ##
   827  worker:
   828    ## Override the components name (defaults to worker).
   829    ##
   830    # nameOverride:
   831  
   832    ## Number of replicas.
   833    ##
   834    replicas: 2
   835  
   836    ## Minimum number of workers available after an eviction
   837    ## ref: https://kubernetes.io/docs/admin/disruptions/
   838    ##
   839    minAvailable: 1
   840  
   841    ## Configure resource requests and limits.
   842    ## ref: https://kubernetes.io/docs/user-guide/compute-resources/
   843    ##
   844    resources:
   845      requests:
   846        cpu: "100m"
   847        memory: "512Mi"
   848  
   849    ## Configure additional environment variables for the
   850    ## worker container(s)
   851    # env:
   852    #   - name: http_proxy
   853    #     value: "http://proxy.your-domain.com:3128"
   854    #   - name: https_proxy
   855    #     value: "http://proxy.your-domain.com:3128"
   856    #   - name: no_proxy
   857    #     value: "your-domain.com"
   858    #   - name: CONCOURSE_GARDEN_DNS_SERVER
   859    #     value: "8.8.8.8"
   860    #   - name: CONCOURSE_GARDEN_DNS_PROXY_ENABLE
   861    #     value: "true"
   862    #   - name: CONCOURSE_GARDEN_ALLOW_HOST_ACCESS
   863    #     value: "true"
   864  
   865  
   866    ## For managing where secrets should be mounted for worker agents
   867    keySecretsPath: "/concourse-keys"
   868  
   869    ## Configure additional volumeMounts for the
   870    ## worker container(s)
   871    # additionalVolumeMounts:
   872    #   - name: concourse-baggageclaim
   873    #     mountPath: /baggageclaim
   874  
   875    ## Annotations to be added to the worker pods.
   876    ##
   877    # annotations:
   878    #   iam.amazonaws.com/role: arn:aws:iam::123456789012:role/concourse
   879    #
   880  
   881    ## Node selector for the worker nodes.
   882    ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#nodeselector
   883    nodeSelector: {}
   884    # nodeSelector: {type: concourse}
   885  
   886    ## Additional affinities to add to the worker pods.
   887    ## Useful if you prefer to run workers on non-spot instances, for example
   888    ##
   889    # additionalAffinities:
   890    #   nodeAffinity:
   891    #     preferredDuringSchedulingIgnoredDuringExecution:
   892    #       - weight: 50
   893    #         preference:
   894    #           matchExpressions:
   895    #             - key: spot
   896    #               operator: NotIn
   897    #               values:
   898    #                 - "true"
   899  
   900    ## Configure additional volumes for the
   901    ## worker container(s)
   902    # additionalVolumes:
   903    #   - name: concourse-baggageclaim
   904    #     hostPath:
   905    #       path: /dev/nvme0n1
   906    #       type: BlockDevice
   907    #
   908    # As a special exception, this allows taking over the `concourse-work-dir`
   909    # volume (from the default emptyDir) if `persistence.enabled` is false:
   910    #
   911    # additionalVolumes:
   912    #   - name: concourse-work-dir
   913    #     hostPath:
   914    #       path: /mnt/locally-mounted-fast-disk/concourse
   915    #       type: DirectoryOrCreate
   916  
   917    ## Whether the workers should be forced to run on separate nodes.
   918    ## This is accomplished by setting their AntiAffinity with requiredDuringSchedulingIgnoredDuringExecution as opposed to preferred
   919    ## Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#inter-pod-affinity-and-anti-affinity-beta-feature
   920    hardAntiAffinity: false
   921  
   922    ## Tolerations for the worker nodes.
   923    ## Ref: https://kubernetes.io/docs/concepts/configuration/taint-and-toleration/
   924    tolerations: []
   925    # tolerations:
   926    #  - key: "toleration=key"
   927    #    operator: "Equal"
   928    #    value: "value"
   929    #    effect: "NoSchedule"
   930  
   931    ## Time to allow the pod to terminate before being forcefully terminated. This should provide time for
   932    ## the worker to retire, i.e. drain its tasks. See https://concourse-ci.org/worker-internals.html for worker
   933    ## lifecycle semantics.
   934    terminationGracePeriodSeconds: 60
   935  
   936    ## If any of the strings are found in logs, the worker's livenessProbe will fail and trigger a pod restart.
   937    ## Specify one string per line, exact matching is used.
   938    ##
   939    fatalErrors: |-
   940      guardian.api.garden-server.create.failed
   941      baggageclaim.api.volume-server.create-volume-async.failed-to-create
   942  
   943    ## Strategy for StatefulSet updates (requires Kubernetes 1.6+)
   944    ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset
   945    ##
   946    updateStrategy: RollingUpdate
   947  
   948    ## Pod Management strategy (requires Kubernetes 1.7+)
   949    ## Ref: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#pod-management-policies
   950    ##
   951    ## "OrderedReady" is default. "Parallel" means worker pods will launch or terminate
   952    ## in parallel.
   953    podManagementPolicy: Parallel
   954  
   955    ## When persistance is disabled this value will be used to limit the emptyDir volume size
   956    ## Ref: https://kubernetes.io/docs/concepts/storage/volumes/#emptydir
   957    # emptyDirSize: 20Gi
   958  
   959  ## Persistent Volume Storage configuration.
   960  ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
   961  ##
   962  persistence:
   963    ## Enable persistence using Persistent Volume Claims.
   964    ##
   965    enabled: true
   966  
   967    ## Worker Persistence configuration.
   968    ##
   969    worker:
   970      ## concourse data Persistent Volume Storage Class
   971      ## If defined, storageClassName: <storageClass>
   972      ## If set to "-", storageClassName: "", which disables dynamic provisioning
   973      ## If undefined (the default) or set to null, no storageClassName spec is
   974      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
   975      ##   GKE, AWS & OpenStack)
   976      ##
   977      # storageClass: "-"
   978  
   979      ## Persistent Volume Access Mode.
   980      ##
   981      accessMode: ReadWriteOnce
   982  
   983      ## Persistent Volume Storage Size.
   984      ##
   985      size: 20Gi
   986  
   987  ## Configuration values for the postgresql dependency.
   988  ## ref: https://github.com/kubernetes/charts/blob/master/stable/postgresql/README.md
   989  ##
   990  postgresql:
   991  
   992    ## Use the PostgreSQL chart dependency.
   993    ## Set to false if bringing your own PostgreSQL, and set secret value postgresql-uri.
   994    ##
   995    enabled: true
   996  
   997    ### PostgreSQL User to create.
   998    ##
   999    postgresUser: concourse
  1000  
  1001    ## PostgreSQL Password for the new user.
  1002    ## If not set, a random 10 characters password will be used.
  1003    ##
  1004    postgresPassword: concourse
  1005  
  1006    ## PostgreSQL Database to create.
  1007    ##
  1008    postgresDatabase: concourse
  1009  
  1010    ## Persistent Volume Storage configuration.
  1011    ## ref: https://kubernetes.io/docs/user-guide/persistent-volumes
  1012    ##
  1013    persistence:
  1014      ## Enable PostgreSQL persistence using Persistent Volume Claims.
  1015      ##
  1016      enabled: true
  1017      ## concourse data Persistent Volume Storage Class
  1018      ## If defined, storageClassName: <storageClass>
  1019      ## If set to "-", storageClassName: "", which disables dynamic provisioning
  1020      ## If undefined (the default) or set to null, no storageClassName spec is
  1021      ##   set, choosing the default provisioner.  (gp2 on AWS, standard on
  1022      ##   GKE, AWS & OpenStack)
  1023      ##
  1024      # storageClass: "-"
  1025      ## Persistent Volume Access Mode.
  1026      ##
  1027      accessMode: ReadWriteOnce
  1028      ## Persistent Volume Storage Size.
