How to Override Big Bang Values
Structsure Enterprise is initially deployed with Big Bang default values. This guide demonstrates how to override these default values by passing your own values during deployment.
Prerequisites
To run Structsure Enterprise, please refer to Structsure Enterprise Getting Started.
Overriding Default Config Values
When deploying Structure Enterprise, you can override the Big Bang default values by setting environment variables passed as a configmap or secret. The following variables can be defined by the user when deploying Structsure Enterprise, using the --set flag:
- name: DOMAIN
description: It is the equivalent of the bigbang domain value. If provided no auto-discovery of any domain related settings are performed.
default: "bigbang.dev"
- name: FQDN
description: The fqdn or ip address that the apps can be be accessed at. If provided, a nip.io domain name will be generated and used.
- name: SINGLE_NODE
description: Toggles the big bang “appliance mode” off/on. If unset, the package will set this to false if you are running more than 3 nodes, and true if you are running less than 3 nodes
default: `false`
- name: CERT_PATH
description: A string containing a path to a public https certificate. If not set, the package will generate a cert/key pair based on the domain name
- name: KEY_PATH
description: A string containing a path to a private https key. If not set, the package will generate a cert/key pair based on the domain name
- name: CERT
autoIndent: `true`
- name: KEY
autoIndent: `true`
sensitive: `true`
- name: DOCKER_SOCKET:
description: Can be used to configure neuvector’s docker socket value.
- name: DISABLE_ROOT_FS_MOUNT:
description: Toggles the monitoring stacks root FS mount. This is required on some deployments such as k3d or colima + k3s
default: `false`
- name: ENF_NO_SYSTEM_PROFILES
description: Toggles a related environment variable. This is required on some deployments lacking kernel capabilities.
default: `false`
- name: BIGBANG_VALUES_FILE
description: This can be any Big Bang helm release chart value
- name: BIGBANG_SECRETS_FILE
description: This can be a secret passed to the Big Bang helm release
The following example sets the Big Bang values file path, as well as the fully qualified domain name (FQDN):
sudo zarf package deploy zarf-package-structsure-amd64-5.0.0.tar.zst --no-progress --confirm --set BIGBANG_VALUES_FILE=/path/to/bigbang-values.yaml --set FQDN=$HOSTNAME
Overriding Default Secret Values
You can also use environment variables to pass secrets by setting the path to the unencrypted values.yaml secrets file, using the --set flag, as shown in the example below:
sudo zarf package deploy zarf-package-structsure-amd64-5.0.0.tar.zst --no-progress --confirm --set BIGBANG_SECRETS_FILE=/path/to/bigbang-secrets.yaml
Unsetting Previously Overridden Config or Secret Values
Existing overridden (custom) Big Bang values or secrets can be updated on subsequent Zarf package deploys with new values or secrets passed in using the --set flag, as described above. However, a given custom Big Bang value cannot be "unset" to default (back to its original Big Bang chart value) by simply omitting it from the new BIGBANG_VALUES_FILE. To "unset" an existing Big Bang value, edit the corresponding application-overrides configmap on the cluster, and then delete the value from there. This must be completed before deploying the new Zarf package.
For example, the procedure below "unsets" a pinned GitLab chart Git tag value.
kubectl edit cm gitlab-overrides -n bigbang
Delete these lines:
git:
tag: 7.7.0-bb.0
Save and quit the editor. Repeat these steps for the gitlab-overrides configmap in the structsure-system namespace. Once the new Zarf package is deployed (or the application deployment/statefulset restarted), the pinned Git tag above will be "unset" and default back to the value from the Big Bang chart.
Any custom secret values can similarly be "unset" from the corresponding application-overrides
secret in the bigbang and structsure-system namespaces.