Newer
Older
# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
joshwolf
committed
hostname: bigbang.dev
# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
joshwolf
committed
offline: false
# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
joshwolf
committed
# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Openshift Container Platform Feature Toggle
openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
# -- Chart created secrets with user defined values
# -- HTTP git credentials, both username and password must be provided
username: ""
password: ""
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# -- Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages.
Ryan Garcia
committed
sso:
oidc:
# -- Domain for keycloak used for configuring SSO
Ryan Garcia
committed
host: login.dso.mil
# -- Keycloak realm containing clients
Ryan Garcia
committed
realm: baby-yoda
# -- Keycloak's certificate authority (unencoded) used by authservice to support SSO for various packages
certificate_authority: ""
# -- Keycloak realm's json web key uri, obtained through https://<keycloak-server>/auth/realms/<realm>/.well-known/openid-configuration
Ryan Garcia
committed
jwks: ""
# -- OIDC client ID used for packages authenticated through authservice
Ryan Garcia
committed
client_id: ""
# -- OIDC client secret used for packages authenticated through authservice
Ryan Garcia
committed
client_secret: ""
Andrew Blanchard
committed
# -- OIDC token URL template string (to be used as default)
token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
# -- OIDC auth URL template string (to be used as default)
auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
joshwolf
committed
flux:
interval: 2m
install:
retries: 3
upgrade:
retries: 3
rollback:
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
# -- Toggle deployment of Istio.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
tag: "1.8.4-bb.0"
# -- Certificate/Key pair to use as the default certificate for exposing BigBang created applications.
# If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`.
runyontr
committed
ingress:
key: ""
cert: ""
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Istio Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
tag: "1.8.4-bb.1"
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
jaeger:
# -- Toggle deployment of Jaeger.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
path: "./chart"
tag: "2.19.1-bb.4"
sso:
# -- Toggle SSO for Jaeger on and off
enabled: false
# -- OIDC Client ID to use for Jaeger
client_id: ""
# -- OIDC Client Secret to use for Jaeger
client_secret: ""
# -- Values to pass through to Jaeger chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
kiali:
# -- Toggle deployment of Kiali.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
path: "./chart"
sso:
# -- Toggle SSO for Kiali on and off
enabled: false
# -- OIDC Client ID to use for Kiali
client_id: ""
# -- OIDC Client Secret to use for Kiali
client_secret: ""
# -- Values to pass through to Kiali chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
# -- Toggle deployment of Cluster Auditor.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
# -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
# -- Toggle deployment of OPA Gatekeeper.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
# -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
# -- Toggle deployment of Logging (EFK).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
tag: "0.1.8-bb.0"
sso:
# -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Elasticsearch/Kibana OIDC client ID
client_id: ""
# -- Elasticsearch/Kibana OIDC client secret
client_secret: ""
license:
# -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work.
trial: false
# -- Elasticsearch license in json format seen here: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana#enterprise-license
keyJSON: ""
# -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of ECK Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
values: {}
fluentbit:
# -- Toggle deployment of Fluent-Bit.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
# -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
Ryan Garcia
committed
sso:
# -- Toggle SSO for monitoring components on and off
Ryan Garcia
committed
enabled: false
prometheus:
# -- Prometheus OIDC client ID
client_id: ""
# -- Prometheus OIDC client secret
client_secret: ""
Ryan Garcia
committed
alertmanager:
# -- Alertmanager OIDC client ID
client_id: ""
# -- Alertmanager OIDC client secret
client_secret: ""
Ryan Garcia
committed
grafana:
# -- Grafana OIDC client ID
client_id: ""
# -- Grafana OIDC client secret
client_secret: ""
# -- Grafana OIDC client scopes, comma separated
allow_sign_up: "true"
role_attribute_path: "Viewer"
# -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
# -- Toggle deployment of Twistlock.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
# -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------
#
# -- Toggle deployment of ArgoCD.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
# -- Toggle SSO for ArgoCD on and off
# -- ArgoCD OIDC client ID
client_id: ""
# -- ArgoCD OIDC client secret
client_secret: ""
# -- ArgoCD SSO login text
provider_name: ""
# -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
# -- Values to passthrough to the argocd chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Authservice.
Ryan Garcia
committed
# if enabling authservice, a filter needs to be provided by either enabling
# sso for monitoring or istio, or manually adding a filter chain in the values here:
# values:
# chain:
# minimal:
# callback_uri: "https://somecallback"
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
# -- Values to passthrough to the authservice chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Additional authservice chain configurations.
Ryan Garcia
committed
chains: {}
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minioOperator:
# -- Toggle deployment of minio operator and instance.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
path: "./chart"
# -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
minio:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
# -- Default access key to use for minio.
accesskey: ""
# -- Default secret key to intstantiate with minio, you should change/delete this after installation.
secretkey: ""
# -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Gitlab.
hostnames:
gitlab: gitlab.bigbang.dev
registry: registry.bigbang.dev
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
# -- Toggle OIDC SSO for Gitlab on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Gitlab OIDC client ID
client_id: ""
# -- Gitlab OIDC client secret
client_secret: ""
# -- Gitlab SSO login button label
label: ""
# -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Gitlab.
port: 5432
# -- Database name to connect to on host.
database: "" # example: gitlab
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
# Entering connection info will enable this option and will auto-create any required secrets
type: "" # supported types are "s3" or "minio"
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket prefix to use for identifying buckets.
# Example: "prod" will produce "prod-gitlab-bucket"
bucketPrefix: ""
# -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
Ryan Garcia
committed
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
gitlabRunner:
# -- Toggle deployment of Gitlab Runner.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
# -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
values: {}
Ryan Garcia
committed
# -- Toggle deployment of SonarQube.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
# -- Toggle OIDC SSO for SonarQube.
# Enabling this option will auto-create any required secrets.
# -- SonarQube OIDC client ID
client_id: ""
# -- SonarQube SSO login button label
label: ""
# -- SonarQube plaintext SAML sso certificate.
# example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
certificate: ""
# -- SonarQube login sso attribute.
login: login
# -- SonarQube name sso attribute.
name: name
# -- SonarQube email sso attribute.
email: email
# -- (optional) SonarQube group sso attribute.
group: group
# -- Hostname of a pre-existing PostgreSQL database to use for SonarQube.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for SonarQube.
port: 5432
# -- Database name to connect to on host.
database: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
Ryan Garcia
committed
haproxy:
# -- Toggle deployment of HAProxy.
Zachariah Dzielinski
committed
enabled: false
Ryan Garcia
committed
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
Ryan Garcia
committed
path: "./chart"
tag: 1.1.2-bb.0
# -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/haproxy.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Anchore.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
# -- Initial admin password used to authenticate to Anchore.
adminPassword: ""
# -- Anchore Enterprise functionality.
# -- Toggle the installation of Anchore Enterprise. This must be accompanied by a valid license.
# -- License for Anchore Enterprise.
# For formatting examples see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#enabling-enterprise-services
# -- Toggle OIDC SSO for Anchore on and off.
# Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
# -- Anchore OIDC client ID
# -- Anchore OIDC client role attribute
# -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
# -- Port of a pre-existing PostgreSQL database to use for Anchore.
# -- Username to connect as to external database, the user must have all privileges on the database.
# -- Database password for the username used to connect to the existing database.
# -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
# -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
# Only required for enterprise edition of anchore.
# By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies
feeds_database: ""
# -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
# -- Port of a pre-existing Redis to use for Anchore Enterprise.
# -- Password to connect to pre-existing Redis.
# -- Values to passthrough to the anchore chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Mattermost Operator and Instance
#
mattermostoperator:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git
path: "./chart"
# -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
mattermost:
# -- Toggle deployment of Mattermost.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
path: "./chart"
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
# -- Mattermost Enterprise functionality.
enterprise:
# -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install.
enabled: false
# -- License for Mattermost.
# This should be the entire contents of the license file from Mattermost (should be one line), example below
# license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
license: ""
sso:
# -- Toggle OIDC SSO for Mattermost on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Mattermost OIDC client ID
client_id: ""
# -- Mattermost OIDC client secret
client_secret: ""
# -- Mattermost OIDC auth endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
auth_endpoint: ""
# -- Mattermost OIDC token endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
token_endpoint: ""
# -- Mattermost OIDC user API endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
user_api_endpoint: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Mattermost.
port: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Database name to connect to on host.
database: ""
# -- SSL Mode to use when connecting to the database.
# Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
ssl_mode: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# Entering connection info will enable this option and will auto-create any required secrets.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket name to use for Mattermost - will be auto-created.
bucket: ""
# -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
velero:
# -- Toggle deployment of Velero.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
path: "./chart"
tag: "2.14.8-bb.0"
# -- Values to passthrough to the Velero chart: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/chart/values.yaml
values:
# Requires at least one plugin installed. Current supported values: aws, azure
plugins: []
# - aws
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------