Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"nZUXZDUyyAEKY4dJyargboayGxJmmlrhcoBoik-7040\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"qAl-BtUwp2ZVl7wix_8-pucv-jTK1L9QGFVW02kPYlFi0frg-OL9XsSB1MsJIEFfnDIZ_psvvWYoZkVnzibgVlfAjOQXyIevOWLpSlUK3BpWFnAfO-0oyQWSsclyE8-xpzTifL75SvbSvDp3JXVBa4UdgV2qsNs7xu99wipQ7cro2lpne5EIHv6eKJMeG1eFQS2DJrI6ydNOLrzHFOA3pAhZRphId6dxYWaKzH_tcR34uQ2gg-IgmGakYLFhG_P2ZrMdPqouej_WFoc9Y9hlHx8NALfA6uYe4aDCbWCTL1V1sZJjzVR7WiTDh7fIogTu_2ukpCOnXX_SaLadoulxLw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=\"],\"x5t\":\"ihEvRimRNSdrnr_Fhnd4OElB3-E\",\"x5t#S256\":\"YNijWPCIhWA5xQTwyIfvlBN-UcMe46Um2ywE-ADiqjM\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
interval: 1m
rollback:
cleanupOnFail: false
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger
istio:
jaeger:
enabled: true
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kiali
values:
cr:
spec:
auth:
strategy: "anonymous"
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://kiali.bigbang.dev'
clusterAuditor:
enabled: true
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
Josh Wolf
committed
limits: {}
bbtests:
enabled: true
cypress:
envs:
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_allownodatas: '0'
cypress_url: 'https://grafana.bigbang.dev/d/YBgRZG6Mz/opa-violations?orgId=1'
gatekeeper:
enabled: true
values:
replicas: 1
controllerManager:
resources:
limits: {}
requests:
cpu: 100m
memory: 256Mi
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
allowedHostFilesystem:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- keycloak/keycloak-cypress-test
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
allowedIPs:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-external-ips-.?
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
bannedImageTags:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
noSysctls:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-sysctls-.?
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
restrictedTaint:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/disallow-tolerations-.?
selinuxPolicy:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
- default/disallow-selinux-options-.?
- default/restrict-selinux-type-.?
volumeTypes:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- keycloak/keycloak-cypress-test
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
kyvernopolicies:
enabled: false
values:
bbtests:
enabled: true
exclude:
any:
# Allows k3d load balancer to bypass policies.
- resources:
namespaces:
- istio-system
names:
- svclb-*
# Exclude gatekeeper test resources so Helm tests will work
- resources:
namespaces:
- default
names:
- bad-test*
- good-test*
# Parameters are copied from kyverno policies for test vectors
# Exclusions are for allowing other helm tests to function
policies:
clone-configs:
parameters:
clone:
- name: clone-configs-1
kind: ConfigMap
namespace: "{{ .Release.Namespace }}"
- name: clone-configs-2
kind: Secret
namespace: "{{ .Release.Namespace }}"
disallow-annotations:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-labels:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-tolerations:
parameters:
disallow:
- effect: NoSchedule
key: notallowed
value: 'false'
- effect: '*NoSchedule'
key: disa??owed
value: 'true'
require-annotations:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
require-image-signature:
parameters:
require:
- image: ghcr.io/kyverno/test-verify-image:*
key: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
require-labels:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
restrict-external-ips:
parameters:
allow:
- 192.168.0.1
restrict-external-names:
enabled: true
parameters:
allow:
- allowed
restrict-host-path-mount:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
- vault
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-path-write:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
- vault
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-ports:
parameters:
allow:
- '63999'
- '>= 64000 & < 65000'
- '> 65000'
restrict-image-registries:
exclude:
any:
# ArgoCD deploys a test app as part of its Cypress test
- resources:
namespaces:
- argocd
names:
- guestbook-ui*
restrict-volume-types:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
- vault
names:
- "*-cypress-test*"
update-image-pull-policy:
parameters:
update:
- to: Always
update-image-registry:
parameters:
update:
- from: replace.image.registry
to: registry1.dso.mil
logging:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kibana
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
config:
inputs: |
[INPUT]
Name tail
Path /var/log/containers/*flux-system*.log
Parser containerd
Tag kube.*
Mem_Buf_Limit 50MB
Skip_Long_Lines On
storage.type filesystem
loki:
enabled: false
existingSecretForConfig: "loki-config"
loki-simple-scalable:
write:
replicas: 1
persistence:
size: 2Gi
requests:
cpu: 200m
memory: 400Mi
read:
replicas: 1
persistence:
size: 2Gi
memory: 400Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
image: registry1.dso.mil/ironbank/big-bang/base:1.17.0
envs:
LOKI_URL: 'http://logging-loki-write.logging.svc:3100'
values:
istio:
tempoQuery:
hosts:
- "tempo.{{ .Values.domain }}"
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://tempo.bigbang.dev'
cypress_tempo_datasource: 'http://tempo-tempo.tempo.svc:3100'
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
envs:
TEMPO_METRICS_URL: 'http://tempo-tempo.tempo.svc:3100'
persistence:
enabled: true
# storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 5Gi
tempoQuery:
resources:
requests:
cpu: 200m
memory: 128Mi
monitoring:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_prometheus
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_alertmanager
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_grafana
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
cypress_check_istio_dashboards: 'true'
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-saml
values:
console:
persistence:
bbtests:
enabled: true
cypress:
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
envs:
twistlock_host: "https://twistlock.bigbang.dev"
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
Josh Wolf
committed
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
Josh Wolf
committed
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
Josh Wolf
committed
limits: {}
Josh Wolf
committed
redis:
resources:
requests:
Josh Wolf
committed
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
Josh Wolf
committed
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
Josh Wolf
committed
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
cypress:
envs:
cypress_url: "https://argocd.bigbang.dev"
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Ryan Garcia
committed
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
master:
persistence:
size: 256Mi
replica:
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab
Josh Wolf
committed
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
Josh Wolf
committed
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
Josh Wolf
committed
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
Josh Wolf
committed
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
Josh Wolf
committed
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
Josh Wolf
committed
metrics:
resources:
requests:
cpu: 10m
limits: {}
minio:
Josh Wolf
committed
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
scripts:
envs:
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
Josh Wolf
committed
Josh Wolf
committed
enabled: false
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
Josh Wolf
committed
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
Josh Wolf
committed
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
postgresql:
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreAnalyzer:
Josh Wolf
committed
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseRbac:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
managerResources:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}