Newer
Older
# -- Toggle OIDC SSO for Anchore on and off.
# Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
# -- Anchore OIDC client ID
# -- Anchore OIDC client role attribute
# -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
# -- Port of a pre-existing PostgreSQL database to use for Anchore.
# -- Username to connect as to external database, the user must have all privileges on the database.
# -- Database password for the username used to connect to the existing database.
# -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
# -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
# Only required for enterprise edition of anchore.
# By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies
feeds_database: ""
# -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
# -- Port of a pre-existing Redis to use for Anchore Enterprise.
# -- OPTIONAL: Username to connect to a pre-existing Redis (for password-only auth leave empty)
username: ""
# -- Password to connect to pre-existing Redis.
# -- Values to passthrough to the anchore chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Mattermost Operator and Instance
#
mattermostoperator:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Mattermost Operator Package
flux: {}
# -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
mattermost:
# -- Toggle deployment of Mattermost.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Mattermost Package
flux: {}
# -- Mattermost Enterprise functionality.
enterprise:
# -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install.
enabled: false
# -- License for Mattermost.
# This should be the entire contents of the license file from Mattermost (should be one line), example below
# license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
license: ""
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
sso:
# -- Toggle OIDC SSO for Mattermost on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Mattermost OIDC client ID
client_id: ""
# -- Mattermost OIDC client secret
client_secret: ""
# -- Mattermost OIDC auth endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
auth_endpoint: ""
# -- Mattermost OIDC token endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
token_endpoint: ""
# -- Mattermost OIDC user API endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
user_api_endpoint: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Mattermost.
port: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Database name to connect to on host.
database: ""
# -- SSL Mode to use when connecting to the database.
# Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
ssl_mode: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# Entering connection info will enable this option and will auto-create any required secrets.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket name to use for Mattermost - will be auto-created.
bucket: ""
# -- Mattermost Elasticsearch integration - requires enterprise E20 license - https://docs.mattermost.com/deployment/elasticsearch.html
# Connection info defaults to the BB deployed Elastic, all values can be overridden via the "values" passthrough for other connections.
# See values spec in MM chart "elasticsearch" yaml block - https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
elasticsearch:
# -- Toggle interaction with Elastic for optimized search indexing
enabled: false
# -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
velero:
# -- Toggle deployment of Velero.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Velero Package
flux: {}
# -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
# -- Values to passthrough to the Velero chart: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/chart/values.yaml
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Keycloak
#
keycloak:
# -- Toggle deployment of Keycloak.
# if you enable Keycloak you should uncomment the istio passthrough configurations above
# istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
path: "./chart"
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
database:
# -- Hostname of a pre-existing database to use for Keycloak.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Pre-existing database type (e.g. postgres) to use for Keycloak.
type: postgres
# -- Port of a pre-existing database to use for Keycloak.
port: 5432
# -- Database name to connect to on host.
database: "" # example: keycloak
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
# the istio gateway for keycloak must have tls.mode: PASSTHROUGH
gateway: "passthrough"
# -- Certificate/Key pair to use as the certificate for exposing Keycloak
# Setting the ingress cert here will automatically create the volume and volumemounts in the Keycloak Package chart
key: ""
cert: ""
# -- Values to passthrough to the keycloak chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
# ----------------------------------------------------------------------------------------------------------------------
# Vault
#
vault:
# -- Toggle deployment of Vault.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
path: "./chart"
# -- Flux reconciliation overrides specifically for the Vault Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Values to passthrough to the vault chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
# -- Post Renderers. See docs/postrenders.md