  1029      ##
  1030      size: 8Gi
  1031  
  1032  ## For RBAC support:
  1033  rbac:
  1034    # true here enables creation of rbac resources
  1035    create: true
  1036  
  1037    # rbac version
  1038    apiVersion: v1beta1
  1039  
  1040    ## The name of the service account to use for web pods if rbac.create is false
  1041    ##
  1042    webServiceAccountName: default
  1043  
  1044    ## The name of the service account to use for worker pods if rbac.create is false
  1045    ##
  1046    workerServiceAccountName: default
  1047  
  1048  ## For managing secrets using Helm
  1049  ##
  1050  secrets:
  1051  
  1052    ## List of username:password or username:bcrypted_password combinations for all your local concourse users.
  1053    localUsers: "test:test"
  1054    ## Create the secret resource from the following values. Set this to
  1055    ## false to manage these secrets outside Helm.
  1056    ##
  1057    create: true
  1058  
  1059    ## The TLS certificate and private key for the web component to be able to terminate
  1060    ## TLS connections.
  1061    # webTlsCert:
  1062    # webTlsKey:
  1063  
  1064    ## Concourse Host Keys.
  1065    ## ref: https://concourse-ci.org/install.html#generating-keys
  1066    ##
  1067    hostKey: |-
  1068      -----BEGIN RSA PRIVATE KEY-----
  1069      MIIEogIBAAKCAQEA2AUPXxuiDC/qrBWjIdT5fvNcMlMEYpR3X4SLQIgLC1ULDsCO
  1070      fleKZ+Wi4RzwbkUKiKmJm5GeyNVVCDdfvdD1Sd1+5faqmp2/OQBzLS7o8NY/btMw
  1071      8h9lx4KVJaJJ1EM1EiyGY41Nx591KP14pBfr0/NdOIrDu2JvF6e7CHEbrzkN57kb
  1072      BVQkaIMaS01Rw/5Oe68GFalli2ii8L8dNWVVzquBh5PwVWimvTgwv3TYG2TH8L1V
  1073      V7n+/zRRpkjMl2+PUouGqD+Bp+4wF+hp4AW5v24CqjtLJEMv4IEJv2FRfrOauBIZ
  1074      XjAS1SSg9VaTOS3iwxaYrv8uG1XfMFHICvkEPQIDAQABAoIBAG87W8jrX6vK2Jm3
  1075      ooJ/OeFmymiXWsCwFi+2/kVCR/2T0tfLyxO/W+NX2WD1F9CP+HaaZeMXPp3HS7up
  1076      V8FT4ZohVYBwXTS0WYyucKApcYThrVQRpzhldnEfClGQmVeVK7Sp/KEyV4Sc1SVA
  1077      L2i/cI142N2Ohm7spquVkLcuFsVINzZ0fXCv25dTqbkEgjTJzNdBzyFXvc4z0Mt9
  1078      gW14M7mz+YKYOfsCxIEm438fC9b16C96yIFBdN+/jaP8pmb2RoIE2D0F8bj5K1hR
  1079      YyGFKMOU4e6cYq59iWfubKuu2WNJEBk/5aO7x7Xu2S0k8wIYlwxFuu4LfR2Kvizu
  1080      +mFVf3kCgYEA9e0+40tJGpOPM8hAB3DwXjYc8lCuyYf3z30T3RqVNCUVSWnlaj/s
  1081      3ENi6+Ng3u+Zs8cR2CFou+jAClTyWLuSnI9yACD0eyW9n4bzYMUbgdC6vneLjpzx
  1082      wWR9Xv5RmZVly7xWuqcgEeEf8RNcYI3oXby0laF3EObvuAx/4ETIkFcCgYEA4N42
  1083      w1UEWGopWBIIXYHkEPHQuF0SxR2CZyh9ExTeSxFphyibkcHRjDW+t91ZLnSm5k1N
  1084      TOdYuc0ApBV3U+TexeFvDI94L/Oze6Ht5MatRQz8kRwMFGJL3TrpbgTmWdfG05Ad
  1085      oiScJzwY16oJXnKusxik7V+gCCNNE0/2UuMnY4sCgYAEf82pvOPef5qcGOrK+A79
  1086      ukG3UTCRcVJgUmp9nhHivVbxW+WdlwPPV9BEfol0KrAGMPsrmBjhbzWsOregVfYt
  1087      tRYh2HiAlEUu2Po06AZDzrzL5UYBWu+1WRBOH5sAk1IkcxKnIY2dph++elszTQVW
  1088      SbCIGEckYQU7ucbRJJECywKBgBb4vHFx8vKxTa3wkagzx7+vZFohL/SxEgxFx5k2
  1089      bYsPqU8kZ9gZC7YeG3CfDShAxHgMd5QeoiLA/YrFop4QaG2gnP6UfXuwkqpTnYDc
  1090      hwDh1b9hNR6z9/oOtaAGoh2VfHtKYqyYvtcHPaZyeWiLoKstHlQdi7SpHouVhJ1t
  1091      FS4HAoGAGy+56+zvdROjJy9A2Mn/4BvWrsu4RSQILBJ6Hb4TpF46p2fn0rwqyhOj
  1092      Occs+xkdEsI9w5phXzIEeOq2LqvWHDPxtdLpxOrrmx4AftAWdM8S1+OqTpzHihK1
  1093      y1ZOrWfvON+XjWFFAEej/CpQZkNUkTzjTtSC0dnfAveZlasQHdI=
  1094      -----END RSA PRIVATE KEY-----
  1095  
  1096    hostKeyPub: |-
  1097      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYBQ9fG6IML+qsFaMh1Pl+81wyUwRilHdfhItAiAsLVQsOwI5+V4pn5aLhHPBuRQqIqYmbkZ7I1VUIN1+90PVJ3X7l9qqanb85AHMtLujw1j9u0zDyH2XHgpUloknUQzUSLIZjjU3Hn3Uo/XikF+vT8104isO7Ym8Xp7sIcRuvOQ3nuRsFVCRogxpLTVHD/k57rwYVqWWLaKLwvx01ZVXOq4GHk/BVaKa9ODC/dNgbZMfwvVVXuf7/NFGmSMyXb49Si4aoP4Gn7jAX6GngBbm/bgKqO0skQy/ggQm/YVF+s5q4EhleMBLVJKD1VpM5LeLDFpiu/y4bVd8wUcgK+QQ9 Concourse
  1098  
  1099    ## Concourse Session Signing Keys.
  1100    ## ref: https://concourse-ci.org/install.html#generating-keys
  1101    ##
  1102    sessionSigningKey: |-
  1103      -----BEGIN RSA PRIVATE KEY-----
