Newer
Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"nZUXZDUyyAEKY4dJyargboayGxJmmlrhcoBoik-7040\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"qAl-BtUwp2ZVl7wix_8-pucv-jTK1L9QGFVW02kPYlFi0frg-OL9XsSB1MsJIEFfnDIZ_psvvWYoZkVnzibgVlfAjOQXyIevOWLpSlUK3BpWFnAfO-0oyQWSsclyE8-xpzTifL75SvbSvDp3JXVBa4UdgV2qsNs7xu99wipQ7cro2lpne5EIHv6eKJMeG1eFQS2DJrI6ydNOLrzHFOA3pAhZRphId6dxYWaKzH_tcR34uQ2gg-IgmGakYLFhG_P2ZrMdPqouej_WFoc9Y9hlHx8NALfA6uYe4aDCbWCTL1V1sZJjzVR7WiTDh7fIogTu_2ukpCOnXX_SaLadoulxLw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=\"],\"x5t\":\"ihEvRimRNSdrnr_Fhnd4OElB3-E\",\"x5t#S256\":\"YNijWPCIhWA5xQTwyIfvlBN-UcMe46Um2ywE-ADiqjM\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
interval: 1m
rollback:
cleanupOnFail: false
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "" # Gets added via chart/ingress-certs.yaml
cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger
istio:
jaeger:
enabled: true
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kiali
values:
cr:
spec:
auth:
strategy: "anonymous"
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://kiali.bigbang.dev'
clusterAuditor:
enabled: true
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
Josh Wolf
committed
limits: {}
bbtests:
enabled: true
cypress:
envs:
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_allownodatas: '0'
cypress_url: 'https://grafana.bigbang.dev/d/YBgRZG6Mz/opa-violations?orgId=1'
gatekeeper:
enabled: true
values:
replicas: 1
controllerManager:
resources:
limits: {}
requests:
cpu: 100m
memory: 256Mi
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
allowedHostFilesystem:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- keycloak/keycloak-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
allowedIPs:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-external-ips-.?
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
bannedImageTags:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
noSysctls:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-sysctls-.?
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
restrictedTaint:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/disallow-tolerations-.?
selinuxPolicy:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
- default/disallow-selinux-options-.?
- default/restrict-selinux-type-.?
volumeTypes:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- keycloak/keycloak-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
kyvernopolicies:
enabled: false
values:
bbtests:
enabled: true
exclude:
any:
# Allows k3d load balancer to bypass policies.
- resources:
namespaces:
- istio-system
names:
- svclb-*
# Exclude gatekeeper test resources so Helm tests will work
- resources:
namespaces:
- default
names:
- bad-test*
- good-test*
# Parameters are copied from kyverno policies for test vectors
# Exclusions are for allowing other helm tests to function
policies:
clone-configs:
parameters:
clone:
- name: clone-configs-1
kind: ConfigMap
namespace: "{{ .Release.Namespace }}"
- name: clone-configs-2
kind: Secret
namespace: "{{ .Release.Namespace }}"
disallow-annotations:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-labels:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-tolerations:
parameters:
disallow:
- effect: NoSchedule
key: notallowed
value: 'false'
- effect: '*NoSchedule'
key: disa??owed
value: 'true'
require-annotations:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
require-image-signature:
parameters:
require:
- image: ghcr.io/kyverno/test-verify-image:*
key: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
require-labels:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
restrict-external-ips:
parameters:
allow:
- 192.168.0.1
restrict-external-names:
enabled: true
parameters:
allow:
- allowed
restrict-host-path-mount:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-path-write:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-ports:
parameters:
allow:
- '63999'
- '>= 64000 & < 65000'
- '> 65000'
restrict-image-registries:
exclude:
any:
# ArgoCD deploys a test app as part of its Cypress test
- resources:
namespaces:
- argocd
names:
- guestbook-ui*
restrict-volume-types:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- mattermost
- nexus-repository-manager
names:
- "*-cypress-test*"
update-image-pull-policy:
parameters:
update:
- to: Always
update-image-registry:
parameters:
update:
- from: replace.image.registry
to: registry1.dso.mil
logging:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kibana
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
config:
inputs: |
[INPUT]
Name tail
Path /var/log/containers/*flux-system*.log
Parser containerd
Tag kube.*
Mem_Buf_Limit 50MB
Skip_Long_Lines On
storage.type filesystem
loki:
enabled: false
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
global:
createGlobalConfig: true
existingSecretForConfig: "loki-config"
loki-simple-scalable:
write:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
read:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
values:
istio:
tempoQuery:
hosts:
- "tempo.{{ .Values.domain }}"
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://tempo.bigbang.dev'
cypress_tempo_datasource: 'http://tempo-tempo.tempo.svc:3100'
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
image: registry1.dso.mil/ironbank/big-bang/base:1.2.0
envs:
TEMPO_METRICS_URL: 'http://tempo-tempo.tempo.svc:3100'
persistence:
enabled: true
# storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 5Gi
tempoQuery:
resources:
requests:
cpu: 200m
memory: 128Mi
monitoring:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_prometheus
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_alertmanager
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_grafana
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
cypress_check_istio_dashboards: 'true'
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-saml
values:
console:
persistence:
bbtests:
enabled: true
cypress:
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
envs:
twistlock_host: "https://twistlock.bigbang.dev"
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
Josh Wolf
committed
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
Josh Wolf
committed
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
Josh Wolf
committed
limits: {}
Josh Wolf
committed
redis:
resources:
requests:
Josh Wolf
committed
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
Josh Wolf
committed
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
Josh Wolf
committed
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
cypress:
envs:
cypress_url: "https://argocd.bigbang.dev"
Josh Wolf
committed
Josh Wolf
committed
enabled: false
Ryan Garcia
committed
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
Josh Wolf
committed
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
redis:
master:
persistence:
size: 256Mi
replica:
persistence:
size: 256Mi
Josh Wolf
committed
Josh Wolf
committed
enabled: false
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab
Josh Wolf
committed
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
Josh Wolf
committed
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
Josh Wolf
committed
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
Josh Wolf
committed
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
Josh Wolf
committed
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
Josh Wolf
committed
metrics:
resources:
requests:
cpu: 10m
limits: {}
# Required for RKE2 nightly CI cluster with FIPS since Gitlab 14.7.X
postgresqlExtendedConf:
passwordEncryption: "scram-sha-256"
Josh Wolf
committed
minio:
Josh Wolf
committed
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
scripts:
envs:
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
Josh Wolf
committed
Josh Wolf
committed
enabled: false
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
Josh Wolf
committed
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
Josh Wolf
committed
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
postgresql:
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreAnalyzer:
Josh Wolf
committed
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseRbac:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
managerResources:
Ryan Garcia
committed
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
Josh Wolf
committed
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
bbtests:
enabled: true
scripts:
envs:
ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"
Josh Wolf
committed
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_saml-sonarqube
certificate: MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=
login: login
name: name
email: email