# -- Domain used for BigBang created exposed services, can be overridden by individual packages. domain: dev.bigbang.mil # -- (experimental) Toggle sourcing from external repos. # All this does right now is toggle GitRepositories, it is _not_ fully functional offline: false # -- List of Helm repositories/credentials to pull helm charts from. # OCI Type: Must specify username/password or existingSecret if repository requires auth. Using "private-registry" for existingSecret will reuse credentials from registryCredentials above. # Default Type: Must specify existingSecret with auth - see https://fluxcd.io/flux/components/source/helmrepositories/#secret-reference for details on secret data required. helmRepositories: [] # - name: "registry1" # repository: "oci://registry1.dso.mil/bigbang" # existingSecret: "private-registry" # type: "oci" # username: "" # password: "" # email: "" # # This is an array/list of public keys to be used. Template will append `.pub` to the key as required by Flux # cosignPublicKeys: [] # key1: | # -----BEGIN PUBLIC KEY----- # MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIE7v9J6ttQus6itUoyfMCqMjaIqm # R8XrntaedsdEhPPchOQuFzqTyyAPGifV1SaEu8medVRi6mVICWbVwOteNg== # -----END PUBLIC KEY----- # -- Single set of registry credentials used to pull all images deployed by BigBang. registryCredentials: registry: registry1.dso.mil username: "" password: "" email: "" # -- Multiple sets of registry credentials used to pull all images deployed by BigBang. # Credentials will only be created when a valid combination exists, registry, username, and password (email is optional) # Or a list of registires: # - registry: registry1.dso.mil # username: "" # password: "" # email: "" # - registry: registry.dso.mil # username: "" # password: "" # email: "" # Openshift Container Platform Feature Toggle openshift: false # -- Git credential settings for accessing private repositories # Order of precedence is: # 1. existingSecret # 2. http credentials (username/password/caFile) # 3. ssh credentials (privateKey/publicKey/knownHosts) git: # -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication existingSecret: "" # -- Chart created secrets with user defined values credentials: # -- HTTP git credentials, both username and password must be provided username: "" password: "" # -- HTTPS certificate authority file. Required for any repo with a self signed certificate caFile: "" # -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided privateKey: "" publicKey: "" knownHosts: "" # -- Global SSO values used for BigBang deployments when sso is enabled sso: # -- Name of the identity provider. This is used by some packages as the SSO login label. name: SSO # -- Base URL for the identity provider. For OIDC, this is the issuer. For SAML this is the entityID. url: https://login.dso.mil/auth/realms/baby-yoda # -- Certificate authority for the identity provider's certificates certificateAuthority: # -- The certificate authority public certificate in .pem format. Populating this will create a secret in each namespace that enables SSO. cert: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example # -- The secret name to use for the certificate authority. Can be manually populated if cert is blank. secretName: tls-ca-sso saml: # -- SAML entityDescriptor (metadata) path entityDescriptor: "{{ .Values.sso.url }}/protocol/saml/descriptor" # -- SAML SSO Service path service: "{{ .Values.sso.url }}/protocol/saml" # -- Literal SAML XML metadata retrieved from `{{ .Values.sso.saml.entityDescriptor }}`. Required for SSO in Nexus, Twistlock, or Sonarqube. metadata: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example # NOTE: SAML attribute names may vary by package. Use the package values to setup attribute names # -- OIDC endpoints can be retrieved from `{{ .Values.sso.url }}/.well-known/openid-configuration` oidc: # -- OIDC authorization path authorization: "{{ .Values.sso.url }}/protocol/openid-connect/auth" # -- OIDC logout / end session path endSession: "{{ .Values.sso.url }}/protocol/openid-connect/logout" # -- OIDC JSON Web Key Set (JWKS) path jwksUri: "{{ .Values.sso.url }}/protocol/openid-connect/certs" # -- OIDC token path token: "{{ .Values.sso.url }}/protocol/openid-connect/token" # -- OIDC user information path userinfo: "{{ .Values.sso.url }}/protocol/openid-connect/userinfo" # -- Literal OIDC JWKS data retrieved from JWKS Uri. Only needed if `jwsksUri` is not defined. jwks: "" # -- Identity provider claim names that store metadata about the authenticated user. claims: # -- IdP's claim name used for the user's email address. email: email # -- IdP's claim name used for the user's full name name: name # -- IdP's claim name used for the username username: preferred_username # -- IdP's claim name used for the user's groups or roles groups: groups # -- (Advanced) Flux reconciliation parameters. # The default values provided will be sufficient for the majority of workloads. flux: timeout: 10m interval: 2m test: enable: false install: remediation: retries: -1 upgrade: remediation: retries: 3 remediateLastFailure: true cleanupOnFail: true rollback: timeout: 10m cleanupOnFail: true # -- Global NetworkPolicies settings networkPolicies: # -- Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled` enabled: true # -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) # Used by package NetworkPolicies to allow Kube API access controlPlaneCidr: 0.0.0.0/0 # -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks. # use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range. # Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs) nodeCidr: "" # -- VPC CIDR, defaults to 0.0.0.0/0 # In a production environment, it is recommended to setup a Private Endpoint for your AWS services like KMS or S3. # Please review https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html to setup routing to AWS services that never leave the AWS network. # Once created update `networkPolicies.vpcCidr` to match the CIDR of your VPC so Vault will be able to reach your VPCs DNS and new KMS endpoint. vpcCidr: 0.0.0.0/0 # -- Global ImagePullPolicy value for all packages # Permitted values are: None, Always, IfNotPresent imagePullPolicy: IfNotPresent # ---------------------------------------------------------------------------------------------------------------------- # Istio # istioBase: # -- Toggle deployment of Istio Base enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-base.git path: "./chart" branch: "main" #tag: helmRepo: repoName: "registry1" chartName: "istio-base" #tag: # -- Flux reconciliation overrides specifically for the Istio Base Package flux: {} # -- Values to passthrough to the istio-base chart values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] istiod: # -- Toggle deployment of Istio Daemon enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/apps/sandbox/istiod.git path: "./chart" branch: "main" #tag: helmRepo: repoName: "registry1" chartName: "istiod" #tag: # -- Flux reconciliation overrides specifically for the Istio Daemon Package flux: {} # -- Values to passthrough to the istiod chart values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] istioGateway: # -- Toggle deployment of Istio Gateway enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-gateway.git path: "./chart" branch: "main" #tag: helmRepo: repoName: "registry1" chartName: "istio-gateway" #tag: gateways: - name: public-ingressgateway values: type: "LoadBalancer" # or "NodePort" # hosts: # - "*.{{ .Values.domain }}" # autoHttpRedirect: # enabled: true # tls: # key: "" # cert: "" # minProtocolVersion: "" # - name: passthrough-ingressgateway # values: # some: value # ingressGateways: # public-ingressgateway: # type: "LoadBalancer" # or "NodePort" # gateways: # public: # ingressGateway: "public-ingressgateway" # hosts: # - "*.{{ .Values.domain }}" # autoHttpRedirect: # enabled: true # tls: # key: "" # cert: "" # minProtocolVersion: "" # -- Flux reconciliation overrides specifically for the Istio Gateway Package flux: {} # -- Values to passthrough to the istio-base chart values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] istio: # -- Toggle deployment of Istio. enabled: true mtls: # -- STRICT = Allow only mutual TLS traffic, # PERMISSIVE = Allow both plain text and mutual TLS traffic mode: STRICT # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git path: "./chart" tag: "1.22.3-bb.1" helmRepo: repoName: "registry1" chartName: "istio" tag: "1.22.3-bb.1" # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI). Set to 'false' to disable verification. # cosignVerify: # -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support, # validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription enterprise: false # Ingress gateways are created based on the key name. Adding more keys will add ingress gateways. # Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas # Besides some ports needed by Istio, only ports 80 and 443 are opened # Ingress gateways that require more configuration can be completed using `istio.values` ingressGateways: public-ingressgateway: type: "LoadBalancer" # or "NodePort" kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec # private-ingressgateway: # type: "LoadBalancer" # or "NodePort" # kubernetesResourceSpec: # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec # serviceAnnotations: # Example for AWS internal load balancer # service.beta.kubernetes.io/aws-load-balancer-type: nlb # service.beta.kubernetes.io/aws-load-balancer-internal: "true" # passthrough-ingressgateway: # type: "NodePort" # or "LoadBalancer" # # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports. # # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3 # # Node port base should be in the range from 30000 to 32764 # nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters gateways: public: ingressGateway: "public-ingressgateway" hosts: - "*.{{ .Values.domain }}" # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. autoHttpRedirect: enabled: true tls: key: "" cert: "" minProtocolVersion: "" # private: # ingressGateway: "private-ingressgateway" # hosts: # - "example.bigbang.dev" # ports: # - name: tls-2 # number: 1234 # protocol: TCP # - name: tls # number: 5678 # protocol: TCP # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. # autoHttpRedirect: # enabled: false # tls: # key: "" # cert: "" # minProtocolVersion: "" # passthrough: # ingressGateway: "passthrough-ingressgateway" # hosts: #### # Alternate multi-server configuration method #### # private: # ingressGateway: "private-ingressgateway" # servers: # - hosts: # - "example.bigbang.dev" # port: # name: tls-1 # number: 1234 # protocol: TCP # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. # autoHttpRedirect: # enabled: false # tls: # key: "" # cert: "" # minProtocolVersion: "" # - hosts: # - "example.bigbang.dev" # port: # name: tls-2 # number: 5678 # protocol: TCP # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. # autoHttpRedirect: # enabled: false # tls: # key: "" # cert: "" # minProtocolVersion: "" # passthrough: # ingressGateway: "passthrough-ingressgateway" # hosts: # - "*.{{ .Values.domain }}" # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. # autoHttpRedirect: # enabled: true # tls: # mode: "PASSTHROUGH" # mutual: # ingressGateway: "mutual-ingressgateway" # hosts: # - "*.{{ .Values.domain }}" # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect. # autoHttpRedirect: # enabled: true # tls: # mode: MUTUAL # cert: "" # key: "" # ca: "" # -- Flux reconciliation overrides specifically for the Istio Package flux: {} # -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] istioOperator: # -- Toggle deployment of Istio Operator. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git path: "./chart" tag: "1.22.3-bb.0" helmRepo: repoName: "registry1" chartName: "istio-operator" tag: "1.22.3-bb.0" # -- Flux reconciliation overrides specifically for the Istio Operator Package flux: {} # -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] jaeger: # -- Toggle deployment of Jaeger. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/jaeger.git path: "./chart" tag: "2.54.0-bb.2" helmRepo: repoName: "registry1" chartName: "jaeger" tag: "2.54.0-bb.2" # -- Flux reconciliation overrides specifically for the Jaeger Package flux: install: crds: CreateReplace upgrade: crds: CreateReplace # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Jaeger on and off enabled: false # -- OIDC Client ID to use for Jaeger client_id: "" # -- OIDC Client Secret to use for Jaeger client_secret: "" # -- Values to pass through to Jaeger chart: https://repo1.dso.mil/big-bang/product/packages/jaeger.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] kiali: # -- Toggle deployment of Kiali. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/kiali.git path: "./chart" tag: "1.87.0-bb.0" helmRepo: repoName: "registry1" chartName: "kiali" tag: "1.87.0-bb.0" # -- Flux reconciliation overrides specifically for the Kiali Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Kiali on and off enabled: false # -- OIDC Client ID to use for Kiali client_id: "" # -- OIDC Client Secret to use for Kiali client_secret: "" # -- Values to pass through to Kiali chart: https://repo1.dso.mil/big-bang/product/packages/kiali values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Cluster Auditor # clusterAuditor: # -- Toggle deployment of Cluster Auditor. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git path: "./chart" tag: "1.5.0-bb.20" helmRepo: repoName: "registry1" chartName: "cluster-auditor" tag: "1.5.0-bb.20" # -- Flux reconciliation overrides specifically for the Cluster Auditor Package flux: {} # -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # OPA Gatekeeper # gatekeeper: # -- Toggle deployment of OPA Gatekeeper. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/policy.git path: "./chart" tag: "3.16.3-bb.1" helmRepo: repoName: "registry1" chartName: "gatekeeper" tag: "3.16.3-bb.1" # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package flux: install: crds: CreateReplace upgrade: crds: CreateReplace # -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/big-bang/product/packages/policy.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Kyverno # kyverno: # -- Toggle deployment of Kyverno. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/kyverno.git path: "./chart" tag: "3.2.5-bb.3" helmRepo: repoName: "registry1" chartName: "kyverno" tag: "3.2.5-bb.3" # -- Flux reconciliation overrides specifically for the Kyverno Package flux: {} # -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/big-bang/product/packages/kyverno.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] kyvernoPolicies: # -- Toggle deployment of Kyverno policies enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git path: ./chart tag: "3.2.5-bb.0" helmRepo: repoName: "registry1" chartName: "kyverno-policies" tag: "3.2.5-bb.0" # -- Flux reconciliation overrides specifically for the Kyverno Package flux: {} # -- Values to passthrough to the kyverno policies chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] kyvernoReporter: # -- Toggle deployment of Kyverno Reporter enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git path: ./chart tag: "2.24.0-bb.1" helmRepo: repoName: "registry1" chartName: "kyverno-reporter" tag: "2.24.0-bb.1" # -- Flux reconciliation overrides specifically for the Kyverno Reporter Package flux: {} # -- Values to passthrough to the kyverno reporter chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Elasticsearch, Kibana, Fluentbit Logging stack # elasticsearchKibana: # -- Toggle deployment of Logging (EFK). enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git path: "./chart" tag: "1.17.0-bb.3" helmRepo: repoName: "registry1" chartName: "elasticsearch-kibana" tag: "1.17.0-bb.3" # -- Flux reconciliation overrides specifically for the Logging (EFK) Package flux: timeout: 20m # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle OIDC SSO for Kibana/Elasticsearch on and off. # Enabling this option will auto-create any required secrets. enabled: false # -- Elasticsearch/Kibana OIDC client ID client_id: "" # -- Elasticsearch/Kibana OIDC client secret client_secret: "" # -- Elasticsearch/Kibana Service Account Annotations serviceAccountAnnotations: elasticsearch: {} kibana: {} license: # -- Toggle trial license installation of elasticsearch. Note that enterprise (non trial) is required for SSO to work. trial: false # -- Elasticsearch license in json format seen here: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana#enterprise-license keyJSON: "" # -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] eckOperator: # -- Toggle deployment of ECK Operator. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git path: "./chart" tag: "2.13.0-bb.2" helmRepo: repoName: "registry1" chartName: "eck-operator" tag: "2.13.0-bb.2" # -- Flux reconciliation overrides specifically for the ECK Operator Package flux: {} # -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] fluentbit: # -- Toggle deployment of Fluent-Bit. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git path: "./chart" tag: "0.47.5-bb.0" helmRepo: repoName: "registry1" chartName: "fluentbit" tag: "0.47.5-bb.0" # -- Flux reconciliation overrides specifically for the Fluent-Bit Package flux: {} # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Promtail / Loki Logging stack # promtail: # -- Toggle deployment of Promtail. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/promtail.git path: "./chart" tag: "6.16.2-bb.1" helmRepo: repoName: "registry1" chartName: "promtail" tag: "6.16.2-bb.1" # -- Flux reconciliation overrides specifically for the Promtail Package flux: {} # -- Values to passthrough to the promtail chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] loki: # -- Toggle deployment of Loki. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/loki.git path: "./chart" tag: "6.7.1-bb.0" helmRepo: repoName: "registry1" chartName: "loki" tag: "6.7.1-bb.0" # -- Flux reconciliation overrides specifically for the Loki Package flux: {} # -- Loki architecture. Options are monolith and scalable strategy: monolith # -- Loki clusterName identifier for Promtail and Dashboards clusterName: "" objectStorage: # -- S3 compatible endpoint to use for connection information. # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000" endpoint: "" # -- S3 compatible region to use for connection information. region: "" # -- Access key for connecting to object storage endpoint. accessKey: "" # -- Secret key for connecting to object storage endpoint. # Unencoded string data. This should be placed in the secret values and then encrypted accessSecret: "" # -- Bucket Names for the Loki buckets as YAML # chunks: loki-logs # ruler: loki-ruler # admin: loki-admin bucketNames: {} # -- Values to passthrough to the Loki chart: https://repo1.dso.mil/big-bang/product/packages/loki.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- neuvector: # -- Toggle deployment of Neuvector. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git path: "./chart" tag: "2.7.7-bb.3" helmRepo: repoName: "registry1" chartName: "neuvector" tag: "2.7.7-bb.3" # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Neuvector on and off enabled: false # -- OIDC Client ID to use for Neuvector client_id: "" # -- OIDC Client Secret to use for Neuvector client_secret: "" # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default default_role: "" # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default group_claim: "" # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default group_mapped_roles: [] # -- Flux reconciliation overrides specifically for the Neuvector Package flux: {} # -- Values to passthrough to the Neuvector chart: https://repo1.dso.mil/big-bang/product/packages/neuvector.