  1104      MIIEowIBAAKCAQEAwLql/rUIaI+PX7Tl3FWcTee4sQf8/daakALXx955tPwkhqlY
  1105      e4T2V84p/ylFvNWpM4vfcMYKfMY0JLKgAgBvJhCytSkDBhTBoWmN6yE0AB11P9En
  1106      lIZRBWNYqaC2cSge2ZD8qOSnwfFhnQAW8+7pE+ElJAVh7dtdF3A478H50lIigq8I
  1107      zMWp2EGJpFC7/Uu36oIL/03MNGCmrH1jvtTuJiAMQUZYyL1ReBkvvHOzw9i4HXPy
  1108      SMVtcllm4NBs2aVPtwhr2kwSkLt8t1bPdRn6OIyEAw5WktzAKaiZnkTvj6g3xzdp
  1109      zKcrdlBr9aznlNvoSinBUfvtwyFmvFN1HHbA9wIDAQABAoIBAE7G/DrUfI9gvtX7
  1110      90jMpYsigFe8UCjho2PiBZlo0o6r0bJJXiV+/8J8PqZRlHPPUc4EClzqVjcSPRYS
  1111      /VxUGRqSELoD/Xxq14rGvn+xnrO9VsOzFl6bWFq/dOpBCtHN+G4t2VifvgKES8YE
  1112      11z19sdta+UBXjn/RFnkQSGfRCI3QqTaYvjxevt0uWlyPmqkFPQQw8bvHIXzoB+B
  1113      rzeiMa++nMvbX5pAH9XA0BvhyuH3fHidTUwiVBpkMcpLWtjP0A0JTsecDdbinDDq
  1114      un2EIo8zMWRwKQN/JnUxsi8AUEigBTCUqeDgREXtW62uvFkSpcVMXwmVityLYIVy
  1115      qnVLUCECgYEA6IwXkP1qnSfcNeoVI/ypDuz1/kdqcjSPhLYe+jdiLLoFkMW9AlDm
  1116      lzwNaWlTFD9ygo+NjJCo63/A8HCm55sajws5hZ6r20vdZcKFMk9h0qF5oVA7lkQ2
  1117      gvG2WaznuU7KkqhfP+pXhiLgZKoJkst/+g7r6uHpredwDY6hxeBK4vsCgYEA1CqH
  1118      8ywC5qUo/36kQg/TU2adN/YEHdJAAbU23EVrGQSVmnXW08H2NLFk0tsxrwoNnbgp
  1119      PIk2J7BimbJvbND17ibr4GAklDTsR8aJkDl+0JgNCAK9N07qVt1s7FXzhg95jUL9
  1120      EQW55z60GAJpecqNwA4Jsa8P852N0355Obp92TUCgYBkOBvf7JcJ66fHxH4f6D+j
  1121      oxPQ5k5Fsck4VJS9GSlCRVkor09ptBvsiYDuMOoRC9b51YwXTDDAbWplNOd5YSrt
  1122      AtVjdKJz/BoKRO7KY9Owxs54au+DLxqfDDSeKRokjoRW+CE0lnXp5RX3zCAcF3+r
  1123      8MpTi9D9lYSBEzs84BDmCQKBgQCMcH6/K3HcJJVn0fd+tyUGftUw9sswxjySJNbk
  1124      pZrH263/qWMDls+Xf5kire9MU1ZCAWZiaN0NFoed/2wcVpGEDAV0548u/30r4bKr
  1125      YjOcdhmiJNYFJ1qdF0MDib2CDvpB1IbZXrX46RujDO2urbJ435HxKNVhR/had8xc
  1126      tyKYxQKBgCVDhN0MhnlUQJVZfX42APmF4gQg0r3sfL/NGXjEjMIKKFe5a88eZVHr
  1127      L8x1+dp0q7czC8a/l1DUuiwDKl8OEpxLsGCq/J/wAfrSMPifu6EUlbUwlJOPdgha
  1128      +p/KFAelHXJ2w/8yackAcarh35VP7ixhuvxswHNdgvfsBTFcjn30
  1129      -----END RSA PRIVATE KEY-----
  1130  
  1131    ## Concourse Worker Keys.
