General MR

Summary

Populate the common key in each package's generated secret file with meaningful information.

**Note: The values that are currently targeted to come under the bb-common chart were pulled from a unified view of all settings applied to the given package (default settings in umbrella + overridden values).

Relevant logs/screenshots

Examples of Updated Values

Keycloak

bbtests:
  cypress:
    envs:
      cypress_url: https://keycloak.dev.bigbang.mil
  enabled: true
istio:
  enabled: true
  hardened:
    customAuthorizationPolicies:
    - enabled: true
      name: allow-intranamespace-keycloak
      spec:
        action: ALLOW
        rules:
        - from:
          - source:
              namespaces:
              - keycloak
    customServiceEntries:
    - enabled: true
      name: cypress-service-entries-keycloak
      spec:
        exportTo:
        - .
        hosts:
        - keycloak.dev.bigbang.mil
        - repo1.dso.mil
        location: MESH_EXTERNAL
        ports:
        - name: https
          number: 443
          protocol: TLS
        resolution: DNS
    enabled: true
  injection: enabled
  keycloak:
    enabled: true
    gateways:
    - istio-gateway/passthrough-ingressgateway
networkPolicies:
  enabled: true
  ingressLabels:
    app: passthrough-ingressgateway
    istio: ingressgateway
  istioNamespaceSelector:
    egress: istio-system
    ingress: istio-gateway

Kiali

bbtests:
  cypress:
    envs:
      cypress_check_data: "true"
      cypress_url: https://kiali.dev.bigbang.mil
  enabled: true
istio:
  enabled: true
  hardened:
    enabled: true
  kiali:
    gateways:
    - istio-gateway/public-ingressgateway
networkPolicies:
  egress:
    defaults:
      allowIstiod:
        enabled: true
    definitions:
      kubeAPI:
        to:
        - ipBlock:
            cidr: 172.16.0.0/12
      sso:
        to:
        - ipBlock:
            cidr: 0.0.0.0/0
    from:
      kiali:
        to:
          definition:
            sso: true
          k8s:
            istio-system/istiod:15014: true
            monitoring/grafana:3000: true
            monitoring/prometheus:9090: true
            tempo/tempo:3100: true
  enabled: true
  ingress:
    defaults:
      allowPrometheusToIstioSidecar:
        enabled: true
sso:
  enabled: true

Istiod

networkPolicies:
  controlPlaneCIDRs:
  - 172.16.0.0/12
  egress:
    definitions:
      sso:
        to:
        - ipBlock:
            cidr: 0.0.0.0/0
    from:
      istiod:
        to:
          definition:
            sso: true
  enabled: true
  ingress:
    to:
      istiod:15014:
        from:
          k8s:
            kiali/kiali: true
            monitoring/prometheus: true

Tempo

bbtests:
  cypress:
    envs:
      cypress_check_datasource: "true"
      cypress_grafana_url: https://grafana.dev.bigbang.mil
      cypress_tempo_datasource: http://tempo-tempo.tempo.svc:3100
      cypress_url: https://tempo.dev.bigbang.mil
  enabled: true
  scripts:
    enabled: false
    envs:
      TEMPO_METRICS_URL: http://tempo-tempo.tempo.svc:3100
istio:
  enabled: true
  hardened:
    customServiceEntries:
    - enabled: true
      name: cypress-service-entries-tempo
      spec:
        hosts:
        - registry.npmjs.org
        - download.cypress.io
        - cdn.cypress.io
        - repo1.dso.mil
        - tempo.dev.bigbang.mil
        - grafana.dev.bigbang.mil
        - grafana.com
        location: MESH_EXTERNAL
        ports:
        - name: https
          number: 443
          protocol: TLS
        resolution: DNS
    enabled: true
  tempoQuery:
    gateways:
    - istio-gateway/public-ingressgateway
    hosts:
    - tempo.{{ .Values.domain }}
networkPolicies:
  controlPlaneCidr: 172.16.0.0/12
  enabled: true
  ingressLabels:
    app: public-ingressgateway
    istio: ingressgateway
  istioNamespaceSelector:
    egress: istio-system
    ingress: istio-gateway
sso:
  enabled: false

Linked Issue

issue

Upgrade Notices

N/A

Edited Aug 26, 2025 by Jimmy Bourque

Admin message