Installation Configurations

Configure Secrets

For Helm installation this section refers to secrets section of values.yaml.

Configure the following properties:

ParameterDescriptionDefault

POSTGRESQL_PASSWORD

Using this parameter the auto-generated password for Postgres can be edited as per requirement(Used by Devtron to store the app information)

NA

WEBHOOK_TOKEN

If you want to continue using Jenkins for CI then provide this for authentication of requests should be base64 encoded

NA

Configure ConfigMaps

For Helm installation this section refers to configs section of values.yaml.

Configure the following properties:

ParameterDescriptionDefault

BASE_URL_SCHEME

Either of HTTP or HTTPS (required)

HTTP

BASE_URL

URL without scheme and trailing slash, this is the domain pointing to the cluster on which the Devtron platform is being installed. For example, if you have directed domain devtron.example.com to the cluster and the ingress controller is listening on port 32080 then URL will be devtron.example.com:32080 (required)

change-me

DEX_CONFIG

dex config if you want to integrate login with SSO (optional) for more information check Argocd documentation

NA

EXTERNAL_SECRET_AMAZON_REGION

AWS region for the secret manager to pick (required)

NA

PROMETHEUS_URL

URL of Prometheus where all cluster data is stored; if this is wrong, you will not be able to see application metrics like CPU, RAM, HTTP status code, latency, and throughput (required)

NA

Configure Resources

Devtron provides ways to control how much memory or CPU can be allocated to each Devtron microservice. You can adjust the resources that are allocated to these microservices based on your requirements. The resource configurations are available in following sizes:

Small: To configure the small resources (e.g. to manage less than 10 apps on Devtron ) based on the requirements, append the Devtron installation command with -f https://raw.githubusercontent.com/devtron-labs/devtron/main/charts/devtron/resources-small.yaml.

Configure Overrides

For Helm installation this section refers to customOverrides section of values.yaml. In this section you can override values of devtron-cm which you want to keep persistent. For example:

You can configure the following properties:

ParameterDescriptionDefault

CI_NODE_LABEL_SELECTOR

Labels for a particular nodegroup which you want to use for running CIs

NA

CI_NODE_TAINTS_KEY

Key for toleration if nodegroup chosen for CIs have some taints

NA

CI_NODE_TAINTS_VALUE

Value for toleration if nodegroup chosen for CIs have some taints

NA

Storage for Logs and Cache

AWS SPECIFIC

While installing Devtron and using the AWS-S3 bucket for storing the logs and caches, the below parameters are to be used in the ConfigMap.

NOTE: For using the S3 bucket it is important to add the S3 permission policy to the IAM role attached to the nodes of the cluster.

ParameterDescriptionDefault

DEFAULT_CACHE_BUCKET

AWS bucket to store docker cache, it should be created beforehand (required)

DEFAULT_BUILD_LOGS_BUCKET

AWS bucket to store build logs, it should be created beforehand (required)

DEFAULT_CACHE_BUCKET_REGION

AWS region of S3 bucket to store cache (required)

DEFAULT_CD_LOGS_BUCKET_REGION

AWS region of S3 bucket to store CD logs (required)

BLOB_STORAGE_S3_ENDPOINT

S3 compatible bucket endpoint.

The below parameters are to be used in the Secrets :

ParameterDescription

BLOB_STORAGE_S3_ACCESS_KEY

AWS access key to access S3 bucket. Required if installing using AWS credentials.

BLOB_STORAGE_S3_SECRET_KEY

AWS secret key to access S3 bucket. Required if installing using AWS credentials.

AZURE SPECIFIC

While installing Devtron using Azure Blob Storage for storing logs and caches, the below parameters will be used in the ConfigMap.

ParameterDescription

AZURE_ACCOUNT_NAME

Account name for AZURE Blob Storage

AZURE_BLOB_CONTAINER_CI_LOG

AZURE Blob storage container for storing ci-logs after running the CI pipeline

AZURE_BLOB_CONTAINER_CI_CACHE

AZURE Blob storage container for storing ci-cache after running the CI pipeline

GOOGLE CLOUD STORAGE SPECIFIC

While installing Devtron using Google Cloud Storage for storing logs and caches, the below parameters will be used in the ConfigMap.

ParameterDescriptionDefault

BLOB_STORAGE_GCP_CREDENTIALS_JSON

Base-64 encoded GCP credentials json for accessing Google Cloud Storage

DEFAULT_CACHE_BUCKET

Google Cloud Storage bucket for storing ci-logs after running the CI pipeline

DEFAULT_LOGS_BUCKET

Google Cloud Storage bucket for storing ci-cache after running the CI pipeline

To convert string to base64 use the following command:

echo -n "string" | base64

Note:

  1. Ensure that the cluster has read and write access to the S3 buckets/Azure Blob storage container mentioned in DEFAULT_CACHE_BUCKET, DEFAULT_BUILD_LOGS_BUCKET or AZURE_BLOB_CONTAINER_CI_LOG, or AZURE_BLOB_CONTAINER_CI_CACHE.

  2. Ensure that the cluster has read access to AWS secrets backends (SSM & secrets manager).


The following tables contain parameters and their details for Secrets and ConfigMaps that are configured during the installation of Devtron. If the installation is done using Helm, the values can be tweaked in values.yaml file.

We can use the --set flag to override the default values when installing with Helm. For example, to update POSTGRESQL_PASSWORD and BLOB_STORAGE_PROVIDER, use the install command as:

helm install devtron devtron/devtron-operator --create-namespace --namespace devtroncd \
--set secrets.POSTGRESQL_PASSWORD=change-me \
--set configs.BLOB_STORAGE_PROVIDER=S3

Configuration of Blob Storage

Blob Storage allows users to store large amounts of unstructured data. Unstructured data is a data that does not adhere to a particular data model or definition, such as text or binary data. Configuring blob storage in your Devtron environment allows you to store build logs and cache.

In case, if you do not configure the Blob Storage, then:

  • You will not be able to access the build and deployment logs after an hour.

  • Build time for commit hash takes longer as cache is not available.

  • Artifact reports cannot be generated in pre/post build and deployment stages.

You can configure Blob Storage with one of the following Blob Storage providers given below:

Note: You can also use the respective following command to switch to another Blob Storage provider. As an example, If you are using MinIO Storage and want to switch to Azure Blob Storage, use the command provided on the Azure Blob Storage tab to switch.

Use the following command to configure MinIO for storing logs and cache.

Note: Unlike global cloud providers such as AWS S3 Bucket, Azure Blob Storage and Google Cloud Storage, MinIO can be hosted locally also.

helm repo update

helm upgrade devtron devtron/devtron-operator --namespace devtroncd \
--reuse-values \
--set installer.modules={cicd} \
--set minio.enabled=true

Secrets

ParameterDescriptionDefaultNecessity

ACD_PASSWORD

ArgoCD Password for CD Workflow

Auto-Generated

Optional

AZURE_ACCOUNT_KEY

Account key to access Azure objects such as BLOB_CONTAINER_CI_LOG or CI_CACHE

""

Mandatory (If using Azure)

GRAFANA_PASSWORD

Password for Grafana to display graphs

Auto-Generated

Optional

POSTGRESQL_PASSWORD

Password for your Postgresql database that will be used to access the database

Auto-Generated

Optional

ConfigMaps

ParameterDescriptionDefaultNecessity

AZURE_ACCOUNT_NAME

Azure account name which you will use

""

Mandatory (If using Azure)

AZURE_BLOB_CONTAINER_CI_LOG

Name of container created for storing CI_LOG

ci-log-container

Optional

AZURE_BLOB_CONTAINER_CI_CACHE

Name of container created for storing CI_CACHE

ci-cache-container

Optional

BLOB_STORAGE_PROVIDER

Cloud provider name which you will use

MINIO

Mandatory (If using any cloud other than MINIO), MINIO/AZURE/S3

DEFAULT_BUILD_LOGS_BUCKET

S3 Bucket name used for storing Build Logs

devtron-ci-log

Mandatory (If using AWS)

DEFAULT_CD_LOGS_BUCKET_REGION

Region of S3 Bucket where CD Logs are being stored

us-east-1

Mandatory (If using AWS)

DEFAULT_CACHE_BUCKET

S3 Bucket name used for storing CACHE (Do not include s3://)

devtron-ci-cache

Mandatory (If using AWS)

DEFAULT_CACHE_BUCKET_REGION

S3 Bucket region where Cache is being stored

us-east-1

Mandatory (If using AWS)

EXTERNAL_SECRET_AMAZON_REGION

Region where the cluster is setup for Devtron installation

""

Mandatory (If using AWS)

ENABLE_INGRESS

To enable Ingress (True/False)

False

Optional

INGRESS_ANNOTATIONS

Annotations for ingress

""

Optional

PROMETHEUS_URL

Existing Prometheus URL if it is installed

""

Optional

CI_NODE_LABEL_SELECTOR

Label of CI worker node

""

Optional

CI_NODE_TAINTS_KEY

Taint key name of CI worker node

""

Optional

CI_NODE_TAINTS_VALUE

Value of taint key of CI node

""

Optional

CI_DEFAULT_ADDRESS_POOL_BASE_CIDR

CIDR ranges used to allocate subnets in each IP address pool for CI

""

Optional

CI_DEFAULT_ADDRESS_POOL_SIZE

The subnet size to allocate from the base pool for CI

""

Optional

CD_NODE_LABEL_SELECTOR

Label of CD node

kubernetes.io/os=linux

Optional

CD_NODE_TAINTS_KEY

Taint key name of CD node

dedicated

Optional

CD_NODE_TAINTS_VALUE

Value of taint key of CD node

ci

Optional

CD_LIMIT_CI_CPU

CPU limit for pre and post CD Pod

0.5

Optional

CD_LIMIT_CI_MEM

Memory limit for pre and post CD Pod

3G

Optional

CD_REQ_CI_CPU

CPU request for CI Pod

0.5

Optional

CD_REQ_CI_MEM

Memory request for CI Pod

1G

Optional

CD_DEFAULT_ADDRESS_POOL_BASE_CIDR

CIDR ranges used to allocate subnets in each IP address pool for CD

""

Optional

CD_DEFAULT_ADDRESS_POOL_SIZE

The subnet size to allocate from the base pool for CD

""

Optional

GITOPS_REPO_PREFIX

Prefix for Gitops repository

devtron

Optional

Dashboard Configurations

RECOMMEND_SECURITY_SCANNING=false
FORCE_SECURITY_SCANNING=false
HIDE_DISCORD=false
ParameterDescription

RECOMMEND_SECURITY_SCANNING

If True, security scanning is enabled by default for a new build pipeline. Users can however turn it off in the new or existing pipelines.

FORCE_SECURITY_SCANNING

If set to True, security scanning is forcefully enabled by default for a new build pipeline. Users can not turn it off for new as well as for existing build pipelines. Old pipelines that have security scanning disabled will remain unchanged and image scanning should be enabled manually for them.

HIDE_DISCORD

Hides discord chatbot from the dashboard.

Last updated