  1132    ## ref: https://concourse-ci.org/install.html#generating-keys
  1133    ##
  1134    workerKey: |-
  1135      -----BEGIN RSA PRIVATE KEY-----
  1136      MIIEpAIBAAKCAQEAuPehUmBXAQCoA7TLAQCYhf+vzcZVyj+VGXnMhLHnWLk7dRjo
  1137      CU8GgNamdS5h7G3ywxOvKA3YjOLr8XyOMLS4c+e8N7tIzlMWdiXhe0lcBH9Z1ai5
  1138      +Bof3/BlDUBksiKdc1A+QcfX6tDwMkOO5re1H4vOK3H/Cype58wCB03HYNgb05ED
  1139      fW1Bj2qvz29VtmyjwEMuDs100iMqwCfPUx9oxXmmX8sUBRmw/Y1Rx/8pdKIjKw3m
  1140      kWIHHBOSCPimO1qC47Aa8v/UH9hERCykyuFHiBiKlnIvZWm9bYvhsRTz4gt5KzRY
  1141      6OI0oVeHlLOHDSK48Da8VWij15lOqO2Nx6WssQIDAQABAoIBADET22UNFOi6MNpS
  1142      5S5N5ypezlnOD0NLnZcV3zMyNQ0wkNsgEakuo64Zxi7/cJIYFjq2hVoeWl//cdUw
  1143      VFYODYcLbMBo3AeKukH9CRf6PgUfeUmcrENtQxnbIiTi+hTd5GMNXod7rAmtCJ59
  1144      mHQVOGS3ZqvWYnKm+mmMktk3RPinynX/A4y3WHPacuAS58HM09Ck43WcHMxbGpsL
  1145      /gZpICyFYZ2DviM+AHyWGcmw7LJrpC0QHo6+BAFMs4xlUecNgVIFUpfOoAcfsdtG
  1146      K9j4AbuZ47iFisbay+1pyg/7O5eRTdGVQRtc7PBMOjea5jGsfmlDmdn1ZS50ykun
  1147      ANfoQ5UCgYEA9Ak73PRy9nLlRkt4OBCF/4fwThUCMedsnWaVjQBMJYim4FB2ivF5
  1148      cKdWt3y/RZI85KKYu0EXhLEoSIEAfz057R8t3QdVK4tZx6B47UFjBjCYeVMtwHDQ
  1149      prxQiOPHIHCplBNFuGzA5VXL9gQLRD+ek0uOy2GJJ0Wu1xyeouI+SW8CgYEAwgkO
  1150      TOtOogqmcAALjWgeeQiZetflSKbJlpQNhmCPAMm0SFI8eF4SpRXLzd41VC2mLIwT
  1151      L3tjc7/8ocXoElFM4L0fo9Lx/SHFH4JEn5FT0PXPmvsF2JRhsXJFLJSihxF/91Xs
  1152      2aBcQILPFzLcrI6OFUakNwGTU/CIxpkzRvQrG98CgYEAzNVnUuo4CNadzagRK3Xr
  1153      E3Yl5VRK+FpY17FAfA6w25xc/dFr/un61e0Po4no/ltmEz7LVfmn5O/ScTEemq5o
  1154      jbjrBShfe+JGpIH0nqiQlqR5hvSjZXEMIbfVHWGbRYZrQGgA0HEwZA7k2QXB8zI3
  1155      R0lXfSzMM5OQ0uwp12xxfa8CgYBHILq1R6zTicPpWprhg0FobNaWSX4rW7iaEjvC
  1156      /rJtP4Nu33Z7SUDcc1j6ZnJ2ISXBPrfpt/mE/OPHCZ1A2bysxadLjpBWkoKIQmCV
  1157      fdiTyQgJb+t8sSf+vDzPUs0hZjDaogzo2ff3TfxMLMDoIHnFItgfsdwn8QyygIZj
  1158      hC4pUQKBgQDqsxnkI6yXFE5gshnW7H8zqKNlzKd/dZEL6e+lRz4R3UY/KcEkRAfq
  1159      Yi3cwo9fE3U3kSmpl5MQwUjWm/BZ7JyueoY/4ndwaFPgc34IKsgJ0wau9pZiQAB1
  1160      DxpOSF+BR71Jx3sxvIdCODNTtm645j5yrZVnJAuMPofo5XFmunDoJA==
  1161      -----END RSA PRIVATE KEY-----
  1162  
  1163    workerKeyPub: |-
  1164      ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC496FSYFcBAKgDtMsBAJiF/6/NxlXKP5UZecyEsedYuTt1GOgJTwaA1qZ1LmHsbfLDE68oDdiM4uvxfI4wtLhz57w3u0jOUxZ2JeF7SVwEf1nVqLn4Gh/f8GUNQGSyIp1zUD5Bx9fq0PAyQ47mt7Ufi84rcf8LKl7nzAIHTcdg2BvTkQN9bUGPaq/Pb1W2bKPAQy4OzXTSIyrAJ89TH2jFeaZfyxQFGbD9jVHH/yl0oiMrDeaRYgccE5II+KY7WoLjsBry/9Qf2ERELKTK4UeIGIqWci9lab1ti+GxFPPiC3krNFjo4jShV4eUs4cNIrjwNrxVaKPXmU6o7Y3Hpayx Concourse
  1165  
  1166    ## Secrets for DB access
  1167    # postgresUser:
  1168    # postgresPassword:
  1169    # postgresCaCert:
  1170    # postgresClientCert:
  1171    # postgresClientKey:
  1172  
  1173    ## Secrets for DB encryption
  1174    ##
  1175    # encryptionKey:
  1176    # oldEncryptionKey:
  1177  
  1178    ## Secrets for SSM AWS access
