values.yaml

hostname: bigbang.dev

# Toggle sourcing from external repos
# TODO: All this does right now is toggle GitRepositories, it is _not_ fully functional
offline: false

# Regisitires can be an explicit map of registries as provided here
registryCredentials:
  registry: registry1.dso.mil
  username: ""
  password: ""
  email: ""

# Or a list of registires:
#registryCredentials:
#  - registry: registry1.dso.mil
#    username: ""
#    password: ""
#    email: ""
#  - registry: registry.dso.mil
#    username: ""
#    password: ""
#    email: ""

# Global git values
# Order of precedence is:
#   1. existingSecret
#   2. http credentials (username/password)
#   3. ssh credentials (privateKey/publicKey/knownHosts)
git:
  # Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
  existingSecret: ""

  # Chart created secrets with user defined values
  credentials:
    # HTTP git credentials, both username and password must be provided
    username: ""
    password: ""

    # SSH git credentials, privateKey, publicKey, and knownHosts must be provided
    privateKey: ""
    publicKey: ""
    knownHosts: ""

# Gloabl SSO parameters
sso:
  oidc:
    host: login.dso.mil
    realm: baby-yoda
  certificate_authority: ''
  jwks: ""
  client_id: ""
  client_secret: ""

# Flux reconciliation parameters
flux:
  interval: 2m
  install:
    retries: 3
  upgrade:
    retries: 3
  rollback:
    timeout: 10m
    cleanupOnFail: true

# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
istio:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
    path: "./chart"
    tag: "1.7.3-bb.7"
  ingress:
    key: ""
    cert: ""
  sso:
    enabled: false
    kiali:
      client_id: kiali
      client_secret: "change_me"
    jaeger:
      client_id: jaeger
      client_secret: "change_me"
  values: {}

istiooperator:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
    path: "./chart"
    tag: "1.7.0-bb.1"
  values: {}
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
clusterAuditor:
  enabled: true
  git: 
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
    path: "./chart"
    tag: "0.1.8-bb.1"
  values: {}
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
gatekeeper:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
    path: "./chart"
    tag: "3.1.2-bb.3"
  values: {}
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
logging:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
    path: "./chart"
    tag: "0.1.4-bb.3"
  values: {}

eckoperator:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
    path: "./chart"
    tag: "1.3.0-bb.3"
  values: {}

fluentbit:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
    path: "./chart"
    tag: "0.7.5-bb.0"
  values: {}
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
monitoring:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
    path: "./chart"
    tag: "11.0.0-bb.13"
  sso:
    enabled: false
    prometheus:
      client_id: prometheus
      client_secret: "change_me"
    alertmanager:
      client_id: alertmanager
      client_secret: "change_me"
    grafana:
      client_id: grafana
      client_secret: "change_me"
      scopes: ""
      allow_sign_up: "true"
      role_attribute_path: "Viewer"
  values: {}
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
twistlock:
  enabled: true
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
    path: "./chart"
    tag: "0.0.2-bb.1"
  values: {}

# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minio:
  enabled: true
  miniooperator:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
      path: "./chart"
      tag: "2.0.9-bb.1"
    values: {}
  minioinstance:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
      path: "./chart"
      tag: "2.0.9-bb.1"
    values: {}

#
# ----------------------------------------------------------------------------------------------------------------------
#
addons:
  argocd:
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
      path: "./chart"
      tag: "2.9.5-bb.4"
    sso:
      enabled: false
      client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
      provider_name: "" # login as name example: P1 SSO
      client_secret: ""  # for dev this can be set to anything
      groups: |
        g, Impact Level 2 Authorized, role:admin
    values: {}

  authservice:
    # if enabling authservice, a filter needs to be provided by either enabling
    # sso for monitoring or istio, or manually adding a filter chain in the values here:
    # values:
    #   chain:
    #     minimal:
    #       callback_uri: "https://somecallback"
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
      path: "./chart"
      tag: "0.1.6-bb.3"
    # Dont put chain configuraitons in this section
    values: {}
    # Put additional chain configuration in this section
    chains: {}

  gitlab:
    enabled: false
    hostnames:
      gitlab: gitlab.bigbang.dev
      registry: registry.bigbang.dev
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
      path: "./chart"
      tag: "4.8.0-bb.0"
    sso:
      # enabling this option will auto-create any required secrets. 
      # The defaults assume an OIDC provider. 
      enabled: false
      label: ""  # the text next to the login button
      client_id: ""
      client_secret: ""
    database:
      # entering connection info will enable external database and will auto-create any required secrets.
      # Gitlab will not provison the database when using an external service
      host: ""     # example: postgres.bigbang.dev
      port: ""     # example: 5432
      username: "" # example: gitlab
      database: "" # example: gitlab
      password: "" # unencoded string data. This should be placed in the secret values and then encrypted
    objectstorage:
      # entering connection info will enable this option and will auto-create any required secrets
      # Gitlab will not provision the S3 buckets when using an external service
      type: ""         # supported types are "s3" or "minio"
      endpoint: ""     # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
      region: ""       # example: us-gov-west-1
      accessKey: ""    # unencoded string data
      accessSecret: "" # unencoded string data. This should be placed in the secret values and then encrypted
      bucketPrefix: "" # optional. example: "prod"
    values: {}

  gitlabRunner:
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
      path: "./chart"
      tag: "0.19.2-bb.2"
    values: {}

  sonarqube:
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
      path: "./chart"
      tag: "9.2.6-bb.2"
    sso:
      enabled: false
      client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
      label: "" # login as name example: P1 SSO
      certificate: "" # SAML sso certificate example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
      login: login # login sso attribute example: login
      name: name # name sso attribute example: name
      email: email # email sso attribute example: email
      group: group # (optional) group sso attribute example: group
    database:
      host: "" # postgres location example: postgres.bigbang.dev
      port: 5432 # 5432
      database: "" # database name example: sonarDB
      username: "" # postgres user example: sonarUser
      password: "" # unencoded stringData. This should be put in the secret values
    values: {}
      
  haproxy:
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
      path: "./chart"
      tag: 1.1.2-bb.0
    values: {}

  anchore:
    enabled: false
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
      path: "./chart"
      tag: "1.9.5-bb.2"
    adminPassword: "" # Required, set the Admin password
    enterprise:
      enabled: false
      licenseYaml: |
        FULL LICENSE
    sso:
      enabled: false
      client_id: ""
      role_attribute: ""
    database:
      # Entering connection info will enable external database and will auto-create any required secrets.
      # Anchore will not provison the database when using an external service
      host: ""
      port: ""
      username: ""
      password: ""
      database: ""
      feeds_database: "" # Only needed for enterprise
    redis:
      # Entering connection info will enable external redis and will auto-create any required secrets.
      # Anchore only requires redis for enterprise deployments and will not provision an instance if using external
      host: ""
      port: ""
      password: ""
    values: {}