Newer
Older
# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
joshwolf
committed
offline: false
# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
joshwolf
committed
# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Openshift Container Platform Feature Toggle
openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password/caFile)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
# -- Chart created secrets with user defined values
# -- HTTP git credentials, both username and password must be provided
# -- HTTPS certificate authority file. Required for any repo with a self signed certificate
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# -- Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages.
Ryan Garcia
committed
sso:
oidc:
# -- Domain for keycloak used for configuring SSO
Ryan Garcia
committed
host: login.dso.mil
# -- Keycloak realm containing clients
Ryan Garcia
committed
realm: baby-yoda
# -- Keycloak's certificate authority (PEM Format). Entered using chomp modifier (see docs/assets/configs/example/dev-sso-values.yaml for example). Used by authservice to support SSO for various packages
# -- Keycloak realm's json web key output, obtained at https://<keycloak-server>/auth/realms/<realm>/protocol/openid-connect/certs
jwks: ''
# -- OIDC client ID used for packages authenticated through authservice
Ryan Garcia
committed
client_id: ""
# -- OIDC client secret used for packages authenticated through authservice
Ryan Garcia
committed
client_secret: ""
Andrew Blanchard
committed
# -- OIDC token URL template string (to be used as default)
token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
Andrew Blanchard
committed
# -- OIDC auth URL template string (to be used as default)
auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
# -- Kubernetes Secret containing the sso.certificate_authority value for SSO enabled application namespaces
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
joshwolf
committed
flux:
Ryan Garcia
committed
timeout: 10m
Ryan Garcia
committed
test:
enable: false
Ryan Garcia
committed
remediation:
Ryan Garcia
committed
remediation:
retries: 3
remediateLastFailure: true
cleanupOnFail: true
# -- Global NetworkPolicies settings
networkPolicies:
# -- Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled`
# -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
# Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
# Used by package NetworkPolicies to allow Kube API access
controlPlaneCidr: 0.0.0.0/0
# -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks.
# use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range.
# Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs)
nodeCidr: ""
# -- VPC CIDR, defaults to 0.0.0.0/0
# In a production environment, it is recommended to setup a Private Endpoint for your AWS services like KMS or S3.
# Please review https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html to setup routing to AWS services that never leave the AWS network.
# Once created update `networkPolicies.vpcCidr` to match the CIDR of your VPC so Vault will be able to reach your VPCs DNS and new KMS endpoint.
vpcCidr: 0.0.0.0/0
Tawsif Siddiqui
committed
# -- Global ImagePullPolicy value for all packages
# Permitted values are: None, Always, IfNotPresent
Tawsif Siddiqui
committed
imagePullPolicy: IfNotPresent
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
# -- Toggle deployment of Istio.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
# -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support,
# validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
enterprise: false
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
# Ingress gateways are created based on the key name. Adding more keys will add ingress gateways.
# Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas
# Besides some ports needed by Istio, only ports 80 and 443 are opened
# Ingress gateways that require more configuration can be completed using `istio.values`
ingressGateways:
public-ingressgateway:
type: "LoadBalancer" # or "NodePort"
kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# private-ingressgateway:
# type: "LoadBalancer" # or "NodePort"
# kubernetesResourceSpec: # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# serviceAnnotations: # Example for AWS internal load balancer
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# passthrough-ingressgateway:
