Skip to content

monitoring values.yaml📜

flux.enabled📜

Type: bool

Default value
false

flux.namespace📜

Type: string

Default value
"flux-system"

networkPolicies.egress.from.kube-prometheus-stack-prometheus-operator.to.definition.kubeAPI📜

Type: bool

Default value
true

Description: The operator must be able to read Prometheus/Alertmanager CRs from the k8s API

networkPolicies.egress.from.kube-state-metrics.to.definition.kubeAPI📜

Type: bool

Default value
true

Description: Kube-state-metrics derives its metrics from the k8s API

networkPolicies.egress.from.prometheus.to.definition.kubeAPI📜

Type: bool

Default value
true

Description: Prometheus must be able to read ServiceMonitor and PodMonitor resources from the k8s API

networkPolicies.egress.from.prometheus.to.k8s.*📜

Type: bool

Default value
true

Description: Prometheus must be able to scrape any workload in the cluster

networkPolicies.egress.from.admission-create-job.to.definition.kubeAPI📜

Type: bool

Default value
true

Description: This pre-install/pre-upgrade job creates webhook resources and must reach the kubeAPI before normal release netpols exist.

networkPolicies.egress.from.alertmanager.to.cidr.”0.0.0.0/0”📜

Type: bool

Default value
false

Description: Alertmanager can be configured to integrate with many external alerting systems, so we define this policy but set it to false; set it to true if you need this connectivity

networkPolicies.ingress.to.kube-prometheus-stack-prometheus-operator:10250.from.cidr.”0.0.0.0/0”📜

Type: bool

Default value
true

Description: Required for kube API admission webhook traffic and Prometheus scrape access. Override this CIDR from the umbrella when your control-plane range is known.

networkPolicies.ingress.to.prometheus:10901.from.k8s.thanos/thanos📜

Type: bool

Default value
false

Description: Thanos store API access to Prometheus sidecar. Set true when Thanos is deployed.

networkPolicies.ingress.to.prometheus:9090.from.k8s.tempo-tempo@tempo/tempo📜

Type: bool

Default value
false

Description: Tempo Prometheus remote-write/read access. Set true when Tempo is deployed. Use service-account identity format for SPIFFE principal generation.

networkPolicies.ingress.to.prometheus:9090.from.k8s.kiali-service-account@kiali/kiali📜

Type: bool

Default value
false

Description: Kiali Prometheus access. Set true when Kiali is deployed. Use service-account identity format for SPIFFE principal generation.

openshift📜

Type: bool

Default value
false

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_prometheus_url📜

Type: string

Default value
"http://monitoring-kube-prometheus-prometheus:9090"

bbtests.cypress.envs.cypress_alertmanager_url📜

Type: string

Default value
"http://monitoring-kube-prometheus-alertmanager:9093"

istio.enabled📜

Type: bool

Default value
false

istio.mtls.mode📜

Type: string

Default value
"STRICT"

istio.sidecar.enabled📜

Type: bool

Default value
false

istio.sidecar.outboundTrafficPolicyMode📜

Type: string

Default value
"REGISTRY_ONLY"

istio.serviceEntries.custom📜

Type: list

Default value
[]

istio.authorizationPolicies.enabled📜

Type: bool

Default value
false

istio.authorizationPolicies.generateFromNetpol📜

Type: bool

Default value
true

istio.authorizationPolicies.custom📜

Type: list

Default value
[]

istio.prometheusRule.IstioSidecarMemModerate📜

Type: bool

Default value
true

istio.prometheusRule.IstioSidecarMemHigh📜

Type: bool

Default value
true

istio.prometheusRule.IstioConfigValidationFailed📜

Type: bool

Default value
true

istio.prometheusRule.Istio5XXResponseCode📜

Type: bool

Default value
true

istio.prometheusRule.IstioSidecarEndpointError📜

Type: bool

Default value
true

istio.prometheusRule.IstioSidecarListenerConflict📜

Type: bool

Default value
true

istio.console.enabled📜

Type: bool

Default value
false

routes📜

Type: object

Default value
inbound:
  monitoring-alertmanager:
    containerPort: 9093
    enabled: true
    gateways:
    - istio-gateway/public-ingressgateway
    hosts:
    - alertmanager.{{ .Values.domain }}
    metadata:
      annotations: {}
      labels: {}
    port: '{{ .Values.upstream.alertmanager.service.port }}'
    selector:
      app.kubernetes.io/name: alertmanager
    service: '{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-alertmanager"
      }}.{{ .Release.Namespace }}.svc.cluster.local'
  monitoring-prometheus:
    containerPort: 9090
    enabled: true
    gateways:
    - istio-gateway/public-ingressgateway
    hosts:
    - prometheus.{{ .Values.domain }}
    metadata:
      annotations: {}
      labels: {}
    port: '{{ .Values.upstream.prometheus.service.port }}'
    selector:
      app: prometheus
    service: '{{ printf "%s-%s" (include "kube-prometheus-stack.fullname" .) "kube-prometheus"
      }}.{{ .Release.Namespace }}.svc.cluster.local'
outbound: {}

Description: bb-common Routes configuration

kiali.enabled📜

Type: bool

Default value
false

sso.enabled📜

Type: bool

Default value
false

sso.selector.key📜

Type: string

Default value
"protect"

sso.selector.value📜

Type: string

Default value
"keycloak"

tempo.enabled📜

Type: bool

Default value
false

cleanUpgrade.enabled📜

Type: bool

Default value
false

cleanUpgrade.image.registry📜

Type: string

Default value
"registry1.dso.mil"

cleanUpgrade.image.repository📜

Type: string

Default value
"ironbank/big-bang/base"

cleanUpgrade.image.tag📜

Type: string

Default value
"2.1.0"

cleanUpgrade.image.sha📜

Type: string

Default value
""

cleanUpgrade.image.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

cleanUpgrade.resources.requests.memory📜

Type: string

Default value
"256Mi"

cleanUpgrade.resources.requests.cpu📜

Type: string

Default value
"100m"

cleanUpgrade.resources.limits.memory📜

Type: string

Default value
"256Mi"

cleanUpgrade.resources.limits.cpu📜

Type: string

Default value
"100m"

cleanUpgrade.securityContext.runAsUser📜

Type: int

Default value
1000

cleanUpgrade.securityContext.runAsGroup📜

Type: int

Default value
1000

cleanUpgrade.securityContext.runAsNonRoot📜

Type: bool

Default value
true

cleanUpgrade.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

cleanUpgrade.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

cleanUpgrade.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

blackboxExporter.enabled📜

Type: bool

Default value
false

blackboxExporter.nameOverride📜

Type: string

Default value
"prometheus-blackbox-exporter"

blackboxExporter.global.imageRegistry📜

Type: string

Default value
"registry1.dso.mil"

blackboxExporter.restartPolicy📜

Type: string

Default value
"Always"

blackboxExporter.kind📜

Type: string

Default value
"Deployment"

blackboxExporter.automountServiceAccountToken📜

Type: bool

Default value
false

blackboxExporter.revisionHistoryLimit📜

Type: int

Default value
10

blackboxExporter.hostNetwork📜

Type: bool

Default value
false

blackboxExporter.strategy.rollingUpdate.maxSurge📜

Type: int

Default value
1

blackboxExporter.strategy.rollingUpdate.maxUnavailable📜

Type: int

Default value
0

blackboxExporter.strategy.type📜

Type: string

Default value
"RollingUpdate"

blackboxExporter.image.registry📜

Type: string

Default value
"registry1.dso.mil"

blackboxExporter.image.repository📜

Type: string

Default value
"ironbank/opensource/prometheus/blackbox_exporter"

blackboxExporter.image.tag📜

Type: string

Default value
"v0.28.0"

blackboxExporter.image.pullSecrets[0]📜

Type: string

Default value
"private-registry"

