test-values.yaml

            cpu: 500m
            memory: 2Gi
          limits: {}
      dex:
        resources:
          requests:
            cpu: 10m
            memory: 128Mi
          limits: {}
      redis-bb:
        master:
          persistence:
            size: 512Mi
        replica:
          replicaCount: 0
          autoscaling:
            enabled: false
          persistence:
            size: 512Mi
      redis:
        resources:
          requests:
            cpu: 50m
            memory: 256Mi
          limits: {}
      server:
        autoscaling:
          enabled: false
        resources:
          requests:
            cpu: 20m
            memory: 128Mi
          limits: {}
      repoServer:
        autoscaling:
          enabled: false
        resources:
          requests:
            cpu: 50m
            memory: 128Mi
          limits: {}
      configs:
        secret:
          argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
      bbtests:
        enabled: true
        cypress:
          envs:
            cypress_url: "https://argocd.bigbang.dev"
          resources:
            requests:
              cpu: 2
              memory: 2Gi
        istio:
          sidecar:
            resources:
              cpu:
                requests: 100m
                limits: 2000m
              memory:
                requests: 512Mi
                limits: 2048Mi

  authservice:
    enabled: false
    chains:
      minimal:
        callback_uri: "https://minimal.bigbang.dev"
    values:
      resources:
        requests:
          cpu: 100m
          memory: 100Mi
        limits: {}
      redis:
        enabled: true
      redis-bb:
        master:
          persistence:
            size: 256Mi
        replica:
          replicaCount: 0
          autoscaling:
            enabled: false  
          persistence:
            size: 256Mi

  fortify:
    enabled: false
    flux:
      timeout: 15m
    ingress:
      gateway: ""
    sso:
      enabled: false
    values:
      storage:
        volume: 5Gi
      jvmMaxRAMPercentage: 85
      resources:
        limits:
          cpu: 2
          memory: 8Gi
        requests:
          cpu: 1
          memory: 1Gi
      databaseSecret:
        useRoot: true
      initContainer:
        resources:
          limits:
            cpu: 1
            memory: 500Mi
          requests:
            cpu: 250m
            memory: 64Mi
      trust_store_password: dsoppassword
      key_store_password: dsoppassword
      key_store_cert_password : dsoppassword
      fortify_autoconfig: |
          appProperties:
            host.validation: false
          datasourceProperties:
            db.username: root
            db.password: password
            jdbc.url: 'jdbc:mysql://fortify-mysql:3306/ssc_db?sessionVariables=collation_connection=latin1_general_cs&rewriteBatchedStatements=true'
          dbMigrationProperties:
            migration.enabled: true
            migration.username: root
            migration.password: password
      fortify_license: |
        <License>
      mysql:
        primary:
          resources:
            limits:
              cpu: 2
              memory: 2Gi
            requests:
              cpu: 100m
              memory: 500Mi
        secondary:
          resources:
            limits:
              cpu: 100m
              memory: 500Mi
            requests:
              cpu: 100m
              memory: 500Mi
        metrics:
          resources:
            limits:
              cpu: 100m
              memory: 500Mi
            requests:
              cpu: 100m
              memory: 256Mi
      bbtests:
        enabled: true
        cypress: # note `cypress:*`` is different than in the fortify chart test-values.yaml
          envs:
            cypress_url: "https://fortify.bigbang.dev"

  haproxy:
    istio:
      hardened:
        enabled: true

  gitlab:
    enabled: false
    sso:
      enabled: false
      client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab
    flux:
      timeout: 30m
    values:
      global:
        rails:
          bootstrap:
            enabled: false
      gitlab-runner:
        resources:
          requests:
            cpu: 10m
          limits: {}
      gitlab:
        webservice:
          minReplicas: 1
          maxReplicas: 1
          helmTests:
            enabled: false
        sidekiq:
          minReplicas: 1
          maxReplicas: 1
        gitlab-shell:
          minReplicas: 1
          maxReplicas: 1
        gitaly:
          persistence:
            size: 256Mi
          resources:
            ## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
            #requests:
            #  cpu: 50m
            #limits: {}
            requests:
              cpu: 400m
              memory: 600Mi
            limits:
              cpu: 400m
              memory: 600Mi
        shared-secrets:
          resources:
            requests:
              cpu: 10m
            limits: {}
        migrations:
          resources:
            requests:
              cpu: 10m
            limits: {}
        toolbox:
          persistence:
            size: 256Mi
          resources:
            requests:
              cpu: 10m
            limits: {}
      registry:
        hpa:
          minReplicas: 1
          maxReplicas: 1
      postgresql:
        persistence:
          size: 256Mi
        metrics:
          resources:
            requests:
              cpu: 10m
            limits: {}
      minio:
        persistence:
          size: 256Mi
        resources:
          requests:
            cpu: 50m
          limits: {}
      redis:
        master:
          persistence:
            size: 256Mi
        slave:
          persistence:
            size: 256Mi
      bbtests:
        enabled: true
        cypress:
          artifacts: true
          envs:
            cypress_url: https://gitlab.bigbang.dev
        scripts:
          envs:
            GITLAB_REPOSITORY: https://gitlab.bigbang.dev
            GITLAB_ORIGIN: https://testuser:Password123h56a78@gitlab.bigbang.dev
            GITLAB_REGISTRY: registry.bigbang.dev

  gitlabRunner:
    enabled: false
    values:
      resources:
        requests:
          memory: 64Mi
          cpu: 50m
        limits: {}
      runners:
        protected: false
      networkPolicies:
        additionalPolicies:
        - name: egress-runner-jobs
          spec:
            podSelector: {}
            policyTypes:
            - Egress
            egress:
            - to:
              - ipBlock:
                  cidr: 0.0.0.0/0
      bbtests:
        enabled: true
        cypress:
          artifacts: true
          envs:
            cypress_url: "https://gitlab.bigbang.dev"
            cypress_gitlab_first_name: "testrunner"
            cypress_gitlab_last_name: "userrunner"
            cypress_gitlab_email: "gitlab@bigbang.dev"
            cypress_gitlab_username: "gitlabrunner_user"
            cypress_gitlab_password: "Runner_PaSsw0rd123"
            cypress_gitlab_project: "runner-hello-world"
          secretEnvs:
            - name: cypress_adminpassword
              valueFrom:
                secretKeyRef:
                  name: gitlab-gitlab-initial-root-password
                  key: password

  anchore:
    enabled: false
    sso:
      enabled: false
      client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_anchore
    enterprise:
      enabled: false
      licenseYaml: |
       "TBD"
    values:
      ensureDbJobs:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      sso:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      postgresql:
        persistence:
          size: 256Mi
        resources:
          requests:
            cpu: 200m
            memory: 1024Mi
          limits: {}
        metrics:
          resources:
            requests:
              cpu: 100m
              memory: 200Mi
            limits: {}
      anchoreAnalyzer:
        replicaCount: 1
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreApi:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreCatalog:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchorePolicyEngine:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreSimpleQueue:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEngineUpgradeJob:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchore-feeds-db:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
        metrics:
          resources:
            requests:
              cpu: 100m
              memory: 200Mi
            limits: {}
      anchoreEnterpriseFeeds:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEnterpriseFeedsUpgradeJob:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEnterpriseRbac:
        authResources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
        managerResources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEnterpriseReports:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEnterpriseNotifications:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEntperpiseUi:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      anchoreEnterpriseEngineUpgradeJob:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      ui-redis:
        enabled: true
        replica:
          replicaCount: 0
          autoscaling:
            enabled: false 
      bbtests:
        enabled: true
        scripts:
          envs:
            ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"

  sonarqube:
    enabled: false
    sso:
      enabled: false
      client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_saml-sonarqube
      login: login
      name: name
      email: email
    values:
      plugins:
        install: []
      resources:
        requests:
          cpu: 100m
          memory: 200Mi
        limits: {}
      persistence:
        enabled: false
        size: 5Gi
      postgresql:
        persistence:
          size: 256Mi
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
          limits: {}
      tests:
        enabled: false
      bbtests:
        enabled: true
        cypress:
          envs:
            cypress_url: "https://sonarqube.bigbang.dev"
            cypress_url_setup: "https://sonarqube.bigbang.dev/setup"
      account:
        adminPassword: new_admin_password
        currentAdminPassword: admin
      curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:2.0.0

  minioOperator:
    enabled: true # Minio Operator is required for Loki in default core

  minio:
    enabled: false
    values:
      tenant:
        pools:
        - servers: 3
          volumesPerServer: 4
          size: 256Mi
          resources:
            requests:
              cpu: 250m
              memory: 2Gi
            limits:
              cpu: 250m
              memory: 2Gi
          securityContext:
            runAsUser: 1001
            runAsGroup: 1001
            fsGroup: 1001
            runAsNonRoot: true
          containerSecurityContext:
            runAsUser: 1001
            runAsGroup: 1001
            runAsNonRoot: true
      bbtests:
        # There have been intermittent failures of the tests in the past.   The issue is tracked in the below issue.
        # https://repo1.dso.mil/big-bang/product/packages/minio/-/issues/7
        # This issue can be reopened if problems reappear.
        enabled: true
        cypress:
          envs:
            cypress_url: 'https://minio.bigbang.dev/login'
        scripts:
          envs:
            MINIO_PORT: ''
            MINIO_HOST: 'https://minio-api.bigbang.dev'
    istio:
      enabled: true
      hardened:
        enabled: true

  mattermostOperator:
    enabled: false

  mattermost:
    enabled: false
    sso:
      enabled: false
      client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_mattermost
      client_secret: "no-secret"
    elasticsearch:
      enabled: true
    values:
      postgresql:
        persistence:
          size: 256Mi
      replicaCount: 1
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
        limits: {}
      minio:
        tenant:
          pools:
          - servers: 1
            volumesPerServer: 4
            size: 256Mi
            resources:
              requests:
                cpu: 250m
                memory: 2Gi
              limits:
                cpu: 250m
                memory: 2Gi
            securityContext:
              runAsUser: 1001
              runAsGroup: 1001
              fsGroup: 1001
              runAsNonRoot: true
            containerSecurityContext:
              runAsUser: 1001
              runAsGroup: 1001
              runAsNonRoot: true
      bbtests:
        enabled: true
        cypress:
          envs:
            cypress_url: https://chat.bigbang.dev

  nexusRepositoryManager:
    enabled: false
    # Nexus requires manual configuration in Keycloak client and cannot be tested with
    # you must test with your own dev deployment.  Example: keycloak.bigbang.dev
    # See more info in Nexus Package docs /docs/keycloak.md
    # Nexus SSO is behind a paywall. You must have a valid license to enable SSO
    # -- Base64 encoded license file.
    # cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
    #license_key: "enter-single-line-base64-encoded-string-here"
    sso:
      # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
      enabled: false
      idp_data:
        entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
        # -- IdP Field Mappings
        # -- NXRM username attribute
        username: "username"
        firstName: "firstName"
        lastName: "lastName"
        email: "email"
        groups: "groups"
      role:
        # id is the name of the Keycloak group (case sensitive)
        - id: "Nexus"
          name: "Keycloak Nexus Group"
          description: "unprivilaged users"
          privileges: []
          roles: []
        - id: "Nexus-Admin"
          name: "Keycloak Nexus Admin Group"
          description: "keycloak users as admins"
          privileges:
            - "nx-all"
          roles:
            - "nx-admin"
    # NexusNotes: |
    #   Login to Nexus Admin UI and then get the x509 certificate from this path
    #     https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
    #   copy and paste the nexus single line certificate into a text file and save it
    #     vi nexus-x509.txt
    #     -----BEGIN CERTIFICATE-----
    #     put-single-line-nexus-x509-certificate-here
    #     -----END CERTIFICATE-----
    #   make a valid pem file with proper wrapping at 64 characters per line
    #     fold -w 64 nexus-x509.txt > nexus.pem
    #   In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
    values:
      persistence:
        # Do NOT set this below 5Gi, nexus will fail to boot
        storageSize: 5Gi
      nexus:
      # https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
        env:
          - name: INSTALL4J_ADD_VM_PARAMS
            value: "-Dcom.redhat.fips=false -Xms1024M -Xmx1024M -XX:MaxDirectMemorySize=1024M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap -Djava.util.prefs.userRoot=/nexus-data/javaprefs"
          - name: NEXUS_SECURITY_RANDOMPASSWORD
            value: "true"
        resources:
          requests:
            cpu: 100m
            memory: 1500Mi
        docker:
          enabled: true
          registries:
            - host: containers.bigbang.dev
              port: 5000
        repository:
          enabled: true
          repo:
            - name: "containers"
              format: "docker"
              type: "hosted"
              repo_data:
                name: "containers"
                online: true
                storage:
                  blobStoreName: "default"
                  strictContentTypeValidation: true
                  writePolicy: "allow_once"
                cleanup:
                  policyNames:
                    - "string"
                component:
                  proprietaryComponents: true
                docker:
                  v1Enabled: false
                  forceBasicAuth: true
                  httpPort: 5000
      bbtests:
        enabled: true
        cypress:
          artifacts: true
          envs:
            cypress_nexus_url: "https://nexus.bigbang.dev"
        scripts:
          envs:
            docker_host: "containers.bigbang.dev"

  velero:
    enabled: false
    plugins:
    - aws
    values:
      serviceAccount:
        server:
          name: velero
      configuration:
        backupStorageLocation:
        - bucket: velero
          provider: aws
          default: true
          config:
            region: velero
            s3ForcePathStyle: "true"
            s3Url: https://minio-api.bigbang.dev
        volumeSnapshotLocation:
        - name: default
          provider: aws
          config:
            region: velero
      credentials:
        useSecret: true
        secretContents:
          cloud: |
            [default]
            aws_access_key_id = minio
            aws_secret_access_key = minio123
      cleanUpCRDs: true
      bbtests:
        enabled: true
        scripts:
          envs:
            MINIO_HOST: https://minio-api.bigbang.dev

  keycloak:
    enabled: false
    ingress:
      gateway: "passthrough"
      key: "" # Gets added via chart/ingress-certs.yaml
      cert: "" # Gets added via chart/ingress-certs.yaml
    values:
      replicas: 1
      resources:
        requests:
          cpu: 250m
          memory: 250Mi
        limits: {}
      bbtests:
        enabled: true
        cypress:
          envs:
            cypress_url: "https://keycloak.bigbang.dev"
      command:
        - "/opt/keycloak/bin/kc.sh"
      args:
        - "start"
        - "--import-realm"
      extraEnv: |-
        - name: KC_HTTPS_CERTIFICATE_FILE
          value: /opt/keycloak/conf/tls.crt
        - name: KC_HTTPS_CERTIFICATE_KEY_FILE
          value: /opt/keycloak/conf/tls.key
        - name: KC_HTTP_ENABLED
          value: "true"
        - name: KC_HTTP_RELATIVE_PATH
          value: /auth
        - name: KC_HTTPS_CLIENT_AUTH
          value: request
        - name: KC_PROXY
          value: passthrough
        - name: KC_HTTPS_TRUST_STORE_FILE
          value: /opt/keycloak/conf/truststore.jks
        - name: KC_HTTPS_TRUST_STORE_PASSWORD
          value: password
        - name: KC_HOSTNAME
          value: keycloak.bigbang.dev
        - name: KC_HOSTNAME_STRICT
          value: "true"
        - name: KC_HOSTNAME_STRICT_HTTPS
          value: "true"
        - name: KC_LOG_LEVEL
          value: "org.keycloak.events:DEBUG,org.infinispan:INFO,org.jgroups:INFO"
        - name: KC_CACHE
          value: ispn
        - name: KC_CACHE_STACK
          value: kubernetes
      secrets:
        env:
          stringData:
            CUSTOM_REGISTRATION_CONFIG: /opt/keycloak/conf/customreg.yaml
        customreg:
          stringData:
            customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
        realm:
          stringData:
            realm.json: '{{ .Files.Get "resources/dev/baby-yoda-bb-ci.json" }}'
        truststore:
          data:
            truststore.jks: |-
              {{ .Files.Get "resources/dev/truststore.jks" | b64enc }}
        quarkusproperties:
          stringData:
            quarkus.properties: '{{ .Files.Get "resources/dev/quarkus.properties" }}'
      extraInitContainers: |-
        - name: plugin
          image: registry1.dso.mil/ironbank/big-bang/p1-keycloak-plugin:3.2.0
          imagePullPolicy: Always
          command:
          - sh
          - -c
          - |
            cp /app/p1-keycloak-plugin.jar /init
            ls -l /init
          volumeMounts:
          - name: plugin
            mountPath: "/init"
      extraVolumes: |-
        - name: customreg
          secret:
            secretName: {{ include "keycloak.fullname" . }}-customreg
        - name: realm
          secret:
            secretName: {{ include "keycloak.fullname" . }}-realm
        - name: plugin
          emptyDir: {}
        - name: truststore
          secret:
            secretName: {{ include "keycloak.fullname" . }}-truststore
        - name: quarkusproperties
          secret:
            secretName: {{ include "keycloak.fullname" . }}-quarkusproperties
            defaultMode: 0777
      extraVolumeMounts: |-
        - name: customreg
          mountPath: /opt/keycloak/conf/customreg.yaml
          subPath: customreg.yaml
          readOnly: true
        - name: realm
          mountPath: /opt/keycloak/data/import/realm.json
          subPath: realm.json
        - name: plugin
          mountPath: /opt/keycloak/providers/p1-keycloak-plugin.jar
          subPath: p1-keycloak-plugin.jar
        - name: truststore
          mountPath: /opt/keycloak/conf/truststore.jks
          subPath: truststore.jks
        - name: quarkusproperties
          mountPath: /opt/keycloak/conf/quarkus.properties
          subPath: quarkus.properties

  vault:
    enabled: false
    ingress:
      gateway: "passthrough"
      key: "" # Gets added via chart/ingress-certs.yaml
      cert: "" # Gets added via chart/ingress-certs.yaml
    sso:
      enabled: false
      client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_vault
    values:
      minio:
        enabled: false
        disableSSL: true
        endpoint: minio
        accessKey: "minio"
        secretKey: "minio123"
        bucketName: vault-data
      autoInit:
        enabled: true
      global:
        tlsDisable: false
      injector:
        affinity: |
          podAntiAffinity:
            preferredDuringSchedulingIgnoredDuringExecution:
              - weight: 100
                podAffinityTerm:
                  labelSelector:
                    matchLabels:
                      app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
                      app.kubernetes.io/instance: "{{ .Release.Name }}"
                      component: webhook
                  topologyKey: kubernetes.io/hostname
      server:
        extraEnvironmentVars:
          VAULT_SKIP_VERIFY: "true"
          VAULT_LOG_FORMAT: "json"
        dataStorage:
          enabled: true
          size: 256Mi
        auditStorage:
          size: 256Mi
        ha:
          enabled: true
          replicas: 1
          apiAddr: "https://vault.bigbang.dev"
          raft:
            enabled: true
            config: |
              ui = true

              listener "tcp" {
                tls_disable = false
                address = "[::]:8200"
                cluster_address = "[::]:8201"
                tls_cert_file = "/vault/tls/tls.crt"
                tls_key_file  = "/vault/tls/tls.key"
                telemetry {
                  unauthenticated_metrics_access = true
                }
              }

              storage "raft" {
                path = "/vault/data"

                retry_join {
                  leader_api_addr = "https://vault-vault-0.vault-vault-internal:8200"
                  leader_client_cert_file = "/vault/tls/tls.crt"
                  leader_client_key_file = "/vault/tls/tls.key"
                  leader_tls_servername = "vault.bigbang.dev"
                }
              }

              seal "awskms" {
                region     = "us-gov-west-1"
                kms_key_id = "mrk-ff723da024254ea2b7f490c68fbc9b9b"
                endpoint   = "https://kms.us-gov-west-1.amazonaws.com"
              }

              telemetry {
                prometheus_retention_time = "24h"
                disable_hostname = true
              }

              service_registration "kubernetes" {}

      bbtests:
        enabled: true
        cypress:
          artifacts: true
          envs:
            cypress_vault_url: "https://vault.bigbang.dev"

  metricsServer:
    enabled: false
    values:
      replicas: 1
      bbtests:
        enabled: true

  # ----------------------------------------------------------------------------------------------------------------------
  # Harbor
  #
  harbor:
    # -- Toggle deployment of harbor
    enabled: false

    # -- Values to pass through to Habor chart: https://repo1.dso.mil/big-bang/product/packages/harbor.git
    values:
      expose:
        type: clusterIP
        tls:
          enabled: false
      internalTLS:
        enabled: false
      externalURL: https://harbor.bigbang.dev
      nginx:
        resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
      portal:
        resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
      core:
        secretName: "ci-only"
        resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
      jobservice:
        resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
      registry:
        registry:
          resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
        controller:
          resources:
          requests:
            memory: 200Mi
            cpu: 80m
          limits:
            cpu: 80m
            memory: 200Mi
      chartmuseum: