Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"hiML1kjw-sw25BgaZI1AyfgcCRBPJKPE-wwttqa7NNxptr_5RCBGuJXqDyo3p1vjcbb8KjdKnXI7kWer8b2Pz_RP1m_QcPrKOxSluk7GZF8ARsc6FPGbzYgi8o8cBVSsaml6HZzpN3ZnH4DFZ27ifM-Ul_PyMxZ2aweohIaizXp-rgF7Rqpav5NXUwmcSyH8LP92NVIuFlD3HYTDGosVbfA_u_H25Z4XCGKW_vLDTNrl8PcA3HqIoD-vNavysdxAq_KNw7iLLc0KLsjFYSdJL_54H7QubsGR0AyIrLLurJbqAtvttGJK38k5XYWKIwYGtu6iiJwjSb7UtonVdPh8Vw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=\"],\"x5t\":\"mxFIwx7EdgxyC3Y6ODLx8yr8Bx8\",\"x5t#S256\":\"SdT7ScKVOnBW6qs_MuYdTGVtMGwYK_-nmQF9a_8lXco\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
interval: 1m
rollback:
cleanupOnFail: false
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
values:
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
cr:
spec:
auth:
strategy: "anonymous"
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://kiali.bigbang.dev'
clusterAuditor:
enabled: true
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: .5Gi
limits: {}
gatekeeper:
enabled: true
values:
replicas: 1
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 256Mi
limits: {}
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
bbtests:
# TODO: Test will need to be refactored at BB level to properly run since we can't turn everything to deny
# https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/133
enabled: false
scripts:
image: registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1
additionalVolumeMounts:
- name: "{{ .Chart.Name }}-test-config"
mountPath: /yaml
- name: "{{ .Chart.Name }}-kube-cache"
mountPath: /.kube/cache
additionalVolumes:
- name: "{{ .Chart.Name }}-test-config"
configMap:
name: "{{ .Chart.Name }}-test-config"
- name: "{{ .Chart.Name }}-kube-cache"
emptyDir: {}
kyverno:
enabled: false
values:
replicas: 1
bbtests:
enabled: true
scripts:
image: registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1
additionalVolumeMounts:
- name: "{{ .Chart.Name }}-test-config"
mountPath: /yaml
additionalVolumes:
- name: "{{ .Chart.Name }}-test-config"
configMap:
name: "{{ .Chart.Name }}-test-config"
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
logging:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
secretEnvs:
- name: cypress_elastic_password
valueFrom:
secretKeyRef:
name: "logging-ek-es-elastic-user"
key: elastic
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
elasticsearch_host: "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"
desired_version: "{{ .Values.elasticsearch.version }}"
secretEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: "logging-ek-es-elastic-user"
key: elastic
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
fluent_host: "http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
desired_version: "{{ .Values.image.tag }}"
monitoring:
enabled: true
sso:
enabled: false
prometheus:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
alertmanager:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
grafana:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-grafana
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
resources:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-twistlock
values:
console:
persistence:
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
twistlock_host: "https://twistlock.bigbang.dev"
desired_version: "{{ .Values.console.image.tag }}"
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
Josh Wolf
committed
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
Josh Wolf
committed
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
Josh Wolf
committed
limits: {}
Josh Wolf
committed
redis:
resources:
requests:
Josh Wolf
committed
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
Josh Wolf
committed
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
Josh Wolf
committed
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
cypress:
artifacts: true
envs:
cypress_url: "https://argocd.bigbang.dev"
cypress_user: "admin"
cypress_password: "Password123"
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Ryan Garcia
committed
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
redis:
master:
persistence:
size: 256Mi
replica:
persistence:
size: 256Mi
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab
Josh Wolf
committed
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
Josh Wolf
committed
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
Josh Wolf
committed
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
Josh Wolf
committed
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
Josh Wolf
committed
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
task-runner:
Josh Wolf
committed
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
Josh Wolf
committed
metrics:
resources:
requests:
cpu: 10m
limits: {}
minio:
Josh Wolf
committed
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
cypress_gitlab_first_name: "test"
cypress_gitlab_last_name: "user"
cypress_gitlab_username: "testuser"
cypress_gitlab_password: "12345678"
cypress_gitlab_email: "testuser@example.com"
cypress_gitlab_project: "my-awesome-project"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
scripts:
image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/bbtests:0.0.3"
envs:
GITLAB_USER: "testuser"
GITLAB_PASS: "12345678"
GITLAB_EMAIL: "testuser@example.com"
GITLAB_PROJECT: "my-awesome-project"
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
Josh Wolf
committed
Josh Wolf
committed
enabled: false
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
Josh Wolf
committed
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
postgresql:
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreAnalyzer:
Josh Wolf
committed
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseRbac:
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
managerResources:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
bbtests:
enabled: true
scripts:
image: registry1.dso.mil/ironbank/anchore/cli/cli:0.9.1
envs:
ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"
ANCHORE_CLI_USER: admin
secretEnvs:
- name: ANCHORE_CLI_PASS
valueFrom:
secretKeyRef:
name: "{{ template \"anchore-engine.fullname\" . }}-admin-pass"
key: ANCHORE_ADMIN_PASSWORD
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
provider_name: "P1 SSO"
certificate: MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=
login: login
name: name
email: email
Josh Wolf
committed
values:
plugins:
install: []
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
persistence:
enabled: false
size: 5Gi
postgresql:
size: 256Mi
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
tests:
enabled: false
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://sonarqube.bigbang.dev"
cypress_url_setup: "https://sonarqube.bigbang.dev/setup"
cypress_user: "admin"
cypress_password: "new_admin_password"
account:
adminPassword: new_admin_password
currentAdminPassword: admin
curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:8.4
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Josh Wolf
committed
enabled: false
values:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
# There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
# This issue can be reopened if problems reappear.
enabled: true
cypress_url: 'https://minio.bigbang.dev/login'
secretEnvs:
- name: cypress_secretkey
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: secretkey
- name: cypress_accesskey
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: accesskey
scripts:
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2021-09-02T09-21-27Z
envs:
MINIO_PORT: ''
MINIO_HOST: 'https://minio-api.bigbang.dev'
secretEnvs:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: secretkey
- name: ACCESS_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: accesskey
Josh Wolf
committed
mattermostoperator:
Josh Wolf
committed
enabled: false
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
client_secret: "no-secret"
Josh Wolf
committed
values:
postgresql:
persistence:
size: 256Mi
Josh Wolf
committed
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits: {}
minio:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: https://chat.bigbang.dev
cypress_mm_email: "test@bigbang.dev"
cypress_mm_user: "bigbang"
cypress_mm_password: "Bigbang#123"
runyontr
committed
nexus:
enabled: false
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
# Nexus requires manual configuration in Keycloak client and cannot be tested with login.dso.mil
# you must test with your own dev deployment. Example: keycloak.bigbang.dev
# See more info in Nexus Package docs /docs/keycloak.md
# Nexus SSO is behind a paywall. You must have a valid license to enable SSO
# -- Base64 encoded license file.
# cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
#license_key: "enter-single-line-base64-encoded-string-here"
sso:
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
idp_data:
entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
# -- IdP Field Mappings
# -- NXRM username attribute
username: "username"
firstName: "firstName"
lastName: "lastName"
email: "email"
groups: "groups"
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
# curl https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/descriptor ; echo
idpMetadata: 'enter-single-quoted-single-line-string-here'
role:
# id is the name of the Keycloak group (case sensitive)
- id: "Nexus"
name: "Keycloak Nexus Group"
description: "unprivilaged users"
privileges: []
roles: []
- id: "Nexus-Admin"
name: "Keycloak Nexus Admin Group"
description: "keycloak users as admins"
privileges:
- "nx-all"
roles:
- "nx-admin"
# NexusNotes: |
# Login to Nexus Admin UI and then get the x509 certificate from this path
# https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
# copy and paste the nexus single line certificate into a text file and save it
# vi nexus-x509.txt
# -----BEGIN CERTIFICATE-----
# put-single-line-nexus-x509-certificate-here
# -----END CERTIFICATE-----
# make a valid pem file with proper wrapping at 64 characters per line
# fold -w 64 nexus-x509.txt > nexus.pem
# In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
runyontr
committed
values:
persistence:
# Do NOT set this below 5Gi, nexus will fail to boot
storageSize: 5Gi
runyontr
committed
nexus:
# https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
env:
- name: install4jAddVmParams
value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
resources:
requests:
cpu: 100m
memory: 1500Mi
cypress:
artifacts: true
envs:
cypress_nexus_url: "https://nexus.bigbang.dev"
cypress_nexus_user: "admin"
cypress_nexus_pass_new: "new_admin_password"
secretEnvs:
- name: cypress_nexus_pass
valueFrom:
secretKeyRef:
name: nexus-repository-manager-secret
key: admin.password
runyontr
committed
values:
serviceAccount:
server:
name: velero
configuration:
# minio uses s3 provider
provider: aws
backupStorageLocation:
bucket: velero
config: &minio-config
region: velero
insecureSkipTLSVerify: "true"
s3ForcePathStyle: "true"
s3Url: &minio-address https://minio.bigbang.dev
volumeSnapshotLocation: