diff --git a/charts/config/values.schema.json b/charts/config/values.schema.json new file mode 100644 index 00000000..1c794d05 --- /dev/null +++ b/charts/config/values.schema.json @@ -0,0 +1,302 @@ +{ + "type": "object", + "additionalProperties": false, + "properties": { + "domain": { + "type": "string" + }, + "license": { + "type": "string" + }, + "ssh": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "number" + } + } + }, + "sso": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "protocol": { + "type": "string" + }, + "secretName": { + "type": "string" + }, + "requiredGroups": { + "type": "array", + "items": {} + }, + "adminGroups": { + "type": "array", + "items": { + "type": "string" + } + }, + "defaultClientScopes": { + "type": "array", + "items": {} + } + } + }, + "storage": { + "type": "object", + "properties": { + "internal": { + "type": "boolean" + }, + "selector": { + "type": "object", + "properties": { + "app": { + "type": "string" + } + } + }, + "namespace": { + "type": "string" + }, + "port": { + "type": "number" + }, + "endpoint": { + "type": "string" + }, + "createSecret": { + "type": "object", + "properties": { + "enabled": { + "type": "string" + }, + "accessKey": { + "type": "string" + }, + "secretKey": { + "type": "string" + }, + "bucketPrefix": { + "type": "string" + }, + "bucketSuffix": { + "type": "string" + }, + "region": { + "type": "string" + }, + "provider": { + "type": "string" + }, + "secretRef": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "secretNamespace": { + "type": "string" + }, + "secretName": { + "type": "string" + }, + "secretIDKey": { + "type": "string" + }, + "secretPasswordKey": { + "type": "string" + } + } + } + } + } + } + }, + "redis": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "selector": { + "type": "object", + "properties": { + "app.kubernetes.io/name": { + "type": "string" + } + } + }, + "namespace": { + "type": "string" + }, + "port": { + "type": "number" + }, + "sentinel": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "port": { + "type": "number" + } + } + } + } + }, + "postgres": { + "type": "object", + "properties": { + "password": { + "type": "string" + }, + "internal": { + "type": "boolean" + }, + "selector": { + "type": "object", + "properties": { + "cluster-name": { + "type": "string" + } + } + }, + "namespace": { + "type": "string" + }, + "port": { + "type": "number" + } + } + }, + "runner": { + "type": "object", + "properties": { + "internal": { + "type": "boolean" + }, + "selector": { + "type": "object", + "properties": { + "app": { + "type": "string" + } + } + }, + "namespace": { + "type": "string" + }, + "sandboxNamespace": { + "type": "string" + } + } + }, + "mirroring": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "ports": { + "type": "array", + "items": { + "type": "number" + } + } + } + }, + "gitalyCgroupsInit": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + } + } + }, + "additionalNetworkAllow": { + "type": "array", + "items": { + "type": "object", + "properties": { + "direction": { + "type": "string", + "enum": [ + "Egress", + "Ingress" + ] + }, + "selector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "port": { + "type": "number" + }, + "description": { + "type": "string" + }, + "remoteNamespace": { + "type": "string" + }, + "remoteSelector": { + "type": "object", + "additionalProperties": { + "type": "string" + } + }, + "remoteGenerated": { + "type": "string", + "enum": [ + "Anywhere", + "CloudMetadata", + "IntraNamespace", + "KubeAPI" + ] + } + }, + "required": [ + "direction", + "selector" + ], + "oneOf": [ + { + "required": [ + "remoteNamespace", + "remoteSelector" + ], + "properties": { + "remoteGenerated": { + "not": {} + } + } + }, + { + "required": [ + "remoteGenerated" + ], + "properties": { + "remoteNamespace": { + "not": {} + }, + "remoteSelector": { + "not": {} + } + } + } + ] + } + } + } + } diff --git a/charts/config/values.yaml b/charts/config/values.yaml index 3d924412..a9fd258a 100644 --- a/charts/config/values.yaml +++ b/charts/config/values.yaml @@ -1,5 +1,6 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# yaml-language-server: $schema=./values.schema.json domain: "###ZARF_VAR_DOMAIN###" @@ -85,7 +86,7 @@ mirroring: gitalyCgroupsInit: enabled: false -# additionalNetworkAllow: +additionalNetworkAllow: [] # # Notice no `remoteGenerated` field here on custom internal rule # - direction: Ingress # selector: diff --git a/charts/settings/values.schema.json b/charts/settings/values.schema.json new file mode 100644 index 00000000..db0652ef --- /dev/null +++ b/charts/settings/values.schema.json @@ -0,0 +1,211 @@ +{ + "type": "object", + "additionalProperties": false, + "properties": { + "domain": { + "type": "string" + }, + "global": { + "type": "object", + "properties": { + "kubectl": { + "type": "object", + "properties": { + "image": { + "type": "object", + "properties": { + "repository": { + "type": "string" + }, + "tag": { + "type": "string" + } + } + } + } + } + } + }, + "botAccounts": { + "type": "object", + "additionalProperties": false, + "properties": { + "enabled": { + "type": "boolean" + }, + "accounts": { + "type": "array", + "items": { + "type": "object", + "properties": { + "username": { + "type": "string" + }, + "scopes": { + "type": "array", + "items": { + "type": "string" + } + }, + "secret": { + "type": "object", + "additionalProperties": false, + "properties": { + "name": { + "type": "string" + }, + "namespace": { + "type": "string" + }, + "keyName": { + "type": "string" + } + }, + "required": ["name", "namespace", "keyName"] + } + }, + "required": ["username", "scopes", "secret"] + } + } + }, + "required": ["enabled"] + }, + "settingsJob": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean" + }, + "schedule": { + "type": "string" + }, + "application": { + "type": "object", + "properties": { + "default_snippet_visibility": { + "type": "string" + }, + "default_project_visibility": { + "type": "string" + }, + "default_group_visibility": { + "type": "string" + }, + "restricted_visibility_levels": { + "type": "string" + }, + "enabled_git_access_protocol": { + "type": "string" + }, + "rsa_key_restriction": { + "type": "number" + }, + "ecdsa_key_restriction": { + "type": "number" + }, + "ecdsa_sk_key_restriction": { + "type": "number" + }, + "ed25519_key_restriction": { + "type": "number" + }, + "ed25519_sk_key_restriction": { + "type": "number" + }, + "dsa_key_restriction": { + "type": "number" + }, + "disable_feed_token": { + "type": "boolean" + }, + "gravatar_enabled": { + "type": "boolean" + }, + "signup_enabled": { + "type": "boolean" + }, + "email_confirmation_setting": { + "type": "string" + }, + "password_authentication_enabled_for_web": { + "type": "boolean" + }, + "password_authentication_enabled_for_git": { + "type": "boolean" + }, + "minimum_password_length": { + "type": "number" + }, + "password_number_required": { + "type": "boolean" + }, + "password_symbol_required": { + "type": "boolean" + }, + "password_uppercase_required": { + "type": "boolean" + }, + "password_lowercase_required": { + "type": "boolean" + }, + "admin_mode": { + "type": "boolean" + }, + "notify_on_unknown_sign_in": { + "type": "boolean" + }, + "dns_rebinding_protection_enabled": { + "type": "boolean" + }, + "throttle_authenticated_api_period_in_seconds": { + "type": "number" + }, + "throttle_authenticated_api_requests_per_period": { + "type": "number" + }, + "throttle_authenticated_packages_api_period_in_seconds": { + "type": "number" + }, + "throttle_authenticated_packages_api_requests_per_period": { + "type": "number" + }, + "throttle_authenticated_web_period_in_seconds": { + "type": "number" + }, + "throttle_authenticated_web_requests_per_period": { + "type": "number" + }, + "throttle_unauthenticated_api_period_in_seconds": { + "type": "number" + }, + "throttle_unauthenticated_api_requests_per_period": { + "type": "number" + }, + "throttle_unauthenticated_packages_api_period_in_seconds": { + "type": "number" + }, + "throttle_unauthenticated_packages_api_requests_per_period": { + "type": "number" + }, + "throttle_unauthenticated_web_period_in_seconds": { + "type": "number" + }, + "throttle_unauthenticated_web_requests_per_period": { + "type": "number" + }, + "usage_ping_enabled": { + "type": "boolean" + }, + "include_optional_metrics_in_service_ping": { + "type": "boolean" + }, + "version_check_enabled": { + "type": "boolean" + } + } + } + } + } + } + } + \ No newline at end of file diff --git a/charts/settings/values.yaml b/charts/settings/values.yaml index e3d8f1b1..07f66921 100644 --- a/charts/settings/values.yaml +++ b/charts/settings/values.yaml @@ -1,5 +1,6 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial +# yaml-language-server: $schema=./values.schema.json domain: "###ZARF_VAR_DOMAIN###" diff --git a/values/settings-registry1-values.yaml b/values/settings-registry1-values.yaml new file mode 100644 index 00000000..4ae39d4e --- /dev/null +++ b/values/settings-registry1-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +global: + kubectl: + image: + repository: registry1.dso.mil/ironbank/gitlab/gitlab/kubectl + tag: 17.6.1 diff --git a/values/settings-unicorn-values.yaml b/values/settings-unicorn-values.yaml new file mode 100644 index 00000000..9819b8df --- /dev/null +++ b/values/settings-unicorn-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +global: + kubectl: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/kubectl + tag: v17.6.1 diff --git a/values/settings-upstream-values.yaml b/values/settings-upstream-values.yaml new file mode 100644 index 00000000..9819b8df --- /dev/null +++ b/values/settings-upstream-values.yaml @@ -0,0 +1,8 @@ +# Copyright 2024 Defense Unicorns +# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial + +global: + kubectl: + image: + repository: registry.gitlab.com/gitlab-org/build/cng/kubectl + tag: v17.6.1 diff --git a/zarf.yaml b/zarf.yaml index aa6182dc..d160d945 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -53,7 +53,7 @@ components: - values/registry1-values.yaml - name: uds-gitlab-settings valuesFiles: - - values/registry1-values.yaml + - values/settings-registry1-values.yaml images: - "registry1.dso.mil/ironbank/gitlab/gitlab/certificates:17.6.1" - "registry1.dso.mil/ironbank/gitlab/gitlab/cfssl-self-sign:1.6.1" @@ -83,7 +83,7 @@ components: - values/upstream-values.yaml - name: uds-gitlab-settings valuesFiles: - - values/upstream-values.yaml + - values/settings-upstream-values.yaml images: - "registry.gitlab.com/gitlab-org/build/cng/certificates:v17.6.1" - "registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.6.1" @@ -114,7 +114,7 @@ components: - values/unicorn-values.yaml - name: uds-gitlab-settings valuesFiles: - - values/unicorn-values.yaml + - values/settings-unicorn-values.yaml images: - "registry.gitlab.com/gitlab-org/build/cng/certificates:v17.6.1" - "registry.gitlab.com/gitlab-org/build/cng/cfssl-self-sign:v17.6.1"