# -- Domain used for BigBang created exposed services, can be overridden by individual packages.
domain: dev.bigbang.mil

# -- (experimental) Toggle sourcing from external repos.
# All this does right now is toggle GitRepositories, it is _not_ fully functional
offline: false

# -- List of Helm repositories/credentials to pull helm charts from.
# OCI Type: Must specify username/password or existingSecret if repository requires auth. Using "private-registry" for existingSecret will reuse credentials from registryCredentials above.
# Default Type: Must specify existingSecret with auth - see https://fluxcd.io/flux/components/source/helmrepositories/#secret-reference for details on secret data required.
helmRepositories: []
  # - name: "registry1"
  #   repository: "oci://registry1.dso.mil/bigbang"
  #   existingSecret: "private-registry"
  #   type: "oci"
  #   username: ""
  #   password: ""
  #   email: ""
  #   # This is an array/list of public keys to be used. Template will append `.pub` to the key as required by Flux
  #   cosignPublicKeys: []
  #     key1: |
  #       -----BEGIN PUBLIC KEY-----
  #       MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEIE7v9J6ttQus6itUoyfMCqMjaIqm
  #       R8XrntaedsdEhPPchOQuFzqTyyAPGifV1SaEu8medVRi6mVICWbVwOteNg==
  #       -----END PUBLIC KEY-----


# -- Single set of registry credentials used to pull all images deployed by BigBang.
registryCredentials:
  registry: registry1.dso.mil
  username: ""
  password: ""
  email: ""

# -- Multiple sets of registry credentials used to pull all images deployed by BigBang.
# Credentials will only be created when a valid combination exists, registry, username, and password (email is optional)
# Or a list of registires:
#  - registry: registry1.dso.mil
#    username: ""
#    password: ""
#    email: ""
#  - registry: registry.dso.mil
#    username: ""
#    password: ""
#    email: ""

# Openshift Container Platform Feature Toggle
openshift: false

# -- Git credential settings for accessing private repositories
# Order of precedence is:
#   1. existingSecret
#   2. http credentials (username/password/caFile)
#   3. ssh credentials (privateKey/publicKey/knownHosts)
git:
  # -- Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
  existingSecret: ""

  # -- Chart created secrets with user defined values
  credentials:
    # -- HTTP git credentials, both username and password must be provided
    username: ""
    password: ""
    # -- HTTPS certificate authority file.  Required for any repo with a self signed certificate
    caFile: ""
    # -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
    privateKey: ""
    publicKey: ""
    knownHosts: ""

# -- Global SSO values used for BigBang deployments when sso is enabled
sso:
  # -- Name of the identity provider.  This is used by some packages as the SSO login label.
  name: SSO
  # -- Base URL for the identity provider. For OIDC, this is the issuer.  For SAML this is the entityID.
  url: https://login.dso.mil/auth/realms/baby-yoda

  # -- Certificate authority for the identity provider's certificates
  certificateAuthority:
    # -- The certificate authority public certificate in .pem format.  Populating this will create a secret in each namespace that enables SSO.
    cert: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example
    # -- The secret name to use for the certificate authority.  Can be manually populated if cert is blank.
    secretName: tls-ca-sso

  saml:
    # -- SAML entityDescriptor (metadata) path
    entityDescriptor: "{{ .Values.sso.url }}/protocol/saml/descriptor"
    # -- SAML SSO Service path
    service: "{{ .Values.sso.url }}/protocol/saml"
    # -- Literal SAML XML metadata retrieved from `{{ .Values.sso.saml.entityDescriptor }}`.  Required for SSO in Nexus, Twistlock, or Sonarqube.
    metadata: "" # See docs/assets/configs/example/dev-sso-values.yaml for an example
    # NOTE: SAML attribute names may vary by package.  Use the package values to setup attribute names

  # -- OIDC endpoints can be retrieved from `{{ .Values.sso.url }}/.well-known/openid-configuration`
  oidc:
    # -- OIDC authorization path
    authorization: "{{ .Values.sso.url }}/protocol/openid-connect/auth"
    # -- OIDC logout / end session path
    endSession: "{{ .Values.sso.url }}/protocol/openid-connect/logout"
    # -- OIDC JSON Web Key Set (JWKS) path
    jwksUri: "{{ .Values.sso.url }}/protocol/openid-connect/certs"
    # -- OIDC token path
    token: "{{ .Values.sso.url }}/protocol/openid-connect/token"
    # -- OIDC user information path
    userinfo: "{{ .Values.sso.url }}/protocol/openid-connect/userinfo"
    # -- Literal OIDC JWKS data retrieved from JWKS Uri.  Only needed if `jwsksUri` is not defined.
    jwks: ""
    # -- Identity provider claim names that store metadata about the authenticated user.
    claims:
      # -- IdP's claim name used for the user's email address.
      email: email
      # -- IdP's claim name used for the user's full name
      name: name
      # -- IdP's claim name used for the username
      username: preferred_username
      # -- IdP's claim name used for the user's groups or roles
      groups: groups

# -- (Advanced) Flux reconciliation parameters.
# The default values provided will be sufficient for the majority of workloads.
flux:
  timeout: 10m
  interval: 2m
  test:
    enable: false
  install:
    remediation:
      retries: -1
  upgrade:
    remediation:
      retries: 3
      remediateLastFailure: true
    cleanupOnFail: true
  rollback:
    timeout: 10m
    cleanupOnFail: true

# -- Global NetworkPolicies settings
networkPolicies:
  # -- Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled`
  enabled: true
  # -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
  # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
  # Used by package NetworkPolicies to allow Kube API access
  controlPlaneCidr: 0.0.0.0/0
  # -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks.
  # use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range.
  # Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs)
  nodeCidr: ""
  # -- VPC CIDR, defaults to 0.0.0.0/0
  # In a production environment, it is recommended to setup a Private Endpoint for your AWS services like KMS or S3.
  # Please review https://docs.aws.amazon.com/kms/latest/developerguide/kms-vpc-endpoint.html to setup routing to AWS services that never leave the AWS network.
  # Once created update `networkPolicies.vpcCidr` to match the CIDR of your VPC so Vault will be able to reach your VPCs DNS and new KMS endpoint.
  vpcCidr: 0.0.0.0/0

# -- Global ImagePullPolicy value for all packages
# Permitted values are: None, Always, IfNotPresent
imagePullPolicy: IfNotPresent

# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
istioBase:
  # -- Toggle deployment of Istio Base
  enabled: false
  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"
  git:
    repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-base.git
    path: "./chart"
    branch: "main"
    #tag:
  helmRepo:
    repoName: "registry1"
    chartName: "istio-base"
    #tag:
  # -- Flux reconciliation overrides specifically for the Istio Base Package
  flux: {}
  # -- Values to passthrough to the istio-base chart
  values: {}
  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

istiod:
  # -- Toggle deployment of Istio Daemon
  enabled: false
  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"
  git:
    repo: https://repo1.dso.mil/big-bang/apps/sandbox/istiod.git
    path: "./chart"
    branch: "main"
    #tag:
  helmRepo:
    repoName: "registry1"
    chartName: "istiod"
    #tag:
  # -- Flux reconciliation overrides specifically for the Istio Daemon Package
  flux: {}
  # -- Values to passthrough to the istiod chart
  values: {}
  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

istioGateway:
  # -- Toggle deployment of Istio Gateway
  enabled: false
  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"
  git:
    repo: https://repo1.dso.mil/big-bang/apps/sandbox/istio-gateway.git
    path: "./chart"
    branch: "main"
    #tag:
  helmRepo:
    repoName: "registry1"
    chartName: "istio-gateway"
    #tag:
  gateways:
    - name: public-ingressgateway
      values:
        type: "LoadBalancer" # or "NodePort"
        # hosts:
        #   - "*.{{ .Values.domain }}"
        # autoHttpRedirect:
        #   enabled: true
        # tls:
        #   key: ""
        #   cert: ""
        #   minProtocolVersion: ""
    # - name: passthrough-ingressgateway
    #   values:
    #     some: value

  # ingressGateways:
  #   public-ingressgateway:
  #     type: "LoadBalancer" # or "NodePort"
  # gateways:
  #   public:
  #     ingressGateway: "public-ingressgateway"
  #     hosts:
  #       - "*.{{ .Values.domain }}"
  #     autoHttpRedirect:
  #       enabled: true
  #     tls:
  #       key: ""
  #       cert: ""
  #       minProtocolVersion: ""

  # -- Flux reconciliation overrides specifically for the Istio Gateway Package
  flux: {}
  # -- Values to passthrough to the istio-base chart
  values: {}
  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []


istio:
  # -- Toggle deployment of Istio.
  enabled: true
  mtls:
    # -- STRICT = Allow only mutual TLS traffic,
    # PERMISSIVE = Allow both plain text and mutual TLS traffic
    mode: STRICT

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
    path: "./chart"
    tag: "1.22.3-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "istio"
    tag: "1.22.3-bb.1"
    # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI).  Set to 'false' to disable verification.
    # cosignVerify:

  # -- Tetrate Istio Distribution - Tetrate provides FIPs verified Istio and Envoy software and support,
  # validated through the FIPs Boring Crypto module. Find out more from Tetrate - https://www.tetrate.io/tetrate-istio-subscription
  enterprise: false

  # Ingress gateways are created based on the key name.  Adding more keys will add ingress gateways.
  # Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas
  # Besides some ports needed by Istio, only ports 80 and 443 are opened
  # Ingress gateways that require more configuration can be completed using `istio.values`
  ingressGateways:
    public-ingressgateway:
      type: "LoadBalancer" # or "NodePort"
      kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec

    # private-ingressgateway:
    #   type: "LoadBalancer" # or "NodePort"
    #   kubernetesResourceSpec: # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
    #     serviceAnnotations: # Example for AWS internal load balancer
    #       service.beta.kubernetes.io/aws-load-balancer-type: nlb
    #       service.beta.kubernetes.io/aws-load-balancer-internal: "true"

    # passthrough-ingressgateway:
    #   type: "NodePort" # or "LoadBalancer"
    #   # Node ports are assigned starting from nodePortBase.  The nodePortBase specifies the start of a range of 4 unused node ports.
    #   # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
    #   # Node port base should be in the range from 30000 to 32764
    #   nodePortBase: 32000  # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters

  gateways:
    public:
      ingressGateway: "public-ingressgateway"
      hosts:
        - "*.{{ .Values.domain }}"
      # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
      autoHttpRedirect:
        enabled: true
      tls:
        key: ""
        cert: ""
        minProtocolVersion: ""
    # private:
    #   ingressGateway: "private-ingressgateway"
    #   hosts:
    #   - "example.bigbang.dev"
    #   ports:
    #     - name: tls-2
    #       number: 1234
    #       protocol: TCP
    #     - name: tls
    #       number: 5678
    #       protocol: TCP
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #   autoHttpRedirect:
    #     enabled: false
    #   tls:
    #     key: ""
    #     cert: ""
    #     minProtocolVersion: ""
    # passthrough:
    #   ingressGateway: "passthrough-ingressgateway"
    #   hosts:

    ####
    # Alternate multi-server configuration method
    ####
    # private:
    #   ingressGateway: "private-ingressgateway"
    #   servers:
    #   - hosts:
    #     - "example.bigbang.dev"
    #     port:
    #       name: tls-1
    #       number: 1234
    #       protocol: TCP
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #     autoHttpRedirect:
    #       enabled: false
    #     tls:
    #       key: ""
    #       cert: ""
    #       minProtocolVersion: ""
    #   - hosts:
    #     - "example.bigbang.dev"
    #     port:
    #       name: tls-2
    #       number: 5678
    #       protocol: TCP
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #     autoHttpRedirect:
    #       enabled: false
    #     tls:
    #       key: ""
    #       cert: ""
    #       minProtocolVersion: ""
    # passthrough:
    #   ingressGateway: "passthrough-ingressgateway"
    #   hosts:
    #   - "*.{{ .Values.domain }}"
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #   autoHttpRedirect:
    #     enabled: true
    #   tls:
    #     mode: "PASSTHROUGH"
    # mutual:
    #   ingressGateway: "mutual-ingressgateway"
    #   hosts:
    #   - "*.{{ .Values.domain }}"
    #   # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
    #   autoHttpRedirect:
    #     enabled: true
    #   tls:
    #     mode: MUTUAL
    #     cert: ""
    #     key: ""
    #     ca: ""

  # -- Flux reconciliation overrides specifically for the Istio Package
  flux: {}

  # -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

istioOperator:
  # -- Toggle deployment of Istio Operator.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git
    path: "./chart"
    tag: "1.22.3-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "istio-operator"
    tag: "1.22.3-bb.0"

  # -- Flux reconciliation overrides specifically for the Istio Operator Package
  flux: {}

  # -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

jaeger:
  # -- Toggle deployment of Jaeger.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/jaeger.git
    path: "./chart"
    tag: "2.54.0-bb.2"
  helmRepo:
    repoName: "registry1"
    chartName: "jaeger"
    tag: "2.54.0-bb.2"

  # -- Flux reconciliation overrides specifically for the Jaeger Package
  flux:
    install:
      crds: CreateReplace
    upgrade:
      crds: CreateReplace

