Newer
Older
# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
joshwolf
committed
offline: false
# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
joshwolf
committed
# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Openshift Container Platform Feature Toggle
openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password/caFile)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
# -- Chart created secrets with user defined values
# -- HTTP git credentials, both username and password must be provided
# -- HTTPS certificate authority file. Required for any repo with a self signed certificate
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# -- Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages.
Ryan Garcia
committed
sso:
oidc:
# -- Domain for keycloak used for configuring SSO
Ryan Garcia
committed
host: login.dso.mil
# -- Keycloak realm containing clients
Ryan Garcia
committed
realm: baby-yoda
# -- Keycloak's certificate authority (PEM Format). Entered using chomp modifier (see ./docs/example_configs/dev-sso-values.yaml for example). Used by authservice to support SSO for various packages
# -- Keycloak realm's json web key output, obtained at https://<keycloak-server>/auth/realms/<realm>/protocol/openid-connect/certs
jwks: ''
# -- OIDC client ID used for packages authenticated through authservice
Ryan Garcia
committed
client_id: ""
# -- OIDC client secret used for packages authenticated through authservice
Ryan Garcia
committed
client_secret: ""
Andrew Blanchard
committed
# -- OIDC token URL template string (to be used as default)
token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
Andrew Blanchard
committed
# -- OIDC auth URL template string (to be used as default)
auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
# -- Kubernetes Secret containing the sso.certificate_authority value for SSO enabled application namespaces
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
joshwolf
committed
flux:
Ryan Garcia
committed
timeout: 10m
Ryan Garcia
committed
test:
enable: false
Ryan Garcia
committed
remediation:
Ryan Garcia
committed
remediation:
retries: 3
remediateLastFailure: true
cleanupOnFail: true
# -- Global NetworkPolicies settings
networkPolicies:
# -- Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled`
# -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
# Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
# Used by package NetworkPolicies to allow Kube API access
controlPlaneCidr: 0.0.0.0/0
# -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks.
# use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range.
# Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs)
nodeCidr: ""
Tawsif Siddiqui
committed
# -- Global ImagePullPolicy value for all packages
# Permitted values are: None, Always, IfNotPresent
Tawsif Siddiqui
committed
imagePullPolicy: IfNotPresent
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
# -- Toggle deployment of Istio.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
# Ingress gateways are created based on the key name. Adding more keys will add ingress gateways.
# Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas
# Besides some ports needed by Istio, only ports 80 and 443 are opened
# Ingress gateways that require more configuration can be completed using `istio.values`
ingressGateways:
public-ingressgateway:
type: "LoadBalancer" # or "NodePort"
kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# private-ingressgateway:
# type: "LoadBalancer" # or "NodePort"
# kubernetesResourceSpec: # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
# serviceAnnotations: # Example for AWS internal load balancer
# service.beta.kubernetes.io/aws-load-balancer-type: nlb
# service.beta.kubernetes.io/aws-load-balancer-internal: "true"
# passthrough-ingressgateway:
# type: "NodePort" # or "LoadBalancer"
# # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports.
# # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
# # Node port base should be in the range from 30000 to 32764
# nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters
gateways:
public:
ingressGateway: "public-ingressgateway"
hosts:
# -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
autoHttpRedirect:
enabled: true
tls:
key: ""
cert: ""
# private:
# ingressGateway: "private-ingressgateway"
# hosts:
# - "example.bigbang.dev"
# ports:
# - name: tls-2
# number: 1234
# protocol: TCP
# - name: tls
# number: 5678
# protocol: TCP
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: false
# tls:
# key: ""
# cert: ""
# passthrough:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
# # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
# autoHttpRedirect:
# enabled: true
# tls:
# mode: "PASSTHROUGH"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Package
flux: {}
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Istio Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Istio Operator Package
flux: {}
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
jaeger:
# -- Toggle deployment of Jaeger.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Jaeger Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Jaeger on and off
enabled: false
# -- OIDC Client ID to use for Jaeger
client_id: ""
# -- OIDC Client Secret to use for Jaeger
client_secret: ""
# -- Values to pass through to Jaeger chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
kiali:
# -- Toggle deployment of Kiali.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Kiali Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle SSO for Kiali on and off
enabled: false
# -- OIDC Client ID to use for Kiali
client_id: ""
# -- OIDC Client Secret to use for Kiali
client_secret: ""
# -- Values to pass through to Kiali chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
# -- Toggle deployment of Cluster Auditor.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Cluster Auditor Package
flux: {}
# -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
# -- Toggle deployment of OPA Gatekeeper.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Kyverno
#
kyverno:
# -- Toggle deployment of Kyverno.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno
path: "./chart"
# -- Flux reconciliation overrides specifically for the Kyverno Package
# -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
# -- Toggle deployment of Logging (EFK).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
timeout: 20m
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
sso:
# -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Elasticsearch/Kibana OIDC client ID
client_id: ""
# -- Elasticsearch/Kibana OIDC client secret
client_secret: ""
license:
# -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work.
trial: false
# -- Elasticsearch license in json format seen here: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana#enterprise-license
keyJSON: ""
# -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of ECK Operator.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the ECK Operator Package
flux: {}
# -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
values: {}
fluentbit:
# -- Toggle deployment of Fluent-Bit.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Fluent-Bit Package
flux: {}
runyontr
committed
# -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- BETA support of promtail/loki logging stack
promtail:
# -- Toggle deployment of Promtail.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git
path: "./chart"
# -- Flux reconciliation overrides specifically for the Promtail Package
flux: {}
# -- Values to passthrough to the promtail chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
loki:
# -- Toggle deployment of Loki.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
path: "./chart"
tag: "2.5.1-bb.2"
# -- Flux reconciliation overrides specifically for the Loki Package
flux: {}
# -- Values to passthrough to the Loki chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
# -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Monitoring Package
flux:
install:
crds: CreateReplace
upgrade:
crds: CreateReplace
Ryan Garcia
committed
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
Ryan Garcia
committed
sso:
# -- Toggle SSO for monitoring components on and off
Ryan Garcia
committed
enabled: false
prometheus:
# -- Prometheus OIDC client ID
client_id: ""
# -- Prometheus OIDC client secret
client_secret: ""
Ryan Garcia
committed
alertmanager:
# -- Alertmanager OIDC client ID
client_id: ""
# -- Alertmanager OIDC client secret
client_secret: ""
Ryan Garcia
committed
grafana:
# -- Grafana OIDC client ID
client_id: ""
# -- Grafana OIDC client secret
client_secret: ""
# -- Grafana OIDC client scopes, comma separated, see https://grafana.com/docs/grafana/latest/auth/generic-oauth/
role_attribute_path: "Viewer"
# -- Other options available, see package Documentation.
# -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
# -- Toggle deployment of Twistlock.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Twistlock Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
joshwolf
committed
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------
#
# -- Toggle deployment of ArgoCD.
Zachariah Dzielinski
committed
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the ArgoCD Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Toggle SSO for ArgoCD on and off
# -- ArgoCD OIDC client ID
client_id: ""
# -- ArgoCD OIDC client secret
client_secret: ""
# -- ArgoCD SSO login text
provider_name: ""
# -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
# -- Values to passthrough to the argocd chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Authservice.
Ryan Garcia
committed
# if enabling authservice, a filter needs to be provided by either enabling
# sso for monitoring or istio, or manually adding a filter chain in the values here:
# values:
# chain:
# minimal:
# callback_uri: "https://somecallback"
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Authservice Package
flux: {}
# -- Values to passthrough to the authservice chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Additional authservice chain configurations.
Ryan Garcia
committed
chains: {}
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minioOperator:
# -- Toggle deployment of minio operator and instance.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Minio Operator Package
flux: {}
# -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
Ryan Garcia
committed
# -- Toggle deployment of minio.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Minio Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Default access key to use for minio.
accesskey: ""
# -- Default secret key to intstantiate with minio, you should change/delete this after installation.
secretkey: ""
# -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# host name only without the domain
gitlab: gitlab
registry: registry
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Gitlab Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Toggle OIDC SSO for Gitlab on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Gitlab OIDC client ID
client_id: ""
# -- Gitlab OIDC client secret
client_secret: ""
# -- Gitlab SSO login button label
label: ""
# -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Gitlab.
port: 5432
# -- Database name to connect to on host.
database: "" # example: gitlab
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
# Entering connection info will enable this option and will auto-create any required secrets
type: "" # supported types are "s3" or "minio"
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
# -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: ""
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket prefix to use for identifying buckets.
