backstage values.yaml
π
global.imageRegistryπ
Type: string
""
Description: Global Docker image registry
global.imagePullSecretsπ
Type: list
[]
Description: Global Docker registry secret names as an array E.g. imagePullSecrets: [myRegistryKeySecretName]
grafana.urlπ
Type: string
"monitoring-grafana.monitoring.svc.cluster.local"
grafana.httpπ
Type: string
"http"
grafana.externalUrlπ
Type: string
"https://example.com"
kubeVersionπ
Type: string
""
Description: Override Kubernetes version
nameOverrideπ
Type: string
""
Description: String to partially override common.names.fullname
fullnameOverrideπ
Type: string
""
Description: String to fully override common.names.fullname
clusterDomainπ
Type: string
"cluster.local"
Description: Default Kubernetes cluster domain
commonLabelsπ
Type: object
{}
Description: Labels to add to all deployed objects
commonAnnotationsπ
Type: object
{}
Description: Annotations to add to all deployed objects
extraDeployπ
Type: list
[]
Description: Array of extra objects to deploy with the release
diagnosticModeπ
Type: object
args:
- infinity
command:
- sleep
enabled: false
Description: Enable diagnostic mode in the Deployment
diagnosticMode.enabledπ
Type: bool
false
Description: Enable diagnostic mode (all probes will be disabled and the command will be overridden)
diagnosticMode.commandπ
Type: list
- sleep
Description: Command to override all containers in the Deployment
diagnosticMode.argsπ
Type: list
- infinity
Description: Args to override all containers in the Deployment
ingressπ
Type: object
annotations: {}
className: ''
enabled: false
host: ''
path: /
tls:
enabled: false
secretName: ''
Description: Ingress parameters
ingress.enabledπ
Type: bool
false
Description: Enable the creation of the ingress resource
ingress.classNameπ
Type: string
""
Description: Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
ingress.annotationsπ
Type: object
{}
Description: Additional annotations for the Ingress resource
ingress.hostπ
Type: string
""
Description: Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
ingress.pathπ
Type: string
"/"
Description: Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)
ingress.tlsπ
Type: object
enabled: false
secretName: ''
Description: Ingress TLS parameters
ingress.tls.enabledπ
Type: bool
false
Description: Enable TLS configuration for the host defined at ingress.host
parameter
ingress.tls.secretNameπ
Type: string
""
Description: The name to which the TLS Secret will be called
backstage.backstage.replicasπ
Type: int
1
Description: Number of deployment replicas
backstage.backstage.revisionHistoryLimitπ
Type: int
10
Description: Define the count of deployment revisions to be kept. May be set to 0 in case of GitOps deployment approach.
backstage.backstage.image.registryπ
Type: string
"registry1.dso.mil"
Description: Backstage image registry
backstage.backstage.image.repositoryπ
Type: string
"ironbank/big-bang/backstage"
Description: Backstage image repository
backstage.backstage.image.tagπ
Type: string
"1.0.7"
Description: Backstage image tag (immutable tags are recommended)
backstage.backstage.image.pullPolicyπ
Type: string
"Always"
Description: Specify a imagePullPolicy. Defaults to βAlwaysβ if image tag is βlatestβ, else set to βIfNotPresentβ Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
backstage.backstage.image.pullSecretsπ
Type: list
- private-registry
Description: Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ E.g: pullSecrets: [myRegistryKeySecretName]
backstage.backstage.containerPortsπ
Type: object
backend: 7007
Description: Container ports on the Deployment
backstage.backstage.commandπ
Type: list
- node
- packages/backend
Description: Backstage container command
backstage.backstage.argsπ
Type: list
- --config
- app-config.yaml
Description: Backstage container command arguments
backstage.backstage.extraAppConfigπ
Type: list
[]
Description: Extra app configuration files to inline into command arguments
backstage.backstage.extraContainersπ
Type: list
[]
Description: Deployment sidecars
backstage.backstage.extraEnvVarsCMπ
Type: list
[]
Description: Backstage container environment variables from existing ConfigMaps
backstage.backstage.extraVolumeMountsπ
Type: list
- mountPath: /app/catalog/
name: catalog-bigbang
Description: Backstage container additional volumes extraVolumes: [] # Dynamic catalog configuration: the following allows catalogs to be built for bigbang based on enabled bigbang addons and packages.
backstage.backstage.extraEnvVarsSecretsπ
Type: list
[]
Description: Backstage container environment variables from existing Secrets
backstage.backstage.initContainersπ
Type: list
[]
Description: Backstage container init containers
backstage.backstage.installDirπ
Type: string
"/app"
Description: Directory containing the backstage installation
backstage.backstage.resourcesπ
Type: object
limits:
cpu: 4000m
memory: 8000Mi
requests:
cpu: 2000m
memory: 4000Mi
Description: Resource requests/limits Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
backstage.backstage.readinessProbeπ
Type: object
{}
Description: Readiness Probe Backstage doesnβt provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!β E.g. readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 2 timeoutSeconds: 2
backstage.backstage.livenessProbeπ
Type: object
{}
Description: Liveness Probe Backstage doesnβt provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!β E.g. livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2
backstage.backstage.startupProbeπ
Type: object
{}
Description: Startup Probe Backstage doesnβt provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!β E.g. startupProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2
backstage.backstage.podSecurityContextπ
Type: object
fsGroup: 473
runAsGroup: 473
runAsNonRoot: true
runAsUser: 473
seccompProfile:
type: RuntimeDefault
Description: Security settings for a Pod. The security settings that you specify for a Pod apply to all Containers in the Pod. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
backstage.backstage.containerSecurityContextπ
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
postgresql.auth.secretKeys.replicationPasswordKeyπ
Type: string
"replication-password"
Description: Security settings for a Container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
backstage.backstage.appConfigπ
Type: object
app:
baseUrl: http://localhost:7007
auth:
environment: development
providers:
guest:
dangerouslyAllowOutsideDevelopment: true
backend:
baseUrl: http://localhost:7007
catalog:
locations:
- target: ./catalog/*.yaml
type: file
- target: ./template/*.yaml
type: file
rules:
- allow:
- Component
- API
- System
- Location
- Template
- User
- Group
grafana:
domain: ${GRAFANA_DOMAIN}
unifiedAlerting: false
kubernetes:
clusterLocatorMethods:
- clusters:
- authProvider: serviceAccount
name: bigbang-dev
skipMetricsLookup: true
skipTLSVerify: false
url: http://127.0.0.1:9999
type: config
customResources:
- apiVersion: v1
group: networking.istio.io
plural: virtualservices
- apiVersion: v1
group: networking.k8s.io
plural: networkpolicies
- apiVersion: v1
group: security.istio.io
plural: authorizationpolicies
- apiVersion: v1
group: security.istio.io
plural: peerauthentications
- apiVersion: v1
group: source.toolkit.fluxcd.io
plural: helmcharts
- apiVersion: v2
group: helm.toolkit.fluxcd.io
plural: helmreleases
- apiVersion: v1
group: source.toolkit.fluxcd.io
plural: gitrepositories
- apiVersion: v1alpha2
group: wgpolicyk8s.io
plural: clusterpolicyreports
- apiVersion: v1alpha2
group: wgpolicyk8s.io
plural: policyreports
- apiVersion: v1
group: kyverno.io
plural: clusterpolicies
frontend:
podDelete:
enabled: false
serviceLocatorMethod:
type: multiTenant
organization:
name: My Company
proxy:
/grafana/api:
headers:
Authorization: Bearer ${GRAFANA_TOKEN}
target: ${GRAFANA_HTTP}://${GRAFANA_URL}
postgresql.architectureπ
Type: string
"standalone"
Description: Generates ConfigMap and configures it in the Backstage pods
backstage.backstage.affinityπ
Type: object
{}
serviceAccount.createπ
Type: bool
false
Description: Affinity for pod assignment Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
backstage.backstage.nodeSelectorπ
Type: object
{}
serviceAccount.nameπ
Type: string
""
Description: Node labels for pod assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
backstage.backstage.tolerationsπ
Type: list
[]
serviceAccount.labelsπ
Type: object
{}
Description: Node tolerations for server scheduling to nodes with taints Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
backstage.backstage.podAnnotationsπ
Type: object
{}
serviceAccount.annotationsπ
Type: object
{}
Description: Annotations to add to the backend deployment pods
backstage.backstage.podLabelsπ
Type: object
{}
serviceAccount.automountServiceAccountTokenπ
Type: bool
true
Description: Labels to add to the backend deployment pods
backstage.backstage.annotationsπ
Type: object
{}
metricsπ
Type: object
serviceMonitor:
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Additional custom annotations for the Deployment
resource
service.typeπ
Type: string
"ClusterIP"
metrics.serviceMonitorπ
Type: object
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Kubernetes Service type
service.portsπ
Type: object
backend: 7007
name: http-backend
targetPort: backend
metrics.serviceMonitor.enabledπ
Type: bool
false
Description: Backstage svc port for client connections
service.ports.nameπ
Type: string
"http-backend"
metrics.serviceMonitor.annotationsπ
Type: object
{}
Description: Backstage svc port name
service.ports.targetPortπ
Type: string
"backend"
metrics.serviceMonitor.labelsπ
Type: object
{}
Description: Backstage svc target port referencing receiving pod container port
service.nodePortsπ
Type: object
backend: ''
metrics.serviceMonitor.intervalπ
Type: string
nil
Description: Node port for the Backstage client connections Choose port between 30000-32767
service.sessionAffinityπ
Type: string
"None"
metrics.serviceMonitor.pathπ
Type: string
"/metrics"
Description: Control where client requests go, to the same pod or round-robin (values: ClientIP
or None
) Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness
service.clusterIPπ
Type: string
""
domainπ
Type: string
"dev.bigbang.mil"
Description: Backstage service Cluster IP E.g clusterIP: None
service.loadBalancerIPπ
Type: string
""
networkPolicies.enabledπ
Type: bool
false
Description: Backstage service Load Balancer IP Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
service.loadBalancerSourceRangesπ
Type: list
[]
networkPolicies.controlPlaneCidrπ
Type: string
"0.0.0.0/0"
Description: Load Balancer sources Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer E.g loadBalancerSourceRanges: [10.10.10.0/24]
service.externalTrafficPolicyπ
Type: string
"Cluster"
networkPolicies.additionalPoliciesπ
Type: list
[]
Description: Backstage service external traffic policy Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
service.annotationsπ
Type: object
{}
{ .type-object }
{}
Description: Additional custom annotations for Backstage service
service.extraPortsπ
Type: list
[]
{ .type-string }
"istio-ingressgateway"
Description: Extra ports to expose in the Backstage service (normally used with the sidecar
value)
networkPolicy.enabledπ
Type: bool
false
Description: Specifies whether a NetworkPolicy should be created
networkPolicy.ingressRules.namespaceSelectorπ
Type: object
{}
Description: Istio configuration
bbtests.enabledπ
Type: bool
false
Description: Namespace selector label allowed to access the Backstage instance
networkPolicy.ingressRules.podSelectorπ
Type: object
{}
bbtests.cypress.artifactsπ
Type: bool
true
Description: Pod selector label allowed to access the Backstage instance
networkPolicy.ingressRules.customRulesπ
Type: list
[]
{ .type-string }
"http://backstage:7007"
Description: Additional custom ingress rules
networkPolicy.egressRules.denyConnectionsToExternalπ
Type: bool
false
Description: Deny external connections. Should not be enabled when working with an external database.
networkPolicy.egressRules.customRulesπ
Type: list
[]
bbtests.cypress.resources.requests.memoryπ
Type: string
"4Gi"
Description: Additional custom egress rules
postgresql.enabledπ
Type: bool
false
{ .type-int }
4
Description: Switch to enable or disable the PostgreSQL integration
postgresql.authπ
Type: object
existingSecret: ''
password: ''
secretKeys:
adminPasswordKey: admin-password
replicationPasswordKey: replication-password
userPasswordKey: user-password
username: bn_backstage
Description: The authentication details of the Postgres database
postgresql.auth.usernameπ
Type: string
"bn_backstage"
Description: Name for a custom user to create
postgresql.auth.passwordπ
Type: string
""
Description: Password for the custom user to create
postgresql.auth.existingSecretπ
Type: string
""
Description: Name of existing secret to use for PostgreSQL credentials
postgresql.auth.secretKeysπ
Type: object
adminPasswordKey: admin-password
replicationPasswordKey: replication-password
userPasswordKey: user-password
Description: The secret keys Postgres will look for to retrieve the relevant password
postgresql.auth.secretKeys.adminPasswordKeyπ
Type: string
"admin-password"
Description: The key in which Postgres will look for, for the admin password, in the existing Secret
postgresql.auth.secretKeys.userPasswordKeyπ
Type: string
"user-password"
Description: The key in which Postgres will look for, for the user password, in the existing Secret
postgresql.auth.secretKeys.replicationPasswordKeyπ
Type: string
"replication-password"
Description: The key in which Postgres will look for, for the replication password, in the existing Secret
postgresql.architectureπ
Type: string
"standalone"
Description: PostgreSQL architecture (standalone
or replication
)
serviceAccount.createπ
Type: bool
false
Description: Enable the creation of a ServiceAccount for Backstage pods
serviceAccount.nameπ
Type: string
""
Description: Name of the ServiceAccount to use If not set and serviceAccount.create
is true, a name is generated
serviceAccount.labelsπ
Type: object
{}
Description: Additional custom labels to the service ServiceAccount.
serviceAccount.annotationsπ
Type: object
{}
Description: Additional custom annotations for the ServiceAccount.
serviceAccount.automountServiceAccountTokenπ
Type: bool
true
Description: Auto-mount the service account token in the pod
metricsπ
Type: object
serviceMonitor:
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Metrics configuration
metrics.serviceMonitorπ
Type: object
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: ServiceMonitor configuration Allows configuring your backstage instance as a scrape target for Prometheus using a ServiceMonitor custom resource that Prometheus Operator can understand.
metrics.serviceMonitor.enabledπ
Type: bool
false
Description: If enabled, a ServiceMonitor resource for Prometheus Operator is created Prometheus Operator must be installed in your cluster prior to enabling.
metrics.serviceMonitor.annotationsπ
Type: object
{}
Description: ServiceMonitor annotations
metrics.serviceMonitor.labelsπ
Type: object
{}
Description: Additional ServiceMonitor labels
metrics.serviceMonitor.intervalπ
Type: string
nil
Description: ServiceMonitor scrape interval
metrics.serviceMonitor.pathπ
Type: string
"/metrics"
Description: ServiceMonitor endpoint path Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the Prometheus metrics tutorial.
domainπ
Type: string
"dev.bigbang.mil"
Description: Base domain to use.
networkPolicies.enabledπ
Type: bool
false
Description: Toggle networkPolicies
networkPolicies.controlPlaneCidrπ
Type: string
"0.0.0.0/0"
Description: Control Plane CIDR, defaults to 0.0.0.0/0, use kubectl get endpoints -n default kubernetes
to get the CIDR range needed for your cluster Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) Used by package NetworkPolicies to allow Kube API access
networkPolicies.additionalPoliciesπ
Type: list
[]
networkPolicies.egressπ
Type: object
{}
Description: NetworkPolicy selectors and ports for egress to downstream telemetry ingestion services. These should be uncommented and overridden if any of these values deviate from the Big Bang defaults.
networkPolicies.ingressLabels.appπ
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istioπ
Type: string
"ingressgateway"
istioπ
Type: object
backstage:
gateways:
- istio-system/public
hosts:
- backstage.{{ .Values.domain }}
enabled: false
hardened:
customAuthorizationPolicies: []
customServiceEntries: []
enabled: false
outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
mode: STRICT
namespace: istio-system
Description: Istio configuration
bbtests.enabledπ
Type: bool
false
bbtests.cypress.artifactsπ
Type: bool
true
bbtests.cypress.envs.cypress_urlπ
Type: string
"http://backstage:7007"
bbtests.cypress.envs.cypress_timeoutπ
Type: string
"120000"
bbtests.cypress.resources.requests.cpuπ
Type: int
4
bbtests.cypress.resources.requests.memoryπ
Type: string
"4Gi"
bbtests.cypress.resources.limits.cpuπ
Type: int
4
bbtests.cypress.resources.limits.memoryπ
Type: string
"8Gi"