├── .buildkite ├── pipeline.deploy.yml └── pipeline.yml ├── .github ├── ISSUE_TEMPLATE.md └── PULL_REQUEST_TEMPLATE.md ├── .gitignore ├── LICENSE ├── Makefile ├── README.md ├── package ├── Dockerfile ├── docker-compose.yml └── package.sh ├── stable └── agent │ ├── .helmignore │ ├── Chart.yaml │ ├── OWNERS │ ├── README.md │ ├── pipeline-examples │ ├── build.sh │ ├── deploy.sh │ └── pipeline.yml │ ├── templates │ ├── NOTES.txt │ ├── _helpers.tpl │ ├── clusterrole.yaml │ ├── clusterrolebinding.yaml │ ├── configmap-entrypointd.yaml │ ├── deployment.yaml │ ├── pod-disruption-budget.yaml │ ├── secret-dockerconfigjson.yaml │ ├── secret-gcr.yaml │ ├── secret-registry.yaml │ ├── secret.yaml │ └── service-account.yaml │ └── values.yaml └── test └── ct.yaml /.buildkite/pipeline.deploy.yml: -------------------------------------------------------------------------------- 1 | env: 2 | GIT_AUTHOR_NAME: "Buildkite CI" 3 | GIT_AUTHOR_EMAIL: "support@buildkite.com" 4 | GIT_COMMITTER_NAME: "Buildkite CI" 5 | GIT_COMMITTER_EMAIL: "support@buildkite.com" 6 | 7 | steps: 8 | - label: ":shipit:" 9 | command: "make build release" 10 | concurrency_group: "${BUILDKITE_PIPELINE_SLUG}/deploy" 11 | concurrency: 1 12 | plugins: 13 | - aws-assume-role-with-web-identity#v1.0.0: 14 | role-arn: arn:aws:iam::445615400570:role/pipeline-buildkite-helm-charts-deploy 15 | - aws-ssm#v1.0.0: 16 | parameters: 17 | GH_TOKEN: /pipelines/buildkite/helm-charts-deploy/gh-token 18 | -------------------------------------------------------------------------------- /.buildkite/pipeline.yml: -------------------------------------------------------------------------------- 1 | steps: 2 | - label: ":terminal: Lint Scripts" 3 | commands: make shellcheck 4 | 5 | - label: ":helm: Lint Charts" 6 | commands: make lint -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 4 | 5 | **Is this a request for help?**: 6 | 7 | --- 8 | 9 | **Is this a BUG REPORT or FEATURE REQUEST?** (choose one): 10 | 11 | 24 | 25 | **Version of Helm and Kubernetes**: 26 | 27 | 28 | **Which chart**: 29 | 30 | 31 | **What happened**: 32 | 33 | 34 | **What you expected to happen**: 35 | 36 | 37 | **How to reproduce it** (as minimally and precisely as possible): 38 | 39 | 40 | **Anything else we need to know**: 41 | -------------------------------------------------------------------------------- /.github/PULL_REQUEST_TEMPLATE.md: -------------------------------------------------------------------------------- 1 | 27 | 28 | **What this PR does / why we need it**: 29 | 30 | **Which issue this PR fixes** *(optional, in `fixes #(, fixes #, ...)` format, will close that issue when PR gets merged)*: fixes # 31 | 32 | **Special notes for your reviewer**: 33 | 34 | #### Checklist 35 | [Place an '[x]' (no spaces) in all applicable fields. Please remove unrelated fields.] 36 | - [ ] Chart Version bumped 37 | - [ ] Variables are documented in the README.md 38 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | /dist-repo 2 | /tmp 3 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | The MIT License (MIT) 2 | 3 | Copyright (c) 2020 Buildkite 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | UPSTREAM_GIT_URL = https://github.com/buildkite/charts.git 2 | CHARTS_URL = https://buildkite.github.io/charts 3 | CT_IMAGE = quay.io/helmpack/chart-testing:v3.7.0 4 | COMMIT = $(shell git rev-parse --short HEAD) 5 | 6 | .PHONY: lint shellcheck clean build release 7 | 8 | # Lints the chart changes against origin/master 9 | lint: 10 | git fetch origin master && \ 11 | docker run \ 12 | --volume "${PWD}:/src" \ 13 | --workdir /src \ 14 | --rm \ 15 | "${CT_IMAGE}" \ 16 | ct lint --config test/ct.yaml 17 | 18 | # Runs shellcheck over any shell files 19 | shellcheck: 20 | docker run \ 21 | --volume "${PWD}:/src" \ 22 | --workdir /src \ 23 | --rm \ 24 | koalaman/shellcheck-alpine \ 25 | sh -c "shellcheck -x **/*.sh" 26 | 27 | clean: 28 | rm -rf dist-repo 29 | 30 | dist-repo: 31 | git clone --quiet --single-branch -b gh-pages "${UPSTREAM_GIT_URL}" dist-repo 32 | 33 | # Build all Helm packages into dist-repo and regenerate the chart index 34 | build: dist-repo 35 | cd package && \ 36 | docker-compose build && \ 37 | docker-compose run --rm package package.sh "${CHARTS_URL}" dist-repo && \ 38 | cd ../dist-repo && \ 39 | echo "--- Diff" && \ 40 | git diff --stat 41 | 42 | # Commit and push the chart index 43 | release: 44 | cd dist-repo && \ 45 | git add *.tgz index.yaml && \ 46 | git commit --message "Update to buildkite/charts@${COMMIT}" && \ 47 | git push https://dummy:$${GH_TOKEN}@github.com/buildkite/charts.git gh-pages 48 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # ⚠️ Deprecation Notice 2 | We've since iterated on other solutions for using Buildkite with k8s. Please check out [github.com/buildkite/agent-stack-k8s](https://github.com/buildkite/agent-stack-k8s) for a supported solution. We'll continue to accept PRs for this repository, but won't be doing any active maintenance. 3 | 4 | # Buildkite Helm Charts Repository 5 | 6 | [![License](https://img.shields.io/badge/License-MIT-blue.svg)](https://opensource.org/licenses/Apache-2.0) 7 | [![Release](https://img.shields.io/github/release/buildkite/charts.svg?style=flat-square)](https://github.com/buildkite/charts/releases/latest) 8 | [![Build status](https://badge.buildkite.com/f0a51d12ea264f0cdbcbb70a6809019cc11a05580e72ff83ef.svg?branch=master)](https://buildkite.com/buildkite/helm-charts) 9 | 10 | The official [Buildkite](https://buildkite.com/docs/agent) [Helm](https://helm.sh) Charts repository. 11 | 12 | ## Getting Started 13 | 14 | ### Install Helm 15 | 16 | Get the latest [Helm release](https://github.com/kubernetes/helm#install). 17 | 18 | ### Add Buildkite Helm chart repository: 19 | 20 | ```console 21 | helm repo add buildkite https://buildkite.github.io/charts/ 22 | helm repo update 23 | ``` 24 | 25 | ### Install chart 26 | 27 | To install the Agent chart with the release name `bk-agent`: 28 | 29 | ```console 30 | helm install --name bk-agent --namespace buildkite buildkite/agent --set agent.token="BUILDKITE_AGENT_TOKEN" 31 | ``` 32 | 33 | Check Agent chart [readme](stable/agent/README.md) for more customisation options. 34 | 35 | ** You’ve now got Buildkite Agents running on your Kubernetes cluster! :tada: ** 36 | 37 | ## Contributing to Buildkite Charts 38 | 39 | Fork the `repo`, make changes and test it by installing the chart to see it is working. :) 40 | 41 | On success make a [pull request](https://help.github.com/articles/using-pull-requests) (PR). 42 | 43 | Upon successful review, someone will give the PR a __LGTM__ in the review thread. 44 | 45 | ## Thanks :heart: 46 | 47 | * A massive thanks to [Rimas Mocevicius](https://github.com/rimusz) for authoring Buildkite Agent chart. 48 | 49 | ## Copyright 50 | 51 | Copyright (c) 2020 Buildkite Pty Ltd. See [LICENSE](LICENSE) for details. 52 | -------------------------------------------------------------------------------- /package/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM alpine:3.16 2 | 3 | # Set Helm version 4 | ENV DESIRED_VERSION=v3.9.4 5 | 6 | RUN apk add --update bash ca-certificates openssl curl git \ 7 | && (curl https://raw.githubusercontent.com/helm/helm/master/scripts/get | bash) \ 8 | && helm version 9 | 10 | COPY package.sh /usr/sbin/ 11 | -------------------------------------------------------------------------------- /package/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: '3.6' 2 | services: 3 | package: 4 | build: . 5 | volumes: 6 | - "..:/charts" 7 | working_dir: /charts 8 | -------------------------------------------------------------------------------- /package/package.sh: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env bash 2 | # USAGE: package.sh 3 | 4 | set -euo pipefail 5 | 6 | HELM_REPO_URL="$1" 7 | OUTPUT_DIR="$2" 8 | 9 | for chart in ./stable/*; do 10 | echo "--- Packaging $chart into $OUTPUT_DIR" 11 | helm dep update "$chart" || true 12 | helm package --destination "$OUTPUT_DIR" "$chart" 13 | done 14 | 15 | echo "--- Reindexing $OUTPUT_DIR" 16 | if [ -f index.yaml ]; then 17 | helm repo index --url "$HELM_REPO_URL" --merge index.yaml "$OUTPUT_DIR" 18 | else 19 | helm repo index --url "$HELM_REPO_URL" "$OUTPUT_DIR" 20 | fi 21 | ls "$OUTPUT_DIR" 22 | -------------------------------------------------------------------------------- /stable/agent/.helmignore: -------------------------------------------------------------------------------- 1 | # Patterns to ignore when building packages. 2 | # This supports shell glob matching, relative path matching, and 3 | # negation (prefixed with !). Only one pattern per line. 4 | .DS_Store 5 | # Common VCS dirs 6 | .git/ 7 | .gitignore 8 | .bzr/ 9 | .bzrignore 10 | .hg/ 11 | .hgignore 12 | .svn/ 13 | # Common backup files 14 | *.swp 15 | *.bak 16 | *.tmp 17 | *~ 18 | # Various IDEs 19 | .project 20 | .idea/ 21 | *.tmproj 22 | -------------------------------------------------------------------------------- /stable/agent/Chart.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | description: Buildkite Agent Chart 3 | name: agent 4 | version: 0.6.4 5 | appVersion: 3.25.0 6 | icon: https://buildkite.com/_next/static/assets/assets/images/brand-assets/buildkite-logo-portrait-on-light-61fc0230.png 7 | keywords: 8 | - kubernetes deployment 9 | - helm release 10 | - continuous deployment 11 | - continuous integration 12 | home: https://buildkite.com 13 | sources: 14 | - https://github.com/buildkite/agent 15 | maintainers: 16 | - name: rimusz 17 | email: rmocius@gmail.com 18 | -------------------------------------------------------------------------------- /stable/agent/OWNERS: -------------------------------------------------------------------------------- 1 | approvers: 2 | - rimusz 3 | reviewers: 4 | - rimusz 5 | -------------------------------------------------------------------------------- /stable/agent/README.md: -------------------------------------------------------------------------------- 1 | # Running Buildkite agent 2 | 3 | The [buildkite agent](https://buildkite.com/docs/agent) is a small, reliable and cross-platform build runner that makes it easy to run automated builds on your own infrastructure. Its main responsibilities are polling buildkite.com for work, running build jobs, reporting back the status code and output log of the job, and uploading the job's artifacts. 4 | It is simple, lightweight hosted [Buildkite](https://buildkite.com) CI/CD system which only requires to host agents in your Kubernetes cluster. 5 | 6 | ## Introduction 7 | 8 | This chart bootstraps a [buildkite agent](https://github.com/buildkite/docker-buildkite-agent) builder on a [Kubernetes](http://kubernetes.io) cluster using the [Helm](https://helm.sh) package manager. 9 | As it sets `service account` it can be used to build Docker images and deploy them using `kubectl` and `helm` clients in the same cluster where agents run, without any extra setup. 10 | 11 | ## Add Buildkite Helm chart repository: 12 | 13 | ```console 14 | helm repo add buildkite https://buildkite.github.io/charts/ 15 | helm repo update 16 | ``` 17 | 18 | ## Installing the Chart 19 | 20 | In order for the chart to configure the Buildkite Agent properly during the installation process, you must provide some minimal configuration which can't rely on defaults. This includes at least one element in the _agent_ list `token`: 21 | 22 | To install the chart with the release name `bk-agent`: 23 | 24 | ```console 25 | helm install --name bk-agent --namespace buildkite buildkite/agent \ 26 | --set agent.token="BUILDKITE_AGENT_TOKEN" 27 | ``` 28 | 29 | To install the chart with the release name `bk-agent` and set Agent tags and git repo SSH key: 30 | 31 | ```console 32 | helm install --name bk-agent --namespace buildkite buildkite/agent \ 33 | --set agent.token="$(cat buildkite.token)",agent.tags="role=production" \ 34 | --set privateSshKey="$(cat buildkite.key)" \ 35 | --set registryCreds.gcrServiceAccountKey="$(cat gcr_service_account.key | base64)" 36 | ``` 37 | 38 | Alternatively, an external secret can be referenced for the agent token and agent SSH key: 39 | ```console 40 | helm install --name bk-agent --namespace buildkite buildkite/agent \ 41 | --set agent.externalSecretName="buildkite-agent-secret",agent.tags="role=production" \ 42 | --set agent.externalSecretTokenKey="agent-token",agent.externalSecretSSHKey="agent-ssh" 43 | ``` 44 | 45 | > **Note**: if your pipeline uses docker for build images or run containers, you must set `dind.enabled` to `true`. 46 | 47 | Where `--set` values contain: 48 | ``` 49 | agentToken: Buildkite token read from file 50 | agentMeta: tagging agent with - role=production (to add multiple tags, you must separate them with an escaped comma, like this: role=production\,queue=kubernetes) 51 | privateSshKey: private SSH key read from file 52 | registryCreds.gcrServiceAccountKey: base64 encoded gcr_service_account.key json file 53 | ``` 54 | 55 | > **Tip**: List all releases using `helm list` 56 | 57 | ## Uninstalling the Chart 58 | 59 | To uninstall/delete the `bk-agent` release: 60 | 61 | ```console 62 | helm delete bk-agent 63 | ``` 64 | 65 | The command removes all the Kubernetes components associated with the chart and deletes the release. 66 | 67 | ## Configuration 68 | 69 | The following table lists the configurable parameters of the `buildkite` chart and their default values. 70 | 71 | Parameter | Description | Default 72 | --- | --- | --- 73 | `replicaCount` | Replicas count | 1 74 | `image.repository` | Image repository | `buildkite/agent` 75 | `image.tag` | Image tag | `` 76 | `image.pullPolicy` | Image pull policy | `IfNotPresent` 77 | `agent.externalSecretName` | Name of a `Secret` to load the agent token and agent private SSH key from. Takes precedence over `.agent.token` and `.privateSshKey` | `nil` 78 | `agent.externalSecretTokenKey` | Name of the Key in the above secret where the agent token is located | `agent-token` 79 | `agent.externalSecretSSHKey` | Name of the key in the above secret where the agent private SSH is located | `nil` 80 | `agent.token` | Agent token | Must be specified unless `agent.externalSecretName` is set 81 | `agent.tags` | Agent tags | `role=agent` 82 | `agent.annotation` | Extra annotations for the generated Deployment | `{}` 83 | `enableHostDocker` | Mount docker socket | `true` 84 | `podSecurityContext` | Pod security context to set | `{}` 85 | `securityContext` | Container security context to set | `{}` 86 | `extraEnv` | Agent extra env vars | `nil` 87 | `privateSshKey` | Agent ssh key for git access. Also see `.agent.externalSecretName` | `nil` 88 | `registryCreds.gcrServiceAccountKey` | GCP Service account json key | `nil` 89 | `registryCreds.dockerConfig` | Private registry docker config.json | `nil` 90 | `entrypointd` | Add files to /docker-entrypoint.d/ via a ConfigMap | `{}` 91 | `serviceAccount.annotation` | Extra annotations for the generated ServiceAccount | `{}` 92 | `rbac.create` | Whether to create RBAC resources to be used by the pod | `false` 93 | `rbac.role.rules` | List of rules following the role specification | See [values.yaml](values.yaml) 94 | `volumeMounts` | Extra volumeMounts configuration | `nil` 95 | `volumes` | Extra volumes configuration | `nil` 96 | `resources` | Liveness probe for docker socket | `{}` 97 | `livenessProbe` | Pod resource requests & limits | `{}` 98 | `nodeSelector` | Node labels for pod assignment | `{}` 99 | `tolerations` | Node tolerations for pod assignment | `{}` 100 | `affinity` | Node/pod affinity | `{}` 101 | `podAnnotations` | Extra annotation to apply to the pod | `{}` 102 | `podContainers` | Extra pod container or sidecar configuration | `nil` 103 | `podInitContainers` | Extra pod init containers | `nil` 104 | `dind.enabled` | Enable preconfigured Docker-in-Docker (DinD) pod configuration | `false` 105 | `dind.image` | Image to use for Docker-in-Docker (DinD) pod container | `docker:19.03-dind` 106 | `dind.port` | Port Docker-in-Docker (DinD) daemon listens on as REST request proxy | `2375` 107 | `dind.mtu` | The MTU used for Docker-inDocker (DinD) daemon. Must be lower than pod networking interface | `1500` 108 | `dind.resources` | Pod resource requests & limits for dind sidecar (if enabled) | `{}` 109 | `dind.volumeMounts` | Extra volumeMounts configuration | `nil` 110 | `terminationGracePeriodSeconds` | Duration in seconds the pod needs to terminate gracefully | `30` 111 | `nameOverride` | Provide a name to override the default `$name` template variable | `nil` 112 | `fullnameOverride` | Provide a name to substitute for the full names of resources | `nil` 113 | 114 | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. 115 | 116 | Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example: 117 | 118 | ```console 119 | helm install --name bk-agent --namespace buildkite buildkite/agent -f values.yaml 120 | ``` 121 | 122 | > **Tip**: You can use the default [values.yaml](values.yaml) file 123 | 124 | ## Buildkite pipeline examples 125 | 126 | Check for examples of `pipeline.yml` and `build/deploy` scripts [here](pipeline-examples). 127 | 128 | 129 | ## Adding agent hooks to agent pods 130 | 131 | Adding your own hooks (e.g. environment hooks) depends on whether you use DinD or not. 132 | 133 | #### Without Docker-in-Docker 134 | Without using DinD, you can follow the lower part of the guide [here](https://buildkite.com/docs/agent/v3/docker#adding-hooks) 135 | 136 | #### With Docker-in-Docker 137 | As the hooks directory is set to a shared dir, currently the best way to add your own hooks while using DinD consists of two steps. 138 | 1. Follow the guide above for usage without DinD. 139 | 2. Add an entrypoint script to your values.yml that copies the hooks from the image to the shared dir. E.g: 140 | 141 | ``` 142 | entrypointd: 143 | 01-copy-hooks: | 144 | #!/bin/sh 145 | set -euo pipefail 146 | mkdir -p /var/buildkite/hooks 147 | cp /buildkite/hooks/* /var/buildkite/hooks/. 148 | ``` 149 | -------------------------------------------------------------------------------- /stable/agent/pipeline-examples/build.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # set docker repository 4 | DOCKER_REPO=quay.io/your_user_name 5 | 6 | # image name 7 | IMAGE=my_image 8 | 9 | # use buildkite commit hash as a TAG 10 | TAG=${BUILDKITE_COMMIT::8} 11 | 12 | # make tmp folder 13 | mkdir /tmp 14 | cd /tmp 15 | 16 | # clone repo 17 | env SSH_AUTH_SOCK= GIT_SSH_COMMAND='ssh -v -i ./buildkite' git clone ${BUILDKITE_REPO} 18 | 19 | # cd to pulled repo folder 20 | cd ${BUILDKITE_PIPELINE_SLUG} 21 | 22 | # checkout branch 23 | git checkout ${BUILDKITE_BRANCH} 24 | 25 | # build docker image 26 | echo -e "\n--- Building :docker: image ${IMAGE}:${TAG}" 27 | docker build -t ${IMAGE}:${TAG} . 28 | 29 | # cleaning up repo folder 30 | echo "--- Cleaning up git repo folder ${BUILDKITE_PIPELINE_SLUG}" 31 | rm -rf /tmp/${BUILDKITE_PIPELINE_SLUG} 32 | 33 | # tag docker image 34 | docker tag ${IMAGE}:${TAG} ${DOCKER_REPO}/${IMAGE}:${TAG} 35 | 36 | # push to repository 37 | echo "--- Pushing :docker: image ${DOCKER_REPO}/${IMAGE}:${TAG} to registry" 38 | docker push ${DOCKER_REPO}/${IMAGE}:${TAG} 39 | 40 | # local clean up 41 | echo "--- Cleaning up :docker: image ${DOCKER_REPO}/${IMAGE}:${TAG}" 42 | docker rmi -f ${DOCKER_REPO}/${IMAGE}:${TAG} 43 | -------------------------------------------------------------------------------- /stable/agent/pipeline-examples/deploy.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # setup helm 4 | echo "Installing helm" 5 | curl https://raw.githubusercontent.com/kubernetes/helm/master/scripts/get | bash 6 | echo "--- Configuring Helm cli :rocket:" 7 | export HELM_HOME="${PWD}/.buildkite/.helm" 8 | helm init -c 9 | helm repo add charts https://my_charts.com/charts 10 | helm repo update 11 | 12 | # use buildkite commit hash as a TAG 13 | TAG=${BUILDKITE_COMMIT::8} 14 | 15 | # app name 16 | APP=some_app 17 | 18 | # deploy/upgrade app with helm 19 | echo "--- Deploying $APP :rocket:" 20 | helm upgrade --install ${APP} charts/my_app --namespace ${SOME_NAMESPACE} --reuse-values \ 21 | --set image.tag="${GIT_TAG}" 22 | -------------------------------------------------------------------------------- /stable/agent/pipeline-examples/pipeline.yml: -------------------------------------------------------------------------------- 1 | steps: 2 | 3 | # Test release 4 | - name: "Run :docker: compose tests :testflight:" 5 | command: docker-compose run --rm test 6 | branches: test 7 | agents: 8 | role: builder-test 9 | plugins: 10 | docker-compose: 11 | run: test 12 | - wait 13 | - name: "Build :docker: image and push it to registry :rocket:" 14 | command: .buildkite/build.sh 15 | branches: test 16 | agents: 17 | role: builder-test 18 | - wait 19 | - name: "Deploy :docker: image to Test Workflow" 20 | command: .buildkite/deploy.sh 21 | branches: test 22 | agents: 23 | role: builder-test 24 | 25 | # Staging release 26 | - name: "Run :docker: compose tests :testflight:" 27 | command: docker-compose run --rm test 28 | branches: staging 29 | agents: 30 | role: builder-staging 31 | - wait 32 | - name: "Build :docker: image and push it to registry :rocket:" 33 | command: .buildkite/build.sh 34 | branches: staging 35 | agents: 36 | role: builder-staging 37 | - wait 38 | - name: "Deploy :docker: image to Staging" 39 | command: .buildkite/deploy.sh 40 | branches: staging 41 | agents: 42 | role: builder-staging 43 | - wait 44 | 45 | # Production release 46 | # wait for unblock by team member 47 | - block: 'Trigger Production Release :red_button:' 48 | branches: production 49 | 50 | - name: ":rocket: Deploying to Production" 51 | command: .buildkite/deploy.sh 52 | branches: production 53 | agents: 54 | role: deploy-production 55 | -------------------------------------------------------------------------------- /stable/agent/templates/NOTES.txt: -------------------------------------------------------------------------------- 1 | {{- if .Values.agent.token }} 2 | 3 | The {{ template "fullname" . }} is getting provisioned in your cluster. After a few minutes, you can run the following to verify. 