Gitlab kas virtual service logical inconsistency

Bug

Description

The kas sub-chart is disabled by default: https://repo1.dso.mil/big-bang/product/packages/gitlab/-/blob/main/chart/values.yaml?ref_type=heads#L162

The kas virtual service is enabled by default: https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/templates/gitlab/values.yaml?ref_type=heads#L82

Out of the box, we get a virtual service backed by nothing.

If I wish to enable the kas sub-chart, I would set .Values.addons.gitlab.values.upstream.global.kas.enabled=true. This would align with the default for the virtual service.

If I wish to disable it, so I don't get an orphaned virtual service, I have to set .Values.addons.gitlab.values.global.kas.enabled=false. (without the upstream key).

I believe these should be consolidated so the virtual service conditional references the upstream path (and defaults to false rather than true) so one toggle affects both together.

Network policy and annotations for kas should also probably be conditional.

BigBang Version

3.16.0

Edited Feb 02, 2026 by Samuel Sarnowski