mimir values.yaml📜
networkPolicies.enabled📜
Type: bool
true
Description: Toggle networkPolicies
networkPolicies.egress.from.mimir.to.definition.kubeAPI📜
Type: bool
true
networkPolicies.egress.from.rollout-operator.to.definition.kubeAPI📜
Type: bool
true
istio.enabled📜
Type: bool
false
istio.sidecar.enabled📜
Type: bool
false
istio.sidecar.outboundTrafficPolicyMode📜
Type: string
"REGISTRY_ONLY"
istio.serviceEntries.custom📜
Type: list
[]
istio.authorizationPolicies.enabled📜
Type: bool
false
istio.authorizationPolicies.custom[0].name📜
Type: string
"mimir-allow-kube-apiserver-rollout-operator-authz-policy"
istio.authorizationPolicies.custom[0].enabled📜
Type: bool
true
istio.authorizationPolicies.custom[0].spec.selector.matchLabels.”app.kubernetes.io/name”📜
Type: string
"rollout-operator"
istio.authorizationPolicies.custom[0].spec.action📜
Type: string
"ALLOW"
istio.authorizationPolicies.custom[0].spec.rules[0].to[0].operation.ports[0]📜
Type: string
"8443"
istio.mtls.mode📜
Type: string
"STRICT"
domain📜
Type: string
"dev.bigbang.mil"
Description: Domain for VirtualService hosts (overridden by Big Bang)
routes📜
Type: object
inbound:
mimir-gateway:
enabled: false
gateways:
- istio-gateway/public-ingressgateway
hosts:
- mimir.{{ .Values.domain }}
port: 8080
selector:
app.kubernetes.io/component: gateway
app.kubernetes.io/name: mimir
service: '{{ .Release.Name }}-gateway.{{ .Release.Namespace }}.svc.cluster.local'
Description: Routes configuration for Istio VirtualService Enables external access to Mimir via Istio ingress gateway
upgradeJob.enabled📜
Type: bool
true
Description: Enable BigBang specific autoRollingUpgrade support
upgradeJob.name📜
Type: string
"mimir-upgrade-job"
upgradeJob.image.repository📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base"
Description: image repository for upgradeJob
upgradeJob.image.tag📜
Type: string
"2.1.0"
Description: image tag for upgradeJob
upgradeJob.image.imagePullPolicy📜
Type: string
"IfNotPresent"
upgradeJob.image.pullSecrets📜
Type: string
"private-registry"
upgradeJob.serviceAccount📜
Type: string
"upgrade-job-svc-account"
upgradeJob.role📜
Type: string
"upgrade-role"
upgradeJob.roleBinding📜
Type: string
"upgrade-rolebinding"
bbtests.enabled📜
Type: bool
false
bbtests.cypress.enabled📜
Type: bool
true
bbtests.cypress.artifacts📜
Type: bool
true
bbtests.cypress.envs.cypress_grafana_url📜
Type: string
"http://monitoring-grafana.monitoring.svc.cluster.local"
bbtests.scripts.image📜
Type: string
"registry1.dso.mil/ironbank/big-bang/base:2.1.0"
bbtests.scripts.envs.MIMIR_URL📜
Type: string
"http://mimir-mimir-distributor.mimir.svc:8080"
upstream.rollout_operator📜
Type: object
enabled: true
image:
repository: registry1.dso.mil/ironbank/opensource/grafana/rollout-operator
tag: v0.36.1
imagePullSecrets:
- name: private-registry
Description: rollout-operator is enabled by default as it is the required safety controller for zone-aware replication (zone-a/b/c ingesters and store-gateways). It installs namespace-scoped admission webhooks (no-downscale, prepare-downscale, pod-eviction) that intercept ALL StatefulSet UPDATE operations in the release namespace with failurePolicy: Fail. WARNING: If MinIO is deployed in the same namespace as Mimir, these webhooks will intercept MinIO Operator reconciliation calls and block Tenant CR updates (e.g. scaling, config changes). The minio-tenant.bucketInit job mitigates initial bucket creation, but subsequent Tenant spec changes may silently fail. The recommended configuration is to deploy Mimir and MinIO in separate namespaces. See docs/overview.md for full details on this limitation.