4 | 5 | To verify that {{ template "fullname" . }} has started, run: 6 | 7 | kubectl --namespace={{ .Release.Namespace }} get pods -l "app={{ template "name" . }},release={{ .Release.Name }}" 8 | 9 | {{- else }} 10 | 11 | ############################################################################## 12 | #### ERROR: You did not provide Buildkite Agent Token. #### 13 | ############################################################################## 14 | 15 | Pods will not go to the running state if the Buildkite Agent Token was not provided. 16 | 17 | This deployment will be incomplete until you provide Buildkite Agent Token: 18 | 19 | helm upgrade {{ template "fullname" . }} builkite/agent \ 20 | --set agent.token="YOUR_BUILKITE_TOKEN" 21 | 22 | {{- end }} 23 | -------------------------------------------------------------------------------- /stable/agent/templates/_helpers.tpl: -------------------------------------------------------------------------------- 1 | {{/* vim: set filetype=mustache: */}} 2 | {{/* 3 | Expand the name of the chart. 4 | */}} 5 | {{- define "name" -}} 6 | {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} 7 | {{- end -}} 8 | 9 | {{/* 10 | Create a default fully qualified app name. 11 | We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). 12 | */}} 13 | {{- define "fullname" -}} 14 | {{- if .Values.fullnameOverride -}} 15 | {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} 16 | {{- else -}} 17 | {{- $name := default .Chart.Name .Values.nameOverride -}} 18 | {{- if contains $name .Release.Name -}} 19 | {{- .Release.Name | trunc 63 | trimSuffix "-" -}} 20 | {{- else -}} 21 | {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} 22 | {{- end -}} 23 | {{- end -}} 24 | {{- end -}} 25 | 26 | {{/* 27 | Set the Deployment API version based on the version of Kubernetes the chart is being deployed into. 28 | */}} 29 | {{- define "deployment.apiVersion" -}} 30 | {{- if semverCompare "<1.9-0" .Capabilities.KubeVersion.GitVersion -}} 31 | {{- print "extensions/v1beta1" -}} 32 | {{- else -}} 33 | {{- print "apps/v1" -}} 34 | {{- end -}} 35 | {{- end -}} 36 | 37 | {{/* 38 | Define Pdb apiVersion 39 | */}} 40 | {{- define "pdb.apiVersion" -}} 41 | {{- if .Capabilities.APIVersions.Has "policy/v1" }} 42 | {{- printf "policy/v1" -}} 43 | {{- else }} 44 | {{- printf "policy/v1beta1" -}} 45 | {{- end }} 46 | {{- end }} 47 | -------------------------------------------------------------------------------- /stable/agent/templates/clusterrole.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRole 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | rules: 7 | {{ toYaml .Values.rbac.role.rules | indent 2 }} 8 | {{- end }} 9 | -------------------------------------------------------------------------------- /stable/agent/templates/clusterrolebinding.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.rbac.create }} 2 | apiVersion: rbac.authorization.k8s.io/v1 3 | kind: ClusterRoleBinding 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | roleRef: 7 | apiGroup: rbac.authorization.k8s.io 8 | kind: ClusterRole 9 | name: {{ template "fullname" . }} 10 | subjects: 11 | - kind: ServiceAccount 12 | name: {{ template "fullname" . }} 13 | namespace: {{ .Release.Namespace }} 14 | {{- end }} 15 | -------------------------------------------------------------------------------- /stable/agent/templates/configmap-entrypointd.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.entrypointd }} 2 | apiVersion: v1 3 | kind: ConfigMap 4 | metadata: 5 | name: {{ template "fullname" . }}-entrypointd 6 | labels: 7 | app: {{ template "name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | data: 12 | {{ toYaml .Values.entrypointd | indent 2 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /stable/agent/templates/deployment.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: {{ template "deployment.apiVersion" . }} 2 | kind: Deployment 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- if .Values.agent.annotations }} 11 | annotations: 12 | {{ toYaml .Values.agent.annotations | indent 4 }} 13 | {{- end }} 14 | spec: 15 | replicas: {{ .Values.replicaCount }} 16 | selector: 17 | matchLabels: 18 | app: {{ template "name" . }} 19 | template: 20 | metadata: 21 | labels: 22 | app: {{ template "name" . }} 23 | release: {{ .Release.Name }} 24 | annotations: 25 | checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} 26 | {{- if .Values.registryCreds.gcrServiceAccountKey }} 27 | checksum/secret-gcr: {{ include (print $.Template.BasePath "/secret-gcr.yaml") . | sha256sum }} 28 | {{- end }} 29 | {{- if .Values.registryCreds.dockerConfig }} 30 | checksum/secret-registry: {{ include (print $.Template.BasePath "/secret-registry.yaml") . | sha256sum }} 31 | {{- end }} 32 | {{- if .Values.registryCreds.dockerconfigjson }} 33 | checksum/secret-dockerconfigjson: {{ include (print $.Template.BasePath "/secret-dockerconfigjson.yaml") . | sha256sum }} 34 | {{- end }} 35 | {{- with .Values.podAnnotations }} 36 | {{ toYaml . | indent 8 }} 37 | {{- end }} 38 | spec: 39 | serviceAccount: {{ template "fullname" . }} 40 | {{- if .Values.registryCreds.dockerconfigjson }} 41 | imagePullSecrets: 42 | - name: {{ template "fullname" . }}-dockerconfigjson 