Skip to content

vault values.yaml📜

global.enabled📜

Type: bool

Default value
true

global.namespace📜

Type: string

Default value
""

global.imagePullSecrets[0].name📜

Type: string

Default value
"private-registry"

global.tlsDisable📜

Type: bool

Default value
true

global.externalVaultAddr📜

Type: string

Default value
""

global.openshift📜

Type: bool

Default value
false

global.psp.enable📜

Type: bool

Default value
false

global.psp.annotations📜

Type: string

Default value
"seccomp.security.alpha.kubernetes.io/allowedProfileNames: docker/default,runtime/default\napparmor.security.beta.kubernetes.io/allowedProfileNames: runtime/default\nseccomp.security.alpha.kubernetes.io/defaultProfileName:  runtime/default\napparmor.security.beta.kubernetes.io/defaultProfileName:  runtime/default\n"

global.serverTelemetry.prometheusOperator📜

Type: bool

Default value
false

injector.enabled📜

Type: string

Default value
"-"

injector.replicas📜

Type: int

Default value
1

injector.port📜

Type: int

Default value
8080

injector.leaderElector.enabled📜

Type: bool

Default value
false

injector.metrics.enabled📜

Type: bool

Default value
true

injector.externalVaultAddr📜

Type: string

Default value
""

injector.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/hashicorp/vault/vault-k8s"

injector.image.tag📜

Type: string

Default value
"v1.4.2"

injector.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

injector.agentImage.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/hashicorp/vault"

injector.agentImage.tag📜

Type: string

Default value
"1.18.1"

injector.agentDefaults.cpuLimit📜

Type: string

Default value
"500m"

injector.agentDefaults.cpuRequest📜

Type: string

Default value
"500m"

injector.agentDefaults.memLimit📜

Type: string

Default value
"250Mi"

injector.agentDefaults.memRequest📜

Type: string

Default value
"250Mi"

injector.agentDefaults.template📜

Type: string

Default value
"map"

injector.agentDefaults.templateConfig.exitOnRetryFailure📜

Type: bool

Default value
true

injector.agentDefaults.templateConfig.staticSecretRenderInterval📜

Type: string

Default value
""

injector.livenessProbe.failureThreshold📜

Type: int

Default value
2

injector.livenessProbe.initialDelaySeconds📜

Type: int

Default value
5

injector.livenessProbe.periodSeconds📜

Type: int

Default value
2

injector.livenessProbe.successThreshold📜

Type: int

Default value
1

injector.livenessProbe.timeoutSeconds📜

Type: int

Default value
5

injector.readinessProbe.failureThreshold📜

Type: int

Default value
2

injector.readinessProbe.initialDelaySeconds📜

Type: int

Default value
5

injector.readinessProbe.periodSeconds📜

Type: int

Default value
2

injector.readinessProbe.successThreshold📜

Type: int

Default value
1

injector.readinessProbe.timeoutSeconds📜

Type: int

Default value
5

injector.startupProbe.failureThreshold📜

Type: int

Default value
12

injector.startupProbe.initialDelaySeconds📜

Type: int

Default value
5

injector.startupProbe.periodSeconds📜

Type: int

Default value
5

injector.startupProbe.successThreshold📜

Type: int

Default value
1

injector.startupProbe.timeoutSeconds📜

Type: int

Default value
5

injector.authPath📜

Type: string

Default value
"auth/kubernetes"

injector.logLevel📜

Type: string

Default value
"info"

injector.logFormat📜

Type: string

Default value
"standard"

injector.revokeOnShutdown📜

Type: bool

Default value
false

injector.webhook.failurePolicy📜

Type: string

Default value
"Ignore"

injector.webhook.matchPolicy📜

Type: string

Default value
"Exact"

injector.webhook.timeoutSeconds📜

Type: int

Default value
30

injector.webhook.namespaceSelector📜

Type: object

Default value
{}

injector.webhook.objectSelector📜

Type: string

Default value
"matchExpressions:\n- key: app.kubernetes.io/name\n  operator: NotIn\n  values:\n  - {{ template \"vault.name\" . }}-agent-injector\n"

