hostname: bigbang.dev
# Toggle sourcing from external repos
# TODO: All this does right now is toggle GitRepositories, it is _not_ fully functional
offline: false
# Regisitires can be an explicit map of registries as provided here
registryCredentials:
registry: registry1.dso.mil
username: ""
password: ""
email: ""
# Or a list of registires:
#registryCredentials:
# - registry: registry1.dso.mil
# username: ""
# password: ""
# email: ""
# - registry: registry.dso.mil
# username: ""
# password: ""
# email: ""
# Global git values
# Order of precedence is:
# 1. existingSecret
# 2. http credentials (username/password)
# 3. ssh credentials (privateKey/publicKey/knownHosts)
git:
# Existing secret to use for git credentials, must be in the appropriate format: https://toolkit.fluxcd.io/components/source/gitrepositories/#https-authentication
existingSecret: ""
# Chart created secrets with user defined values
credentials:
# HTTP git credentials, both username and password must be provided
username: ""
password: ""
# SSH git credentials, privateKey, publicKey, and knownHosts must be provided
privateKey: ""
publicKey: ""
knownHosts: ""
# Gloabl SSO parameters
sso:
oidc:
host: login.dso.mil
realm: baby-yoda
certificate_authority: ''
jwks: ""
client_id: ""
client_secret: ""
# Flux reconciliation parameters
flux:
interval: 2m
install:
retries: 3
upgrade:
retries: 3
rollback:
timeout: 10m
cleanupOnFail: true
# ----------------------------------------------------------------------------------------------------------------------
# Istio
#
istio:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
path: "./chart"
tag: "1.7.3-bb.7"
ingress:
key: ""
cert: ""
sso:
enabled: false
kiali:
client_id: kiali
client_secret: "change_me"
jaeger:
client_id: jaeger
client_secret: "change_me"
values: {}
istiooperator:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
path: "./chart"
tag: "1.7.0-bb.1"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Cluster Auditor
#
clusterAuditor:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git
path: "./chart"
tag: "0.1.8-bb.1"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# OPA Gatekeeper
#
gatekeeper:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git
path: "./chart"
tag: "3.1.2-bb.3"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Logging
#
logging:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
path: "./chart"
tag: "0.1.4-bb.3"
values: {}
eckoperator:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
path: "./chart"
tag: "1.3.0-bb.3"
values: {}
fluentbit:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git
path: "./chart"
tag: "0.7.5-bb.0"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Monitoring
#
monitoring:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git
path: "./chart"
tag: "11.0.0-bb.13"
sso:
enabled: false
prometheus:
client_id: prometheus
client_secret: "change_me"
alertmanager:
client_id: alertmanager
client_secret: "change_me"
grafana:
client_id: grafana
client_secret: "change_me"
scopes: ""
allow_sign_up: "true"
role_attribute_path: "Viewer"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
# Twistlock
#
twistlock:
enabled: true
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
path: "./chart"
tag: "0.0.2-bb.1"
values: {}
# ----------------------------------------------------------------------------------------------------------------------
# Minio Operator and Instance
#
minio:
enabled: true
miniooperator:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git
path: "./chart"
tag: "2.0.9-bb.1"
values: {}
minioinstance:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
tag: "2.0.9-bb.1"
values: {}
#
# ----------------------------------------------------------------------------------------------------------------------
#
addons:
argocd:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
path: "./chart"
tag: "2.9.5-bb.4"
sso:
enabled: false
client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
provider_name: "" # login as name example: P1 SSO
client_secret: "" # for dev this can be set to anything
groups: |
g, Impact Level 2 Authorized, role:admin
values: {}
authservice:
# if enabling authservice, a filter needs to be provided by either enabling
# sso for monitoring or istio, or manually adding a filter chain in the values here:
# values:
# chain:
# minimal:
# callback_uri: "https://somecallback"
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git
path: "./chart"
tag: "0.1.6-bb.3"
# Dont put chain configuraitons in this section
values: {}
# Put additional chain configuration in this section
chains: {}
gitlab:
enabled: false
hostnames:
gitlab: gitlab.bigbang.dev
registry: registry.bigbang.dev
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
tag: "4.8.0-bb.0"
sso:
# enabling this option will auto-create any required secrets.
# The defaults assume an OIDC provider.
enabled: false
label: "" # the text next to the login button
client_id: ""
client_secret: ""
database:
# entering connection info will enable external database and will auto-create any required secrets.
# Gitlab will not provison the database when using an external service
host: "" # example: postgres.bigbang.dev
port: "" # example: 5432
username: "" # example: gitlab
database: "" # example: gitlab
password: "" # unencoded string data. This should be placed in the secret values and then encrypted
objectstorage:
# entering connection info will enable this option and will auto-create any required secrets
# Gitlab will not provision the S3 buckets when using an external service
type: "" # supported types are "s3" or "minio"
endpoint: "" # examples: "https://s3.amazonaws.com" "https://s3.us-gov-west-1.amazonaws.com" "http://minio.minio.svc.cluster.local:9000"
region: "" # example: us-gov-west-1
accessKey: "" # unencoded string data
accessSecret: "" # unencoded string data. This should be placed in the secret values and then encrypted
bucketPrefix: "" # optional. example: "prod"
values: {}
gitlabRunner:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
tag: "0.19.2-bb.2"
values: {}
sonarqube:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
tag: "9.2.6-bb.2"
sso:
enabled: false
client_id: "" # sso clientID example: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
label: "" # login as name example: P1 SSO
certificate: "" # SAML sso certificate example: MITCAYCBFyIEUjNBkqhkiG9w0BA....
login: login # login sso attribute example: login
name: name # name sso attribute example: name
email: email # email sso attribute example: email
group: group # (optional) group sso attribute example: group
database:
host: "" # postgres location example: postgres.bigbang.dev
port: 5432 # 5432
database: "" # database name example: sonarDB
username: "" # postgres user example: sonarUser
password: "" # unencoded stringData. This should be put in the secret values
values: {}
haproxy:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/haproxy
path: "./chart"
tag: 1.1.2-bb.0
values: {}
anchore:
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
tag: "1.9.5-bb.2"
adminPassword: "" # Required, set the Admin password
enterprise:
enabled: false
licenseYaml: |
FULL LICENSE
sso:
enabled: false
client_id: ""
role_attribute: ""
database:
# Entering connection info will enable external database and will auto-create any required secrets.
# Anchore will not provison the database when using an external service
host: ""
port: ""
username: ""
password: ""
database: ""
feeds_database: "" # Only needed for enterprise
redis:
# Entering connection info will enable external redis and will auto-create any required secrets.
# Anchore only requires redis for enterprise deployments and will not provision an instance if using external
host: ""
port: ""
password: ""
values: {}