Big Bang Overview
Table of Contents
Key Concepts
Big Bang
Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster. Big Bang follows a GitOps approach to configuration management, using Flux v2 to reconcile Git with the cluster. Environments (e.g. dev, prod) and packages (e.g. istio) can be fully configured to suit the deployment needs.
Big Bang Components
Big Bang is made of several components that operate together. These include a base Kustomize, a Helm chart, packages, and an environment. The environment and base Kustomize are used together to deploy the Big Bang configuration and Helm chart. The Helm chart is then used to facilitate deployment of the packages.
Flux v2
Flux v2 is the tool used by Big Bang to reconcile sources of configuration in Git with actual code deployment. Flux includes resources to reconcile Git repositories, Kustomizations to Kubernetes manifests, and Helm Chart releases. Flux automatically monitors changes in these items and reconciles with the Kubernetes cluster.
GitOps
GitOps is a way to declaratively manage a Kubernetes cluster using a single source of truth in Git. All Kubernetes configuration is stored in Git. And, a tool (e.g. Flux) is used to automatically monitor and reconcile the configuration with the running Kubernetes cluster. This allows all changes to the cluster to be version controlled and pipelined.
SOPS
SOPS is a way to encrypt values in YAML, JSON, ENV, INI, or BINARY files so that sensitive data can be securely shared. Big Bang uses SOPS to encrypt pull secrets, certificates, and other secrets so that it can be stored into the Git repository securely. Big Bang (via Flux) uses the private key, stored in a secure area (e.g. KMS) to decrypt the secrets and deploy them into the cluster for use.
Kustomize
Kustomize is a tool that assists with configuration management for Kubernetes manifest files. It uses overlays and patching to customize a base set of manifests for deployment. Big Bang uses Kustomize to setup the environment (e.g. dev, prod) configuration.
Helm
Helm is a tool that assists with configuration management for Kubernetes manifest files. It uses charts, which includes templates and values, to create a set of manifests for deployment. Big Bang uses Helm charts to deploy all of its packages.
Packages
The following packages are included in a default deployment of Big Bang:
| Name | Description | Helm Chart Repo |
|---|---|---|
| Istio | Service Mesh | Link |
| Cluster Auditor | Link | |
| Open Policy Agent Gatekeeper | Policy Management | Link |
| Elastic Cloud on Kubernetes (ECK) | Logging; Incl. Elasticsearch & Kibana | Link |
| Prometheus and Grafana | Monitoring | Link |
| Twistlock | Security Scanning | Link |
In addition, the following packages can be added onto the default deployment:
| Name | Description | Helm Chart Repo |
|---|---|---|
| Argo CD | Continuous Delivery | Link |
| Auth Service | Single Sign On | Link |
Architecture
The diagram below shows a typcial deployment of Big Bang into a Kubernetes cluster. The items in blue require user interaction. The remaining items are automated by Big Bang.
Configuration
- The user must setup an encryption key pair for SOPS and store the private key securely (e.g. KMS). This shoud NOT be stored in Git.
- The user should then configure Big Bang values and secrets for the targeted Kubernetes cluster.
- All secrets should be encrypted with SOPS to protect them.
- Once all of the configuration has been completed, it must be pushed to a Git repository.