# type: "NodePort" # or "LoadBalancer"
# # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports.
# # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
# # Node port base should be in the range from 30000 to 32764
# nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters
gateways:
public:
ingressGateway: "public-ingressgateway"
hosts:
# -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
autoHttpRedirect:
enabled: true
tls:
key: ""
cert: ""
# private:
# ingressGateway: "private-ingressgateway"
# hosts:
# - "example.bigbang.dev"
# ports:
# - name: tls-2
# number: 1234
# protocol: TCP
# - name: tls
# number: 5678
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# passthrough:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
####
# Alternate multi-server configuration method
####
# private:
# ingressGateway: "private-ingressgateway"
# servers:
# - hosts:
# - "example.bigbang.dev"
# port:
# name: tls-1
# number: 1234
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# - hosts:
# - "example.bigbang.dev"
# port:
# name: tls-2
# number: 5678
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# passthrough:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: true
# tls:
# mode: "PASSTHROUGH"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Package
flux: {}
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Istio Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Operator Package
flux: {}
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
jaeger:
# -- Toggle deployment of Jaeger.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Jaeger Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Jaeger on and off
enabled: false
# -- OIDC Client ID to use for Jaeger
client_id: ""
# -- OIDC Client Secret to use for Jaeger
client_secret: ""
# -- Values to pass through to Jaeger chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
kiali:
# -- Toggle deployment of Kiali.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
path: "./chart"
tag: "1.51.0-bb.3"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Kiali Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Kiali on and off
enabled: false
# -- OIDC Client ID to use for Kiali
client_id: ""
# -- OIDC Client Secret to use for Kiali
client_secret: ""
# -- Values to pass through to Kiali chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
# -- Toggle deployment of Cluster Auditor.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Cluster Auditor Package
flux: {}
# -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
# -- Toggle deployment of OPA Gatekeeper.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Kyverno
#
kyverno:
# -- Toggle deployment of Kyverno.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git
# -- Flux reconciliation overrides specifically for the Kyverno Package
# -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
kyvernopolicies:
# -- Toggle deployment of Kyverno policies
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies.git
path: ./chart
# -- Flux reconciliation overrides specifically for the Kyverno Package
flux: {}
# -- Values to passthrough to the kyverno policies chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
# -- Toggle deployment of Logging (EFK).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
timeout: 20m
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Elasticsearch/Kibana OIDC client ID
client_id: ""
# -- Elasticsearch/Kibana OIDC client secret
client_secret: ""
license:
# -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work.
trial: false
# -- Elasticsearch license in json format seen here: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana#enterprise-license
keyJSON: ""
# -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of ECK Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the ECK Operator Package
flux: {}
# -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
values: {}
fluentbit:
# -- Toggle deployment of Fluent-Bit.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Fluent-Bit Package
flux: {}
runyontr
committed
# -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# BETA support of promtail/loki logging stack
#
promtail:
# -- Toggle deployment of Promtail.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git
path: "./chart"
# -- Flux reconciliation overrides specifically for the Promtail Package
flux: {}
# -- Values to passthrough to the promtail chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
loki:
# -- Toggle deployment of Loki.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
path: "./chart"
# -- Flux reconciliation overrides specifically for the Loki Package
flux: {}
# -- Loki architecture. Options are monolith and scalable
strategy: monolith
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket Names for Loki as a comma delimited list.
# examples: "loki-logs"
bucketNames: ""
# -- Values to passthrough to the Loki chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
tempo:
# -- Toggle deployment of Tempo.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/tempo.git
path: "./chart"
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Flux reconciliation overrides specifically for the Tempo Package
flux: {}
sso:
# -- Toggle SSO for Tempo on and off
enabled: false
# -- OIDC Client ID to use for Tempo
client_id: ""
# -- OIDC Client Secret to use for Tempo
client_secret: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
# Note: tempo does not require protocol prefix for URL.
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket Names for Loki as a comma delimited list.
# examples: "tempo-traces"
bucket: ""
# -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object
# storage on port 80/9000 set this value to true.
insecure: false
# -- Values to passthrough to the Tempo chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/tempo.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
# -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Monitoring Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
Ryan Garcia
committed
sso:
# -- Toggle SSO for monitoring components on and off
Ryan Garcia
committed
enabled: false
prometheus:
# -- Prometheus OIDC client ID
client_id: ""
# -- Prometheus OIDC client secret
client_secret: ""
Ryan Garcia
committed
alertmanager:
# -- Alertmanager OIDC client ID
client_id: ""
# -- Alertmanager OIDC client secret
client_secret: ""
Ryan Garcia
committed
grafana:
# -- Grafana OIDC client ID
client_id: ""
# -- Grafana OIDC client secret
client_secret: ""
# -- Grafana OIDC client scopes, comma separated, see https://grafana.com/docs/grafana/latest/auth/generic-oauth/
role_attribute_path: "Viewer"
# -- Other options available, see package Documentation.
# -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
# -- Toggle deployment of Twistlock.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Twistlock Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------
#
# -- Toggle deployment of ArgoCD.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the ArgoCD Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
redis:
# -- Hostname of a pre-existing Redis to use for ArgoCD.
# Entering connection info will enable external Redis and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing Redis to use for ArgoCD.
