Skip to content

backstage values.yaml📜

global.imageRegistry📜

Type: string

Default value
""

Description: Global Docker image registry

global.imagePullSecrets📜

Type: list

Default value
[]

Description: Global Docker registry secret names as an array E.g. imagePullSecrets: [myRegistryKeySecretName]

grafana.url📜

Type: string

Default value
"monitoring-grafana.monitoring.svc.cluster.local"

grafana.http📜

Type: string

Default value
"http"

grafana.externalUrl📜

Type: string

Default value
"https://example.com"

kubeVersion📜

Type: string

Default value
""

Description: Override Kubernetes version

nameOverride📜

Type: string

Default value
""

Description: String to partially override common.names.fullname

fullnameOverride📜

Type: string

Default value
""

Description: String to fully override common.names.fullname

clusterDomain📜

Type: string

Default value
"cluster.local"

Description: Default Kubernetes cluster domain

commonLabels📜

Type: object

Default value
{}

Description: Labels to add to all deployed objects

commonAnnotations📜

Type: object

Default value
{}

Description: Annotations to add to all deployed objects

extraDeploy📜

Type: list

Default value
[]

Description: Array of extra objects to deploy with the release

diagnosticMode📜

Type: object

Default value
args:
- infinity
command:
- sleep
enabled: false

Description: Enable diagnostic mode in the Deployment

diagnosticMode.enabled📜

Type: bool

Default value
false

Description: Enable diagnostic mode (all probes will be disabled and the command will be overridden)

diagnosticMode.command📜

Type: list

Default value
- sleep

Description: Command to override all containers in the Deployment

diagnosticMode.args📜

Type: list

Default value
- infinity

Description: Args to override all containers in the Deployment

ingress📜

Type: object

Default value
annotations: {}
className: ''
enabled: false
host: ''
path: /
tls:
  enabled: false
  secretName: ''

Description: Ingress parameters

ingress.enabled📜

Type: bool

Default value
false

Description: Enable the creation of the ingress resource

ingress.className📜

Type: string

Default value
""

Description: Name of the IngressClass cluster resource which defines which controller will implement the resource (e.g nginx)

ingress.annotations📜

Type: object

Default value
{}

Description: Additional annotations for the Ingress resource

ingress.host📜

Type: string

Default value
""

Description: Hostname to be used to expose the route to access the backstage application (e.g: backstage.IP.nip.io)

ingress.path📜

Type: string

Default value
"/"

Description: Path to be used to expose the full route to access the backstage application (e.g: IP.nip.io/backstage)

ingress.tls📜

Type: object

Default value
enabled: false
secretName: ''

Description: Ingress TLS parameters

ingress.tls.enabled📜

Type: bool

Default value
false

Description: Enable TLS configuration for the host defined at ingress.host parameter

ingress.tls.secretName📜

Type: string

Default value
""

Description: The name to which the TLS Secret will be called

backstage.backstage.replicas📜

Type: int

Default value
1

Description: Number of deployment replicas

backstage.backstage.revisionHistoryLimit📜

Type: int

Default value
10

Description: Define the count of deployment revisions to be kept. May be set to 0 in case of GitOps deployment approach.

backstage.backstage.image.registry📜

Type: string

Default value
"registry1.dso.mil"

Description: Backstage image registry

backstage.backstage.image.repository📜

Type: string

Default value
"ironbank/big-bang/backstage"

Description: Backstage image repository

backstage.backstage.image.tag📜

Type: string

Default value
"1.0.4"

Description: Backstage image tag (immutable tags are recommended)

backstage.backstage.image.pullPolicy📜

Type: string

Default value
"Always"

Description: Specify a imagePullPolicy. Defaults to ‘Always’ if image tag is ‘latest’, else set to ‘IfNotPresent’ Ref: https://kubernetes.io/docs/concepts/containers/images/#image-pull-policy

backstage.backstage.image.pullSecrets📜

Type: list

Default value
- private-registry

Description: Optionally specify an array of imagePullSecrets. Secrets must be manually created in the namespace. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ E.g: pullSecrets: [myRegistryKeySecretName]

backstage.backstage.containerPorts📜

Type: object

Default value
backend: 7007

Description: Container ports on the Deployment

backstage.backstage.command📜

Type: list

Default value
- node
- packages/backend

Description: Backstage container command

backstage.backstage.args📜

Type: list

Default value
- --config
- app-config.yaml

Description: Backstage container command arguments

backstage.backstage.extraAppConfig📜

Type: list

Default value
[]

Description: Extra app configuration files to inline into command arguments

backstage.backstage.extraContainers📜

Type: list

Default value
[]

Description: Deployment sidecars

backstage.backstage.extraEnvVarsCM📜

Type: list

Default value
[]

Description: Backstage container environment variables from existing ConfigMaps

backstage.backstage.extraVolumeMounts📜

Type: list

Default value
- mountPath: /app/catalog/
  name: catalog-bigbang

Description: Backstage container additional volumes extraVolumes: [] # Dynamic catalog configuration: the following allows catalogs to be built for bigbang based on enabled bigbang addons and packages.

backstage.backstage.extraEnvVarsSecrets📜

Type: list

Default value
[]

Description: Backstage container environment variables from existing Secrets

backstage.backstage.initContainers📜

Type: list

Default value
[]

Description: Backstage container init containers

backstage.backstage.installDir📜

Type: string

Default value
"/app"

Description: Directory containing the backstage installation

backstage.backstage.resources📜

Type: object

Default value
limits:
  cpu: 4000m
  memory: 8000Mi
requests:
  cpu: 2000m
  memory: 4000Mi

Description: Resource requests/limits Ref: https://kubernetes.io/docs/concepts/configuration/manage-resources-containers/#resource-requests-and-limits-of-pod-and-container

backstage.backstage.readinessProbe📜

Type: object

Default value
{}

Description: Readiness Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. readinessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 30 periodSeconds: 10 successThreshold: 2 timeoutSeconds: 2

backstage.backstage.livenessProbe📜

Type: object

Default value
{}

Description: Liveness Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. livenessProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2

backstage.backstage.startupProbe📜

Type: object

Default value
{}

Description: Startup Probe Backstage doesn’t provide any health endpoints by default. A simple one can be added like this: https://backstage.io/docs/plugins/observability/#health-checks Ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes <!– E.g. startupProbe: failureThreshold: 3 httpGet: path: /healthcheck port: 7007 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 2

backstage.backstage.podSecurityContext📜

Type: object

Default value
fsGroup: 473
runAsGroup: 473
runAsNonRoot: true
runAsUser: 473
seccompProfile:
  type: RuntimeDefault

Description: Security settings for a Pod. The security settings that you specify for a Pod apply to all Containers in the Pod. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-pod

backstage.backstage.containerSecurityContext📜

Type: object

Default value
allowPrivilegeEscalation: false
capabilities:
  drop:
  - ALL

postgresql.auth.secretKeys.replicationPasswordKey📜

Type: string

Default value
"replication-password"

Description: Security settings for a Container. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container

backstage.backstage.appConfig📜

Type: object

Default value
app:
  baseUrl: http://localhost:7007
auth:
  environment: development
  providers:
    guest:
      dangerouslyAllowOutsideDevelopment: true
backend:
  baseUrl: http://localhost:7007
catalog:
  locations:
  - target: ./catalog/*.yaml
    type: file
  - target: ./template/*.yaml
    type: file
  rules:
  - allow:
    - Component
    - API
    - System
    - Location
    - Template
    - User
    - Group
grafana:
  domain: ${GRAFANA_DOMAIN}
  unifiedAlerting: false
kubernetes:
  clusterLocatorMethods:
  - clusters:
    - authProvider: serviceAccount
      name: bigbang-dev
      skipMetricsLookup: true
      skipTLSVerify: false
      url: http://127.0.0.1:9999
    type: config
  customResources:
  - apiVersion: v1
    group: networking.istio.io
    plural: virtualservices
  - apiVersion: v1
    group: networking.k8s.io
    plural: networkpolicies
  - apiVersion: v1
    group: security.istio.io
    plural: authorizationpolicies
  - apiVersion: v1
    group: security.istio.io
    plural: peerauthentications
  - apiVersion: v1
    group: source.toolkit.fluxcd.io
    plural: helmcharts
  - apiVersion: v2
    group: helm.toolkit.fluxcd.io
    plural: helmreleases
  - apiVersion: v1
    group: source.toolkit.fluxcd.io
    plural: gitrepositories
  - apiVersion: v1alpha2
    group: wgpolicyk8s.io
    plural: clusterpolicyreports
  - apiVersion: v1alpha2
    group: wgpolicyk8s.io
    plural: policyreports
  - apiVersion: v1
    group: kyverno.io
    plural: clusterpolicies
  frontend:
    podDelete:
      enabled: false
  serviceLocatorMethod:
    type: multiTenant
organization:
  name: My Company
proxy:
  /grafana/api:
    headers:
      Authorization: Bearer ${GRAFANA_TOKEN}
    target: ${GRAFANA_HTTP}://${GRAFANA_URL}

postgresql.architecture📜

Type: string

Default value
"standalone"

Description: Generates ConfigMap and configures it in the Backstage pods

backstage.backstage.affinity📜

Type: object

Default value
{}

serviceAccount.create📜

Type: bool

Default value
false

Description: Affinity for pod assignment Ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity

backstage.backstage.nodeSelector📜

Type: object

Default value
{}

serviceAccount.name📜

Type: string

Default value
""

Description: Node labels for pod assignment Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector

backstage.backstage.tolerations📜

Type: list

Default value
[]

serviceAccount.labels📜

Type: object

Default value
{}

Description: Node tolerations for server scheduling to nodes with taints Ref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/

backstage.backstage.podAnnotations📜

Type: object

Default value
{}

serviceAccount.annotations📜

Type: object

Default value
{}

Description: Annotations to add to the backend deployment pods

backstage.backstage.podLabels📜

Type: object

Default value
{}

serviceAccount.automountServiceAccountToken📜

Type: bool

Default value
true

Description: Labels to add to the backend deployment pods

backstage.backstage.annotations📜

Type: object

Default value
{}

metrics📜

Type: object

Default value
serviceMonitor:
  annotations: {}
  enabled: false
  interval: null
  labels: {}
  path: /metrics

Description: Additional custom annotations for the Deployment resource

service.type📜

Type: string

Default value
"ClusterIP"

metrics.serviceMonitor📜

Type: object

Default value
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics

Description: Kubernetes Service type

service.ports📜

Type: object

Default value
backend: 7007
name: http-backend
targetPort: backend

metrics.serviceMonitor.enabled📜

Type: bool

Default value
false

Description: Backstage svc port for client connections

service.ports.name📜

Type: string

Default value
"http-backend"

metrics.serviceMonitor.annotations📜

Type: object

Default value
{}

Description: Backstage svc port name

service.ports.targetPort📜

Type: string

Default value
"backend"

metrics.serviceMonitor.labels📜

Type: object

Default value
{}

Description: Backstage svc target port referencing receiving pod container port

service.nodePorts📜

Type: object

Default value
backend: ''

metrics.serviceMonitor.interval📜

Type: string

Default value
nil

Description: Node port for the Backstage client connections Choose port between 30000-32767

service.sessionAffinity📜

Type: string

Default value
"None"

metrics.serviceMonitor.path📜

Type: string

Default value
"/metrics"

Description: Control where client requests go, to the same pod or round-robin (values: ClientIP or None) Ref: https://kubernetes.io/docs/concepts/services-networking/service/#session-stickiness

service.clusterIP📜

Type: string

Default value
""

domain📜

Type: string

Default value
"dev.bigbang.mil"

Description: Backstage service Cluster IP E.g clusterIP: None

service.loadBalancerIP📜

Type: string

Default value
""

networkPolicies.enabled📜

Type: bool

Default value
false

Description: Backstage service Load Balancer IP Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer

service.loadBalancerSourceRanges📜

Type: list

Default value
[]

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

Description: Load Balancer sources Ref: https://kubernetes.io/docs/concepts/services-networking/service/#loadbalancer E.g loadBalancerSourceRanges: [10.10.10.0/24]

service.externalTrafficPolicy📜

Type: string

Default value
"Cluster"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

Description: Backstage service external traffic policy Ref: https://kubernetes.io/docs/tasks/access-application-cluster/create-external-load-balancer/#preserving-the-client-source-ip

service.annotations📜

Type: object

Default value
{}

{ .type-object }

Default value
{}

Description: Additional custom annotations for Backstage service

service.extraPorts📜

Type: list

Default value
[]

{ .type-string }

Default value
"istio-ingressgateway"

Description: Extra ports to expose in the Backstage service (normally used with the sidecar value)

networkPolicy.enabled📜

Type: bool

Default value
false

Description: Specifies whether a NetworkPolicy should be created

networkPolicy.ingressRules.namespaceSelector📜

Type: object

Default value
{}

Description: Istio configuration

bbtests.enabled📜

Type: bool

Default value
false

Description: Namespace selector label allowed to access the Backstage instance

networkPolicy.ingressRules.podSelector📜

Type: object

Default value
{}

bbtests.cypress.artifacts📜

Type: bool

Default value
true

Description: Pod selector label allowed to access the Backstage instance

networkPolicy.ingressRules.customRules📜

Type: list

Default value
[]

{ .type-string }

Default value
"http://backstage:7007"

Description: Additional custom ingress rules

networkPolicy.egressRules.denyConnectionsToExternal📜

Type: bool

Default value
false

Description: Deny external connections. Should not be enabled when working with an external database.

networkPolicy.egressRules.customRules📜

Type: list

Default value
[]

bbtests.cypress.resources.requests.memory📜

Type: string

Default value
"4Gi"

Description: Additional custom egress rules

postgresql.enabled📜

Type: bool

Default value
false

{ .type-int }

Default value
4

Description: Switch to enable or disable the PostgreSQL integration

postgresql.auth📜

Type: object

Default value
existingSecret: ''
password: ''
secretKeys:
  adminPasswordKey: admin-password
  replicationPasswordKey: replication-password
  userPasswordKey: user-password
username: bn_backstage

Description: The authentication details of the Postgres database

postgresql.auth.username📜

Type: string

Default value
"bn_backstage"

Description: Name for a custom user to create

postgresql.auth.password📜

Type: string

Default value
""

Description: Password for the custom user to create

postgresql.auth.existingSecret📜

Type: string

Default value
""

Description: Name of existing secret to use for PostgreSQL credentials

postgresql.auth.secretKeys📜

Type: object

Default value
adminPasswordKey: admin-password
replicationPasswordKey: replication-password
userPasswordKey: user-password

Description: The secret keys Postgres will look for to retrieve the relevant password

postgresql.auth.secretKeys.adminPasswordKey📜

Type: string

Default value
"admin-password"

Description: The key in which Postgres will look for, for the admin password, in the existing Secret

postgresql.auth.secretKeys.userPasswordKey📜

Type: string

Default value
"user-password"

Description: The key in which Postgres will look for, for the user password, in the existing Secret

postgresql.auth.secretKeys.replicationPasswordKey📜

Type: string

Default value
"replication-password"

Description: The key in which Postgres will look for, for the replication password, in the existing Secret

postgresql.architecture📜

Type: string

Default value
"standalone"

Description: PostgreSQL architecture (standalone or replication)

serviceAccount.create📜

Type: bool

Default value
false

Description: Enable the creation of a ServiceAccount for Backstage pods

serviceAccount.name📜

Type: string

Default value
""

Description: Name of the ServiceAccount to use If not set and serviceAccount.create is true, a name is generated

serviceAccount.labels📜

Type: object

Default value
{}

Description: Additional custom labels to the service ServiceAccount.

serviceAccount.annotations📜

Type: object

Default value
{}

Description: Additional custom annotations for the ServiceAccount.

serviceAccount.automountServiceAccountToken📜

Type: bool

Default value
true

Description: Auto-mount the service account token in the pod

metrics📜

Type: object

Default value
serviceMonitor:
  annotations: {}
  enabled: false
  interval: null
  labels: {}
  path: /metrics

Description: Metrics configuration

metrics.serviceMonitor📜

Type: object

Default value
annotations: {}
enabled: false
interval: null
labels: {}
path: /metrics

Description: ServiceMonitor configuration Allows configuring your backstage instance as a scrape target for Prometheus using a ServiceMonitor custom resource that Prometheus Operator can understand.

metrics.serviceMonitor.enabled📜

Type: bool

Default value
false

Description: If enabled, a ServiceMonitor resource for Prometheus Operator is created Prometheus Operator must be installed in your cluster prior to enabling.

metrics.serviceMonitor.annotations📜

Type: object

Default value
{}

Description: ServiceMonitor annotations

metrics.serviceMonitor.labels📜

Type: object

Default value
{}

Description: Additional ServiceMonitor labels

metrics.serviceMonitor.interval📜

Type: string

Default value
nil

Description: ServiceMonitor scrape interval

metrics.serviceMonitor.path📜

Type: string

Default value
"/metrics"

Description: ServiceMonitor endpoint path Note that the /metrics endpoint is NOT present in a freshly scaffolded Backstage app. To setup, follow the Prometheus metrics tutorial.

domain📜

Type: string

Default value
"dev.bigbang.mil"

Description: Base domain to use.

networkPolicies.enabled📜

Type: bool

Default value
false

Description: Toggle networkPolicies

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

Description: Control Plane CIDR, defaults to 0.0.0.0/0, use kubectl get endpoints -n default kubernetes to get the CIDR range needed for your cluster Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints) Used by package NetworkPolicies to allow Kube API access

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

networkPolicies.egress📜

Type: object

Default value
{}

Description: NetworkPolicy selectors and ports for egress to downstream telemetry ingestion services. These should be uncommented and overridden if any of these values deviate from the Big Bang defaults.

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

istio📜

Type: object

Default value
backstage:
  gateways:
  - istio-system/public
  hosts:
  - backstage.{{ .Values.domain }}
enabled: false
hardened:
  customAuthorizationPolicies: []
  customServiceEntries: []
  enabled: false
  outboundTrafficPolicyMode: REGISTRY_ONLY
mtls:
  mode: STRICT
namespace: istio-system

Description: Istio configuration

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_url📜

Type: string

Default value
"http://backstage:7007"

bbtests.cypress.envs.cypress_timeout📜

Type: string

Default value
"120000"

bbtests.cypress.resources.requests.cpu📜

Type: int

Default value
4

bbtests.cypress.resources.requests.memory📜

Type: string

Default value
"4Gi"

bbtests.cypress.resources.limits.cpu📜

Type: int

Default value
4

bbtests.cypress.resources.limits.memory📜

Type: string

Default value
"8Gi"