blackboxExporter.securityContext.runAsUser📜

Type: int

Default value
1000

blackboxExporter.securityContext.runAsGroup📜

Type: int

Default value
1000

blackboxExporter.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

blackboxExporter.securityContext.runAsNonRoot📜

Type: bool

Default value
true

blackboxExporter.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

blackboxExporter.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

blackboxExporter.livenessProbe.httpGet.path📜

Type: string

Default value
"/-/healthy"

blackboxExporter.livenessProbe.httpGet.port📜

Type: string

Default value
"http"

blackboxExporter.livenessProbe.failureThreshold📜

Type: int

Default value
3

blackboxExporter.readinessProbe.httpGet.path📜

Type: string

Default value
"/-/healthy"

blackboxExporter.readinessProbe.httpGet.port📜

Type: string

Default value
"http"

blackboxExporter.configExistingSecretName📜

Type: string

Default value
""

blackboxExporter.secretConfig📜

Type: bool

Default value
false

blackboxExporter.config.modules.http_2xx.prober📜

Type: string

Default value
"http"

blackboxExporter.config.modules.http_2xx.timeout📜

Type: string

Default value
"5s"

blackboxExporter.config.modules.http_2xx.http.valid_http_versions[0]📜

Type: string

Default value
"HTTP/1.1"

blackboxExporter.config.modules.http_2xx.http.valid_http_versions[1]📜

Type: string

Default value
"HTTP/2.0"

blackboxExporter.config.modules.http_2xx.http.follow_redirects📜

Type: bool

Default value
true

blackboxExporter.config.modules.http_2xx.http.preferred_ip_protocol📜

Type: string

Default value
"ip4"

blackboxExporter.service.annotations📜

Type: object

Default value
{}

blackboxExporter.service.labels📜

Type: object

Default value
{}

blackboxExporter.service.type📜

Type: string

Default value
"ClusterIP"

blackboxExporter.service.port📜

Type: int

Default value
9115

blackboxExporter.service.ipDualStack.enabled📜

Type: bool

Default value
false

blackboxExporter.service.ipDualStack.ipFamilies[0]📜

Type: string

Default value
"IPv6"

blackboxExporter.service.ipDualStack.ipFamilies[1]📜

Type: string

Default value
"IPv4"

blackboxExporter.service.ipDualStack.ipFamilyPolicy📜

Type: string

Default value
"PreferDualStack"

blackboxExporter.containerPort📜

Type: int

Default value
9115

blackboxExporter.replicas📜

Type: int

Default value
1

blackboxExporter.serviceMonitor.selfMonitor.enabled📜

Type: bool

Default value
false

blackboxExporter.serviceMonitor.selfMonitor.additionalMetricsRelabels📜

Type: object

Default value
{}

blackboxExporter.serviceMonitor.selfMonitor.additionalRelabeling📜

Type: list

Default value
[]

blackboxExporter.serviceMonitor.selfMonitor.labels📜

Type: object

Default value
{}

blackboxExporter.serviceMonitor.selfMonitor.path📜

Type: string

Default value
"/metrics"

blackboxExporter.serviceMonitor.selfMonitor.scheme📜

Type: string

Default value
"http"

blackboxExporter.serviceMonitor.selfMonitor.tlsConfig📜

Type: object

Default value
{}

blackboxExporter.serviceMonitor.selfMonitor.interval📜

Type: string

Default value
"30s"

blackboxExporter.serviceMonitor.selfMonitor.scrapeTimeout📜

Type: string

Default value
"30s"

blackboxExporter.serviceMonitor.enabled📜

Type: bool

Default value
false

blackboxExporter.configReloader.enabled📜

Type: bool

Default value
false

blackboxExporter.configReloader.containerPort📜

Type: int

Default value
8080

blackboxExporter.configReloader.config.logFormat📜

Type: string

Default value
"logfmt"

blackboxExporter.configReloader.config.logLevel📜

Type: string

Default value
"info"

blackboxExporter.configReloader.config.watchInterval📜

Type: string

Default value
"1m"