injector.webhook.annotations📜

Type: object

Default value
{}

injector.failurePolicy📜

Type: string

Default value
"Ignore"

injector.namespaceSelector📜

Type: object

Default value
{}

injector.objectSelector📜

Type: object

Default value
{}

injector.webhookAnnotations📜

Type: object

Default value
{}

injector.certs.secretName📜

Type: string

Default value
nil

injector.certs.caBundle📜

Type: string

Default value
""

injector.certs.certName📜

Type: string

Default value
"tls.crt"

injector.certs.keyName📜

Type: string

Default value
"tls.key"

injector.securityContext.pod📜

Type: object

Default value
{}

injector.securityContext.container.capabilities.drop[0]📜

Type: string

Default value
"ALL"

injector.resources.requests.memory📜

Type: string

Default value
"256Mi"

injector.resources.requests.cpu📜

Type: string

Default value
"250m"

injector.resources.limits.memory📜

Type: string

Default value
"256Mi"

injector.resources.limits.cpu📜

Type: string

Default value
"250m"

injector.extraEnvironmentVars📜

Type: object

Default value
{}

injector.affinity📜

Type: string

Default value
"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"vault.name\" . }}-agent-injector\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: webhook\n      topologyKey: kubernetes.io/hostname\n"

injector.topologySpreadConstraints📜

Type: list

Default value
[]

injector.tolerations📜

Type: list

Default value
[]

injector.nodeSelector📜

Type: object

Default value
{}

injector.priorityClassName📜

Type: string

Default value
""

injector.annotations📜

Type: object

Default value
{}

injector.extraLabels📜

Type: object

Default value
{}

injector.hostNetwork📜

Type: bool

Default value
false

injector.service.annotations📜

Type: object

Default value
{}

injector.serviceAccount.annotations📜

Type: object

Default value
{}

injector.podDisruptionBudget📜

Type: object

Default value
{}

injector.strategy📜

Type: object

Default value
{}

server.enabled📜

Type: bool

Default value
true

server.extraSecretEnvironmentVars[0].envName📜

Type: string

Default value
"AWS_ACCESS_KEY_ID"

server.extraSecretEnvironmentVars[0].secretName📜

Type: string

Default value
"eks-creds"

server.extraSecretEnvironmentVars[0].secretKey📜

Type: string

Default value
"AWS_ACCESS_KEY_ID"

server.extraSecretEnvironmentVars[1].envName📜

Type: string

Default value
"AWS_SECRET_ACCESS_KEY"

server.extraSecretEnvironmentVars[1].secretName📜

Type: string

Default value
"eks-creds"

server.extraSecretEnvironmentVars[1].secretKey📜

Type: string

Default value
"AWS_SECRET_ACCESS_KEY"

server.enterpriseLicense.secretName📜

Type: string

Default value
""

server.enterpriseLicense.secretKey📜

Type: string

Default value
"license"

server.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/hashicorp/vault"

server.image.tag📜

Type: string

Default value
"1.18.1"

server.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

server.updateStrategyType📜

Type: string

Default value
"OnDelete"

server.logLevel📜

Type: string

Default value
""

server.logFormat📜

Type: string

Default value
""

server.resources.requests.memory📜

Type: string

Default value
"256Mi"

server.resources.requests.cpu📜

Type: string

Default value
"250m"

server.resources.limits.memory📜

Type: string

Default value
"256Mi"

server.resources.limits.cpu📜

Type: string

Default value
"250m"

server.ingress.enabled📜

Type: bool

Default value
false

server.ingress.labels📜

Type: object

Default value
{}

server.ingress.annotations📜

Type: object

Default value
{}

server.ingress.ingressClassName📜

Type: string

Default value
""

server.ingress.pathType📜

Type: string

Default value
"Prefix"

server.ingress.activeService📜

Type: bool

Default value
true

server.ingress.hosts[0].host📜

Type: string

Default value
"chart-example.local"