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SSO for Jaeger on and off
    enabled: false

    # -- OIDC Client ID to use for Jaeger
    client_id: ""

    # -- OIDC Client Secret to use for Jaeger
    client_secret: ""

  # -- Values to pass through to Jaeger chart: https://repo1.dso.mil/big-bang/product/packages/jaeger.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

kiali:
  # -- Toggle deployment of Kiali.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/kiali.git
    path: "./chart"
    tag: "1.87.0-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "kiali"
    tag: "1.87.0-bb.0"

  # -- Flux reconciliation overrides specifically for the Kiali Package
  flux: {}

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SSO for Kiali on and off
    enabled: false

    # -- OIDC Client ID to use for Kiali
    client_id: ""

    # -- OIDC Client Secret to use for Kiali
    client_secret: ""

  # -- Values to pass through to Kiali chart: https://repo1.dso.mil/big-bang/product/packages/kiali
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
clusterAuditor:
  # -- Toggle deployment of Cluster Auditor.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git
    path: "./chart"
    tag: "1.5.0-bb.20"
  helmRepo:
    repoName: "registry1"
    chartName: "cluster-auditor"
    tag: "1.5.0-bb.20"

  # -- Flux reconciliation overrides specifically for the Cluster Auditor Package
  flux: {}

  # -- Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/big-bang/product/packages/cluster-auditor.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
gatekeeper:
  # -- Toggle deployment of OPA Gatekeeper.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/policy.git
    path: "./chart"
    tag: "3.16.3-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "gatekeeper"
    tag: "3.16.3-bb.1"

  # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
  flux:
    install:
      crds: CreateReplace
    upgrade:
      crds: CreateReplace

  # -- Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/big-bang/product/packages/policy.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Kyverno
#
kyverno:
  # -- Toggle deployment of Kyverno.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/kyverno.git
    path: "./chart"
    tag: "3.2.5-bb.3"
  helmRepo:
    repoName: "registry1"
    chartName: "kyverno"
    tag: "3.2.5-bb.3"

  # -- Flux reconciliation overrides specifically for the Kyverno Package
  flux: {}

  # -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/big-bang/product/packages/kyverno.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

kyvernoPolicies:
  # -- Toggle deployment of Kyverno policies
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
    path: ./chart
    tag: "3.2.5-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "kyverno-policies"
    tag: "3.2.5-bb.0"

  # -- Flux reconciliation overrides specifically for the Kyverno Package
  flux: {}

  # -- Values to passthrough to the kyverno policies chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

kyvernoReporter:
  # -- Toggle deployment of Kyverno Reporter
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git
    path: ./chart
    tag: "2.24.0-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "kyverno-reporter"
    tag: "2.24.0-bb.1"

  # -- Flux reconciliation overrides specifically for the Kyverno Reporter Package
  flux: {}

  # -- Values to passthrough to the kyverno reporter chart: https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Elasticsearch, Kibana, Fluentbit Logging stack
#
elasticsearchKibana:
  # -- Toggle deployment of Logging (EFK).
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
    path: "./chart"
    tag: "1.17.0-bb.3"
  helmRepo:
    repoName: "registry1"
    chartName: "elasticsearch-kibana"
    tag: "1.17.0-bb.3"

  # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
  flux:
    timeout: 20m

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
    # Enabling this option will auto-create any required secrets.
    enabled: false

    # -- Elasticsearch/Kibana OIDC client ID
    client_id: ""

    # -- Elasticsearch/Kibana OIDC client secret
    client_secret: ""
  
  # -- Elasticsearch/Kibana Service Account Annotations
  serviceAccountAnnotations:
    elasticsearch: {}
    kibana: {}

  license:
    # -- Toggle trial license installation of elasticsearch.  Note that enterprise (non trial) is required for SSO to work.
    trial: false

    # -- Elasticsearch license in json format seen here: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana#enterprise-license
    keyJSON: ""

  # -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

eckOperator:
  # -- Toggle deployment of ECK Operator.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
    path: "./chart"
    tag: "2.13.0-bb.2"
  helmRepo:
    repoName: "registry1"
    chartName: "eck-operator"
    tag: "2.13.0-bb.2"

  # -- Flux reconciliation overrides specifically for the ECK Operator Package
  flux: {}

  # -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

fluentbit:
  # -- Toggle deployment of Fluent-Bit.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
    path: "./chart"
    tag: "0.47.5-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "fluentbit"
    tag: "0.47.5-bb.0"

  # -- Flux reconciliation overrides specifically for the Fluent-Bit Package
  flux: {}

  # -- Values to passthrough to the fluentbit chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

# ----------------------------------------------------------------------------------------------------------------------
# Promtail / Loki Logging stack
#
promtail:
  # -- Toggle deployment of Promtail.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/promtail.git
    path: "./chart"
    tag: "6.16.2-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "promtail"
    tag: "6.16.2-bb.1"

  # -- Flux reconciliation overrides specifically for the Promtail Package
  flux: {}

  # -- Values to passthrough to the promtail chart: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

loki:
  # -- Toggle deployment of Loki.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/loki.git
    path: "./chart"
    tag: "6.7.1-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "loki"
    tag: "6.7.1-bb.0"

  # -- Flux reconciliation overrides specifically for the Loki Package
  flux: {}

  # -- Loki architecture.  Options are monolith and scalable
  strategy: monolith
  
  # -- Loki clusterName identifier for Promtail and Dashboards
  clusterName: ""


  objectStorage:
    # -- S3 compatible endpoint to use for connection information.
    # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
    endpoint: ""

    # -- S3 compatible region to use for connection information.
    region: ""

    # -- Access key for connecting to object storage endpoint.
    accessKey: ""

    # -- Secret key for connecting to object storage endpoint.
    # Unencoded string data. This should be placed in the secret values and then encrypted
    accessSecret: ""

    # -- Bucket Names for the Loki buckets as YAML
    # chunks: loki-logs
    # ruler: loki-ruler
    # admin: loki-admin
    bucketNames: {}

  # -- Values to passthrough to the Loki chart: https://repo1.dso.mil/big-bang/product/packages/loki.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------

neuvector:
  # -- Toggle deployment of Neuvector.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
    path: "./chart"
    tag: "2.7.7-bb.3"
  helmRepo:
    repoName: "registry1"
    chartName: "neuvector"
    tag: "2.7.7-bb.3"

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SSO for Neuvector on and off
    enabled: false

    # -- OIDC Client ID to use for Neuvector
    client_id: ""

    # -- OIDC Client Secret to use for Neuvector
    client_secret: ""

    # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
    default_role: ""

    # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
    group_claim: ""

    # -- Default role to use for Neuvector OIDC users. Supports admin, reader, or no default
    group_mapped_roles: []

  # -- Flux reconciliation overrides specifically for the Neuvector Package
  flux: {}

  # -- Values to passthrough to the Neuvector chart: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------

tempo:
  # -- Toggle deployment of Tempo.
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/tempo.git
    path: "./chart"
    tag: "1.10.1-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "tempo"
    tag: "1.10.1-bb.0"

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  # -- Flux reconciliation overrides specifically for the Tempo Package
  flux: {}

  sso:
    # -- Toggle SSO for Tempo on and off
    enabled: false

    # -- OIDC Client ID to use for Tempo
    client_id: ""

    # -- OIDC Client Secret to use for Tempo
    client_secret: ""

  objectStorage:
    # -- S3 compatible endpoint to use for connection information.
    # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
    # Note: tempo does not require protocol prefix for URL.
    endpoint: ""

    # -- S3 compatible region to use for connection information.
    region: ""

    # -- Access key for connecting to object storage endpoint.
    accessKey: ""

    # -- Secret key for connecting to object storage endpoint.
    # Unencoded string data. This should be placed in the secret values and then encrypted
    accessSecret: ""

    # -- Bucket Name for Tempo
    # examples: "tempo-traces"
    bucket: ""

    # -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object
    # storage on port 80/9000 set this value to true.
    insecure: false

  # -- Values to passthrough to the Tempo chart: https://repo1.dso.mil/big-bang/product/packages/tempo.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------

# Monitoring
#
monitoring:
  # -- Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager).
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/monitoring.git
    path: "./chart"
    tag: "61.2.0-bb.2"
  helmRepo:
    repoName: "registry1"
    chartName: "monitoring"
    tag: "61.2.0-bb.2"

  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux:
    install:
      crds: CreateReplace
    upgrade:
      crds: CreateReplace

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SSO for monitoring components on and off
    enabled: false
    prometheus:
      # -- Prometheus OIDC client ID
      client_id: ""

      # -- Prometheus OIDC client secret
      client_secret: ""

    alertmanager:
      # -- Alertmanager OIDC client ID
      client_id: ""

      # -- Alertmanager OIDC client secret
      client_secret: ""

  # -- Values to passthrough to the monitoring chart: https://repo1.dso.mil/big-bang/product/packages/monitoring.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------

# Grafana
#
grafana:
  # -- Toggle deployment of Grafana
  enabled: true

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/grafana.git
    path: "./chart"
    tag: "8.3.6-bb.0"
  helmRepo:
    repoName: "registry1"
    chartName: "grafana"
    tag: "8.3.6-bb.0"

  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux: {}

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SSO for grafana components on and off
    enabled: false
    grafana:
      # -- Grafana OIDC client ID
      client_id: ""

      # -- Grafana OIDC client secret
      client_secret: ""

      # -- Grafana OIDC client scopes, comma separated, see https://grafana.com/docs/grafana/latest/auth/generic-oauth/
      scopes: ""

      allow_sign_up: true

      role_attribute_path: "Viewer"
      # -- Other options available, see package Documentation.

  # -- Values to passthrough to the grafana chart: https://repo1.dso.mil/big-bang/product/packages/grafana.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []
# ----------------------------------------------------------------------------------------------------------------------

# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
twistlock:
  # -- Toggle deployment of Twistlock.
  enabled: false

  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/twistlock.git
    path: "./chart"
    tag: "0.15.0-bb.17"
  helmRepo:
    repoName: "registry1"
    chartName: "twistlock"
    tag: "0.15.0-bb.17"

  # -- Flux reconciliation overrides specifically for the Twistlock Package
  flux: {}

  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:
    gateway: ""

  sso:
    # -- Toggle SAML SSO, requires a license and enabling the init job - see https://repo1.dso.mil/big-bang/product/packages/initialization.md
    enabled: false

    # -- SAML client ID
    client_id: ""

    # -- SAML Identity Provider. `shibboleth` is recommended by Twistlock support for Keycloak
    # Possible values: okta, gsuite, ping, shibboleth, azure, adfs
    provider_type: "shibboleth"

    # -- Groups attribute (optional)
    groups: ""

  # -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/big-bang/product/packages/twistlock.git
  values: {}

  # -- Post Renderers.  See docs/postrenders.md
  postRenderers: []

#
# ----------------------------------------------------------------------------------------------------------------------
#
addons:
  argocd:
    # -- Toggle deployment of ArgoCD.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/argocd.git
      path: "./chart"
      tag: "7.3.9-bb.0"
    helmRepo:
      repoName: "registry1"
      chartName: "argocd"
      tag: "7.3.9-bb.0"

    # -- Flux reconciliation overrides specifically for the ArgoCD Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    redis:
      # -- Hostname of a pre-existing Redis to use for ArgoCD.
      # Entering connection info will enable external Redis and will auto-create any required secrets.
      host: ""

      # -- Port of a pre-existing Redis to use for ArgoCD.
      port: ""

    sso:
      # -- Toggle SSO for ArgoCD on and off
      enabled: false

      # -- ArgoCD OIDC client ID
      client_id: ""

      # -- ArgoCD OIDC client secret
      client_secret: ""

      # -- ArgoCD SSO group roles, see docs for more details: https://argo-cd.readthedocs.io/en/stable/operator-manual/rbac/
      groups: |
        g, Impact Level 2 Authorized, role:admin

    # -- Values to passthrough to the argocd chart: https://repo1.dso.mil/big-bang/product/packages/argocd.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  authservice:
    # -- Toggle deployment of Authservice.
    # if enabling authservice, a filter needs to be provided by either enabling
    # sso for monitoring or istio, or manually adding a filter chain in the values here:
    # values:
    #   chain:
    #     minimal:
    #       callback_uri: "https://somecallback"
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/authservice.git
      path: "./chart"
      tag: "1.0.1-bb.4"
    helmRepo:
      repoName: "registry1"
      chartName: "authservice"
      tag: "1.0.1-bb.4"

    # -- Flux reconciliation overrides specifically for the Authservice Package
    flux: {}

    # -- Values to passthrough to the authservice chart: https://repo1.dso.mil/big-bang/product/packages/authservice.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

    # -- Additional authservice chain configurations.
    chains: {}

  # ----------------------------------------------------------------------------------------------------------------------
  # Minio Operator and Instance
  #
  minioOperator:
    # -- Toggle deployment of minio operator and instance.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/minio-operator.git
      path: "./chart"
      tag: "5.0.16-bb.1"
    helmRepo:
      repoName: "registry1"
      chartName: "minio-operator"
      tag: "5.0.16-bb.1"

    # -- Flux reconciliation overrides specifically for the Minio Operator Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    # -- Values to passthrough to the minio operator chart: https://repo1.dso.mil/big-bang/product/packages/minio-operator.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  minio:
    # -- Toggle deployment of minio.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/minio.git
      path: "./chart"
      tag: "5.0.16-bb.0"
    helmRepo:
      repoName: "registry1"
      chartName: "minio-instance"
      tag: "5.0.16-bb.0"

    # -- Flux reconciliation overrides specifically for the Minio Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    # -- Default access key to use for minio.
    accesskey: ""

    # -- Default secret key to intstantiate with minio, you should change/delete this after installation.
    secretkey: ""

    # -- Values to passthrough to the minio instance chart: https://repo1.dso.mil/big-bang/product/packages/minio.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  gitlab:
    # -- Toggle deployment of Gitlab
    enabled: false

    hostnames:
      # host name only without the domain
      gitlab: gitlab
      registry: registry

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
      path: "./chart"
      tag: "8.1.2-bb.3"
    helmRepo:
      repoName: "registry1"
      chartName: "gitlab"
      tag: "8.1.2-bb.3"

    # -- Flux reconciliation overrides specifically for the Gitlab Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle OIDC SSO for Gitlab on and off.
      # Enabling this option will auto-create any required secrets.
      enabled: false

      # -- Gitlab OIDC client ID
      client_id: ""

      # -- Gitlab OIDC client secret
      client_secret: ""

      # -- Gitlab SSO Scopes, default is ["Gitlab"]
      scopes:
        - Gitlab

      # -- Fill out the groups block below and populate with Keycloak groups according to your desired Gitlab membership requirements. The default groupsAttribute is "groups".
      # Full documentation: https://docs.gitlab.com/ee/administration/auth/oidc.html?tab=Linux+package+%28Omnibus%29#configure-users-based-on-oidc-group-membership
      groups: []
      #   groupsAttribute: ""
      #   requiredGroups: []
      #   externalGroups: []
      #   auditorGroups: []
      #   adminGroups: []

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
      host: ""

      # -- Port of a pre-existing PostgreSQL database to use for Gitlab.
      port: 5432

      # -- Database name to connect to on host.
      database: "" # example: gitlab

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: ""

      # -- Database password for the username used to connect to the existing database.
      password: ""

    objectStorage:
      # -- Type of object storage to use for Gitlab, setting to s3 will assume an external, pre-existing object storage is to be used.
      # Entering connection info will enable this option and will auto-create any required secrets
      type: "" # supported types are "s3" or "minio"

      # -- S3 compatible endpoint to use for connection information.
      # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
      endpoint: ""

      # -- S3 compatible region to use for connection information.
      region: ""

      # -- Access key for connecting to object storage endpoint.
      # -- If using accessKey and accessSecret, the iamProfile must be left as an empty string: ""
      accessKey: ""

      # -- Secret key for connecting to object storage endpoint.
      # Unencoded string data. This should be placed in the secret values and then encrypted
      accessSecret: ""

      # -- Bucket prefix to use for identifying buckets.
      # Example: "prod" will produce "prod-gitlab-bucket"
      bucketPrefix: ""

      # -- NOTE: Current bug with AWS IAM Profiles and Object Storage where only artifacts are stored. Fixed in Gitlab 14.5
      # -- Name of AWS IAM profile to use.
      # -- If using an AWS IAM profile, the accessKey and accessSecret values must be left as empty strings eg: ""
      iamProfile: ""

    smtp:
      # -- Passwords should be placed in an encrypted file. Example: environment-bb-secret.enc.yaml
      # If a value is provided BigBang will create a k8s secret named gitlab-smtp-password in the gitlab namespace
      password: ""

    redis:
      # -- Redis plain text password to connect to the redis server.  If empty (""), the gitlab charts will create the gitlab-redis-secret
      # with a random password.
      # -- This needs to be set to a non-empty value in order for the Grafana Redis Datasource and Dashboards to be installed.
      password: ""

    # -- Rails plain text secret to define. If empty (""), the gitlab charts will create the gitlab-rails-secret with randomized data.
    # Read the following for more information on setting Gitlab rails secrets: https://docs.gitlab.com/charts/installation/secrets#gitlab-rails-secret
    railsSecret: ""

    # -- Values to passthrough to the gitlab chart: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  gitlabRunner:
    # -- Toggle deployment of Gitlab Runner
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git
      path: "./chart"
      tag: "0.66.0-bb.0"

    helmRepo:
      repoName: "registry1"
      chartName: "gitlab-runner"
      tag: "0.66.0-bb.0"
      

    # -- Flux reconciliation overrides specifically for the Gitlab Runner Package
    flux: {}

    # -- Values to passthrough to the gitlab runner chart: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  nexusRepositoryManager:
    # -- Toggle deployment of Nexus Repository Manager.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/nexus.git
      path: "./chart"
      tag: "70.1.0-bb.0"
    helmRepo:
      repoName: "registry1"
      chartName: "nexus-repository-manager"
      tag: "70.1.0-bb.0"

    # -- Base64 encoded license file.
    license_key: ""

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SAML SSO for NXRM.
      # -- handles SAML SSO, a Client must be configured in Keycloak or IdP
      # -- to complete setup.
      # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
      enabled: false

      # -- NXRM SAML SSO Integration data
      idp_data:
        # Nexus saml URL. example: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
        entityId: ""

        # -- IdP Field Mappings
        # -- NXRM username attribute
        username: ""

        # -- NXRM firstname attribute (optional)
        firstName: ""

        # -- NXRM lastname attribute (optional)
        lastName: ""

        # -- NXRM email attribute (optional)
        email: ""

        # -- NXRM groups attribute (optional)
        groups: ""

      # -- NXRM Role
      role:
        # the id must match the Keycloak group name (case sensitive)
        - id: ""
          name: ""
          description: ""
          privileges: []
          roles: []

    # -- Flux reconciliation overrides specifically for the Nexus Repository Manager Package
    flux: {}

    # -- Values to passthrough to the nxrm chart: https://repo1.dso.mil/big-bang/product/packages/nexus.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  sonarqube:
    # -- Toggle deployment of SonarQube.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
      path: "./chart"
      tag: "8.0.6-bb.2"
    helmRepo:
      repoName: "registry1"
      chartName: "sonarqube"
      tag: "8.0.6-bb.2"

    # -- Flux reconciliation overrides specifically for the Sonarqube Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SAML SSO for SonarQube.
      # Enabling this option will auto-create any required secrets.
      enabled: false

      # -- SonarQube SAML client ID
      client_id: ""

      # -- SonarQube login sso attribute.
      login: login

      # -- SonarQube name sso attribute.
      name: name

      # -- SonarQube email sso attribute.
      email: email

      # -- (optional) SonarQube group sso attribute.
      group: group

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for SonarQube.
      host: ""

