# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
hostname: bigbang.dev
# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
offline: false
# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# Or a list of registires:
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Openshift Container Platform Feature Toggle
openshift: false
# -- Git credential settings for accessing private repositories
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
existingSecret: ""
# -- Chart created secrets with user defined values
credentials:
# -- HTTP git credentials, both username and password must be provided
username: ""
password: ""
# -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# -- Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages.
sso:
oidc:
# -- Domain for keycloak used for configuring SSO
host: login.dso.mil
# -- Keycloak realm containing clients
realm: baby-yoda
# -- Keycloak's certificate authority (unencoded) used by authservice to support SSO for various packages
certificate_authority: ""
# -- Keycloak realm's json web key uri, obtained through https://<keycloak-server>/auth/realms/<realm>/.well-known/openid-configuration
jwks: ""
# -- OIDC client ID used for packages authenticated through authservice
client_id: ""
# -- OIDC client secret used for packages authenticated through authservice
client_secret: ""
# -- OIDC token URL template string (to be used as default)
token_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"
# -- OIDC auth URL template string (to be used as default)
auth_url: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"
# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
flux:
interval: 2m
install:
retries: 3
upgrade:
retries: 3
rollback:
timeout: 10m
cleanupOnFail: true
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
istio:
# -- Toggle deployment of Istio.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
path: "./chart"
tag: "1.7.3-bb.9"
# -- Certificate/Key pair to use as the default certificate for exposing BigBang created applications.
# If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`.
ingress:
key: ""
cert: ""
sso:
# -- Toggle SSO for kiali and jaeger on and off
enabled: false
kiali:
# -- OIDC Client ID use for kiali
client_id: ""
# -- OIDC Client Secret to use for kiali
client_secret: ""
jaeger:
# -- OIDC Client ID to use for jaeger
client_id: ""
# -- OIDC Client Secret to use for jaeger
client_secret: ""
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
values: {}
istiooperator:
# -- Toggle deployment of Istio Operator.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
path: "./chart"
tag: "1.7.0-bb.1"
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
clusterAuditor:
# -- Toggle deployment of Cluster Auditor.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
path: "./chart"
tag: "0.1.9-bb.0"
# -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
gatekeeper:
# -- Toggle deployment of OPA Gatekeeper.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
path: "./chart"
tag: "3.3.0-bb.0"
# -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
logging:
# -- Toggle deployment of Logging (EFK).
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
path: "./chart"
tag: "0.1.7-bb.0"
sso:
# -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Elasticsearch/Kibana OIDC client ID
client_id: ""
# -- Elasticsearch/Kibana OIDC client secret
client_secret: ""
license:
# -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work.
trial: false
# -- Elasticsearch license in json format seen here: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana#enterprise-license
keyJSON: ""
# -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
values: {}
eckoperator:
# -- Toggle deployment of ECK Operator.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
path: "./chart"
tag: "1.4.0-bb.1"
values: {}
fluentbit:
# -- Toggle deployment of Fluent-Bit.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
path: "./chart"
tag: "0.15.3-bb.0"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
monitoring:
# -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
path: "./chart"
tag: "11.0.0-bb.17"
sso:
# -- Toggle SSO for monitoring components on and off
enabled: false
prometheus:
# -- Prometheus OIDC client ID
client_id: ""
# -- Prometheus OIDC client secret
client_secret: ""
alertmanager:
# -- Alertmanager OIDC client ID
client_id: ""
# -- Alertmanager OIDC client secret
client_secret: ""
grafana:
# -- Grafana OIDC client ID
client_id: ""
# -- Grafana OIDC client secret
client_secret: ""
# -- Grafana OIDC client scopes, comma separated
scopes: ""
allow_sign_up: "true"
role_attribute_path: "Viewer"
# -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
twistlock:
# -- Toggle deployment of Twistlock.
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
path: "./chart"
tag: "0.0.3-bb.3"
# -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
values: {}
#
# ----------------------------------------------------------------------------------------------------------------------
#
addons:
argocd:
# -- Toggle deployment of ArgoCD.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
path: "./chart"
tag: "2.14.7-bb.3"
sso:
# -- Toggle SSO for ArgoCD on and off
enabled: false
# -- ArgoCD OIDC client ID
client_id: ""
# -- ArgoCD OIDC client secret
client_secret: ""
# -- ArgoCD SSO login text
provider_name: ""
# -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
groups: |
g, Impact Level 2 Authorized, role:admin
# -- Values to passthrough to the argocd chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
values: {}
authservice:
# -- Toggle deployment of Authservice.
# if enabling authservice, a filter needs to be provided by either enabling
# sso for monitoring or istio, or manually adding a filter chain in the values here:
# values:
# chain:
# minimal:
# callback_uri: "https://somecallback"
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
path: "./chart"
tag: "0.1.6-bb.4"
# -- Values to passthrough to the authservice chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
values: {}
# -- Additional authservice chain configurations.
chains: {}
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minioOperator:
# -- Toggle deployment of minio operator and instance.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
path: "./chart"
tag: "2.0.9-bb.3"
# -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
values: {}
minio:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
tag: "2.0.9-bb.9"
# -- Default access key to use for minio.
accesskey: ""
# -- Default secret key to intstantiate with minio, you should change/delete this after installation.
secretkey: ""
# -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
values: {}
gitlab:
# -- Toggle deployment of Gitlab.
enabled: false
hostnames:
gitlab: gitlab.bigbang.dev
registry: registry.bigbang.dev
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
tag: "4.8.0-bb.3"
sso:
# -- Toggle OIDC SSO for Gitlab on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Gitlab OIDC client ID
client_id: ""
# -- Gitlab OIDC client secret
client_secret: ""
# -- Gitlab SSO login button label
label: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Gitlab.
port: 5432
# -- Database name to connect to on host.
database: "" # example: gitlab
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
objectStorage:
# -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
# Entering connection info will enable this option and will auto-create any required secrets
type: "" # supported types are "s3" or "minio"
# -- S3 compatible endpoint to use for connection information.
# examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- S3 compatible region to use for connection information.
region: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket prefix to use for identifying buckets.
# Example: "prod" will produce "prod-gitlab-bucket"
bucketPrefix: ""
# -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
values: {}
gitlabRunner:
# -- Toggle deployment of Gitlab Runner.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
tag: "0.26.0-bb.0"
# -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
values: {}
sonarqube:
# -- Toggle deployment of SonarQube.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
tag: "9.2.6-bb.7"
sso:
# -- Toggle OIDC SSO for SonarQube.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- SonarQube OIDC client ID
client_id: ""
# -- SonarQube SSO login button label
label: ""
# -- SonarQube plaintext SAML sso certificate.
# example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
certificate: ""
# -- SonarQube login sso attribute.
login: login
# -- SonarQube name sso attribute.
name: name
# -- SonarQube email sso attribute.
email: email
# -- (optional) SonarQube group sso attribute.
group: group
database:
# -- Hostname of a pre-existing PostgreSQL database to use for SonarQube.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for SonarQube.
port: 5432
# -- Database name to connect to on host.
database: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
values: {}
haproxy:
# -- Toggle deployment of HAProxy.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
path: "./chart"
tag: 1.1.2-bb.0
# -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/haproxy.git
values: {}
anchore:
# -- Toggle deployment of Anchore.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
tag: "1.12.7-bb.2"
# -- Initial admin password used to authenticate to Anchore.
adminPassword: ""
# -- Anchore Enterprise functionality.
enterprise:
# -- Toggle the installation of Anchore Enterprise. This must be accompanied by a valid license.
enabled: false
# -- License for Anchore Enterprise.
# For formatting examples see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#enabling-enterprise-services
licenseYaml: |
FULL LICENSE
sso:
# -- Toggle OIDC SSO for Anchore on and off.
# Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
enabled: false
# -- Anchore OIDC client ID
client_id: ""
# -- Anchore OIDC client role attribute
role_attribute: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Anchore.
port: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
database: ""
# -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
# Only required for enterprise edition of anchore.
# By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/docs/CHART.md#handling-dependencies
feeds_database: ""
redis:
# -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
# -- Port of a pre-existing Redis to use for Anchore Enterprise.
port: ""
# -- Password to connect to pre-existing Redis.
password: ""
# -- Values to passthrough to the anchore chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# Mattermost Operator and Instance
#
mattermostoperator:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git
path: "./chart"
tag: "1.13.0-bb.2"
# -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml
values: {}
mattermost:
# -- Toggle deployment of Mattermost.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git
path: "./chart"
tag: "0.1.3-bb.2"
# -- Mattermost Enterprise functionality.
enterprise:
# -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install.
enabled: false
# -- License for Mattermost.
# This should be the entire contents of the license file from Mattermost (should be one line), example below
# license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
license: ""
sso:
# -- Toggle OIDC SSO for Mattermost on and off.
# Enabling this option will auto-create any required secrets.
enabled: false
# -- Mattermost OIDC client ID
client_id: ""
# -- Mattermost OIDC client secret
client_secret: ""
# -- Mattermost OIDC auth endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
auth_endpoint: ""
# -- Mattermost OIDC token endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
token_endpoint: ""
# -- Mattermost OIDC user API endpoint
# To get endpoint values, see here: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/docs/keycloak.md#helm-values
user_api_endpoint: ""
database:
# -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
# Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
host: ""
# -- Port of a pre-existing PostgreSQL database to use for Mattermost.
port: ""
# -- Username to connect as to external database, the user must have all privileges on the database.
username: ""
# -- Database password for the username used to connect to the existing database.
password: ""
# -- Database name to connect to on host.
database: ""
# -- SSL Mode to use when connecting to the database.
# Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
ssl_mode: ""
objectStorage:
# -- S3 compatible endpoint to use for connection information.
# Entering connection info will enable this option and will auto-create any required secrets.
# examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
endpoint: ""
# -- Access key for connecting to object storage endpoint.
accessKey: ""
# -- Secret key for connecting to object storage endpoint.
# Unencoded string data. This should be placed in the secret values and then encrypted
accessSecret: ""
# -- Bucket name to use for Mattermost - will be auto-created.
bucket: ""
# -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/chart/values.yaml
values: {}
velero:
# -- Toggle deployment of Velero.
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
path: "./chart"
tag: "2.14.8-bb.0"
# -- Values to passthrough to the Velero chart: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/chart/values.yaml
values:
# Requires at least one plugin installed. Current supported values: aws, azure
plugins: []
# - aws
#
# ----------------------------------------------------------------------------------------------------------------------