backstage values.yaml
📜
global.imageRegistry📜
Type: string
""
Description: Global Docker image registry
global.imagePullSecrets📜
Type: list
[]
Description: Global Docker registry secret names as an array E.g. imagePullSecrets: [myRegistryKeySecretName]
grafana.url📜
Type: string
"monitoring-grafana.monitoring.svc.cluster.local"
grafana.http📜
Type: string
"http"
grafana.externalUrl📜
Type: string
"https://example.com"
kubeVersion📜
Type: string
""
Description: Override Kubernetes version
nameOverride📜
Type: string
""
Description: String to partially override common.names.fullname
fullnameOverride📜
Type: string
""
Description: String to fully override common.names.fullname
clusterDomain📜
Type: string
"cluster.local"
Description: Default Kubernetes cluster domain
commonLabels📜
Type: object
{}
Description: Labels to add to all deployed objects
commonAnnotations📜
Type: object
{}
Description: Annotations to add to all deployed objects
extraDeploy📜
Type: list
[]
Description: Array of extra objects to deploy with the release
diagnosticMode📜
Type: object
args:
- infinity
command:
- sleep
enabled: false
Description: Enable diagnostic mode in the Deployment
diagnosticMode.enabled📜
Type: bool
false
Description: Enable diagnostic mode (all probes will be disabled and the command will be overridden)
diagnosticMode.command📜
Type: list
- sleep
Description: Command to override all containers in the Deployment
diagnosticMode.args📜
Type: list
- infinity
Description: Args to override all containers in the Deployment
ingress📜
Type: object
annotations: {}
className: ''
enabled: false
host: ''
path: /
tls:
enabled: false
secretName: ''
Description: Ingress parameters
ingress.enabled📜
Type: bool
false
Description: Enable the creation of the ingress resource
ingress.className📜
Type: string
""
Description: Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)
ingress.annotations📜
Type: object
{}
Description: Additional annotations for the Ingress resource
ingress.host📜
Type: string
""
Description: Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)
ingress.path📜
Type: string
"/"
Description: Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)
ingress.tls📜
Type: object
enabled: false
secretName: ''
Description: Ingress TLS parameters
ingress.tls.enabled📜
Type: bool
false
Description: Enable TLS configuration for the host defined at ingress.host
parameter
ingress.tls.secretName📜
Type: string
""
Description: The name to which the TLS Secret will be called
backstage.backstage.replicas📜
Type: int
1
Description: Number of deployment replicas
backstage.backstage.revisionHistoryLimit📜
Type: int
10
Description: Define the count of deployment revisions to be kept. May be set to 0 in case of GitOps deployment approach.
backstage.backstage.image.registry📜
Type: string
"registry1.dso.mil"
Description: Backstage image registry
backstage.backstage.image.repository📜
Type: string
"ironbank/big-bang/backstage"
Description: Backstage image repository
backstage.backstage.image.tag📜
Type: string
"1.0.4"
Description: Backstage image tag (immutable tags are recommended)
backstage.backstage.image.pullPolicy📜
Type: string
"Always"
Description: Specify a imagePullPolicy. Defaults to ‘Always’ if image tag is ‘latest’, else set to ‘IfNotPresent’ Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy
backstage.backstage.image.pullSecrets📜
Type: list
- private-registry
Description: Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ E.g: pullSecrets: [myRegistryKeySecretName]
backstage.backstage.containerPorts📜
Type: object
backend: 7007
Description: Container ports on the Deployment
backstage.backstage.command📜
Type: list
- node
- packages/backend
Description: Backstage container command
backstage.backstage.args📜
Type: list
- --config
- app-config.yaml
Description: Backstage container command arguments
backstage.backstage.extraAppConfig📜
Type: list
[]
Description: Extra app configuration files to inline into command arguments
backstage.backstage.extraContainers📜
Type: list
[]
Description: Deployment sidecars
backstage.backstage.extraEnvVarsCM📜
Type: list
[]
Description: Backstage container environment variables from existing ConfigMaps
backstage.backstage.extraVolumeMounts📜
Type: list
- mountPath: /app/catalog/
name: catalog-bigbang
Description: Backstage container additional volumes extraVolumes: [] # Dynamic catalog configuration: the following allows catalogs to be built for bigbang based on enabled bigbang addons and packages.
backstage.backstage.extraEnvVarsSecrets📜
Type: list
[]
Description: Backstage container environment variables from existing Secrets
backstage.backstage.initContainers📜
Type: list
[]
Description: Backstage container init containers
backstage.backstage.installDir📜
Type: string
"/app"
Description: Directory containing the backstage installation
backstage.backstage.resources📜
Type: object
limits:
cpu: 4000m
memory: 8000Mi
requests:
cpu: 2000m
memory: 4000Mi
Description: Resource requests/limits Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container
backstage.backstage.readinessProbe📜
Type: object
{}
Description: Readiness Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 2 timeoutSeconds: 2
backstage.backstage.livenessProbe📜
Type: object
{}
Description: Liveness Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2
backstage.backstage.startupProbe📜
Type: object
{}
Description: Startup Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. startupProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2
backstage.backstage.podSecurityContext📜
Type: object
fsGroup: 473
runAsGroup: 473
runAsNonRoot: true
runAsUser: 473
seccompProfile:
type: RuntimeDefault
Description: Security settings for a Pod. The security settings that you specify for a Pod apply to all Containers in the Pod. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod
backstage.backstage.containerSecurityContext📜
Type: object
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
postgresql.auth.secretKeys.replicationPasswordKey📜
Type: string
"replication-password"
Description: Security settings for a Container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
backstage.backstage.appConfig📜
Type: object
app:
baseUrl: http://localhost:7007
auth:
environment: development
providers:
guest:
dangerouslyAllowOutsideDevelopment: true
backend:
baseUrl: http://localhost:7007
catalog:
locations:
- target: ./catalog/*.yaml
type: file
- target: ./template/*.yaml
type: file
rules:
- allow:
- Component
- API
- System
- Location
- Template
- User
- Group
grafana:
domain: ${GRAFANA_DOMAIN}
unifiedAlerting: false
kubernetes:
clusterLocatorMethods:
- clusters:
- authProvider: serviceAccount
name: bigbang-dev
skipMetricsLookup: true
skipTLSVerify: false
url: http://127.0.0.1:9999
type: config
customResources:
- apiVersion: v1
group: networking.istio.io
plural: virtualservices
- apiVersion: v1
group: networking.k8s.io
plural: networkpolicies
- apiVersion: v1
group: security.istio.io
plural: authorizationpolicies
- apiVersion: v1
group: security.istio.io
plural: peerauthentications
- apiVersion: v1
group: source.toolkit.fluxcd.io
plural: helmcharts
- apiVersion: v2
group: helm.toolkit.fluxcd.io
plural: helmreleases
- apiVersion: v1
group: source.toolkit.fluxcd.io
plural: gitrepositories
- apiVersion: v1alpha2
group: wgpolicyk8s.io
plural: clusterpolicyreports
- apiVersion: v1alpha2
group: wgpolicyk8s.io
plural: policyreports
- apiVersion: v1
group: kyverno.io
plural: clusterpolicies
frontend:
podDelete:
enabled: false
serviceLocatorMethod:
type: multiTenant
organization:
name: My Company
proxy:
/grafana/api:
headers:
Authorization: Bearer ${GRAFANA_TOKEN}
target: ${GRAFANA_HTTP}://${GRAFANA_URL}
postgresql.architecture📜
Type: string
"standalone"
Description: Generates ConfigMap and configures it in the Backstage pods
backstage.backstage.affinity📜
Type: object
{}
serviceAccount.create📜
Type: bool
false
Description: Affinity for pod assignment Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity
backstage.backstage.nodeSelector📜
Type: object
{}
serviceAccount.name📜
Type: string
""
Description: Node labels for pod assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector
backstage.backstage.tolerations📜
Type: list
[]
serviceAccount.labels📜
Type: object
{}
Description: Node tolerations for server scheduling to nodes with taints Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/
backstage.backstage.podAnnotations📜
Type: object
{}
serviceAccount.annotations📜
Type: object
{}
Description: Annotations to add to the backend deployment pods
backstage.backstage.podLabels📜
Type: object
{}
serviceAccount.automountServiceAccountToken📜
Type: bool
true
Description: Labels to add to the backend deployment pods
backstage.backstage.annotations📜
Type: object
{}
metrics📜
Type: object
serviceMonitor:
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Additional custom annotations for the Deployment
resource
service.type📜
Type: string
"ClusterIP"
metrics.serviceMonitor📜
Type: object
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Kubernetes Service type
service.ports📜
Type: object
backend: 7007
name: http-backend
targetPort: backend
metrics.serviceMonitor.enabled📜
Type: bool
false
Description: Backstage svc port for client connections
service.ports.name📜
Type: string
"http-backend"
metrics.serviceMonitor.annotations📜
Type: object
{}
Description: Backstage svc port name
service.ports.targetPort📜
Type: string
"backend"
metrics.serviceMonitor.labels📜
Type: object
{}
Description: Backstage svc target port referencing receiving pod container port
service.nodePorts📜
Type: object
backend: ''
metrics.serviceMonitor.interval📜
Type: string
nil
Description: Node port for the Backstage client connections Choose port between 30000-32767
service.sessionAffinity📜
Type: string
"None"
metrics.serviceMonitor.path📜
Type: string
"/metrics"
Description: Control where client requests go, to the same pod or round-robin (values: ClientIP
or None
) Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness
service.clusterIP📜
Type: string
""
domain📜
Type: string
"dev.bigbang.mil"
Description: Backstage service Cluster IP E.g clusterIP: None
service.loadBalancerIP📜
Type: string
""
networkPolicies.enabled📜
Type: bool
false
Description: Backstage service Load Balancer IP Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer
service.loadBalancerSourceRanges📜
Type: list
[]
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
Description: Load Balancer sources Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer E.g loadBalancerSourceRanges: [10.10.10.0/24]
service.externalTrafficPolicy📜
Type: string
"Cluster"
networkPolicies.additionalPolicies📜
Type: list
[]
Description: Backstage service external traffic policy Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip
service.annotations📜
Type: object
{}
{ .type-object }
{}
Description: Additional custom annotations for Backstage service
service.extraPorts📜
Type: list
[]
{ .type-string }
"istio-ingressgateway"
Description: Extra ports to expose in the Backstage service (normally used with the sidecar
value)
networkPolicy.enabled📜
Type: bool
false
Description: Specifies whether a NetworkPolicy should be created
networkPolicy.ingressRules.namespaceSelector📜
Type: object
{}
Description: Istio configuration
bbtests.enabled📜
Type: bool
false
Description: Namespace selector label allowed to access the Backstage instance
networkPolicy.ingressRules.podSelector📜
Type: object
{}
bbtests.cypress.artifacts📜
Type: bool
true
Description: Pod selector label allowed to access the Backstage instance
networkPolicy.ingressRules.customRules📜
Type: list
[]
{ .type-string }
"http://backstage:7007"
Description: Additional custom ingress rules
networkPolicy.egressRules.denyConnectionsToExternal📜
Type: bool
false
Description: Deny external connections. Should not be enabled when working with an external database.