43 | {{- end }} 44 | {{- if .Values.podInitContainers }} 45 | initContainers: 46 | {{ toYaml .Values.podInitContainers | nindent 8 }} 47 | {{- end }} 48 | containers: 49 | - name: {{ .Chart.Name }} 50 | image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" 51 | imagePullPolicy: {{ .Values.image.pullPolicy }} 52 | {{- with .Values.securityContext }} 53 | securityContext: 54 | {{ toYaml . | indent 12 }} 55 | {{- end }} 56 | env: 57 | # BUILDKITE AGENT ENV VARS 58 | {{- if .Values.agent.externalSecretName }} 59 | - name: BUILDKITE_AGENT_TOKEN 60 | valueFrom: 61 | secretKeyRef: 62 | name: {{ .Values.agent.externalSecretName }} 63 | key: {{ .Values.agent.externalSecretTokenKey }} 64 | {{- if .Values.agent.externalSecretSSHKey }} 65 | - name: SSH_PRIVATE_RSA_KEY 66 | valueFrom: 67 | secretKeyRef: 68 | name: {{ .Values.agent.externalSecretName }} 69 | key: {{ .Values.agent.externalSecretSSHKey }} 70 | {{- end }} 71 | {{- else }} 72 | {{- if .Values.agent.token }} 73 | - name: BUILDKITE_AGENT_TOKEN 74 | valueFrom: 75 | secretKeyRef: 76 | name: {{ template "fullname" . }} 77 | key: agent-token 78 | {{- end }} 79 | {{- if .Values.privateSshKey }} 80 | - name: SSH_PRIVATE_RSA_KEY 81 | valueFrom: 82 | secretKeyRef: 83 | name: {{ template "fullname" . }} 84 | key: agent-ssh 85 | {{- end }} 86 | {{- end }} 87 | - name: BUILDKITE_AGENT_TAGS 88 | value: "{{ .Values.agent.tags }}" 89 | {{- if .Values.dind.enabled }} 90 | - name: DOCKER_HOST 91 | value: "tcp://localhost:{{ .Values.dind.port | default "2375" }}" 92 | - name: BUILDKITE_BUILD_PATH 93 | value: "/var/buildkite/builds" 94 | - name: BUILDKITE_PLUGINS_PATH 95 | value: "/var/buildkite/plugins" 96 | - name: BUILDKITE_HOOKS_PATH 97 | value: "/var/buildkite/hooks" 98 | {{- end }} 99 | # EXTRA BUILDKITE AGENT ENV VARS 100 | {{- if .Values.extraEnv }} 101 | {{ toYaml .Values.extraEnv | nindent 12 }} 102 | {{- end }} 103 | {{- if .Values.lifecycle.useDefault }} 104 | {{- if or .Values.lifecycle.preStop .Values.lifecycle.postStart }} 105 | {{ fail "lifecycle.useDefault set to true, but lifecycle.preStop/lifecycle.postStart specified"}} 106 | {{- end }} 107 | # DEFAULT LIFECYCLE HOOK 108 | lifecycle: 109 | preStop: 110 | exec: 111 | command: 112 | - /bin/sh 113 | - -c 114 | - kill -s SIGTERM `/bin/pidof buildkite-agent` && while pidof -q buildkite-agent; do sleep 1; done 115 | {{- else if or .Values.lifecycle.preStop .Values.lifecycle.postStart }} 116 | lifecycle: 117 | # LIFECYCLE PRE STOP 118 | {{- if .Values.lifecycle.preStop }} 119 | preStop: 120 | {{- toYaml .Values.lifecycle.preStop | nindent 14 }} 121 | {{- end }} 122 | # LIFECYCLE POST START 123 | {{- if .Values.lifecycle.postStart }} 124 | postStart: 125 | {{- toYaml .Values.lifecycle.postStart | nindent 14 }} 126 | {{- end }} 127 | {{- end }} 128 | livenessProbe: 129 | {{ toYaml .Values.livenessProbe | indent 12 }} 130 | resources: 131 | {{ toYaml .Values.resources | indent 12 }} 132 | volumeMounts: 133 | {{- if .Values.volumeMounts }}{{ toYaml .Values.volumeMounts | nindent 12 }}{{- end }} 134 | {{- if .Values.enableHostDocker }} 135 | - name: var-run-docker-sock 136 | mountPath: /var/run/docker.sock 137 | {{- end }} 138 | {{- if .Values.registryCreds.gcrServiceAccountKey }} 139 | - name: service-key 140 | mountPath: /etc/service_key 141 | {{- end }} 142 | {{- if .Values.registryCreds.dockerConfig }} 143 | - name: docker-config 144 | mountPath: /root/.docker 145 | {{- end }} 146 | {{- if .Values.dind.enabled }} 147 | - name: shared-volume 148 | mountPath: "/var/buildkite" 149 | {{- end }} 150 | {{- if .Values.entrypointd }} 151 | - name: entrypointd 152 | mountPath: /docker-entrypoint.d/ 153 | {{- end }} 154 | {{- if .Values.dind.enabled }} 155 | - name: dind 156 | image: {{ .Values.dind.image | default "docker:19.03-dind" }} 157 | args: 158 | - "--mtu" 159 | - "{{ .Values.dind.mtu | default "1500" }}" 160 | securityContext: 161 | privileged: true 162 | env: 163 | - name: DOCKER_TLS_CERTDIR 164 | value: "" 165 | volumeMounts: 166 | {{- if .Values.dind.volumeMounts }}{{ toYaml .Values.dind.volumeMounts | nindent 12 }}{{- end }} 167 | - name: "docker-graph-storage" 168 | mountPath: "/var/lib/docker" 169 | - name: shared-volume 170 | mountPath: "/var/buildkite" 171 | {{- if .Values.registryCreds.gcrServiceAccountKey }} 172 | - name: service-key 173 | mountPath: /etc/service_key 174 | {{- end }} 175 | resources: 176 | {{ toYaml .Values.dind.resources | indent 12 }} 177 | {{- end }} 178 | {{- if .Values.podContainers }}{{ toYaml .Values.podContainers | nindent 8 }}{{- end }} 179 | {{- with .Values.podSecurityContext }} 180 | securityContext: 181 | {{ toYaml . | indent 8 }} 182 | {{- end }} 183 | terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} 184 | volumes: 185 | {{- if .Values.volumes }}{{ toYaml .Values.volumes | nindent 8 }}{{- end }} 186 | {{- if .Values.enableHostDocker }} 187 | - name: var-run-docker-sock 188 | hostPath: 189 | path: /var/run/docker.sock 190 | {{- end }} 191 | {{- if .Values.registryCreds.gcrServiceAccountKey }} 192 | - name: service-key 193 | secret: 194 | secretName: {{ template "fullname" . }}-gcr 195 | {{- end }} 196 | {{- if .Values.registryCreds.dockerConfig }} 197 | - name: docker-config 198 | secret: 199 | secretName: {{ template "fullname" . }}-registry 200 | {{- end }} 201 | {{- if .Values.dind.enabled }} 202 | - name: docker-graph-storage 203 | emptyDir: {} 204 | - name: shared-volume 205 | emptyDir: {} 206 | {{- end }} 207 | {{- if .Values.entrypointd }} 208 | - name: entrypointd 209 | configMap: 210 | name: {{ template "fullname" . }}-entrypointd 211 | defaultMode: 0777 212 | {{- end }} 213 | {{- if .Values.nodeSelector }} 214 | nodeSelector: 215 | {{ toYaml .Values.nodeSelector | indent 8 }} 216 | {{- end }} 217 | {{- if .Values.tolerations }} 218 | tolerations: 219 | {{ toYaml .Values.tolerations | indent 8 }} 220 | {{- end }} 221 | {{- if .Values.affinity }} 222 | affinity: 223 | {{ toYaml .Values.affinity | indent 8 }} 224 | {{- end }} 225 | -------------------------------------------------------------------------------- /stable/agent/templates/pod-disruption-budget.