Newer
Older
# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
joshwolf
committed
offline: false
# -- List of Helm repositories/credentials to pull helm charts from.
# OCI Type: Must specify username/password or existingSecret if repository requires auth. Using "private-registry" for existingSecret will reuse credentials from registryCredentials above.
# Default Type: Must specify existingSecret with auth - see https://fluxcd.io/flux/components/source/helmrepositories/#secret-reference for details on secret data required.
helmRepositories: []
# - name: "registry1"
# repository: "oci://registry1.dso.mil/bigbang"
# existingSecret: "private-registry"
# type: "oci"
# username: ""
# password: ""
# email: ""
# # This is an array/list of public keys to be used. Template will append `.pub` to the key as required by Flux
# cosignPublicKeys: []
# key1: |
# -----BEGIN PUBLIC KEY-----
# MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIE7v9J6ttQus6itUoyfMCqMjaIqm
# R8XrntaedsdEhPPchOQuFzqTyyAPGifV1SaEu8medVRi6mVICWbVwOteNg==
# -----END PUBLIC KEY-----
# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
joshwolf
committed
# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Openshift Container Platform Feature Toggle
openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password/caFile)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
# -- Chart created secrets with user defined values
# -- HTTP git credentials, both username and password must be provided
# -- HTTPS certificate authority file. Required for any repo with a self signed certificate
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# -- Global SSO values used for BigBang deployments when sso is enabled
Ryan Garcia
committed
sso:
# -- Name of the identity provider. This is used by some packages as the SSO login label.
name: SSO
# -- Base URL for the identity provider. For OIDC, this is the issuer. For SAML this is the entityID.
url: https://login.dso.mil/auth/realms/baby-yoda
# -- Certificate authority for the identity provider's certificates
certificateAuthority:
# -- The certificate authority public certificate in .pem format. Populating this will create a secret in each namespace that enables SSO.
cert: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example
# -- The secret name to use for the certificate authority. Can be manually populated if cert is blank.
secretName: tls-ca-sso
saml:
# -- SAML entityDescriptor (metadata) path
entityDescriptor: "{{ .Values.sso.url }}/protocol/saml/descriptor"
# -- SAML SSO Service path
service: "{{ .Values.sso.url }}/protocol/saml"
# -- Literal SAML XML metadata retrieved from `{{ .Values.sso.saml.entityDescriptor }}`. Required for SSO in Nexus, Twistlock, or Sonarqube.
metadata: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example
# NOTE: SAML attribute names may vary by package. Use the package values to setup attribute names
# -- OIDC endpoints can be retrieved from `{{ .Values.sso.url }}/.well-known/openid-configuration`
Ryan Garcia
committed
oidc:
# -- OIDC authorization path
authorization: "{{ .Values.sso.url }}/protocol/openid-connect/auth"
# -- OIDC logout / end session path
endSession: "{{ .Values.sso.url }}/protocol/openid-connect/logout"
# -- OIDC JSON Web Key Set (JWKS) path
jwksUri: "{{ .Values.sso.url }}/protocol/openid-connect/certs"
# -- OIDC token path
token: "{{ .Values.sso.url }}/protocol/openid-connect/token"
# -- OIDC user information path
userinfo: "{{ .Values.sso.url }}/protocol/openid-connect/userinfo"
# -- Literal OIDC JWKS data retrieved from JWKS Uri. Only needed if `jwsksUri` is not defined.
jwks: ""
# -- Identity provider claim names that store metadata about the authenticated user.
claims:
# -- IdP's claim name used for the user's email address.
email: email
# -- IdP's claim name used for the user's full name
name: name
# -- IdP's claim name used for the username
username: preferred_username
# -- IdP's claim name used for the user's groups or roles
groups: groups
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
joshwolf
committed
flux:
Ryan Garcia
committed
timeout: 10m
Ryan Garcia
committed
test:
enable: false
Ryan Garcia
committed
remediation:
Ryan Garcia
committed
remediation:
retries: 3
remediateLastFailure: true
cleanupOnFail: true
# -- Global NetworkPolicies settings
networkPolicies:
# -- Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled`
# -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
# Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
# Used by package NetworkPolicies to allow Kube API access
controlPlaneCidr: 0.0.0.0/0
# -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks.
# use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range.
# Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs)
nodeCidr: ""
# -- VPC CIDR, defaults to 0.0.0.0/0
# In a production environment, it is recommended to setup a Private Endpoint for your AWS services like KMS or S3.
# Please review https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html to setup routing to AWS services that never leave the AWS network.