networkPolicy.egressRules.customRules📜
Type: list
[]
bbtests.cypress.resources.requests.memory📜
Type: string
"4Gi"
Description: Additional custom egress rules
postgresql.enabled📜
Type: bool
false
{ .type-int }
4
Description: Switch to enable or disable the PostgreSQL integration
postgresql.auth📜
Type: object
existingSecret: ''
password: ''
secretKeys:
adminPasswordKey: admin-password
replicationPasswordKey: replication-password
userPasswordKey: user-password
username: bn_backstage
Description: The authentication details of the Postgres database
postgresql.auth.username📜
Type: string
"bn_backstage"
Description: Name for a custom user to create
postgresql.auth.password📜
Type: string
""
Description: Password for the custom user to create
postgresql.auth.existingSecret📜
Type: string
""
Description: Name of existing secret to use for PostgreSQL credentials
postgresql.auth.secretKeys📜
Type: object
adminPasswordKey: admin-password
replicationPasswordKey: replication-password
userPasswordKey: user-password
Description: The secret keys Postgres will look for to retrieve the relevant password
postgresql.auth.secretKeys.adminPasswordKey📜
Type: string
"admin-password"
Description: The key in which Postgres will look for, for the admin password, in the existing Secret
postgresql.auth.secretKeys.userPasswordKey📜
Type: string
"user-password"
Description: The key in which Postgres will look for, for the user password, in the existing Secret
postgresql.auth.secretKeys.replicationPasswordKey📜
Type: string
"replication-password"
Description: The key in which Postgres will look for, for the replication password, in the existing Secret
postgresql.architecture📜
Type: string
"standalone"
Description: PostgreSQL architecture (standalone
or replication
)
serviceAccount.create📜
Type: bool
false
Description: Enable the creation of a ServiceAccount for Backstage pods
serviceAccount.name📜
Type: string
""
Description: Name of the ServiceAccount to use If not set and serviceAccount.create
is true, a name is generated
serviceAccount.labels📜
Type: object
{}
Description: Additional custom labels to the service ServiceAccount.
serviceAccount.annotations📜
Type: object
{}
Description: Additional custom annotations for the ServiceAccount.
serviceAccount.automountServiceAccountToken📜
Type: bool
true
Description: Auto-mount the service account token in the pod
metrics📜
Type: object
serviceMonitor:
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: Metrics configuration
metrics.serviceMonitor📜
Type: object
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics
Description: ServiceMonitor configuration Allows configuring your backstage instance as a scrape target for Prometheus using a ServiceMonitor custom resource that Prometheus Operator can understand.
metrics.serviceMonitor.enabled📜
Type: bool
false
Description: If enabled, a ServiceMonitor resource for Prometheus Operator is created Prometheus Operator must be installed in your cluster prior to enabling.
metrics.serviceMonitor.annotations📜
Type: object
{}
Description: ServiceMonitor annotations
metrics.serviceMonitor.labels📜
Type: object
{}
Description: Additional ServiceMonitor labels
metrics.serviceMonitor.interval📜
Type: string
nil
Description: ServiceMonitor scrape interval
metrics.serviceMonitor.path📜
Type: string
"/metrics"
Description: ServiceMonitor endpoint path Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the Prometheus metrics tutorial.
domain📜
Type: string
"dev.bigbang.mil"
Description: Base domain to use.
networkPolicies.enabled📜
Type: bool
false
Description: Toggle networkPolicies
networkPolicies.controlPlaneCidr📜
Type: string
"0.0.0.0/0"
Description: Control Plane CIDR, defaults to 0.0.0.0/0, use kubectl get endpoints -n default kubernetes
to get the CIDR range needed for your cluster Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) Used by package NetworkPolicies to allow Kube API access
networkPolicies.additionalPolicies📜
Type: list
[]
networkPolicies.egress📜
Type: object
{}
Description: NetworkPolicy selectors and ports for egress to downstream telemetry ingestion services. These should be uncommented and overridden if any of these values deviate from the Big Bang defaults.
networkPolicies.ingressLabels.app📜
Type: string
"istio-ingressgateway"
networkPolicies.ingressLabels.istio📜
Type: string
"ingressgateway"
istio📜
Type: object
backstage:
gateways:
- istio-system/public
hosts:
- backstage.{{ .Values.domain }}
enabled: false
hardened:
customAuthorizationPolicies: []
customServiceEntries: []
enabled: false
outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
mode: STRICT
namespace: istio-system
Description: Istio configuration
bbtests.enabled📜
Type: bool
false
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_url📜
Type: string
"http://backstage:7007"
bbtests.cypress.envs.cypress_timeout📜
Type: string
"120000"
bbtests.cypress.resources.requests.cpu📜
Type: int
4
bbtests.cypress.resources.requests.memory📜
Type: string
"4Gi"
bbtests.cypress.resources.limits.cpu📜
Type: int
4
bbtests.cypress.resources.limits.memory📜
Type: string
"8Gi"