server.ingress.hosts[0].paths📜

Type: list

Default value
[]

server.ingress.extraPaths📜

Type: list

Default value
[]

server.ingress.tls📜

Type: list

Default value
[]

server.hostAliases📜

Type: list

Default value
[]

server.route.enabled📜

Type: bool

Default value
false

server.route.activeService📜

Type: bool

Default value
true

server.route.labels📜

Type: object

Default value
{}

server.route.annotations📜

Type: object

Default value
{}

server.route.host📜

Type: string

Default value
"chart-example.local"

server.route.tls.termination📜

Type: string

Default value
"passthrough"

server.authDelegator.enabled📜

Type: bool

Default value
true

server.extraInitContainers📜

Type: string

Default value
nil

server.extraContainers📜

Type: string

Default value
nil

server.shareProcessNamespace📜

Type: bool

Default value
false

server.extraArgs📜

Type: string

Default value
""

server.extraPorts📜

Type: string

Default value
nil

server.readinessProbe.enabled📜

Type: bool

Default value
true

server.readinessProbe.port📜

Type: int

Default value
8200

server.readinessProbe.failureThreshold📜

Type: int

Default value
2

server.readinessProbe.initialDelaySeconds📜

Type: int

Default value
5

server.readinessProbe.periodSeconds📜

Type: int

Default value
5

server.readinessProbe.successThreshold📜

Type: int

Default value
1

server.readinessProbe.timeoutSeconds📜

Type: int

Default value
3

server.livenessProbe.enabled📜

Type: bool

Default value
false

server.livenessProbe.execCommand📜

Type: list

Default value
[]

server.livenessProbe.path📜

Type: string

Default value
"/v1/sys/health?standbyok=true"

server.livenessProbe.port📜

Type: int

Default value
8200

server.livenessProbe.failureThreshold📜

Type: int

Default value
2

server.livenessProbe.initialDelaySeconds📜

Type: int

Default value
60

server.livenessProbe.periodSeconds📜

Type: int

Default value
5

server.livenessProbe.successThreshold📜

Type: int

Default value
1

server.livenessProbe.timeoutSeconds📜

Type: int

Default value
3

server.terminationGracePeriodSeconds📜

Type: int

Default value
10

server.preStopSleepSeconds📜

Type: int

Default value
5

server.postStart📜

Type: list

Default value
[]

server.extraEnvironmentVars📜

Type: object

Default value
{}

server.extraSecretEnvironmentVars📜

Type: list

Default value
[]

server.extraVolumes📜

Type: list

Default value
[]

server.volumes📜

Type: string

Default value
nil

server.volumeMounts📜

Type: string

Default value
nil

server.affinity📜

Type: string

Default value
"podAntiAffinity:\n  requiredDuringSchedulingIgnoredDuringExecution:\n    - labelSelector:\n        matchLabels:\n          app.kubernetes.io/name: {{ template \"vault.name\" . }}\n          app.kubernetes.io/instance: \"{{ .Release.Name }}\"\n          component: server\n      topologyKey: kubernetes.io/hostname\n"

server.topologySpreadConstraints📜

Type: list

Default value
[]

server.tolerations📜

Type: list

Default value
[]

server.nodeSelector📜

Type: object

Default value
{}

server.networkPolicy.enabled📜

Type: bool

Default value
false

server.networkPolicy.egress📜

Type: list

Default value
[]

server.networkPolicy.ingress[0].from[0].namespaceSelector📜

Type: object

Default value
{}

server.networkPolicy.ingress[0].ports[0].port📜

Type: int

Default value
8200

server.networkPolicy.ingress[0].ports[0].protocol📜

Type: string

Default value
"TCP"

server.networkPolicy.ingress[0].ports[1].port📜

Type: int

Default value
8201

server.networkPolicy.ingress[0].ports[1].protocol📜

Type: string

Default value
"TCP"

server.priorityClassName📜

Type: string

Default value
""