      # -- Port of a pre-existing PostgreSQL database to use for SonarQube.
      port: 5432

      # -- Database name to connect to on host.
      database: ""

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: ""

      # -- Database password for the username used to connect to the existing database.
      password: ""

    # -- Values to passthrough to the sonarqube chart: https://repo1.dso.mil/big-bang/product/packages/sonarqube.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  fortify:
    # -- Toggle deployment of Fortify.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/fortify.git
      path: "./chart"
      tag: "1.1.2320154-bb.15"
    helmRepo:
      repoName: "registry1"
      chartName: "fortify-ssc"
      tag: "1.1.2320154-bb.15"

    # -- Flux reconciliation overrides specifically for the Fortify Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SSO for Fortify on and off
      enabled: false

      # -- SAML Client ID to use for Fortify
      client_id: ""

      # -- SAML Client Secret to use for Fortify
      client_secret: ""

    # -- Values to passthrough to the fortify chart: https://repo1.dso.mil/big-bang/product/packages/fortify.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  # ----------------------------------------------------------------------------------------------------------------------
  # Deployment of HAProxy is automatically toggled depending on Monitoring SSO and Monitoring Istio Injection
  #
  haproxy:
    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/haproxy.git
      path: "./chart"
      tag: "1.19.3-bb.7"
    helmRepo:
      repoName: "registry1"
      chartName: "haproxy"
      tag: "1.19.3-bb.7"

    # -- Flux reconciliation overrides specifically for the HAProxy Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    # -- Values to passthrough to the haproxy chart: https://repo1.dso.mil/big-bang/product/packages/haproxy.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  anchore:
    # -- Toggle deployment of Anchore.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git
      path: "./chart"
      tag: "2.7.0-bb.6"
    helmRepo:
      repoName: "registry1"
      chartName: "anchore"
      tag: "2.7.0-bb.6"

    # -- Flux reconciliation overrides specifically for the Anchore Package
    flux:
      upgrade:
        disableWait: true

    # -- Initial admin password used to authenticate to Anchore.
    adminPassword: ""

    # -- Anchore Enterprise functionality.
    enterprise:
      # -- License for Anchore Enterprise. Enterprise is the only option available for the chart starting with chart major version 2.X.
      # For formatting examples see https://repo1.dso.mil/big-bang/product/packages/CHART.md#enabling-enterprise-services
      licenseYaml: |
        FULL LICENSE

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SAML SSO for Anchore on and off.
      # Enabling this option will auto-create any required secrets (Note: SSO requires an Enterprise license).
      enabled: false

      # -- Anchore SAML client ID
      client_id: ""

      # -- Anchore SAML client role attribute
      role_attribute: ""

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Anchore.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
      host: ""

      # -- Port of a pre-existing PostgreSQL database to use for Anchore.
      port: ""

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: ""

      # -- Database password for the username used to connect to the existing database.
      password: ""

      # -- Database name to connect to on host (Note: database name CANNOT contain hyphens).
      database: ""

      # -- Feeds database name to connect to on host (Note: feeds database name CANNOT contain hyphens).
      # Only required for enterprise edition of anchore.
      # By default, feeds database will be configured with the same username and password as the main database. For formatting examples on how to use a separate username and password for the feeds database see https://repo1.dso.mil/big-bang/product/packages/CHART.md#handling-dependencies
      feeds_database: ""

    redis:
      # -- Hostname of a pre-existing Redis to use for Anchore Enterprise.
      # Entering connection info will enable external redis and will auto-create any required secrets.
      # Anchore only requires redis for enterprise deployments and will not provision an instance if using external
      host: ""

      # -- Port of a pre-existing Redis to use for Anchore Enterprise.
      port: ""

      # -- OPTIONAL: Username to connect to a pre-existing Redis (for password-only auth leave empty)
      username: ""

      # -- Password to connect to pre-existing Redis.
      password: ""

    # -- Values to passthrough to the anchore chart: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  # ----------------------------------------------------------------------------------------------------------------------
  # Mattermost Operator and Instance
  #
  mattermostOperator:
    # -- Toggle deployment of Mattermost Operator.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/mattermost-operator.git
      path: "./chart"
      tag: "1.22.0-bb.2"
    helmRepo:
      repoName: "registry1"
      chartName: "mattermost-operator"
      tag: "1.22.0-bb.2"

    # -- Flux reconciliation overrides specifically for the Mattermost Operator Package
    flux: {}

    # -- Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  mattermost:
    # -- Toggle deployment of Mattermost.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/mattermost.git
      path: "./chart"
      tag: "9.10.0-bb.3"
    helmRepo:
      repoName: "registry1"
      chartName: "mattermost"
      tag: "9.10.0-bb.3"

    # -- Flux reconciliation overrides specifically for the Mattermost Package
    flux: {}

    # -- Mattermost Enterprise functionality.
    enterprise:
      # -- Toggle the Mattermost Enterprise.  This must be accompanied by a valid license unless you plan to start a trial post-install.
      enabled: false

      # -- License for Mattermost.
      # This should be the entire contents of the license file from Mattermost (should be one line), example below
      # license: "eyJpZCI6InIxM205bjR3eTdkYjludG95Z3RiOD---REST---IS---HIDDEN
      license: ""

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle OIDC SSO for Mattermost on and off.
      # Enabling this option will auto-create any required secrets.
      enabled: false

      # -- Mattermost OIDC client ID
      client_id: ""

      # -- Mattermost OIDC client secret
      client_secret: ""

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Mattermost.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
      host: ""

      # -- Port of a pre-existing PostgreSQL database to use for Mattermost.
      port: ""

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: ""

      # -- Database password for the username used to connect to the existing database.
      password: ""

      # -- Database name to connect to on host.
      database: ""

      # -- SSL Mode to use when connecting to the database.
      # Allowable values for this are viewable in the postgres documentation: https://www.postgresql.org/docs/current/libpq-ssl.html#LIBPQ-SSL-SSLMODE-STATEMENTS
      ssl_mode: ""

    objectStorage:
      # -- S3 compatible endpoint to use for connection information.
      # Entering connection info will enable this option and will auto-create any required secrets.
      # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
      endpoint: ""

      # -- Access key for connecting to object storage endpoint.
      accessKey: ""

      # -- Secret key for connecting to object storage endpoint.
      # Unencoded string data. This should be placed in the secret values and then encrypted
      accessSecret: ""