# Example: "prod" will produce "prod-gitlab-bucket"
bucketPrefix: ""
# -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5
# -- Name of AWS IAM profile to use.
# -- If using an AWS IAM profile, the accessKey and accessSecret values must be left as empty strings eg: ""
iamProfile: ""
# -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
Ryan Garcia
committed
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
gitlabRunner:
# -- Toggle deployment of Gitlab Runner
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Gitlab Runner Package
flux: {}
# -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
values: {}
Ryan Garcia
committed
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
runyontr
committed
nexus:
# -- Toggle deployment of Nexus.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git
path: "./chart"
runyontr
committed
# -- Base64 encoded license file.
license_key: ""
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
runyontr
committed
sso:
# -- Toggle SAML SSO for NXRM.
# -- handles SAML SSO, a Client must be configured in Keycloak or IdP
# -- to complete setup.
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
# -- NXRM SAML SSO Integration data
idp_data:
# Nexus saml URL. example: "https://nexus.example.mil/service/rest/v1/security/saml/metadata"
entityId: ""
runyontr
committed
# -- IdP Field Mappings
# -- NXRM username attribute
username: ""
# -- NXRM firstname attribute (optional)
firstName: ""
# -- NXRM lastname attribute (optional)
lastName: ""
# -- NXRM email attribute (optional)
email: ""
# -- NXRM groups attribute (optional)
groups: ""
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
idpMetadata: ''
# -- NXRM Role
role:
# the id must match the Keycloak group name (case sensitive)
- id: ""
name: ""
description: ""
privileges: []
roles: []
runyontr
committed
# -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package
flux: {}
# -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/nexus.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of SonarQube.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Sonarqube Package
flux: {}
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# Enabling this option will auto-create any required secrets.
client_id: ""
# -- SonarQube SSO login button label
# -- SonarQube plaintext SAML sso certificate.
# example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
certificate: ""
# -- SonarQube login sso attribute.
login: login
# -- SonarQube name sso attribute.
name: name
# -- SonarQube email sso attribute.
email: email
# -- (optional) SonarQube group sso attribute.
group: group
# -- Hostname of a pre-existing PostgreSQL database to use for SonarQube.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for SonarQube.
port: 5432
# -- Database name to connect to on host.
database: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
Ryan Garcia
committed
haproxy:
# -- Toggle deployment of HAProxy.
Zachariah Dzielinski
committed
enabled: false
Ryan Garcia
committed
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
Ryan Garcia
committed
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the HAProxy Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/haproxy.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Anchore.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Anchore Package
flux:
upgrade:
disableWait: true
# -- Initial admin password used to authenticate to Anchore.
adminPassword: ""
# -- Anchore Enterprise functionality.
# -- Toggle the installation of Anchore Enterprise. This must be accompanied by a valid license.
# -- License for Anchore Enterprise.
# For formatting examples see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#enabling-enterprise-services
# Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Toggle OIDC SSO for Anchore on and off.
# Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
# -- Anchore OIDC client ID
# -- Anchore OIDC client role attribute
# -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
# -- Port of a pre-existing PostgreSQL database to use for Anchore.
# -- Username to connect as to external database, the user must have all privileges on the database.
# -- Database password for the username used to connect to the existing database.
# -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
# -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
# Only required for enterprise edition of anchore.
# By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies
feeds_database: ""
# -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
# -- Port of a pre-existing Redis to use for Anchore Enterprise.
# -- OPTIONAL: Username to connect to a pre-existing Redis (for password-only auth leave empty)
username: ""
# -- Password to connect to pre-existing Redis.
# -- Values to passthrough to the anchore chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Mattermost Operator and Instance