# Once created update `networkPolicies.vpcCidr` to match the CIDR of your VPC so Vault will be able to reach your VPCs DNS and new KMS endpoint.
vpcCidr: 0.0.0.0/0
Tawsif Siddiqui
committed
# -- Global ImagePullPolicy value for all packages
# Permitted values are: None, Always, IfNotPresent
Tawsif Siddiqui
committed
imagePullPolicy: IfNotPresent
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
istioBase:
# -- Toggle deployment of Istio Base
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-base.git
path: "./chart"
branch: "bb-2213-istio-base"
#tag:
helmRepo:
repoName: "registry1"
chartName: "istio-base"
tag:
# -- Flux reconciliation overrides specifically for the Istio Base Package
flux: {}
# -- Values to passthrough to the istio-base chart
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
istiod:
# -- Toggle deployment of Istio Daemon
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/apps/sandbox/istiod.git
path: "./chart"
branch: "bb-2213-istio-istiod"
#tag:
helmRepo:
repoName: "registry1"
chartName: "istiod"
tag:
# -- Flux reconciliation overrides specifically for the Istio Daemon Package
flux: {}
# -- Values to passthrough to the istiod chart
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
istioGateway:
# -- Toggle deployment of Istio Gateway
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-gateway.git
path: "./chart"
branch: "bb-2213-istio-gateway"
#tag:
# helmRepo:
# repoName: "registry1"
# chartName: "istio-gateway"
# tag:
# -- Flux reconciliation overrides specifically for the Istio Gateway Package
flux: {}
# -- Values to passthrough to the istio-base chart
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Istio.
mtls:
# -- STRICT = Allow only mutual TLS traffic,
# PERMISSIVE = Allow both plain text and mutual TLS traffic
mode: STRICT
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
# -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI). Set to 'false' to disable verification.
# cosignVerify:
# -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support,
# validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
enterprise: false
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
# Ingress gateways are created based on the key name. Adding more keys will add ingress gateways.
# Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas
# Besides some ports needed by Istio, only ports 80 and 443 are opened
# Ingress gateways that require more configuration can be completed using `istio.values`
ingressGateways:
public-ingressgateway:
type: "LoadBalancer" # or "NodePort"
kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# private-ingressgateway:
# type: "LoadBalancer" # or "NodePort"
# kubernetesResourceSpec: # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# serviceAnnotations: # Example for AWS internal load balancer
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# passthrough-ingressgateway:
# type: "NodePort" # or "LoadBalancer"
# # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports.
# # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
# # Node port base should be in the range from 30000 to 32764
# nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters
gateways:
public:
ingressGateway: "public-ingressgateway"
hosts:
# -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
autoHttpRedirect:
enabled: true
tls:
key: ""
cert: ""
# private:
# ingressGateway: "private-ingressgateway"
# hosts:
# - "example.bigbang.dev"
# ports:
# - name: tls-2
# number: 1234
# protocol: TCP
# - name: tls
# number: 5678
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# minProtocolVersion: ""
# passthrough:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
####
# Alternate multi-server configuration method
####
# private:
# ingressGateway: "private-ingressgateway"
# servers:
# - hosts:
# - "example.bigbang.dev"
# port:
# name: tls-1
# number: 1234
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# minProtocolVersion: ""
# - hosts:
# - "example.bigbang.dev"
# port:
# name: tls-2
# number: 5678
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# minProtocolVersion: ""
# passthrough:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: true
# tls:
# mode: "PASSTHROUGH"
# mutual:
# ingressGateway: "mutual-ingressgateway"
# hosts:
# - "*.{{ .Values.domain }}"
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: true
# tls:
# mode: MUTUAL
# cert: ""
# key: ""
# ca: ""
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Package
flux: {}
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Istio Operator.
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git
helmRepo:
repoName: "registry1"
chartName: "istio-operator"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Operator Package
flux: {}
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
jaeger:
# -- Toggle deployment of Jaeger.
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/product/packages/jaeger.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Jaeger Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Jaeger on and off
enabled: false
# -- OIDC Client ID to use for Jaeger
client_id: ""
# -- OIDC Client Secret to use for Jaeger
client_secret: ""
# -- Values to pass through to Jaeger chart: https://repo1.dso.mil/big-bang/product/packages/jaeger.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
kiali:
# -- Toggle deployment of Kiali.
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/product/packages/kiali.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Kiali Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Kiali on and off
enabled: false
# -- OIDC Client ID to use for Kiali
client_id: ""
# -- OIDC Client Secret to use for Kiali
client_secret: ""
# -- Values to pass through to Kiali chart: https://repo1.dso.mil/big-bang/product/packages/kiali
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
# -- Toggle deployment of Cluster Auditor.
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git
helmRepo:
repoName: "registry1"
chartName: "cluster-auditor"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Cluster Auditor Package
flux: {}
# -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
# -- Toggle deployment of OPA Gatekeeper.
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/policy.git
helmRepo:
repoName: "registry1"
chartName: "gatekeeper"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/big-bang/product/packages/policy.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Kyverno
#
kyverno:
# -- Toggle deployment of Kyverno.
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/kyverno.git
# -- Flux reconciliation overrides specifically for the Kyverno Package
# -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/big-bang/product/packages/kyverno.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Kyverno policies
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
helmRepo:
repoName: "registry1"
chartName: "kyverno-policies"
# -- Flux reconciliation overrides specifically for the Kyverno Package
flux: {}
# -- Values to passthrough to the kyverno policies chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git
helmRepo:
repoName: "registry1"
chartName: "kyverno-reporter"
# -- Flux reconciliation overrides specifically for the Kyverno Reporter Package
flux: {}
# -- Values to passthrough to the kyverno reporter chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# -- Toggle deployment of Logging (EFK).
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
helmRepo:
repoName: "registry1"
chartName: "elasticsearch-kibana"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
timeout: 20m
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Elasticsearch/Kibana OIDC client ID
client_id: ""
# -- Elasticsearch/Kibana OIDC client secret
client_secret: ""
# -- Elasticsearch/Kibana Service Account Annotations
serviceAccountAnnotations:
elasticsearch: {}
kibana: {}
license:
# -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work.
trial: false
# -- Elasticsearch license in json format seen here: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana#enterprise-license
# -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of ECK Operator.
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
helmRepo:
repoName: "registry1"
chartName: "eck-operator"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the ECK Operator Package
flux: {}
# -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Fluent-Bit.
enabled: false
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
helmRepo:
repoName: "registry1"
chartName: "fluentbit"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Fluent-Bit Package
flux: {}
# -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
promtail:
# -- Toggle deployment of Promtail.
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/promtail.git
# -- Flux reconciliation overrides specifically for the Promtail Package
flux: {}
# -- Values to passthrough to the promtail chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
loki:
# -- Toggle deployment of Loki.
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/loki.git
# -- Flux reconciliation overrides specifically for the Loki Package
flux: {}
# -- Loki architecture. Options are monolith and scalable
strategy: monolith
# -- Loki clusterName identifier for Promtail and Dashboards
clusterName: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket Names for the Loki buckets as YAML
# chunks: loki-logs
# ruler: loki-ruler
# admin: loki-admin
bucketNames: {}
# -- Values to passthrough to the Loki chart: https://repo1.dso.mil/big-bang/product/packages/loki.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
path: "./chart"
helmRepo:
repoName: "registry1"
chartName: "neuvector"
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Neuvector on and off
enabled: false
# -- OIDC Client ID to use for Neuvector
client_id: ""
# -- OIDC Client Secret to use for Neuvector
client_secret: ""
# -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
default_role: ""
# -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
group_claim: ""
# -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
group_mapped_roles: []
# -- Flux reconciliation overrides specifically for the Neuvector Package
flux: {}
# -- Values to passthrough to the Neuvector chart: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/tempo.git
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Flux reconciliation overrides specifically for the Tempo Package
flux: {}
sso:
# -- Toggle SSO for Tempo on and off
enabled: false
# -- OIDC Client ID to use for Tempo
client_id: ""
# -- OIDC Client Secret to use for Tempo
client_secret: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
# Note: tempo does not require protocol prefix for URL.
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# examples: "tempo-traces"
bucket: ""
# -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object
# storage on port 80/9000 set this value to true.
insecure: false
# -- Values to passthrough to the Tempo chart: https://repo1.dso.mil/big-bang/product/packages/tempo.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
# -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
repo: https://repo1.dso.mil/big-bang/product/packages/monitoring.git
helmRepo:
repoName: "registry1"
chartName: "monitoring"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Monitoring Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
Ryan Garcia
committed
sso:
# -- Toggle SSO for monitoring components on and off
Ryan Garcia
committed
enabled: false
prometheus:
# -- Prometheus OIDC client ID
client_id: ""
# -- Prometheus OIDC client secret
client_secret: ""
Ryan Garcia
committed
alertmanager:
# -- Alertmanager OIDC client ID
client_id: ""
# -- Alertmanager OIDC client secret
client_secret: ""
# -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/big-bang/product/packages/monitoring.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Grafana
#
grafana:
# -- Toggle deployment of Grafana
enabled: true
# -- Choose source type of "git" or "helmRepo"
sourceType: "git"
git:
repo: https://repo1.dso.mil/big-bang/product/packages/grafana.git