  1179    # awsSsmAccessKey:
  1180    # awsSsmSecretKey:
  1181    # awsSsmSessionToken:
  1182  
  1183    ## Secrets for Secrets Manager AWS access
  1184    # awsSecretsmanagerAccessKey:
  1185    # awsSecretsmanagerSecretKey:
  1186    # awsSecretsmanagerSessionToken:
  1187  
  1188    ## Secrets for CF OAuth
  1189    # cfClientId:
  1190    # cfClientSecret:
  1191    # cfCaCert: |-
  1192  
  1193    ## Secrets for GitHub OAuth.
  1194    ##
  1195    # githubClientId:
  1196    # githubClientSecret:
  1197    # githubCaCert: |-
  1198  
  1199    ## Secrets for GitLab OAuth.
  1200    ##
  1201    # gitlabClientId:
  1202    # gitlabClientSecret:
  1203  
  1204    ## Secrets for LDAP Auth.
  1205    ##
  1206    # ldapCaCert: |-
  1207  
  1208    ## Secrets for generic OAuth.
  1209    ##
  1210    # oauthClientId:
  1211    # oauthClientSecret:
  1212    # oauthCaCert: |-
  1213  
  1214    ## Secrets for oidc OAuth.
  1215    ##
  1216    # oidcClientId:
  1217    # oidcClientSecret:
  1218    # oidcCaCert: |-
  1219  
  1220    ## Secrets for using Hashcorp Vault as a credential manager.
  1221    ##
  1222    ## if the Vault server is using a self-signed certificate, provide the CA public key.
  1223    ## the value will be written to /concourse-vault/ca.cert
  1224    ##
  1225    # vaultCaCert: |-
  1226  
  1227    ## initial periodic token issued for concourse
  1228    ## ref: https://www.vaultproject.io/docs/concepts/tokens.html#periodic-tokens
  1229    ##
  1230    # vaultClientToken:
  1231  
  1232    ## vault authentication parameters
  1233    ## Paramter to pass when logging in via the backend
  1234    ## Required for "approle" authenication method
  1235    ## e.g. "role_id=x,secret_id=x"
  1236    ## ref: https://concourse-ci.org/creds.html#vault-auth-param=NAME=VALUE
  1237    ##
  1238    # vaultAuthParam:
  1239  
  1240    ## provide the client certificate for authenticating with the [TLS](https://www.vaultproject.io/docs/auth/cert.html) backend
  1241    ## the value will be written to /concourse-vault/client.cert
  1242    ## make sure to also set credentialManager.vault.authBackend to `cert`
  1243    ##
  1244    # vaultClientCert: |-
  1245  
  1246    ## provide the client key for authenticating with the [TLS](https://www.vaultproject.io/docs/auth/cert.html) backend
  1247    ## the value will be written to /concourse-vault/client.key
  1248    ## make sure to also set credentialManager.vault.authBackend to `cert`
  1249    ##
  1250    # vaultClientKey: |-
  1251  
  1252    ## If influxdb metrics are enabled and authentication is required,
  1253    ## provide a password here to authenticate with the influxdb server configured.
  1254    ##
  1255    # influxdbPassword:
  1256  
  1257    ## SSL certificate used to verify the Syslog server for draining build logs.
  1258    # syslogCaCert: |-