values.yaml

# Settings for mimir-distributed chart
# -- See https://github.com/grafana/mimir/blob/main/operations/helm/charts/mimir-distributed/values.yaml for available values.
# @default -- Our overrides are defined in charts/values.yaml file.
mimir-distributed:
  image:
    repository: registry1.dso.mil/ironbank/opensource/grafana/mimir
    tag: 2.14.2
    pullSecrets:
    - private-registry

  global:
    extraVolumes:
    - name: mimir-storage
      emptyDir: {}
    extraVolumeMounts:
    - name: mimir-storage
      mountPath: /tmp/mimir
  
  mimir:
    serverHttpListenPort: 8080
    serverGrpcListenPort: 9095
    structuredConfig:           
      common:
        storage:
          backend: filesystem
          filesystem:
            dir: /tmp/mimir
      blocks_storage:
        storage_prefix: blocks
        backend: filesystem
        filesystem:
          dir: /tmp/mimir/blocks
      ruler_storage:
        storage_prefix: ruler
        filesystem:
          dir: /tmp/mimir/ruler
      alertmanager_storage:
        storage_prefix: alertmanager
        filesystem:
          dir: /tmp/mimir/alertmanager
      limits:
      # Minimum limits required for Big Bang
        max_label_names_per_series: 40
        max_global_series_per_user: 300000 # Optionally disable by setting to 0
        out_of_order_time_window: 10s 

  memcached:
    image: 
      repository: registry1.dso.mil/ironbank/opensource/memcached/memcached
      tag: 1.6.34
  
  # Placeholder when image available in IB
  memcachedExporter:
    enabled: false
  #   image: 
  #     repository: registry1.dso.mil/ironbank/opensource/ #TODO
  #     tag: 

  rollout_operator:
    image:
      repository: registry1.dso.mil/ironbank/opensource/grafana/rollout-operator 
      tag: v0.22.0
    imagePullSecrets:
    - name: private-registry

## Big Bang does not support enabling the Mimir MinIO dependency below 
## Instead of using the minio dependency below, if users want to deploy Big Bang-compliant MinIO, they should enable the minio-tenant parameter
# --omit
# The minio parameter is not relevant for the README
  minio:
    enabled: false # This should stay FALSE as Big Bang does not support this deployment of non-compliant MinIO, if users want to deploy Big Bang-compliant MinIO, they should enable the minio-tenant parameter
  
  grafanaAgent:
    enabled: false

# -- DEPRECATED: use the 'gateway' section instead. For a migration guide refer to
# https://grafana.com/docs/helm-charts/mimir-distributed/latest/migration-guides/migrate-to-unified-proxy-deployment/
  nginx: 
    enabled: false
    image:
      registry: registry1.dso.mil
      repository: ironbank/opensource/nginx/nginx
      tag: 1.27.3

  # Placeholder when image available in IB
  enterprise:
    enabled: false
  #   image: 
  #     repository: registry1.dso.mil/ironbank/opensource/ #TODO
  #     tag: 
  #     pullPolicy:
  
  gateway:
    enabled: true
    enabledNonEnterprise: true
    nginx:
      image:
        registry: registry1.dso.mil
        repository: ironbank/opensource/nginx/nginx
        tag: 1.27.3

# -- Configuration for the Big Bang MinIO tenant subchart. See repo https://repo1.dso.mil/big-bang/product/packages/minio for configuring values.yaml
minio-tenant:
  # -- Enable MinIO instance support, must have minio-operator installed
  enabled: false
  # Allow the address used by Mimir to refer to MinIO to be overridden
  address: "minio.mimir.svc.cluster.local"
  tenant:
    # -- MinIO root credentials
    configSecret:
      name: "mimir-objstore-creds"
      accessKey: "minio"
      secretKey: "minio123" # default key, change this!
    # -- Buckets to be provisioned to for tenant
    buckets:
      - name: mimir
    # -- Name of the Secret that will contain the defaultUserCredentials generated for Tenant User
    users:
      - name: mimir-user-credentials
    # -- User credentials to create as a secret for above user. Otherwise password is randomly generated.
    # This auth is not required to be set or reclaimed for minio use with mimir
    defaultUserCredentials:
      username: "mimir-user"
      password: "supersecret"
    ## Specification for MinIO Pool(s) in this Tenant.
    pools:
      - name: pool-0
        labels:
          app: minio
          app.kubernetes.io/name: minio
        servers: 1
        volumesPerServer: 4
        size: 750Mi
        securityContext:
          runAsUser: 1001
          runAsGroup: 1001
          fsGroup: 1001
        containerSecurityContext:
          capabilities:
            drop:
              - ALL

    metrics:
      enabled: false
      port: 9000
      memory: 128M
  waitJob:
    enabled: false

networkPolicies:
  # -- Toggle networkPolicies
  enabled: true
  # -- Control Plane CIDR, defaults to 0.0.0.0/0, use `kubectl get endpoints -n default kubernetes` to get the CIDR range needed for your cluster
  # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
  # Used by package NetworkPolicies to allow Kube API access
  controlPlaneCidr: 0.0.0.0/0
  additionalPolicies: []

  egress: {}
    
istio:
  # -- Toggle istio configuration
  enabled: false
  # -- Default peer authentication values
  hardened:
    enabled: false
    outboundTrafficPolicyMode: "REGISTRY_ONLY"
    customAuthorizationPolicies: []
      # - name: "allow-some-namespace"
      #   enabled: true
      #   spec:
      #     action: ALLOW
      #     rules:
      #     - from:
      #       - source:
      #         namespaces:
      #         - some
    customServiceEntries: []
      # - name: "allow-google"
      #   enabled: true
      #   spec:
      #     hosts:
      #       - google.com
      #     location: MESH_EXTERNAL
      #     ports:
      #       - number: 443
      #         protocol: TLS
      #         name: https
      #     resolution: DNS
    alloy:
      enabled: true
      namespaces:
        - monitoring
      principals:
        - cluster.local/ns/monitoring/sa/monitoring-alloy
    grafana:
      enabled: true
      namespaces:
        - monitoring
      principals:
        - cluster.local/ns/monitoring/sa/monitoring-grafana
    prometheus:
      enabled: true
      namespaces:
        - monitoring
      principals:
        - cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus
    minioOperator:
      enabled: true
      namespaces:
        - minio-operator
      principals:
        - cluster.local/ns/minio-operator/sa/minio-operator
    minio:
      enabled: true

  mtls:
    # -- STRICT = Allow only mutual TLS traffic,
    # PERMISSIVE = Allow both plain text and mutual TLS traffic
    mode: STRICT

bbtests:
  enabled: false
  cypress:
    enabled: true
    artifacts: true
    envs:
      cypress_grafana_url: 'http://monitoring-grafana.monitoring.svc.cluster.local'
    scripts:
      image: registry1.dso.mil/ironbank/big-bang/base:2.1.0
      envs:
        MIMIR_URL: 'http://mimir-mimir-distributor.mimir.svc:8080'