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- tempo: # -- Toggle deployment of Tempo. enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/tempo.git path: "./chart" tag: "1.10.1-bb.0" helmRepo: repoName: "registry1" chartName: "tempo" tag: "1.10.1-bb.0" # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" # -- Flux reconciliation overrides specifically for the Tempo Package flux: {} sso: # -- Toggle SSO for Tempo on and off enabled: false # -- OIDC Client ID to use for Tempo client_id: "" # -- OIDC Client Secret to use for Tempo client_secret: "" objectStorage: # -- S3 compatible endpoint to use for connection information. # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000" # Note: tempo does not require protocol prefix for URL. endpoint: "" # -- S3 compatible region to use for connection information. region: "" # -- Access key for connecting to object storage endpoint. accessKey: "" # -- Secret key for connecting to object storage endpoint. # Unencoded string data. This should be placed in the secret values and then encrypted accessSecret: "" # -- Bucket Name for Tempo # examples: "tempo-traces" bucket: "" # -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object # storage on port 80/9000 set this value to true. insecure: false # -- Values to passthrough to the Tempo chart: https://repo1.dso.mil/big-bang/product/packages/tempo.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Monitoring # monitoring: # -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager). enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/monitoring.git path: "./chart" tag: "61.2.0-bb.2" helmRepo: repoName: "registry1" chartName: "monitoring" tag: "61.2.0-bb.2" # -- Flux reconciliation overrides specifically for the Monitoring Package flux: install: crds: CreateReplace upgrade: crds: CreateReplace # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for monitoring components on and off enabled: false prometheus: # -- Prometheus OIDC client ID client_id: "" # -- Prometheus OIDC client secret client_secret: "" alertmanager: # -- Alertmanager OIDC client ID client_id: "" # -- Alertmanager OIDC client secret client_secret: "" # -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/big-bang/product/packages/monitoring.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Grafana # grafana: # -- Toggle deployment of Grafana enabled: true # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/grafana.git path: "./chart" tag: "8.3.6-bb.0" helmRepo: repoName: "registry1" chartName: "grafana" tag: "8.3.6-bb.0" # -- Flux reconciliation overrides specifically for the Monitoring Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for grafana components on and off enabled: false grafana: # -- Grafana OIDC client ID client_id: "" # -- Grafana OIDC client secret client_secret: "" # -- Grafana OIDC client scopes, comma separated, see https://grafana.com/docs/grafana/latest/auth/generic-oauth/ scopes: "" allow_sign_up: true role_attribute_path: "Viewer" # -- Other options available, see package Documentation. # -- Values to passthrough to the grafana chart: https://repo1.dso.mil/big-bang/product/packages/grafana.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Twistlock # twistlock: # -- Toggle deployment of Twistlock. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/twistlock.git path: "./chart" tag: "0.15.0-bb.17" helmRepo: repoName: "registry1" chartName: "twistlock" tag: "0.15.0-bb.17" # -- Flux reconciliation overrides specifically for the Twistlock Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SAML SSO, requires a license and enabling the init job - see https://repo1.dso.mil/big-bang/product/packages/initialization.md enabled: false # -- SAML client ID client_id: "" # -- SAML Identity Provider. `shibboleth` is recommended by Twistlock support for Keycloak # Possible values: okta, gsuite, ping, shibboleth, azure, adfs provider_type: "shibboleth" # -- Groups attribute (optional) groups: "" # -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/big-bang/product/packages/twistlock.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # # ---------------------------------------------------------------------------------------------------------------------- # addons: argocd: # -- Toggle deployment of ArgoCD. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/argocd.git path: "./chart" tag: "7.3.9-bb.0" helmRepo: repoName: "registry1" chartName: "argocd" tag: "7.3.9-bb.0" # -- Flux reconciliation overrides specifically for the ArgoCD Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" redis: # -- Hostname of a pre-existing Redis to use for ArgoCD. # Entering connection info will enable external Redis and will auto-create any required secrets. host: "" # -- Port of a pre-existing Redis to use for ArgoCD. port: "" sso: # -- Toggle SSO for ArgoCD on and off enabled: false # -- ArgoCD OIDC client ID client_id: "" # -- ArgoCD OIDC client secret client_secret: "" # -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/ groups: | g, Impact Level 2 Authorized, role:admin # -- Values to passthrough to the argocd chart: https://repo1.dso.mil/big-bang/product/packages/argocd.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] authservice: # -- Toggle deployment of Authservice. # if enabling authservice, a filter needs to be provided by either enabling # sso for monitoring or istio, or manually adding a filter chain in the values here: # values: # chain: # minimal: # callback_uri: "https://somecallback" enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/authservice.git path: "./chart" tag: "1.0.1-bb.4" helmRepo: repoName: "registry1" chartName: "authservice" tag: "1.0.1-bb.4" # -- Flux reconciliation overrides specifically for the Authservice Package flux: {} # -- Values to passthrough to the authservice chart: https://repo1.dso.mil/big-bang/product/packages/authservice.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # -- Additional authservice chain configurations. chains: {} # ---------------------------------------------------------------------------------------------------------------------- # Minio Operator and Instance # minioOperator: # -- Toggle deployment of minio operator and instance. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/minio-operator.git path: "./chart" tag: "5.0.16-bb.1" helmRepo: repoName: "registry1" chartName: "minio-operator" tag: "5.0.16-bb.1" # -- Flux reconciliation overrides specifically for the Minio Operator Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" # -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/big-bang/product/packages/minio-operator.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] minio: # -- Toggle deployment of minio. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/minio.git path: "./chart" tag: "5.0.16-bb.0" helmRepo: repoName: "registry1" chartName: "minio-instance" tag: "5.0.16-bb.0" # -- Flux reconciliation overrides specifically for the Minio Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" # -- Default access key to use for minio. accesskey: "" # -- Default secret key to intstantiate with minio, you should change/delete this after installation. secretkey: "" # -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/big-bang/product/packages/minio.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] gitlab: # -- Toggle deployment of Gitlab enabled: false hostnames: # host name only without the domain gitlab: gitlab registry: registry # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git path: "./chart" tag: "8.1.2-bb.3" helmRepo: repoName: "registry1" chartName: "gitlab" tag: "8.1.2-bb.3" # -- Flux reconciliation overrides specifically for the Gitlab Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle OIDC SSO for Gitlab on and off. # Enabling this option will auto-create any required secrets. enabled: false # -- Gitlab OIDC client ID client_id: "" # -- Gitlab OIDC client secret client_secret: "" # -- Gitlab SSO Scopes, default is ["Gitlab"] scopes: - Gitlab # -- Fill out the groups block below and populate with Keycloak groups according to your desired Gitlab membership requirements. The default groupsAttribute is "groups". # Full documentation: https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Linux+package+%28Omnibus%29#configure-users-based-on-oidc-group-membership groups: [] # groupsAttribute: "" # requiredGroups: [] # externalGroups: [] # auditorGroups: [] # adminGroups: [] database: # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab. # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. host: "" # -- Port of a pre-existing PostgreSQL database to use for Gitlab. port: 5432 # -- Database name to connect to on host. database: "" # example: gitlab # -- Username to connect as to external database, the user must have all privileges on the database. username: "" # -- Database password for the username used to connect to the existing database. password: "" objectStorage: # -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used. # Entering connection info will enable this option and will auto-create any required secrets type: "" # supported types are "s3" or "minio" # -- S3 compatible endpoint to use for connection information. # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000" endpoint: "" # -- S3 compatible region to use for connection information. region: "" # -- Access key for connecting to object storage endpoint. # -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: "" accessKey: "" # -- Secret key for connecting to object storage endpoint. # Unencoded string data. This should be placed in the secret values and then encrypted accessSecret: "" # -- Bucket prefix to use for identifying buckets. # Example: "prod" will produce "prod-gitlab-bucket" bucketPrefix: "" # -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5 # -- Name of AWS IAM profile to use. # -- If using an AWS IAM profile, the accessKey and accessSecret values must be left as empty strings eg: "" iamProfile: "" smtp: # -- Passwords should be placed in an encrypted file. Example: environment-bb-secret.enc.yaml # If a value is provided BigBang will create a k8s secret named gitlab-smtp-password in the gitlab namespace password: "" redis: # -- Redis plain text password to connect to the redis server. If empty (""), the gitlab charts will create the gitlab-redis-secret # with a random password. # -- This needs to be set to a non-empty value in order for the Grafana Redis Datasource and Dashboards to be installed. password: "" # -- Rails plain text secret to define. If empty (""), the gitlab charts will create the gitlab-rails-secret with randomized data. # Read the following for more information on setting Gitlab rails secrets: https://docs.gitlab.com/charts/installation/secrets#gitlab-rails-secret railsSecret: "" # -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/big-bang/product/packages/gitlab.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] gitlabRunner: # -- Toggle deployment of Gitlab Runner enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git path: "./chart" tag: "0.66.0-bb.0" helmRepo: repoName: "registry1" chartName: "gitlab-runner" tag: "0.66.0-bb.0" # -- Flux reconciliation overrides specifically for the Gitlab Runner Package flux: {} # -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] nexusRepositoryManager: # -- Toggle deployment of Nexus Repository Manager. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/nexus.git path: "./chart" tag: "70.1.0-bb.0" helmRepo: repoName: "registry1" chartName: "nexus-repository-manager" tag: "70.1.0-bb.0" # -- Base64 encoded license file. license_key: "" # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SAML SSO for NXRM. # -- handles SAML SSO, a Client must be configured in Keycloak or IdP # -- to complete setup. # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599 enabled: false # -- NXRM SAML SSO Integration data idp_data: # Nexus saml URL. example: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata" entityId: "" # -- IdP Field Mappings # -- NXRM username attribute username: "" # -- NXRM firstname attribute (optional) firstName: "" # -- NXRM lastname attribute (optional) lastName: "" # -- NXRM email attribute (optional) email: "" # -- NXRM groups attribute (optional) groups: "" # -- NXRM Role role: # the id must match the Keycloak group name (case sensitive) - id: "" name: "" description: "" privileges: [] roles: [] # -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package flux: {} # -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/big-bang/product/packages/nexus.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] sonarqube: # -- Toggle deployment of SonarQube. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git path: "./chart" tag: "8.0.6-bb.2" helmRepo: repoName: "registry1" chartName: "sonarqube" tag: "8.0.6-bb.2" # -- Flux reconciliation overrides specifically for the Sonarqube Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SAML SSO for SonarQube. # Enabling this option will auto-create any required secrets. enabled: false # -- SonarQube SAML client ID client_id: "" # -- SonarQube login sso attribute. login: login # -- SonarQube name sso attribute. name: name # -- SonarQube email sso attribute. email: email # -- (optional) SonarQube group sso attribute. group: group database: # -- Hostname of a pre-existing PostgreSQL database to use for SonarQube. host: "" # -- Port of a pre-existing PostgreSQL database to use for SonarQube. port: 5432 # -- Database name to connect to on host. database: "" # -- Username to connect as to external database, the user must have all privileges on the database. username: "" # -- Database password for the username used to connect to the existing database. password: "" # -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] fortify: # -- Toggle deployment of Fortify. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/fortify.git path: "./chart" tag: "1.1.2320154-bb.15" helmRepo: repoName: "registry1" chartName: "fortify-ssc" tag: "1.1.2320154-bb.15" # -- Flux reconciliation overrides specifically for the Fortify Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Fortify on and off enabled: false # -- SAML Client ID to use for Fortify client_id: "" # -- SAML Client Secret to use for Fortify client_secret: "" # -- Values to passthrough to the fortify chart: https://repo1.dso.mil/big-bang/product/packages/fortify.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Deployment of HAProxy is automatically toggled depending on Monitoring SSO and Monitoring Istio Injection # haproxy: # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/haproxy.git path: "./chart" tag: "1.19.3-bb.7" helmRepo: repoName: "registry1" chartName: "haproxy" tag: "1.19.3-bb.7" # -- Flux reconciliation overrides specifically for the HAProxy Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" # -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/big-bang/product/packages/haproxy.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] anchore: # -- Toggle deployment of Anchore. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git path: "./chart" tag: "2.7.0-bb.6" helmRepo: repoName: "registry1" chartName: "anchore" tag: "2.7.0-bb.6" # -- Flux reconciliation overrides specifically for the Anchore Package flux: upgrade: disableWait: true # -- Initial admin password used to authenticate to Anchore. adminPassword: "" # -- Anchore Enterprise functionality. enterprise: # -- License for Anchore Enterprise. Enterprise is the only option available for the chart starting with chart major version 2.X. # For formatting examples see https://repo1.dso.mil/big-bang/product/packages/CHART.md#enabling-enterprise-services licenseYaml: | FULL LICENSE # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SAML SSO for Anchore on and off. # Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license). enabled: false # -- Anchore SAML client ID client_id: "" # -- Anchore SAML client role attribute role_attribute: "" database: # -- Hostname of a pre-existing PostgreSQL database to use for Anchore. # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. host: "" # -- Port of a pre-existing PostgreSQL database to use for Anchore. port: "" # -- Username to connect as to external database, the user must have all privileges on the database. username: "" # -- Database password for the username used to connect to the existing database. password: "" # -- Database name to connect to on host (Note: database name CANNOT contain hyphens). database: "" # -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens). # Only required for enterprise edition of anchore. # By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/big-bang/product/packages/CHART.md#handling-dependencies feeds_database: "" redis: # -- Hostname of a pre-existing Redis to use for Anchore Enterprise. # Entering connection info will enable external redis and will auto-create any required secrets. # Anchore only requires redis for enterprise deployments and will not provision an instance if using external host: "" # -- Port of a pre-existing Redis to use for Anchore Enterprise. port: "" # -- OPTIONAL: Username to connect to a pre-existing Redis (for password-only auth leave empty) username: "" # -- Password to connect to pre-existing Redis. password: "" # -- Values to passthrough to the anchore chart: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Mattermost Operator and Instance # mattermostOperator: # -- Toggle deployment of Mattermost Operator. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/mattermost-operator.git path: "./chart" tag: "1.22.0-bb.2" helmRepo: repoName: "registry1" chartName: "mattermost-operator" tag: "1.22.0-bb.2" # -- Flux reconciliation overrides specifically for the Mattermost Operator Package flux: {} # -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] mattermost: # -- Toggle deployment of Mattermost. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/mattermost.git path: "./chart" tag: "9.10.0-bb.3" helmRepo: repoName: "registry1" chartName: "mattermost" tag: "9.10.0-bb.3" # -- Flux reconciliation overrides specifically for the Mattermost Package flux: {} # -- Mattermost Enterprise functionality. enterprise: # -- Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install. enabled: false # -- License for Mattermost. # This should be the entire contents of the license file from Mattermost (should be one line), example below # license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN license: "" # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle OIDC SSO for Mattermost on and off. # Enabling this option will auto-create any required secrets. enabled: false # -- Mattermost OIDC client ID client_id: "" # -- Mattermost OIDC client secret client_secret: "" database: # -- Hostname of a pre-existing PostgreSQL database to use for Mattermost. # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. host: "" # -- Port of a pre-existing PostgreSQL database to use for Mattermost. port: "" # -- Username to connect as to external database, the user must have all privileges on the database. username: "" # -- Database password for the username used to connect to the existing database. password: "" # -- Database name to connect to on host. database: "" # -- SSL Mode to use when connecting to the database. # Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS ssl_mode: "" objectStorage: # -- S3 compatible endpoint to use for connection information. # Entering connection info will enable this option and will auto-create any required secrets. # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000" endpoint: "" # -- Access key for connecting to object storage endpoint. accessKey: "" # -- Secret key for connecting to object storage endpoint. # Unencoded string data. This should be placed in the secret values and then encrypted accessSecret: "" # -- Bucket name to use for Mattermost - will be auto-created. bucket: "" # -- Mattermost Elasticsearch integration - requires enterprise E20 license - https://docs.mattermost.com/deployment/elasticsearch.html # Connection info defaults to the BB deployed Elastic, all values can be overridden via the "values" passthrough for other connections. # See values spec in MM chart "elasticsearch" yaml block - https://repo1.dso.mil/big-bang/product/packages/values.yaml elasticsearch: # -- Toggle interaction with Elastic for optimized search indexing enabled: false # -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] velero: # -- Toggle deployment of Velero. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/velero.git path: "./chart" tag: "6.7.0-bb.4" helmRepo: repoName: "registry1" chartName: "velero" tag: "6.7.0-bb.4" # -- Flux reconciliation overrides specifically for the Velero Package flux: {} # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi plugins: [] # - aws # -- Values to passthrough to the Velero chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # # ---------------------------------------------------------------------------------------------------------------------- # ---------------------------------------------------------------------------------------------------------------------- # Keycloak # keycloak: # -- Toggle deployment of Keycloak. # if you enable Keycloak you should uncomment the istio passthrough configurations above # istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/keycloak.git path: "./chart" tag: "2.4.3-bb.2" helmRepo: repoName: "registry1" chartName: "keycloak" tag: "2.4.3-bb.2" database: # -- Hostname of a pre-existing database to use for Keycloak. # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. host: "" # -- Pre-existing database type (e.g. postgres) to use for Keycloak. type: postgres # -- Port of a pre-existing database to use for Keycloak. port: 5432 # -- Database name to connect to on host. database: "" # example: keycloak # -- Username to connect as to external database, the user must have all privileges on the database. username: "" # -- Database password for the username used to connect to the existing database. password: "" # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: # the istio gateway for keycloak must have tls.mode: PASSTHROUGH gateway: "passthrough" # -- Certificate/Key pair to use as the certificate for exposing Keycloak # Setting the ingress cert here will automatically create the volume and volumemounts in the Keycloak Package chart key: "" cert: "" # -- Values to passthrough to the keycloak chart: https://repo1.dso.mil/big-bang/product/packages/keycloak.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Vault # vault: # -- Toggle deployment of Vault. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/vault.git path: "./chart" tag: "0.25.0-bb.38" helmRepo: repoName: "registry1" chartName: "vault" tag: "0.25.0-bb.38" # -- Flux reconciliation overrides specifically for the Vault Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" # -- Certificate/Key pair to use as the certificate for exposing Vault # Setting the ingress cert here will automatically create the volume and volumemounts in the Vault package chart key: "" cert: "" # -- Values to passthrough to the vault chart: https://repo1.dso.mil/big-bang/product/packages/vault.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Metrics Server # metricsServer: # -- Toggle deployment of metrics server # Acceptable options are enabled: true, enabled: false, enabled: auto # true = enabled / false = disabled / auto = automatic (Installs only if metrics API endpoint is not present) enabled: auto # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/metrics-server.git path: "./chart" tag: "3.12.1-bb.3" helmRepo: repoName: "registry1" chartName: "metrics-server" tag: "3.12.1-bb.3" # -- Flux reconciliation overrides specifically for the metrics server Package flux: {} # -- Values to passthrough to the metrics server chart: https://repo1.dso.mil/big-bang/product/packages/metrics-server.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] # ---------------------------------------------------------------------------------------------------------------------- # Harbor # harbor: # -- Toggle deployment of harbor enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git tag: "1.15.0-bb.0" path: "./chart" helmRepo: repoName: "registry1" chartName: "harbor" tag: "1.15.0-bb.0" # -- Flux reconciliation overrides specifically for the Jaeger Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Harbor on and off enabled: false # -- OIDC Client ID to use for Harbor client_id: "" # -- OIDC Client Secret to use for Harbor client_secret: "" # -- Values to pass through to Habor chart: https://repo1.dso.mil/big-bang/product/packages/harbor.git values: {} # -- Post Renderers. See docs/postrenders.md postRenderers: [] holocron: # -- Toggle deployment of Holocron. enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/holocron.git tag: "1.0.11" path: "./chart" helmRepo: repoName: "registry1" chartName: "holocron" tag: "1.0.11" collectorAuth: # -- Name of existing secret with auth tokens for collector services: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide # -- Default keys for secret are: # -- gitlab-scm-0, gitlab-workflow-0, gitlab-build-0, jira-workflow-0, sonarqube-project-analysis-0 # -- If not provided, one will be created existingSecret: "" # -- Tokens for the secret to be created gitlabToken: mygitlabtoken jiraToken: myjiratoken sonarToken: mysonartoken jira: # -- If there is a Jira deployment, enable a collector for it enabled: false service: # -- The service name to communicate with name: "" # -- If network policies are enabled, a label to match the namespace for egress policy label: key: value # -- Flux reconciliation overrides specifically for the Holocron Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" sso: # -- Toggle SSO for Holocron on and off enabled: false # -- OIDC Client ID to use for Holocron client_id: "" # -- OIDC Client Secret to use for Holocron client_secret: "" # -- Holocron SSO group roles: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide groups: admin: "" leadership: "" database: # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab. # -- Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. host: "" # -- Port of a pre-existing PostgreSQL database to use for Gitlab. port: 5432 # -- Database name to connect to on host. database: "holocron" # -- Username to connect as to external database, the user must have all privileges on the database. username: "holocron" # -- Database password for the username used to connect to the existing database. password: "holocron" # -- Post Renderers. See docs/postrenders.md postRenderers: [] # -- Values to passthrough to the Holocron chart: https://repo1.dso.mil/big-bang/product/packages/holocron.git values: {} # ---------------------------------------------------------------------------------------------------------------------- # thanos # thanos: # -- Toggle deployment of thanos enabled: false sso: # -- Toggle SSO for Thanos on and off enabled: false # -- OIDC Client ID to use for Thanos client_id: "" # -- OIDC Client Secret to use for Thanos client_secret: "" #Enable S3 Object Storage for Thanos-sidecar https://thanos.io/tip/components/sidecar.md/ and enables Thanos Store Gateway by default https://thanos.io/tip/components/store.md/ objectStorage: # -- S3 compatible endpoint to use for connection information. # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000" # Note: Thanos does not require protocol prefix for URL. endpoint: "" # -- S3 compatible region to use for connection information. region: "" # -- Access key for connecting to object storage endpoint. accessKey: "" # -- Secret key for connecting to object storage endpoint. # Unencoded string data. This should be placed in the secret values and then encrypted accessSecret: "" # -- Bucket Name for Thanos # examples: "Thanos-metrics" bucket: "" # -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object insecure: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/thanos.git tag: "15.7.9-bb.5" path: "./chart" helmRepo: repoName: "registry1" chartName: "thanos" tag: "15.7.9-bb.5" # -- Flux reconciliation overrides specifically for the Thanos Package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" values: {} postRenderers: [] externalSecrets: # -- Toggle deployment of external secrets enabled: false # -- Choose source type of "git" or "helmRepo" sourceType: "git" git: repo: https://repo1.dso.mil/big-bang/product/packages/external-secrets.git tag: "0.9.18-bb.7" path: "./chart" helmRepo: repoName: "registry1" chartName: "external-secrets" tag: "0.9.18-bb.7" # -- Override flux settings for this package flux: {} # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public". ingress: gateway: "" values: {} postRenderers: [] # -- Wrapper chart for integrating Big Bang components alongside a package wrapper: # -- Choose source type of "git" or "helmRepo" sourceType: "git" helmRepo: # -- Repository holding OCI chart, corresponding to `helmRepositories` name repoName: "registry1" # -- Name of the OCI chart in `repo` chartName: wrapper # -- Tag of the OCI chart in `repo` tag: "0.4.10" git: # -- Git repo holding the wrapper helm chart, example: https://repo1.dso.mil/big-bang/product/packages/wrapper repo: "https://repo1.dso.mil/big-bang/product/packages/wrapper.git" # -- Path inside of the git repo to find the helm chart, example: chart path: "chart" # -- Git tag to check out. Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference), example: 0.0.2 tag: "0.4.10" # -- Packages to deploy with Big Bang # @default - '{}' packages: # -- Package name. Each package will be independently wrapped for Big Bang integration. # @default -- Uses `defaults/<package name>.yaml` for defaults. See `package` Helm chart for additional values that can be set. sample: # -- Toggle deployment of this package # @default -- true enabled: false # -- Choose source type of "git" ("helmRepo" not supported yet) sourceType: "git" # -- Toggle wrapper functionality. See https://docs-bigbang.dso.mil/latest/docs/guides/deployment-scenarios/extra-package-deployment/#Wrapper-Deployment for more details. # @default -- false wrapper: enabled: false # -- After deployment, patch wrapper resources. [More info](https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers) postRenderers: [] # -- Use a kustomize deployment rather than Helm kustomize: false # -- HelmRepo source is supported as an option for Helm deployments. If both `git` and `helmRepo` are provided `git` will take precedence. helmRepo: # -- Name of the HelmRepo specified in `helmRepositories` # @default -- Uses `registry1` Helm Repository if not specified repoName: # -- Name of the chart stored in the Helm repository # @default -- Uses values key/package name if not specified chartName: # -- Tag of the chart in the Helm repo, required tag: # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI). Set to 'false' to disable verification #cosignVerify: # -- Git source is supported for both Helm and Kustomize deployments. If both `git` and `helmRepo` are provided `git` will take precedence. git: # -- Git repo URL holding the helm chart for this package, required if using git repo: # -- Git commit to check out. Takes precedence over semver, tag, and branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference) commit: # -- Git semVer tag expression to check out. Takes precedence over tag. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference) semver: # -- Git tag to check out. Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference) tag: # -- Git branch to check out. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference). # @default -- When no other reference is specified, `master` branch is used branch: # -- Path inside of the git repo to find the helm chart or kustomize # @default -- For Helm charts `chart`. For Kustomize `/`. path: # -- Optional, alternative existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication existingSecret: "" # -- Optional, alternative Chart created secrets with user defined values credentials: # -- HTTP git credentials, both username and password must be provided username: "" password: "" # -- HTTPS certificate authority file. Required for any repo with a self signed certificate caFile: "" # -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided privateKey: "" publicKey: "" knownHosts: "" # -- Override flux settings for this package flux: {} # -- After deployment, patch package resources. [More info](https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers) postRenderers: [] # -- Specify dependencies for the package. Only used for HelmRelease, does not effect Kustomization. See [here](https://fluxcd.io/flux/components/helm/helmreleases/#helmrelease-dependencies) for a reference. dependsOn: [] # -- Package details for Istio. See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings. istio: {} # -- Package details for monitoring. See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings. monitor: {} # -- Package details for network policies. See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings. network: {} # -- Secrets that should be created prior to package installation. See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings. secrets: {} # -- ConfigMaps that should be created prior to package installation. See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings. configMaps: {} # -- Values to pass through to package Helm chart values: {}