server.extraLabels📜

Type: object

Default value
{}

server.annotations📜

Type: object

Default value
{}

server.configAnnotation📜

Type: bool

Default value
false

server.service.enabled📜

Type: bool

Default value
true

server.service.active.enabled📜

Type: bool

Default value
true

server.service.active.annotations📜

Type: object

Default value
{}

server.service.standby.enabled📜

Type: bool

Default value
true

server.service.standby.annotations📜

Type: object

Default value
{}

server.service.instanceSelector.enabled📜

Type: bool

Default value
true

server.service.ipFamilyPolicy📜

Type: string

Default value
""

server.service.ipFamilies📜

Type: list

Default value
[]

server.service.publishNotReadyAddresses📜

Type: bool

Default value
true

server.service.externalTrafficPolicy📜

Type: string

Default value
"Cluster"

server.service.port📜

Type: int

Default value
8200

server.service.targetPort📜

Type: int

Default value
8200

server.service.annotations📜

Type: object

Default value
{}

server.dataStorage.enabled📜

Type: bool

Default value
true

server.dataStorage.size📜

Type: string

Default value
"10Gi"

server.dataStorage.mountPath📜

Type: string

Default value
"/vault/data"

server.dataStorage.storageClass📜

Type: string

Default value
nil

server.dataStorage.accessMode📜

Type: string

Default value
"ReadWriteOnce"

server.dataStorage.annotations📜

Type: object

Default value
{}

server.dataStorage.labels📜

Type: object

Default value
{}

server.persistentVolumeClaimRetentionPolicy📜

Type: object

Default value
{}

server.auditStorage.enabled📜

Type: bool

Default value
true

server.auditStorage.size📜

Type: string

Default value
"10Gi"

server.auditStorage.mountPath📜

Type: string

Default value
"/vault/audit"

server.auditStorage.storageClass📜

Type: string

Default value
nil

server.auditStorage.accessMode📜

Type: string

Default value
"ReadWriteOnce"

server.auditStorage.annotations📜

Type: object

Default value
{}

server.auditStorage.labels📜

Type: object

Default value
{}

server.dev.enabled📜

Type: bool

Default value
false

server.dev.devRootToken📜

Type: string

Default value
"root"

server.standalone.enabled📜

Type: string

Default value
"-"

server.standalone.config📜

Type: string

Default value
"ui = true\n\nlistener \"tcp\" {\n  {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n  tls_disable = 0\n  tls_key_file = \"/vault/tls/tls.key\"\n  tls_cert_file = \"/vault/tls/tls.crt\"\n  {{- else }}\n  tls_disable = 1\n  {{- end }}\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\n\ntelemetry {\n  prometheus_retention_time = \"24h\"\n  disable_hostname = true\n  unauthenticated_metrics_access = true\n}\n\n{{- if .Values.server.dataStorage.enabled }}\nstorage \"raft\" {\n  path = \"/vault/data\"\n}\n{{- end }}\n\n{{- if and (not .Values.server.dataStorage.enabled) .Values.minio.enabled }}\nstorage \"s3\" {\n    access_key = \"{{ .Values.minio.accessKey }}\"\n    secret_key = \"{{ .Values.minio.secretKey }}\"\n    endpoint = \"{{ .Values.minio.endpoint }}\"\n    bucket = \"{{ .Values.minio.bucketName }}\"\n    s3_force_path_style = \"true\"\n    disable_ssl = \"{{ .Values.minio.disableSSL }}\"\n}\n{{- end }}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"vault-helm-dev\"\n#   region      = \"global\"\n#   key_ring    = \"vault-helm-unseal-kr\"\n#   crypto_key  = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics in your config.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"

server.ha.enabled📜

Type: bool

Default value
false

server.ha.replicas📜

Type: int

Default value
3

server.ha.apiAddr📜

Type: string

Default value
nil

server.ha.clusterAddr📜

Type: string

Default value
nil

server.ha.raft.enabled📜

Type: bool

Default value
true

server.ha.raft.setNodeId📜

Type: bool

Default value
true

server.ha.raft.config📜

Type: string

Default value
"ui = true\n\nlistener \"tcp\" {\n  {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n  tls_disable = 0\n  tls_key_file = \"/vault/tls/tls.key\"\n  tls_cert_file = \"/vault/tls/tls.crt\"\n  {{- else }}\n  tls_disable = 1\n  {{- end }}\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n  # Enable unauthenticated metrics access (necessary for Prometheus Operator)\n  #telemetry {\n  #  unauthenticated_metrics_access = \"true\"\n  #}\n}\n\nstorage \"raft\" {\n  path = \"/vault/data\"\n}\n\ntelemetry {\n  prometheus_retention_time = \"24h\"\n  disable_hostname = true\n  unauthenticated_metrics_access = true\n}\n\n\nservice_registration \"kubernetes\" {}\n"

server.ha.config📜

Type: string

Default value
"ui = true\n\nlistener \"tcp\" {\n  {{- if and .Values.istio.vault.tls.cert .Values.istio.vault.tls.key (not .Values.global.tlsDisable) }}\n  tls_disable = 0\n  tls_key_file = \"/vault/tls/tls.key\"\n  tls_cert_file = \"/vault/tls/tls.crt\"\n  {{- else }}\n  tls_disable = 1\n  {{- end }}\n  address = \"[::]:8200\"\n  cluster_address = \"[::]:8201\"\n}\nstorage \"consul\" {\n  path = \"vault\"\n  address = \"HOST_IP:8500\"\n}\n\nservice_registration \"kubernetes\" {}\n\n# Example configuration for using auto-unseal, using Google Cloud KMS. The\n# GKMS keys must already exist, and the cluster must have a service account\n# that is authorized to access GCP KMS.\n#seal \"gcpckms\" {\n#   project     = \"vault-helm-dev-246514\"\n#   region      = \"global\"\n#   key_ring    = \"vault-helm-unseal-kr\"\n#   crypto_key  = \"vault-helm-unseal-key\"\n#}\n\n# Example configuration for enabling Prometheus metrics.\n# If you are using Prometheus Operator you can enable a ServiceMonitor resource below.\n# You may wish to enable unauthenticated metrics in the listener block above.\n#telemetry {\n#  prometheus_retention_time = \"30s\"\n#  disable_hostname = true\n#}\n"

server.ha.disruptionBudget.enabled📜

Type: bool

Default value
true

server.ha.disruptionBudget.maxUnavailable📜

Type: string

Default value
nil

server.serviceAccount.create📜

Type: bool

Default value
true

server.serviceAccount.name📜

Type: string

Default value
""

server.serviceAccount.createSecret📜

Type: bool

Default value
false

server.serviceAccount.annotations📜

Type: object

Default value
{}

server.serviceAccount.extraLabels📜

Type: object

Default value
{}

server.serviceAccount.serviceDiscovery.enabled📜

Type: bool

Default value
true

server.statefulSet.annotations📜

Type: object

Default value
{}

server.statefulSet.securityContext.pod📜

Type: object

Default value
{}

server.statefulSet.securityContext.container.capabilities.drop[0]📜

Type: string

Default value
"ALL"

server.hostNetwork📜

Type: bool

Default value
false

ui.enabled📜

Type: bool

Default value
true

ui.publishNotReadyAddresses📜

Type: bool

Default value
true

ui.activeVaultPodOnly📜

Type: bool

Default value
false

ui.serviceType📜

Type: string

Default value
"ClusterIP"

ui.serviceNodePort📜

Type: string

Default value
nil

ui.externalPort📜

Type: int

Default value
8200

ui.targetPort📜

Type: int

Default value
8200

ui.serviceIPFamilyPolicy📜

Type: string

Default value
""

ui.serviceIPFamilies📜

Type: list

Default value
[]

ui.externalTrafficPolicy📜

Type: string

Default value
"Cluster"

ui.annotations📜

Type: object

Default value
{}

csi.enabled📜

Type: bool

Default value
false

csi.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/hashicorp/vault-csi-provider"

csi.image.tag📜

Type: string

Default value
"v1.5.0"

csi.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

csi.volumes📜

Type: string

Default value
nil

csi.volumeMounts📜

Type: string

Default value
nil

csi.resources.requests.cpu📜

Type: string

Default value
"50m"

csi.resources.requests.memory📜

Type: string

Default value
"128Mi"

csi.resources.limits.cpu📜

Type: string

Default value
"50m"

csi.resources.limits.memory📜

Type: string

Default value
"128Mi"

csi.hmacSecretName📜

Type: string

Default value
""

csi.daemonSet.updateStrategy.type📜

Type: string

Default value
"RollingUpdate"

csi.daemonSet.updateStrategy.maxUnavailable📜

Type: string

Default value
""

csi.daemonSet.annotations📜

Type: object

Default value
{}

csi.daemonSet.providersDir📜

Type: string

Default value
"/etc/kubernetes/secrets-store-csi-providers"

csi.daemonSet.kubeletRootDir📜

Type: string

Default value
"/var/lib/kubelet"

csi.daemonSet.extraLabels📜

Type: object

Default value
{}

csi.daemonSet.securityContext.pod.runAsNonRoot📜

Type: bool

Default value
true

csi.daemonSet.securityContext.pod.runAsGroup📜

Type: int

Default value
1000

csi.daemonSet.securityContext.pod.runAsUser📜

Type: int

Default value
100

csi.daemonSet.securityContext.pod.fsGroup📜

Type: int

Default value
1000

csi.pod.annotations📜

Type: object

Default value
{}

csi.pod.tolerations📜

Type: list

Default value
[]

csi.pod.nodeSelector📜

Type: object

Default value
{}

csi.pod.affinity📜

Type: object

Default value
{}

csi.pod.extraLabels📜

Type: object

Default value
{}

csi.agent.enabled📜

Type: bool

Default value
true

csi.agent.extraArgs📜

Type: list

Default value
[]

csi.agent.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/hashicorp/vault"

csi.agent.image.tag📜

Type: string

Default value
"1.18.1"

csi.agent.image.pullPolicy📜

Type: string

Default value
"IfNotPresent"

csi.agent.logFormat📜

Type: string

Default value
"standard"

csi.agent.logLevel📜

Type: string

Default value
"info"

csi.agent.resources.requests.memory📜

Type: string

Default value
"256Mi"

csi.agent.resources.requests.cpu📜

Type: string

Default value
"250m"

csi.agent.resources.limits.memory📜

Type: string

Default value
"256Mi"

csi.agent.resources.limits.cpu📜

Type: string

Default value
"250m"

csi.priorityClassName📜

Type: string

Default value
""

csi.serviceAccount.annotations📜

Type: object

Default value
{}

csi.serviceAccount.extraLabels📜

Type: object

Default value
{}

csi.readinessProbe.failureThreshold📜

Type: int

Default value
2

csi.readinessProbe.initialDelaySeconds📜

Type: int

Default value
5

csi.readinessProbe.periodSeconds📜

Type: int

Default value
5

csi.readinessProbe.successThreshold📜

Type: int

Default value
1

csi.readinessProbe.timeoutSeconds📜

Type: int

Default value
3

csi.livenessProbe.failureThreshold📜

Type: int

Default value
2

csi.livenessProbe.initialDelaySeconds📜

Type: int

Default value
5

csi.livenessProbe.periodSeconds📜

Type: int

Default value
5

csi.livenessProbe.successThreshold📜

Type: int

Default value
1

csi.livenessProbe.timeoutSeconds📜

Type: int

Default value
3

csi.debug📜

Type: bool

Default value
false

csi.extraArgs📜

Type: list

Default value
[]

domain📜

Type: string

Default value
"bigbang.dev"

monitoring.enabled📜

Type: bool

Default value
false

monitoring.namespace📜

Type: string

Default value
"monitoring"

networkPolicies.enabled📜

Type: bool

Default value
false

networkPolicies.controlPlaneCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.vpcCidr📜

Type: string

Default value
"0.0.0.0/0"

networkPolicies.ingressLabels.app📜

Type: string

Default value
"istio-ingressgateway"

networkPolicies.ingressLabels.istio📜

Type: string

Default value
"ingressgateway"

networkPolicies.additionalPolicies📜

Type: list

Default value
[]

autoInit.enabled📜

Type: bool

Default value
true

autoInit.image.repository📜

Type: string

Default value
"registry1.dso.mil/ironbank/big-bang/base"

autoInit.image.tag📜

Type: string

Default value
"2.1.0"

autoInit.storage.size📜

Type: string

Default value
"2Gi"

istio.enabled📜

Type: bool

Default value
false

istio.hardened.enabled📜

Type: bool

Default value
false

istio.hardened.customAuthorizationPolicies📜

Type: list

Default value
[]

istio.hardened.monitoring.enabled📜

Type: bool

Default value
true

istio.hardened.monitoring.namespaces[0]📜

Type: string

Default value
"monitoring"

istio.hardened.monitoring.principals[0]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-grafana"

istio.hardened.monitoring.principals[1]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-alertmanager"

istio.hardened.monitoring.principals[2]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-operator"

istio.hardened.monitoring.principals[3]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-prometheus"

istio.hardened.monitoring.principals[4]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-kube-state-metrics"

istio.hardened.monitoring.principals[5]📜

Type: string

Default value
"cluster.local/ns/monitoring/sa/monitoring-monitoring-prometheus-node-exporter"

istio.hardened.apiAccess.enabled📜

Type: bool

Default value
true

istio.hardened.apiAccess.ports[0]📜

Type: string

Default value
"8200"

istio.vault.enabled📜

Type: bool

Default value
true

istio.vault.gateways[0]📜

Type: string

Default value
"istio-system/main"

istio.vault.hosts[0]📜

Type: string

Default value
"vault.{{ .Values.domain }}"

istio.vault.tls.cert📜

Type: string

Default value
""

istio.vault.tls.key📜

Type: string

Default value
""

istio.mtls.mode📜

Type: string

Default value
"STRICT"

minio.enabled📜

Type: bool

Default value
false

customAppIngressSelector.key📜

Type: string

Default value
"vault-ingress"

customAppIngressSelector.value📜

Type: bool

Default value
true

serverTelemetry.serviceMonitor.enabled📜

Type: bool

Default value
false

serverTelemetry.serviceMonitor.selectors📜

Type: object

Default value
{}

serverTelemetry.serviceMonitor.interval📜

Type: string

Default value
"30s"

serverTelemetry.serviceMonitor.scrapeTimeout📜

Type: string

Default value
"10s"

serverTelemetry.serviceMonitor.tlsConfig📜

Type: object

Default value
{}

serverTelemetry.serviceMonitor.authorization📜

Type: object

Default value
{}

serverTelemetry.prometheusRules.enabled📜

Type: bool

Default value
false

serverTelemetry.prometheusRules.selectors📜

Type: object

Default value
{}

serverTelemetry.prometheusRules.rules📜

Type: list

Default value
[]

bbtests.enabled📜

Type: bool

Default value
false

bbtests.cypress.resources.requests.cpu📜

Type: int

Default value
2

bbtests.cypress.resources.requests.memory📜

Type: string

Default value
"8Gi"

bbtests.cypress.resources.limits.cpu📜

Type: int

Default value
2

bbtests.cypress.resources.limits.memory📜

Type: string

Default value
"8Gi"

bbtests.cypress.artifacts📜

Type: bool

Default value
true

bbtests.cypress.envs.cypress_vault_url📜

Type: string

Default value
"http://vault.vault.svc:8200"

bbtests.cypress.secretEnvs[0].name📜

Type: string

Default value
"cypress_token"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.name📜

Type: string

Default value
"vault-token"

bbtests.cypress.secretEnvs[0].valueFrom.secretKeyRef.key📜

Type: string

Default value
"key"

bbtests.cypress.disableDefaultTests📜

Type: bool

Default value
false

openshift📜

Type: bool

Default value
false