Newer
Older
runyontr
committed
flux: {}
# -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/nexus.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of SonarQube.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Sonarqube Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# Enabling this option will auto-create any required secrets.
client_id: ""
# -- SonarQube SSO login button label
# -- SonarQube plaintext SAML sso certificate.
# example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
certificate: ""
# -- SonarQube login sso attribute.
login: login
# -- SonarQube name sso attribute.
name: name
# -- SonarQube email sso attribute.
email: email
# -- (optional) SonarQube group sso attribute.
group: group
# -- Hostname of a pre-existing PostgreSQL database to use for SonarQube.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for SonarQube.
port: 5432
# -- Database name to connect to on host.
database: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Deployment of HAProxy is automatically toggled depending on Monitoring SSO and Monitoring Istio Injection
#
Ryan Garcia
committed
haproxy:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
Ryan Garcia
committed
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the HAProxy Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/haproxy.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# -- Toggle deployment of Anchore.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Anchore Package
flux:
upgrade:
disableWait: true
# -- Initial admin password used to authenticate to Anchore.
adminPassword: ""
# -- Anchore Enterprise functionality.
# -- Toggle the installation of Anchore Enterprise. This must be accompanied by a valid license.
# -- License for Anchore Enterprise.
# For formatting examples see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#enabling-enterprise-services
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Toggle OIDC SSO for Anchore on and off.
# Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
# -- Anchore OIDC client ID
# -- Anchore OIDC client role attribute
# -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
# -- Port of a pre-existing PostgreSQL database to use for Anchore.
# -- Username to connect as to external database, the user must have all privileges on the database.
# -- Database password for the username used to connect to the existing database.
# -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
# -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
# Only required for enterprise edition of anchore.
# By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies
feeds_database: ""
# -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
# -- Port of a pre-existing Redis to use for Anchore Enterprise.
# -- OPTIONAL: Username to connect to a pre-existing Redis (for password-only auth leave empty)
username: ""
# -- Password to connect to pre-existing Redis.
# -- Values to passthrough to the anchore chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Mattermost Operator and Instance
#
mattermostoperator:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Mattermost Operator Package
flux: {}
# -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
mattermost:
# -- Toggle deployment of Mattermost.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Mattermost Package
flux: {}
# -- Mattermost Enterprise functionality.
enterprise:
# -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install.
enabled: false
# -- License for Mattermost.
# This should be the entire contents of the license file from Mattermost (should be one line), example below
# license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
license: ""
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
sso:
# -- Toggle OIDC SSO for Mattermost on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Mattermost OIDC client ID
client_id: ""
# -- Mattermost OIDC client secret
client_secret: ""
# -- Mattermost OIDC auth endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
auth_endpoint: ""
# -- Mattermost OIDC token endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
token_endpoint: ""
# -- Mattermost OIDC user API endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
user_api_endpoint: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Mattermost.
port: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Database name to connect to on host.
database: ""
# -- SSL Mode to use when connecting to the database.
# Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
ssl_mode: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# Entering connection info will enable this option and will auto-create any required secrets.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket name to use for Mattermost - will be auto-created.
bucket: ""
# -- Mattermost Elasticsearch integration - requires enterprise E20 license - https://docs.mattermost.com/deployment/elasticsearch.html
# Connection info defaults to the BB deployed Elastic, all values can be overridden via the "values" passthrough for other connections.
# See values spec in MM chart "elasticsearch" yaml block - https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
elasticsearch:
# -- Toggle interaction with Elastic for optimized search indexing
enabled: false
# -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
velero:
# -- Toggle deployment of Velero.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
path: "./chart"
Ryan Garcia
committed
# -- Flux reconciliation overrides specifically for the Velero Package
flux: {}
# -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
# -- Values to passthrough to the Velero chart: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/chart/values.yaml
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
#
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Keycloak
#
keycloak:
# -- Toggle deployment of Keycloak.
# if you enable Keycloak you should uncomment the istio passthrough configurations above
# istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
path: "./chart"
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
database:
# -- Hostname of a pre-existing database to use for Keycloak.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Pre-existing database type (e.g. postgres) to use for Keycloak.
type: postgres
# -- Port of a pre-existing database to use for Keycloak.
port: 5432
# -- Database name to connect to on host.
database: "" # example: keycloak
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
# the istio gateway for keycloak must have tls.mode: PASSTHROUGH
gateway: "passthrough"
# -- Certificate/Key pair to use as the certificate for exposing Keycloak
# Setting the ingress cert here will automatically create the volume and volumemounts in the Keycloak Package chart
key: ""
cert: ""
# -- Values to passthrough to the keycloak chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------
# Vault
#
vault:
# -- Toggle deployment of Vault.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
path: "./chart"
# -- Flux reconciliation overrides specifically for the Vault Package
flux: {}
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
# -- Certificate/Key pair to use as the certificate for exposing Vault
# Setting the ingress cert here will automatically create the volume and volumemounts in the Vault package chart
key: ""
cert: ""
# -- Values to passthrough to the vault chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
# -- Post Renderers. See docs/postrenders.md
# ----------------------------------------------------------------------------------------------------------------------
# Metrics Server
#
metricsServer:
# -- Toggle deployment of metrics server
# Acceptable options are enabled: true, enabled: false, enabled: auto
# true = enabled / false = disabled / auto = automatic (Installs only if metrics API endpoint is not present)
enabled: auto
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/metrics-server.git
path: "./chart"
tag: "3.8.0-bb.2"
# -- Flux reconciliation overrides specifically for the metrics server Package
flux: {}
# -- Values to passthrough to the metrics server chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/metrics-server.git
values: {}
# -- Post Renderers. See docs/postrenders.md
postRenderers: []