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.podDisruptionBudget.enabled }} 2 | apiVersion: {{ template "pdb.apiVersion" . }} 3 | kind: PodDisruptionBudget 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | namespace: {{ .Release.Namespace }} 7 | spec: 8 | {{- if .Values.podDisruptionBudget.minAvailable }} 9 | minAvailable: {{ .Values.podDisruptionBudget.minAvailable }} 10 | {{- else }} 11 | maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }} 12 | {{- end }} 13 | selector: 14 | matchLabels: 15 | app: {{ template "name" . }} 16 | {{- end }} 17 | -------------------------------------------------------------------------------- /stable/agent/templates/secret-dockerconfigjson.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.registryCreds.dockerconfigjson }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "fullname" . }}-dockerconfigjson 6 | labels: 7 | app: {{ template "name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | type: kubernetes.io/dockerconfigjson 12 | data: 13 | .dockerconfigjson: |- 14 | {{ .Values.registryCreds.dockerconfigjson }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /stable/agent/templates/secret-gcr.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.registryCreds.gcrServiceAccountKey }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "fullname" . }}-gcr 6 | labels: 7 | app: {{ template "name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | type: Opaque 12 | data: 13 | service-account-key.json: |- 14 | {{ .Values.registryCreds.gcrServiceAccountKey }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /stable/agent/templates/secret-registry.yaml: -------------------------------------------------------------------------------- 1 | {{- if .Values.registryCreds.dockerConfig }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "fullname" . }}-registry 6 | labels: 7 | app: {{ template "name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | type: Opaque 12 | data: 13 | config.json: |- 14 | {{ .Values.registryCreds.dockerConfig }} 15 | {{- end }} 16 | -------------------------------------------------------------------------------- /stable/agent/templates/secret.yaml: -------------------------------------------------------------------------------- 1 | {{- if or .Values.agent.token .Values.privateSshKey }} 2 | apiVersion: v1 3 | kind: Secret 4 | metadata: 5 | name: {{ template "fullname" . }} 6 | labels: 7 | app: {{ template "name" . }} 8 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 9 | release: {{ .Release.Name }} 10 | heritage: {{ .Release.Service }} 11 | type: Opaque 12 | data: 13 | {{- if .Values.agent.token }} 14 | agent-token: {{ .Values.agent.token | b64enc }} 15 | {{- end }} 16 | {{- if .Values.privateSshKey }} 17 | agent-ssh: {{ .Values.privateSshKey | b64enc }} 18 | {{- end }} 19 | {{- end }} 20 | -------------------------------------------------------------------------------- /stable/agent/templates/service-account.yaml: -------------------------------------------------------------------------------- 1 | apiVersion: v1 2 | kind: ServiceAccount 3 | metadata: 4 | name: {{ template "fullname" . }} 5 | labels: 6 | app: {{ template "name" . }} 7 | chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }} 8 | release: {{ .Release.Name }} 9 | heritage: {{ .Release.Service }} 10 | {{- if .Values.serviceAccount.annotations }} 11 | annotations: 12 | {{ toYaml .Values.serviceAccount.annotations | indent 4 }} 13 | {{- end }} 14 | -------------------------------------------------------------------------------- /stable/agent/values.yaml: -------------------------------------------------------------------------------- 1 | # Default values for bk-agent. 2 | # This is a YAML-formatted file. 3 | # Declare variables to be passed into your templates. 4 | 5 | replicaCount: 1 6 | 7 | image: 8 | repository: buildkite/agent 9 | # Note that by default we use appVersion to get image tag version 10 | # tag: 11 | pullPolicy: IfNotPresent 12 | 13 | # Buildkite Agent settings 14 | agent: 15 | # Your Buildkite agent token, it must be set 16 | token: "" 17 | # Agent tags, which can be used to assign jobs 18 | tags: "role=agent" 19 | externalSecretName: "" 20 | externalSecretTokenKey: "agent-token" 21 | externalSecretSSHKey: "" 22 | # Agent Deployment annotations 23 | annotations: {} 24 | 25 | # Enable mounting the hosts docker socket into the agent container 26 | enableHostDocker: true 27 | 28 | # Enable security context configuration for the container 29 | securityContext: {} 30 | # privileged: true 31 | 32 | # Enable security context configuration for the pod 33 | podSecurityContext: {} 34 | # fsGroup: 1000 35 | 36 | # Extra env vars to be passed 37 | # If you do want to pass extra env vars to the agent, uncomment the following 38 | # lines, adjust them as necessary. 39 | extraEnv: 40 | # - name: test1 41 | # value: "test1" 42 | # - name: test2 43 | # value: "test2" 44 | 45 | # Mount extra Secrets 46 | # If you do want to mount extra Secrets via volume mounts to the agent container, 47 | # uncomment the following lines, adjust them as necessary. 48 | # 49 | volumeMounts: {} 50 | # - name: my-secrets 51 | # value: "/chamber-of-secrets" 52 | # 53 | volumes: {} 54 | # - name: my-secrets 55 | # secret: 56 | # secretName: "some-k8s-secret" 57 | 58 | # Your ssh private key if you want to access private git repository 59 | privateSshKey: "" 60 | 61 | # Docker registries credentials 62 | registryCreds: 63 | # GCP credentials for GCR 64 | # base64 encoded GCP Service account json key file 65 | gcrServiceAccountKey: "" 66 | # base64 encoded private registry docker config.json file 67 | # for quay.io, docker hub, ecr and etc to mount over the container, 68 | # not to be used with imagePullSecrets 69 | dockerConfig: "" 70 | # base64 encoded private registry docker config.json file 71 | # to be used with imagePullSecrets 72 | dockerconfigjson: "" 73 | 74 | # Add scriptes to /docker-entrypoint.d/ via a ConfigMap 75 | entrypointd: {} 76 | # 01-install-kubectl: | 77 | # #!/bin/bash 78 | # set -euo pipefail 79 | # apt-get update && apt-get install -y kubectl 80 | 81 | serviceAccount: 82 | annotations: {} 83 | 84 | # Uncomment below to enable docker socket liveness probe 85 | livenessProbe: 86 | # initialDelaySeconds: 15 87 | # timeoutSeconds: 1 88 | # exec: 89 | # command: 90 | # - docker 91 | # - ps 92 | 93 | resources: {} 94 | # We usually recommend not to specify default resources and to leave this as a conscious 95 | # choice for the user. This also increases chances charts run on environments with little 96 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 97 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 98 | # limits: 99 | # cpu: 500m 100 | # memory: 1024Mi 101 | # requests: 102 | # cpu: 100m 103 | # memory: 128Mi 104 | 105 | nodeSelector: {} 106 | 107 | tolerations: [] 108 | 109 | affinity: {} 110 | 111 | # RBAC manifests management 112 | rbac: 113 | create: false 114 | role: 115 | ## Rules to create. It follows the role specification 116 | rules: 117 | - apiGroups: 118 | - "" 119 | resources: 120 | - namespaces 121 | verbs: 122 | - watch 123 | - list 124 | - apiGroups: 125 | - "" 126 | resources: 127 | - secrets 128 | verbs: 129 | - get 130 | - watch 131 | - list 132 | - apiGroups: 133 | - "" 134 | - extensions 135 | - apps 136 | - batch 137 | resources: 138 | - pods 139 | - replicasets 140 | - replicationcontrollers 141 | - statefulsets 142 | - deployments 143 | - daemonsets 144 | - jobs 145 | - cronjobs 146 | verbs: 147 | - get 148 | - delete 149 | - watch 150 | - list 151 | - update 152 | - apiGroups: 153 | - "" 154 | resources: 155 | - configmaps 156 | - secrets 157 | verbs: 158 | - get 159 | - create 160 | - update 161 | 162 | podDisruptionBudget: 163 | enabled: false 164 | maxUnavailable: 1 165 | minAvailable: null 166 | 167 | # Extra annotations for the pod 168 | podAnnotations: {} 169 | 170 | # Extra "sidecar" containers for the pod 171 | podContainers: {} 172 | # - name: container-name 173 | # image: container-image:tag 174 | # args: ["cmd"] 175 | # env: 176 | # - name: VAR_NAME 177 | # value: var_value 178 | 179 | # Preconfigured Docker-in-Docker (DinD) container specification 180 | dind: 181 | enabled: false 182 | image: docker:19.03-dind 183 | port: 2375 184 | resources: {} 185 | mtu: 1500 186 | # We usually recommend not to specify default resources and to leave this as a conscious 187 | # choice for the user. This also increases chances charts run on environments with little 188 | # resources, such as Minikube. If you do want to specify resources, uncomment the following 189 | # lines, adjust them as necessary, and remove the curly braces after 'resources:'. 190 | # limits: 191 | # cpu: 500m 192 | # memory: 1024Mi 193 | # requests: 194 | # cpu: 100m 195 | # memory: 128Mi 196 | volumeMounts: {} 197 | 198 | # Duration in seconds the pod needs to terminate gracefully. 199 | # May be increased to allow pipelines to complete successfully before the pod is terminated. 200 | terminationGracePeriodSeconds: 30 201 | 202 | # Control the lifecycle management for the deployment 203 | lifecycle: 204 | # if useDefault is true, we will use the buildkite/charts default for managing 205 | # the lifecycle of the pod. Specifically, we will kill all "buildkite-agent" 206 | # processes in the container before shutting down. Please note that there is 207 | # some concern that, on some some container images, this will have the 208 | # negative effect of causing builds to stop as well. See 209 | # https://github.com/buildkite/charts/pull/87 for more discussion 210 | useDefault: true 211 | 212 | # Both preStop and postStart are optional values to be executed for the 213 | # containers' lifecycle. Note that these cannot be specified if useDefault is 214 | # true See: https://kubernetes.io/docs/concepts/containers/container-lifecycle-hooks/ 215 | preStop: {} 216 | postStart: {} 217 | -------------------------------------------------------------------------------- /test/ct.yaml: -------------------------------------------------------------------------------- 1 | remote: origin 2 | target-branch: master 3 | chart-dirs: 4 | - stable 5 | excluded-charts: 6 | - common 7 | helm-extra-args: --timeout 800 8 | --------------------------------------------------------------------------------