blackboxExporter.configReloader.image.registry📜

Type: string

Default value
"registry1.dso.mil"

blackboxExporter.configReloader.image.repository📜

Type: string

Default value
"ironbank/opensource/prometheus-operator/prometheus-config-reloader"

blackboxExporter.configReloader.image.tag📜

Type: string

Default value
"v0.89.0"

blackboxExporter.configReloader.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

blackboxExporter.configReloader.image.digest📜

Type: string

Default value
""

blackboxExporter.configReloader.image.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

blackboxExporter.configReloader.securityContext.runAsUser📜

Type: int

Default value
1000

blackboxExporter.configReloader.securityContext.runAsGroup📜

Type: int

Default value
1000

blackboxExporter.configReloader.securityContext.readOnlyRootFilesystem📜

Type: bool

Default value
true

blackboxExporter.configReloader.securityContext.runAsNonRoot📜

Type: bool

Default value
true

blackboxExporter.configReloader.securityContext.allowPrivilegeEscalation📜

Type: bool

Default value
false

blackboxExporter.configReloader.securityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

blackboxExporter.configReloader.resources.limits.memory📜

Type: string

Default value
"50Mi"

blackboxExporter.configReloader.resources.requests.cpu📜

Type: string

Default value
"10m"

blackboxExporter.configReloader.resources.requests.memory📜

Type: string

Default value
"20Mi"

blackboxExporter.configReloader.service.port📜

Type: int

Default value
8080

blackboxExporter.configReloader.serviceMonitor.selfMonitor.additionalMetricsRelabels📜

Type: object

Default value
{}

blackboxExporter.configReloader.serviceMonitor.selfMonitor.additionalRelabeling📜

Type: list

Default value
[]

blackboxExporter.configReloader.serviceMonitor.selfMonitor.path📜

Type: string

Default value
"/metrics"

blackboxExporter.configReloader.serviceMonitor.selfMonitor.scheme📜

Type: string

Default value
"http"

blackboxExporter.configReloader.serviceMonitor.selfMonitor.tlsConfig📜

Type: object

Default value
{}

blackboxExporter.configReloader.serviceMonitor.selfMonitor.interval📜

Type: string

Default value
"30s"

blackboxExporter.configReloader.serviceMonitor.selfMonitor.scrapeTimeout📜

Type: string

Default value
"30s"

snmpExporter.enabled📜

Type: bool

Default value
false

snmpExporter.nameOverride📜

Type: string

Default value
"prometheus-snmp-exporter"

snmpExporter.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/prometheus/snmp_exporter"

snmpExporter.image.tag📜

Type: string

Default value
"v0.30.1"

snmpExporter.image.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

snmpExporter.configmapReload.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader"

snmpExporter.configmapReload.image.tag📜

Type: string

Default value
"v0.89.0"

snmpExporter.configmapReload.image.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

snmpExporter.configmapReload.containerSecurityContext.runAsGroup📜

Type: int

Default value
1001

snmpExporter.configmapReload.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

snmpExporter.configmapReload.containerSecurityContext.runAsUser📜

Type: int

Default value
1001

snmpExporter.configmapReload.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

snmpExporter.securityContext.runAsNonRoot📜

Type: bool

Default value
true

snmpExporter.securityContext.runAsUser📜

Type: int

Default value
1001

snmpExporter.securityContext.runAsGroup📜

Type: int

Default value
1001

snmpExporter.securityContext.fsGroup📜

Type: int

Default value
1001

snmpExporter.containerSecurityContext.runAsGroup📜

Type: int

Default value
1001

snmpExporter.containerSecurityContext.runAsNonRoot📜

Type: bool

Default value
true

snmpExporter.containerSecurityContext.runAsUser📜

Type: int

Default value
1001

snmpExporter.containerSecurityContext.capabilities.drop[0]📜

Type: string

Default value
"ALL"

snmpExporter.serviceMonitor.enabled📜

Type: bool

Default value
true