Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"hiML1kjw-sw25BgaZI1AyfgcCRBPJKPE-wwttqa7NNxptr_5RCBGuJXqDyo3p1vjcbb8KjdKnXI7kWer8b2Pz_RP1m_QcPrKOxSluk7GZF8ARsc6FPGbzYgi8o8cBVSsaml6HZzpN3ZnH4DFZ27ifM-Ul_PyMxZ2aweohIaizXp-rgF7Rqpav5NXUwmcSyH8LP92NVIuFlD3HYTDGosVbfA_u_H25Z4XCGKW_vLDTNrl8PcA3HqIoD-vNavysdxAq_KNw7iLLc0KLsjFYSdJL_54H7QubsGR0AyIrLLurJbqAtvttGJK38k5XYWKIwYGtu6iiJwjSb7UtonVdPh8Vw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=\"],\"x5t\":\"mxFIwx7EdgxyC3Y6ODLx8yr8Bx8\",\"x5t#S256\":\"SdT7ScKVOnBW6qs_MuYdTGVtMGwYK_-nmQF9a_8lXco\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
interval: 1m
rollback:
cleanupOnFail: false
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
values:
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
cr:
spec:
auth:
strategy: "anonymous"
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://kiali.bigbang.dev'
clusterAuditor:
enabled: true
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
Josh Wolf
committed
limits: {}
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://grafana.bigbang.dev/d/YBgRZG6Mz/opa-violations?orgId=1'
gatekeeper:
enabled: true
values:
replicas: 1
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 256Mi
limits: {}
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
allowedHostFilesystem:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
volumeTypes:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
logging:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
tempo:
enabled: false
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 200m
memory: 128Mi
persistence:
enabled: true
# storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 5Gi
tempoQuery:
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 200m
memory: 128Mi
opentelemetryCollector:
resources:
limits:
cpu: 200m
memory: 128Mi
requests:
cpu: 200m
memory: 128Mi
monitoring:
enabled: true
sso:
enabled: false
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
alertmanager:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
grafana:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-grafana
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
cypress_check_istio_dashboards: 'true'
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-twistlock
values:
console:
persistence:
bbtests:
enabled: true
cypress:
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
envs:
twistlock_host: "https://twistlock.bigbang.dev"
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
Josh Wolf
committed
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
Josh Wolf
committed
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
Josh Wolf
committed
limits: {}
Josh Wolf
committed
redis:
resources:
requests:
Josh Wolf
committed
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
Josh Wolf
committed
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
Josh Wolf
committed
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
cypress:
envs:
cypress_url: "https://argocd.bigbang.dev"
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Ryan Garcia
committed
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
redis:
master:
persistence:
size: 256Mi
replica:
persistence:
size: 256Mi
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab
Josh Wolf
committed
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
Josh Wolf
committed
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
Josh Wolf
committed
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
Josh Wolf
committed
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
Josh Wolf
committed
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
Josh Wolf
committed
metrics:
resources:
requests:
cpu: 10m
limits: {}
minio:
Josh Wolf
committed
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
cypress_gitlab_first_name: "test"
cypress_gitlab_last_name: "user"
cypress_gitlab_username: "testuser"
cypress_gitlab_password: "12345678"
cypress_gitlab_email: "testuser@example.com"
cypress_gitlab_project: "my-awesome-project"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
scripts:
image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/bbtests:0.0.3"
envs:
GITLAB_USER: "testuser"
GITLAB_PASS: "12345678"
GITLAB_EMAIL: "testuser@example.com"
GITLAB_PROJECT: "my-awesome-project"
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
Josh Wolf
committed
Josh Wolf
committed
enabled: false
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
Josh Wolf
committed
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
postgresql:
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreAnalyzer:
Josh Wolf
committed
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseRbac:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
managerResources:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
bbtests:
enabled: true
scripts:
envs:
ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
provider_name: "P1 SSO"
certificate: MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=
login: login
name: name
email: email
Josh Wolf
committed
values:
plugins:
install: []
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
persistence:
enabled: false
size: 5Gi
postgresql:
size: 256Mi
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
tests:
enabled: false
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://sonarqube.bigbang.dev"
cypress_url_setup: "https://sonarqube.bigbang.dev/setup"
account:
adminPassword: new_admin_password
currentAdminPassword: admin
curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:8.4
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Josh Wolf
committed
enabled: false
values:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
# There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
# This issue can be reopened if problems reappear.
enabled: true
cypress_url: 'https://minio.bigbang.dev/login'
MINIO_PORT: ''
MINIO_HOST: 'https://minio-api.bigbang.dev'
Josh Wolf
committed
mattermostoperator:
Josh Wolf
committed
enabled: false
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
client_secret: "no-secret"
Josh Wolf
committed
values:
postgresql:
persistence:
size: 256Mi
Josh Wolf
committed
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits: {}
minio:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
bbtests:
enabled: true
cypress:
envs:
cypress_url: https://chat.bigbang.dev
runyontr
committed
nexus:
enabled: false
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
# Nexus requires manual configuration in Keycloak client and cannot be tested with login.dso.mil
# you must test with your own dev deployment. Example: keycloak.bigbang.dev
# See more info in Nexus Package docs /docs/keycloak.md
# Nexus SSO is behind a paywall. You must have a valid license to enable SSO
# -- Base64 encoded license file.
# cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
#license_key: "enter-single-line-base64-encoded-string-here"
sso:
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
idp_data:
entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
# -- IdP Field Mappings
# -- NXRM username attribute
username: "username"
firstName: "firstName"
lastName: "lastName"
email: "email"
groups: "groups"
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
# curl https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/descriptor ; echo
idpMetadata: 'enter-single-quoted-single-line-string-here'
role:
# id is the name of the Keycloak group (case sensitive)
- id: "Nexus"
name: "Keycloak Nexus Group"
description: "unprivilaged users"
privileges: []
roles: []
- id: "Nexus-Admin"
name: "Keycloak Nexus Admin Group"
description: "keycloak users as admins"
privileges:
- "nx-all"
roles:
- "nx-admin"
# NexusNotes: |
# Login to Nexus Admin UI and then get the x509 certificate from this path
# https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
# copy and paste the nexus single line certificate into a text file and save it
# vi nexus-x509.txt
# -----BEGIN CERTIFICATE-----
# put-single-line-nexus-x509-certificate-here
# -----END CERTIFICATE-----
# make a valid pem file with proper wrapping at 64 characters per line
# fold -w 64 nexus-x509.txt > nexus.pem
# In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
runyontr
committed
values:
persistence:
# Do NOT set this below 5Gi, nexus will fail to boot
storageSize: 5Gi
runyontr
committed
nexus:
# https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
env:
- name: install4jAddVmParams
value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
resources:
requests:
cpu: 100m
memory: 1500Mi
cypress:
artifacts: true
envs:
cypress_nexus_url: "https://nexus.bigbang.dev"
cypress_nexus_user: "admin"
cypress_nexus_pass_new: "new_admin_password"
secretEnvs:
- name: cypress_nexus_pass
valueFrom:
secretKeyRef:
name: nexus-repository-manager-secret
key: admin.password
runyontr
committed
values:
serviceAccount:
server:
name: velero
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
configuration:
# minio uses s3 provider
provider: aws
backupStorageLocation:
bucket: velero
config: &minio-config
region: velero
insecureSkipTLSVerify: "true"
s3ForcePathStyle: "true"
s3Url: &minio-address https://minio.bigbang.dev
volumeSnapshotLocation:
provider: aws
config:
region: velero
credentials:
useSecret: true
secretContents:
cloud: |
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
bbtests:
# TODO: Velero test is messy and times out running in BB CI
# https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/issues/9
enabled: false
scripts:
secretEnvs:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
gateway: "passthrough"
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
replicas: 1
resources:
requests:
cpu: 10m
memory: 16Mi
# Disabling helm tests for keycloak until they are working on rke2
cypress:
envs:
cypress_url: "https://keycloak.bigbang.dev"
secrets:
env:
stringData:
CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
X509_CA_BUNDLE: /etc/x509/https/cas.pem