port: ""
# -- Toggle SSO for ArgoCD on and off
# -- ArgoCD OIDC client ID
client_id: ""
# -- ArgoCD OIDC client secret
client_secret: ""
# -- ArgoCD SSO login text
provider_name: ""
# -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
# -- Values to passthrough to the argocd chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Authservice.
Ryan Garcia
committed
# if enabling authservice, a filter needs to be provided by either enabling
# sso for monitoring or istio, or manually adding a filter chain in the values here:
# values:
# chain:
# minimal:
# callback_uri: "https://somecallback"
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Authservice Package
flux: {}
# -- Values to passthrough to the authservice chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Additional authservice chain configurations.
Ryan Garcia
committed
chains: {}
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minioOperator:
# -- Toggle deployment of minio operator and instance.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Minio Operator Package
flux: {}
# -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
Ryan Garcia
committed
# -- Toggle deployment of minio.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Minio Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Default access key to use for minio.
accesskey: ""
# -- Default secret key to intstantiate with minio, you should change/delete this after installation.
secretkey: ""
# -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# host name only without the domain
gitlab: gitlab
registry: registry
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Gitlab Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Toggle OIDC SSO for Gitlab on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Gitlab OIDC client ID
client_id: ""
# -- Gitlab OIDC client secret
client_secret: ""
# -- Gitlab SSO login button label
label: ""
# -- Gitlab SSO Scopes, default is ["Gitlab"]
scopes:
- Gitlab
# -- GitLab SSO Issuer URI,
# Only needed if your SSO is non-Keycloak
issuer_uri: ""
# -- GitLab SSO End Session URI,
# Only needed if your SSO is non-Keycloak
end_session_uri: ""
# -- Gitlab SSO UID field
uid_field: preferred_username
# -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Gitlab.
port: 5432
# -- Database name to connect to on host.
database: "" # example: gitlab
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
# Entering connection info will enable this option and will auto-create any required secrets
type: "" # supported types are "s3" or "minio"
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
# -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: ""
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket prefix to use for identifying buckets.
# Example: "prod" will produce "prod-gitlab-bucket"
bucketPrefix: ""
# -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5
# -- Name of AWS IAM profile to use.
# -- If using an AWS IAM profile, the accessKey and accessSecret values must be left as empty strings eg: ""
iamProfile: ""
smtp:
# -- Passwords should be placed in an encrypted file. Example: environment-bb-secret.enc.yaml
# If a value is provided BigBang will create a k8s secret named gitlab-smtp-password in the gitlab namespace
password: ""
redis:
# -- Redis plain text password to connect to the redis server. If empty (""), the gitlab charts will create the gitlab-redis-secret
# -- This needs to be set to a non-empty value in order for the Grafana Redis Datasource and Dashboards to be installed.
password: ""
# -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
Ryan Garcia
committed
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
gitlabRunner:
# -- Toggle deployment of Gitlab Runner
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Gitlab Runner Package
flux: {}
# -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
values: {}
Ryan Garcia
committed
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
runyontr
committed
nexus:
runyontr
committed
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git
path: "./chart"
runyontr
committed
# -- Base64 encoded license file.
license_key: ""
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
runyontr
committed
sso:
# -- Toggle SAML SSO for NXRM.
# -- handles SAML SSO, a Client must be configured in Keycloak or IdP
# -- to complete setup.
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
# -- NXRM SAML SSO Integration data
idp_data:
# Nexus saml URL. example: "https://nexus.example.mil/service/rest/v1/security/saml/metadata"
entityId: ""
runyontr
committed
# -- IdP Field Mappings
# -- NXRM username attribute
username: ""
# -- NXRM firstname attribute (optional)
firstName: ""
# -- NXRM lastname attribute (optional)
lastName: ""
# -- NXRM email attribute (optional)
email: ""
# -- NXRM groups attribute (optional)
groups: ""
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
idpMetadata: ''
# -- NXRM Role
role:
# the id must match the Keycloak group name (case sensitive)
- id: ""
name: ""
description: ""
privileges: []
roles: []
runyontr
committed
# -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package