      # -- Bucket name to use for Mattermost - will be auto-created.
      bucket: ""

    # -- Mattermost Elasticsearch integration - requires enterprise E20 license - https://docs.mattermost.com/deployment/elasticsearch.html
    # Connection info defaults to the BB deployed Elastic, all values can be overridden via the "values" passthrough for other connections.
    # See values spec in MM chart "elasticsearch" yaml block - https://repo1.dso.mil/big-bang/product/packages/values.yaml
    elasticsearch:
      # -- Toggle interaction with Elastic for optimized search indexing
      enabled: false

    # -- Values to passthrough to the Mattermost chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  velero:
    # -- Toggle deployment of Velero.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/velero.git
      path: "./chart"
      tag: "6.7.0-bb.4"
    helmRepo:
      repoName: "registry1"
      chartName: "velero"
      tag: "6.7.0-bb.4"

    # -- Flux reconciliation overrides specifically for the Velero Package
    flux: {}

    # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
    plugins: []
    # - aws

    # -- Values to passthrough to the Velero chart: https://repo1.dso.mil/big-bang/product/packages/values.yaml
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []
  #
  # ----------------------------------------------------------------------------------------------------------------------

  # ----------------------------------------------------------------------------------------------------------------------
  # Keycloak
  #
  keycloak:
    # -- Toggle deployment of Keycloak.
    # if you enable Keycloak you should uncomment the istio passthrough configurations above
    # istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/keycloak.git
      path: "./chart"
      tag: "2.4.3-bb.2"
    helmRepo:
      repoName: "registry1"
      chartName: "keycloak"
      tag: "2.4.3-bb.2"

    database:
      # -- Hostname of a pre-existing database to use for Keycloak.
      # Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
      host: ""

      # -- Pre-existing database type (e.g. postgres) to use for Keycloak.
      type: postgres

      # -- Port of a pre-existing database to use for Keycloak.
      port: 5432

      # -- Database name to connect to on host.
      database: "" # example: keycloak

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: ""

      # -- Database password for the username used to connect to the existing database.
      password: ""

    # -- Flux reconciliation overrides specifically for the OPA Gatekeeper Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      # the istio gateway for keycloak must have tls.mode: PASSTHROUGH
      gateway: "passthrough"
      # -- Certificate/Key pair to use as the certificate for exposing Keycloak
      # Setting the ingress cert here will automatically create the volume and volumemounts in the Keycloak Package chart
      key: ""
      cert: ""

    # -- Values to passthrough to the keycloak chart: https://repo1.dso.mil/big-bang/product/packages/keycloak.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  # ----------------------------------------------------------------------------------------------------------------------
  # Vault
  #
  vault:
    # -- Toggle deployment of Vault.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/vault.git
      path: "./chart"
      tag: "0.25.0-bb.38"
    helmRepo:
      repoName: "registry1"
      chartName: "vault"
      tag: "0.25.0-bb.38"

    # -- Flux reconciliation overrides specifically for the Vault Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""
      # -- Certificate/Key pair to use as the certificate for exposing Vault
      # Setting the ingress cert here will automatically create the volume and volumemounts in the Vault package chart
      key: ""
      cert: ""

    # -- Values to passthrough to the vault chart: https://repo1.dso.mil/big-bang/product/packages/vault.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  # ----------------------------------------------------------------------------------------------------------------------
  # Metrics Server
  #
  metricsServer:
    # -- Toggle deployment of metrics server
    # Acceptable options are enabled: true, enabled: false, enabled: auto
    # true = enabled / false = disabled / auto = automatic (Installs only if metrics API endpoint is not present)
    enabled: auto

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/metrics-server.git
      path: "./chart"
      tag: "3.12.1-bb.3"
    helmRepo:
      repoName: "registry1"
      chartName: "metrics-server"
      tag: "3.12.1-bb.3"

    # -- Flux reconciliation overrides specifically for the metrics server Package
    flux: {}

    # -- Values to passthrough to the metrics server chart: https://repo1.dso.mil/big-bang/product/packages/metrics-server.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  # ----------------------------------------------------------------------------------------------------------------------
  # Harbor
  #
  harbor:
    # -- Toggle deployment of harbor
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git
      tag: "1.15.0-bb.0"
      path: "./chart"
    helmRepo:
      repoName: "registry1"
      chartName: "harbor"
      tag: "1.15.0-bb.0"

    # -- Flux reconciliation overrides specifically for the Jaeger Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SSO for Harbor on and off
      enabled: false

      # -- OIDC Client ID to use for Harbor
      client_id: ""

      # -- OIDC Client Secret to use for Harbor
      client_secret: ""

    # -- Values to pass through to Habor chart: https://repo1.dso.mil/big-bang/product/packages/harbor.git
    values: {}

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

  holocron:
    # -- Toggle deployment of Holocron.
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/holocron.git
      tag: "1.0.11"
      path: "./chart"
    helmRepo:
      repoName: "registry1"
      chartName: "holocron"
      tag: "1.0.11"

    collectorAuth:
      # -- Name of existing secret with auth tokens for collector services: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide
      # -- Default keys for secret are:
      # -- gitlab-scm-0, gitlab-workflow-0, gitlab-build-0, jira-workflow-0, sonarqube-project-analysis-0
      # -- If not provided, one will be created
      existingSecret: ""
      # -- Tokens for the secret to be created
      gitlabToken: mygitlabtoken
      jiraToken: myjiratoken
      sonarToken: mysonartoken

    jira:
      # -- If there is a Jira deployment, enable a collector for it
      enabled: false
      service:
      # -- The service name to communicate with
        name: ""
        # -- If network policies are enabled, a label to match the namespace for egress policy
        label:
          key: value

    # -- Flux reconciliation overrides specifically for the Holocron Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
    ingress:
      gateway: ""

    sso:
      # -- Toggle SSO for Holocron on and off
      enabled: false

      # -- OIDC Client ID to use for Holocron
      client_id: ""

      # -- OIDC Client Secret to use for Holocron
      client_secret: ""
      
      # -- Holocron SSO group roles: https://repo1.dso.mil/groups/big-bang/apps/sandbox/holocron/-/wikis/Administrator-Guide
      groups:
        admin: ""
        leadership: ""

    database:
      # -- Hostname of a pre-existing PostgreSQL database to use for Gitlab.
      # -- Entering connection info will disable the deployment of an internal database and will auto-create any required secrets.
      host: ""

      # -- Port of a pre-existing PostgreSQL database to use for Gitlab.
      port: 5432

      # -- Database name to connect to on host.
      database: "holocron"

      # -- Username to connect as to external database, the user must have all privileges on the database.
      username: "holocron"

      # -- Database password for the username used to connect to the existing database.
      password: "holocron"

    # -- Post Renderers.  See docs/postrenders.md
    postRenderers: []

    # -- Values to passthrough to the Holocron chart: https://repo1.dso.mil/big-bang/product/packages/holocron.git
    values: {}

  # ----------------------------------------------------------------------------------------------------------------------
  # thanos
  #
  thanos:
    # -- Toggle deployment of thanos
    enabled: false

    sso:
        # -- Toggle SSO for Thanos on and off
      enabled: false

      # -- OIDC Client ID to use for Thanos
      client_id: ""

      # -- OIDC Client Secret to use for Thanos
      client_secret: ""
    
    #Enable S3 Object Storage for Thanos-sidecar https://thanos.io/tip/components/sidecar.md/ and enables Thanos Store Gateway by default https://thanos.io/tip/components/store.md/ 
    objectStorage:
      # -- S3 compatible endpoint to use for connection information.
      # examples: "s3.amazonaws.com" "s3.us-gov-west-1.amazonaws.com" "minio.minio.svc.cluster.local:9000"
      # Note: Thanos does not require protocol prefix for URL.
      endpoint: ""

      # -- S3 compatible region to use for connection information.
      region: ""

      # -- Access key for connecting to object storage endpoint.
      accessKey: ""

      # -- Secret key for connecting to object storage endpoint.
      # Unencoded string data. This should be placed in the secret values and then encrypted
      accessSecret: ""

      # -- Bucket Name for Thanos
      # examples: "Thanos-metrics"
      bucket: ""

      # -- Whether or not objectStorage connection should require HTTPS, if connecting to in-cluster object
      insecure: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/thanos.git
      tag: "15.7.9-bb.5"
      path: "./chart"
    helmRepo:
      repoName: "registry1"
      chartName: "thanos"
      tag: "15.7.9-bb.5"

    # -- Flux reconciliation overrides specifically for the Thanos Package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    values: {}

    postRenderers: []

  externalSecrets:
    # -- Toggle deployment of external secrets
    enabled: false

    # -- Choose source type of "git" or "helmRepo"
    sourceType: "git"

    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/external-secrets.git
      tag: "0.9.18-bb.7"
      path: "./chart"
    helmRepo:
      repoName: "registry1"
      chartName: "external-secrets"
      tag: "0.9.18-bb.7"

    # -- Override flux settings for this package
    flux: {}

    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
    ingress:
      gateway: ""

    values: {}

    postRenderers: []

# -- Wrapper chart for integrating Big Bang components alongside a package
wrapper:
  # -- Choose source type of "git" or "helmRepo"
  sourceType: "git"

  helmRepo:
    # -- Repository holding OCI chart, corresponding to `helmRepositories` name
    repoName: "registry1"
    # -- Name of the OCI chart in `repo`
    chartName: wrapper
    # -- Tag of the OCI chart in `repo`
    tag: "0.4.10"
  git:
    # -- Git repo holding the wrapper helm chart, example: https://repo1.dso.mil/big-bang/product/packages/wrapper
    repo: "https://repo1.dso.mil/big-bang/product/packages/wrapper.git"
    # -- Path inside of the git repo to find the helm chart, example: chart
    path: "chart"
    # -- Git tag to check out.  Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference), example: 0.0.2
    tag: "0.4.10"

# -- Packages to deploy with Big Bang
# @default - '{}'
packages:
  # -- Package name.  Each package will be independently wrapped for Big Bang integration.
  # @default -- Uses `defaults/<package name>.yaml` for defaults.  See `package` Helm chart for additional values that can be set.
  sample:
    # -- Toggle deployment of this package
    # @default -- true
    enabled: false

    # -- Choose source type of "git" ("helmRepo" not supported yet)
    sourceType: "git"

    # -- Toggle wrapper functionality. See https://docs-bigbang.dso.mil/latest/docs/guides/deployment-scenarios/extra-package-deployment/#Wrapper-Deployment for more details.
    # @default -- false
    wrapper:
      enabled: false
    # -- After deployment, patch wrapper resources.  [More info](https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers)
      postRenderers: []

    # -- Use a kustomize deployment rather than Helm
    kustomize: false

    # -- HelmRepo source is supported as an option for Helm deployments. If both `git` and `helmRepo` are provided `git` will take precedence.
    helmRepo:
      # -- Name of the HelmRepo specified in `helmRepositories`
      # @default -- Uses `registry1` Helm Repository if not specified
      repoName:
      # -- Name of the chart stored in the Helm repository
      # @default -- Uses values key/package name if not specified
      chartName:
      # -- Tag of the chart in the Helm repo, required
      tag:
      # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI). Set to 'false' to disable verification
      #cosignVerify:

    # -- Git source is supported for both Helm and Kustomize deployments. If both `git` and `helmRepo` are provided `git` will take precedence.
    git:
      # -- Git repo URL holding the helm chart for this package, required if using git
      repo:
      # -- Git commit to check out.  Takes precedence over semver, tag, and branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
      commit:
      # -- Git semVer tag expression to check out.  Takes precedence over tag. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
      semver:
      # -- Git tag to check out.  Takes precedence over branch. [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference)
      tag:
      # -- Git branch to check out.  [More info](https://fluxcd.io/flux/components/source/gitrepositories/#reference).
      # @default -- When no other reference is specified, `master` branch is used
      branch:
      # -- Path inside of the git repo to find the helm chart or kustomize
      # @default -- For Helm charts `chart`.  For Kustomize `/`.
      path:
      # -- Optional, alternative existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
      existingSecret: ""
      # -- Optional, alternative Chart created secrets with user defined values
      credentials:
        # -- HTTP git credentials, both username and password must be provided
        username: ""
        password: ""
        # -- HTTPS certificate authority file.  Required for any repo with a self signed certificate
        caFile: ""
        # -- SSH git credentials, privateKey, publicKey, and knownHosts must be provided
        privateKey: ""
        publicKey: ""
        knownHosts: ""

    # -- Override flux settings for this package
    flux: {}

    # -- After deployment, patch package resources.  [More info](https://fluxcd.io/flux/components/helm/helmreleases/#post-renderers)
    postRenderers: []

    # -- Specify dependencies for the package. Only used for HelmRelease, does not effect Kustomization. See [here](https://fluxcd.io/flux/components/helm/helmreleases/#helmrelease-dependencies) for a reference.
    dependsOn: []

    # -- Package details for Istio.  See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings.
    istio: {}

    # -- Package details for monitoring.  See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings.
    monitor: {}

    # -- Package details for network policies.  See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings.
    network: {}

    # -- Secrets that should be created prior to package installation.  See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings.
    secrets: {}

    # -- ConfigMaps that should be created prior to package installation.  See [wrapper values](https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/values.yaml) for settings.
    configMaps: {}

    # -- Values to pass through to package Helm chart
    values: {}