Newer
Older
url: https://keycloak.bigbang.dev/auth/realms/baby-yoda
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
# LetsEncrypt certificate authority
certificateAuthority:
cert: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
saml:
# Retrieve from {{ .Values.sso.url }}/protocol/saml/descriptor
metadata: <md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://keycloak.bigbang.dev/auth/realms/baby-yoda"><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:KeyName>4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4</ds:KeyName><ds:X509Data><ds:X509Certificate>MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/resolve" index="0"></md:ArtifactResolutionService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor>
interval: 1m
rollback:
cleanupOnFail: false
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger
istio:
jaeger:
enabled: true
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://tracing.bigbang.dev"
# uncomment following variables for sso keycloak testing in bb
# cypress_tnr_username: "cypress"
# cypress_tnr_password: "tnr_w!G33ZyAt@C8"
# cypress_keycloak_test_enable: "true"
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kiali
# if enabling the keycloak SSO integration test, set strategy to "openid"
#strategy: "openid"
strategy: "anonymous"
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://kiali.bigbang.dev'
# uncomment these next 3 lines if enabling the keycloak SSO integration test
#cypress_keycloak_test_enable: "true"
#cypress_keycloak_username: "cypress"
#cypress_keycloak_password: "tnr_w!G33ZyAt@C8"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
Josh Wolf
committed
limits: {}
bbtests:
enabled: true
cypress:
envs:
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_url: 'https://grafana.bigbang.dev/d/YBgRZG6Mz/opa-violations?orgId=1'
controllerManager:
resources:
limits: {}
requests:
cpu: 100m
memory: 256Mi
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
allowedHostFilesystem:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- keycloak/keycloak-cypress-test
- monitoring/grafana-cypress-test
- vault/vault-cypress-test
- logging/elasticsearch-kibana-cypress-test
- minio/minio-instance-cypress-test
- neuvector/neuvector-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
allowedIPs:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-external-ips-.?
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
bannedImageTags:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noHostNamespace:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/disallow-host-namespaces-.?
noPrivilegedContainers:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noSysctls:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-sysctls-.?
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
# Allow kyverno test vectors for Helm test
- default/require-labels-.?
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
restrictedTaint:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/disallow-tolerations-.?
selinuxPolicy:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
- default/disallow-selinux-options-.?
- default/restrict-selinux-type-.?
volumeTypes:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- keycloak/keycloak-cypress-test
- monitoring/grafana-cypress-test
- vault/vault-cypress-test
- logging/elasticsearch-kibana-cypress-test
- minio/minio-instance-cypress-test
- neuvector/neuvector-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
resources:
limits:
cpu: 768m
memory: 768Mi
requests:
cpu: 768m
memory: 768Mi
values:
bbtests:
cypress:
envs:
cypress_grafana_url: https://grafana.bigbang.dev
cypress_prometheus_url: https://prometheus.bigbang.dev
values:
bbtests:
enabled: true
excludeContainers:
- not-me
- or-me
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
exclude:
any:
# Allows k3d load balancer to bypass policies.
- resources:
namespaces:
- istio-system
names:
- svclb-*
# Exclude gatekeeper test resources so Helm tests will work
- resources:
namespaces:
- default
names:
- bad-test*
- good-test*
# Parameters are copied from kyverno policies for test vectors
# Exclusions are for allowing other helm tests to function
policies:
clone-configs:
parameters:
clone:
- name: clone-configs-1
kind: ConfigMap
namespace: "{{ .Release.Namespace }}"
- name: clone-configs-2
kind: Secret
namespace: "{{ .Release.Namespace }}"
disallow-annotations:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-labels:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-tolerations:
parameters:
disallow:
- effect: NoSchedule
key: notallowed
value: 'false'
- effect: '*NoSchedule'
key: disa??owed
value: 'true'
require-annotations:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
require-image-signature:
parameters:
require:
- imageReferences:
- "ghcr.io/kyverno/test-verify-image:*"
attestors:
- count: 1
entries:
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
- imageReferences:
- "registry1.dso.mil/ironbank/*"
attestors:
- count: 1
entries:
- keys:
publicKeys: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE7CjMGH005DFFz6mffqTIGurBt6fL
UfTZxuEDFRBS8mFJx1xw8DEVvjMibLTtqmAoJxUmzmGFgzz+LV875syVEg==
-----END PUBLIC KEY-----
# Ironbank images are rebuilt nightly and tags are not immutable
mutateDigest: false
verifyDigest: false
require-labels:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
restrict-external-ips:
parameters:
allow:
- 192.168.0.1
restrict-external-names:
enabled: true
parameters:
allow:
- allowed
restrict-host-path-mount:
exclude:
any:
- resources:
namespaces:
- gitlab
- mattermost
- nexus-repository-manager
- vault
- tempo
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-path-mount-pv:
parameters:
allow:
- /tmp/allowed
- /var/lib/rancher/k3s/storage/pvc-*
restrict-host-path-write:
exclude:
any:
- resources:
namespaces:
- gitlab
- mattermost
- nexus-repository-manager
- vault
- tempo
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-ports:
parameters:
allow:
- '63999'
- '>= 64000 & < 65000'
- '> 65000'
restrict-image-registries:
exclude:
any:
# ArgoCD deploys a test app as part of its Cypress test
- resources:
namespaces:
- argocd
names:
- guestbook-ui*
restrict-volume-types:
exclude:
any:
- resources:
namespaces:
- gitlab
- mattermost
- nexus-repository-manager
- vault
- tempo
names:
- "*-cypress-test*"
update-image-pull-policy:
parameters:
update:
- to: Always
update-image-registry:
parameters:
update:
- from: replace.image.registry
to: registry1.dso.mil
require-drop-all-capabilities:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
require-non-root-group:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
require-non-root-user:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
disallow-namespaces:
parameters:
disallow:
- bigbang
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kibana
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
fluentbit:
values:
securityContext:
privileged: true
bbtests:
enabled: true
minio:
enabled: true
write:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
backend:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
read:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
bbtests:
enabled: true
cypress:
envs:
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
envs:
LOKI_URL: 'http://logging-loki-write.logging.svc:3100'
values:
istio:
tempoQuery:
hosts:
- "tempo.{{ .Values.domain }}"
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://tempo.bigbang.dev'
cypress_tempo_datasource: 'http://tempo-tempo.tempo.svc:3100'
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
envs:
TEMPO_METRICS_URL: 'http://tempo-tempo.tempo.svc:3100'
persistence:
enabled: true
# storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 5Gi
tempoQuery:
resources:
requests:
cpu: 200m
memory: 128Mi
flux:
timeout: 20m
install:
disableOpenAPIValidation: true
crds: CreateReplace
upgrade:
disableOpenAPIValidation: true
crds: CreateReplace
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_prometheus
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_alertmanager
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
bbtests:
enabled: true
cypress:
image: registry1.dso.mil/bigbang-ci/cypress-kubectl:8.3.1
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
cypress_check_istio_dashboards: 'true'
cypress_keycloak_test_enable: 'false'
cypress_tnr_username: "cypress"
cypress_tnr_password: "tnr_w!G33ZyAt@C8"
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
grafana:
enabled: true
sso:
enabled: false
grafana:
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_grafana
scopes: "openid Grafana"
values:
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
resources:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
image: registry1.dso.mil/bigbang-ci/cypress-kubectl:8.3.1
envs:
cypress_grafana_url: 'https://grafana.bigbang.dev'
neuvector:
values:
k3s:
enabled: true
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: https://neuvector.bigbang.dev
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-saml
values:
console:
persistence:
localVolumeUpgrade: true
bbtests:
enabled: true
cypress:
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
envs:
twistlock_host: "https://twistlock.bigbang.dev"
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_argocd
client_secret: anything-for-dev
groups: |
g, Impact Level 2 Authorized, role:admin
Josh Wolf
committed
values:
sso:
rbac:
policy.default: role:admin
Josh Wolf
committed
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
Josh Wolf
committed
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
Josh Wolf
committed
limits: {}
replicaCount: 0
autoscaling:
enabled: false
Josh Wolf
committed
redis:
resources:
requests:
Josh Wolf
committed
limits: {}
server:
Josh Wolf
committed
resources:
requests:
cpu: 20m
memory: 128Mi
Josh Wolf
committed
limits: {}
repoServer:
Josh Wolf
committed
resources:
requests:
cpu: 50m
memory: 128Mi
Josh Wolf
committed
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
cypress:
envs:
cypress_url: "https://argocd.bigbang.dev"
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Ryan Garcia
committed
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
master:
persistence:
size: 256Mi
replica:
Michael Martin
committed
autoscaling:
enabled: false
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab
Josh Wolf
committed
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
Josh Wolf
committed
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
Josh Wolf
committed
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
Josh Wolf
committed
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi