diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 869ab16a1377f843933d5f066659924ee3025155..02efc95a6693b82bcac7abe82b8109c1a2ff8e9e 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -27,7 +27,7 @@ stages:
# Smoke Tests
#
.bigbang:
- image: registry.dsop.io/platform-one/private/big-bang/pipeline-templates/k3d-builder:b0b45793
+ image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/k3d-builder:0.0.1
.deploy_bigbang: &deploy_bigbang
# Deploy flux and wait for it to be ready
@@ -36,24 +36,30 @@ stages:
- kubectl get namespaces,pods,gitrepositories,helmrelease -A
# Deploy BigBang
- - helm upgrade -i bigbang chart -n bigbang --create-namespace --set registryCredentials.username='robot$bigbang' --set registryCredentials.password=${REGISTRY1_PASSWORD}
- - kubectl apply -f examples/complete/envs/dev/source-secrets.yaml
+ - helm upgrade -i bigbang chart -n bigbang --create-namespace --set registryCredentials.username='robot$bigbang' --set registryCredentials.password=${REGISTRY1_PASSWORD} --set addons.argocd.enabled=true --set addons.authservice.enabled=true
+
+ # Apply secrets kustomization pointing to current branch
+ - echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
+ - cat examples/complete/envs/dev/source-secrets.yaml | sed 's|master|'$CI_COMMIT_REF_NAME'|g' | kubectl apply -f -
# Wait for components to be ready
# NOTE: Wait for each package individually so they show up nicely in ci logs
- - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang gatekeeper
- - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang istio-operator
- - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang istio
- - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang monitoring
- - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang eck-operator
+ - kubectl wait --for=condition=Ready --timeout 120s helmrelease -n bigbang gatekeeper
+ - kubectl wait --for=condition=Ready --timeout 120s helmrelease -n bigbang istio-operator
+ - kubectl wait --for=condition=Ready --timeout 240s helmrelease -n bigbang istio
+ - kubectl wait --for=condition=Ready --timeout 500s helmrelease -n bigbang monitoring
+ - kubectl wait --for=condition=Ready --timeout 120s helmrelease -n bigbang eck-operator
- kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang ek
- kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang fluent-bit
- kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang twistlock
- kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang cluster-auditor
- # Enable this after we merge in
- # - kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang argocd
- kubectl wait --for=condition=Ready --timeout 30s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
+ # Wait for addons (only if they exist since they might not yet for upgrades)
+ # TODO: This is kinda messy
+ - kubectl get helmrelease -n bigbang argocd && kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang argocd
+ - kubectl get helmrelease -n bigbang authservice && kubectl wait --for=condition=Ready --timeout 300s helmrelease -n bigbang authservice
+
# Quick check for non iron bank images
- echo "Showing images not from ironbank:"
# Ignore rancher images since those are from k3d
@@ -66,18 +72,17 @@ stages:
clean install:
stage: smoke tests
-# extends:
-# - .k3d
+ extends:
+ - .k3d
rules:
# Skip on merge requests (it is ran as part of the non MR pipeline)
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
when: never
+ - when: always
variables:
CLUSTER_NAME: "clean-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}"
- image: alpine:latest
script:
-# - *deploy_bigbang
- - echo "temp"
+ - *deploy_bigbang
upgrade:
stage: smoke tests
@@ -92,8 +97,8 @@ upgrade:
- git fetch && git checkout ${CI_DEFAULT_BRANCH}
- *deploy_bigbang
- - echo "Upgrade Big Bang from ${CI_COMMIT_BRANCH}"
- - git checkout ${CI_COMMIT_BRANCH}
+ - echo "Upgrade Big Bang from ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}"
+ - git checkout ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
- *deploy_bigbang
#-----------------------------------------------------------------------------------------------------------------------
diff --git a/chart/templates/authservice/authservice-helmrelease.yaml b/chart/templates/authservice/authservice-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..69176082709692fe2d14c3d4d1a8de2ff01f896c
--- /dev/null
+++ b/chart/templates/authservice/authservice-helmrelease.yaml
@@ -0,0 +1,49 @@
+{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: authservice
+ namespace: {{ .Release.Namespace }}
+spec:
+ targetNamespace: istio-system
+ chart:
+ spec:
+ chart: chart
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: authservice
+ namespace: {{ .Release.Namespace }}
+
+ {{- with .Values.flux }}
+ interval: {{ .interval }}
+ test:
+ enable: false
+ install:
+ remediation:
+ retries: {{ .install.retries }}
+ upgrade:
+ remediation:
+ retries: {{ .upgrade.retries }}
+ remediateLastFailure: true
+ cleanupOnFail: true
+ rollback:
+ timeout: {{ .rollback.timeout }}
+ cleanupOnFail: {{ .rollback.cleanupOnFail }}
+ {{- end }}
+
+ valuesFrom:
+ - name: values
+ kind: Secret
+ valuesKey: "authservice.yaml"
+ values:
+ imagePullSecrets:
+ - name: private-registry
+
+ defaultConfig: false
+ filterLabel: keycloak
+
+ dependsOn:
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/authservice/gitrepository.yaml b/chart/templates/authservice/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..291b0adb4bb873ee30558225ae005eaa7f946dec
--- /dev/null
+++ b/chart/templates/authservice/gitrepository.yaml
@@ -0,0 +1,17 @@
+{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: authservice
+ namespace: {{ .Release.Namespace }}
+spec:
+ ignore: |
+ # exclude file extensions
+ /**/*.md
+ /**/*.txt
+ /**/*.sh
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.addons.authservice.git.repo }}
+ ref:
+ {{- include "validRef" .Values.addons.authservice.git | nindent 4 }}
+{{- end }}
diff --git a/chart/templates/values.yaml b/chart/templates/values.yaml
index 098ca60cca75c1e610ddc9775d443c51839c4c4f..a2a2a5e0827f0583b39f9d98e56f2d8c0277e930 100644
--- a/chart/templates/values.yaml
+++ b/chart/templates/values.yaml
@@ -9,6 +9,8 @@ stringData:
{{ toYaml .Values | indent 4}}
argocd.yaml: |
{{ toYaml .Values.addons.argocd.values | indent 4 }}
+ authservice.yaml: |
+{{ toYaml .Values.addons.authservice.values | indent 4 }}
istio.yaml: |
{{ toYaml .Values.istio.values | indent 4 }}
gatekeeper.yaml: |
diff --git a/chart/values.yaml b/chart/values.yaml
index 864155a938d58d196275cb96da4abb47d5b42c91..39b770a7bc447c2e699ad598639d505c06912928 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -83,3 +83,10 @@ addons:
repo: https://repo1.dsop.io/platform-one/big-bang/apps/core/argocd.git
branch: chart-release
values: {}
+
+ authservice:
+ enabled: false
+ git:
+ repo: https://repo1.dsop.io/platform-one/big-bang/apps/sandbox/authservice.git
+ branch: master
+ values: {}
\ No newline at end of file
diff --git a/examples/complete/envs/dev/secrets/authservice-config.yaml b/examples/complete/envs/dev/secrets/authservice-config.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..849c06d069d83185f7df1f2c8741f62d59ce4829
--- /dev/null
+++ b/examples/complete/envs/dev/secrets/authservice-config.yaml
@@ -0,0 +1,37 @@
+apiVersion: v1
+kind: Secret
+metadata:
+ name: authservice-config
+ namespace: istio-system
+data:
+ config.json: ENC[AES256_GCM,data:yeHCrpjDGgn44xNfYJxhKd9hM5IL7P93KFcZRHm76DeXMwtphtmg2eUpoNJzz6SE1I01bVC6l/RtoVPxS6V8tO/hB2Lc3zZAgDLt+CdTOrY0fKGkHewm2O0NGyuYXUfkD0zQ35vmgMWtYObA+klQrS5JTfysyXrmsuG7ZvEBc1WSa7p40SyKUYSo7MooB+Q2Jm4K6HKKFm2Yg2pZ9CGSsb/GcRZVLK6fZOnQn1faqCpWFNTLNgyiovfDeEVg0F9bOO579FRjecfEeXbqIiKbr1+ztN/+yhRozQpsMBvfBDLT8R6U54LRPLSX213jzNY5yWYbLXVYGwq6EBZ7rYVUoPUDM429lqVtXxBwSZNI4dwxbj2QbY/0f75OgD0RM1c36F97DugklAOBmF1rqPMuCaojAk3I9S0OxffzbVNECLN7Nv2nKbtDl9bKuH5gTji/KQC1qJdKtWmK7QqoVh31LCJLa7aI6FTTZIdeONH9gXoubdnirp1hIoU92pMGOxfMsUWwK4gM2Q8+U230lBYwVAMHAQPxmD3iOr0DQb5e0DuhK1UF5xnCrYXteYvaq7L/6k2C7vionxdKZ+UDc6Jcub2QlS83WWjdI4VAefMA9Zrk1OmH+5TJhP1yMeXPEMLZZxUpz4umRuWk8H5j8S0clkAj37YJMnVKDYiVDJMQh49v/WKEAkSK7afw6lhAa1JIvZCCmOv9CD9nATEMjvXPM/pEVF5SfBr/6PtmGVjXw1XlELrgznfX09KEHHuoHfSupNAW7Vw6ljn+rK7n+yn/9f9MteENSBB9nYyre3DiVbjUiqcs8D82Z4/h8DnkTXHKEqb5gQT3mBR3LIiRhCvdN7Z9ywdciFevLEZyqZXLKtkwhUV01qUMQMbJtM5O1DeWc76mDPsykEs4zZR0Rc+CyvOgSj+wqC/i+hxyawoH9wccTIekO5+2WpEWZ1oAl3JIqMG2t8CxDt2KGzwiW5MKSMxSdUf4XpcOdzZbazMhEqSuFwaANDrxKJslwl5/vEcR+fy+JDPy8UFFUzRJ8YzOZa0vbYEgpdm2yvCDYkRRVsEs5OXnDtFKpVQGkHbZ7TT+wADJ5pCaM/2+WSi3Q82aH/a5NjxrTGH3sdVYKz39ucTopplpfwQMv9g6ksH1pbWqAbKZbMgHza6q0VN2KE/ss49jKBEARufxsO3qL7vEgpZr0Tu2a/mundGqKTymt43gfBh76I+pA2kvx3EiSYS7yFT6S1BeYCo1eWBZP0HHBkTuYv0N6CPJtGnc1iwKXaYb8TKqQV44AJh1ct77+d5DRYK7RAVOce8+hu4fBFSC9k4xg3k1hJbqkx9S+038uWf0OwCEvn8KZfsfW8LLaHkWiTAzFybAcA0SL1ZQntM4ZU07C10hHmMk1zgaWW0vMI66W+/UX3Qh4ZLQqUceALlIxQD3ktkpZZpXvoV4qkuuSzI2RUPYsEq1joLMPyfnhS+BDMi571pXPzwstnmsCQZcDAVWgNowqWphywtMkQFrIiIpPRKVyblYj4H4L2SUvlDnBUK2VSnHdcL4BHJeZiCMdA+rWgnAX5Ij0vHb4OdOBYr6fk9QDAmhAEUSgwSILjgBchkVpowdgkSEmmGxlqniICJIhgITJuiFI9E072yNRnaY30Ze6r4C8l75OJa3CFp7pAg9V8uobWhD8jbUvEHH1ecHQU8lfLqM06OA7IZQyRHGjVGrCMZDZnxvh/S9kmx/cA3dTedH5ouqIXdO2fhv5JPWJb/J2+qYjT+Hzb5S5B3ZGM3pSVdZiqmbiR1+f7jvqLMASIMNxXiJJccc6IA49mv9lXhtz/RVUbE/DxrrkbCJBHxzECV3yab9sB3bF4Dp5ASn4OoiWXRCOrtOHB6D878DHBAUJVRDN9vumF35wPNzEeLQa4W/fcvwofI6Zp3J9E+m0zL0orF26HMmPR/LqJeg8c9HEEYxWvwJGJDMKH6sobtZIDu6mb5Nv7hbdVccjc0ly0FeShbWxJDB43xDAXooolfyS8dE+V9YywPg5iooT2uErGmN6e4kxN75RaV9ADH4j5dqxfZYUSJFL6FBCK11fruTgTqxKWy8oBz5T6O5dG/00zQu7SF7z3I5ep8H7O7l23008b8BSiDSmb3MOlvEjCrhw+NqBm9JfUO1hJAEKhNJ4l9TPZOjucpu7qWlVbGdTSMjUCNdUH6SMnGU9RFY3t9yBDzKVOhHnVJpe588zYcCm1yLqIA5wPzX8VLsuc6BMEDxgf2XApcHpegodCkUQO9WuWBJb8ahT5kPdxDlN61FJNs1n7Scp2Y6/1qVdh6fup5jY0P+FxpgAyfuVCzdtRMlkbeyxxfyyztafhBbSJ9GS6ZKJ1TAGl6WB1Y5VD7kXbLHcAgFn83twdEDOK9dSo3/Bo94hBiTYgEmewH6SdWH1Ds1pA8uexlyLHWhBHPREJeN7F18/y+Kx5VJaF9CW4874h2WMexTJvNy9w9C4Txyr4osM9R/0wtaxHvU7SjuKZropItz2WKjNrn3YhDwXQ8kcbSg9SK5zBtSXIH6gGhW6ifakY5/+EYSWRI7nN5gGnci2TWLmRPgKErNFTdg0bvaQ6joTdQAMVjDakjgsk7wgAEsuI88L2DokpPXvVTDEr82I/ysAtyTp93CgRi7tuvkx1g/qE4vZhSUKC60xGxdqiP5RHHphT8Trpu//btd+kI0CSDn+w7eWNnnj35EGz/xOE4NPix9M115kwvau2NUyA/fOP33GnSLuyavV65AwO8FbE0MA8vKP/bO3AFb2xROSThcD42jfJnCQRTTxFxeJgbykOLe0zSZybw0NQ/EJs/SmITdXiQWE//9ozOt4IhxXgmYvUgl4yW3VExg6iPWbOOcs0rPp5eXJeF/J19XZ00nW8TXHDGjDio2P5yc1feaI85pAAZREjQ0kBheLYoNmQeVQIgh0CfUzf7Etl/DE4p3sfbmmdyln8XMvoq5MTE2/gEMEx91K7dJvB6qaSI+kiCzj+tLjigZEan+sgQNkV3/NEA+Nml/t9jyoLxxG/WYyM4G8XN+qubm2y3nBjq+eHQgd0fadm2I8AI1AYP7DnV16zu5VYWdVw/W5I0iNIbRzGOD+gtz2R+jbSsjaYg05g4444korcIM6sBHk/J5piCr1ZSaAUClws6IlZ/rqhqKrkrKZ/fQXoyLp2q5dVw0IBbjIMkouwN1SeukalLcFwVoiKnHr2iCiLKSfz8BVt9WZfaL5xj6MPX6z7YioJC0gzzyMzo5WE7+jOEBKDxC7rX7LuZLFv52DMz0v/3xXCtCzXJpbDqqBF/9Q1Y0zEJ6C2qsFdx8yMu5Tl9oagALjdqtriRwF9qwjW9anS2DJSqXUCQe0Lk2TQL7W3nAIlCc6al6QFidtci64BWX6hQ9njTGFZRxXiLfjghi5r/AJP2RSnBiA5VP5YJhWkh+Z1P54QyqlnFSWJMelP8IVLiMVJrtYNpH7jPoqOJoW5LT2c4Ar5z+pJA+nK7FneUCHEtVXAorgiTV69rWsFKrOMWAWPnWwx5nwIH1rMKGZmBHMTbNtIdtbpyC6QkJNsDUJSv9KSxAooFiYxZMIucT3KdWfbR4BuZFk4Wiz1B1AKWEmf/1J5/zEyLY5E4Rb9mSKHcJPXtVgOsHe5U5LdP48WR7cep3zSZ3JrqzfH+o+CAjkh79fld/Cvzoo02pN0IhHzhvDnnMygjOuUsoDC+iYb5CoPEcik8VvAwsEFK0f6mLCKjYMQDjxAgrq/8wKBwKYAXjhLi133p2NUoCA9+OQOlCSv7BygQ9iG+SekabS+4Tziqe6cFqDDz9KvzGRZyLD3fkX+bpGRo9uKloldvlVQ0BJ+3PADvHAm5XqrqtI0isW3Z/I9qnJnD15piRLyJAUDObI4HRHUF5Txexg9v3SAUSVguSn0tSujHNM+3oLpkhwD/Y/crqx0AN5YK/b8RJVht/IXfn0sI0xLvqcLtbiXktG9XBOtPkTxePj5ELzRaeHv4NGE58CAEanFsTyI22ePwKiISr1OdpyzxIMNWgew/kzX2R4Pf63w6J0ebiNIDLSBsNbSsXsbp5mlaCmjIx06RLArviNG+ZigxGzfeVRzYCUVVOld58SJNrFgcgcY1fNQKYQChZx+tlx65YWKpy6zNB0aCRTmRmHCsWsm4dT3y7v4zPGE3D9emhwdMwhjr0mkBTRv8VYFJ/4VtKFkz6Mnq7991BajMWkOZLqtH3otbwNRahtqFiUey5ZmQrNVYgIHQUw2Ks1HMY7BGkwRmdhaXPjB0J8/dGKir3OiZe5f8UjcMCeIwRICzFgrPn8nd9F7jiFd8FrO8r9FW2Oo089r4M6X0f/FvkHOJKkyCpQdqZ1rBPibPUhuHugZRb0A52A8DJzeNkJvmyDhjn+x3+yty4BEaXreHYPH3vIc6nOxefa5y3gS+UfzXl+8GUPbQRq/LGD92xVccfhZZjZGznOFrQDvjICGk/yEECa/9JY4IAK2UR+1UTaoY0U33Nc3yFW/20dkSc1QQWsio/8qkJkz1f2TPprCWstYTWRCb/FArAmMyEmo03y3zm5rApgPD56Eo=,iv:bpn4VO7gA0MYMBgmgoDwIblHGlVW3Ekmg8wNmYl0YD0=,tag:tQKh11BYua3PdBXHDuejcg==,type:str]
+sops:
+ kms: []
+ gcp_kms: []
+ azure_kv: []
+ hc_vault: []
+ lastmodified: '2020-11-20T20:10:39Z'
+ mac: ENC[AES256_GCM,data:ox2+A0U6gJY/m6zrWs0b9zNRrnuIy/3JdPaFyENcttGA00Fuhsb8Yqefgy1lU/mrO4SSZEq8tfEnIezP0OhOFYku8uUjYNdV89KDdDq+VAQGNE2nVZk/2v3BidBmxE8g7BW+NmBTVjjEFqWHHx6pC8iNBg4/hdqtY4QlHcgxHWs=,iv:EWsQ1BCIto+jM3s9q/uymxurSIAV91k7yDTkx0jtBSA=,tag:kjgaqwqJMur0oRmV8XF6Ew==,type:str]
+ pgp:
+ - created_at: '2020-11-20T20:10:38Z'
+ enc: |
+ -----BEGIN PGP MESSAGE-----
+
+ hQIMA93W3Fi3CqSYARAAmhjQ6dahjX4RFXwErHl5pJBYwNuRC6WyJZXYwDqWwxd0
+ eAIJ8/FyFqdHYG3lCAnICqLbdC/0UaXnBa5KDEMAcz7xHheq9NQCAuVL4sxyLklq
+ JdTO55SHPU3SO04cG++sB8VZhi0tUORMmNA0NoLrkMzx14V3UjEY3fWye4hL26a2
+ Ei6QhdbGHhEdq6/8nOOQXc1h8fAzchiJ5316fNIg/tdr6My0mUuDwi/pWeow4j5o
+ iiEtK6OsPPKgE4UaclQj2+CDKPhP4z6Ljuwd7EBPjrdywkHUmmbx3mJk6BOUiMdN
+ EvpVXpcz3sTu4RKmdzqDHocwbvxFW/cuXaAWWzaM3BpR970Itz1qV663RN3uuMr5
+ hnkiCiwk0T12dZ5B+DK7kdirT0my9mPkOM4+BmpTUvsiTF2OVI5+zwt/h4ZtUy1e
+ QVEpzSVpGsY/EN+2hFEuEmBnNBi8gmzMRa+FZJyvs26K8AeH0Rja4sjFYf8ccAfx
+ 6b3XLhOci6xa1Ik3HeWlOf78bMwnuHl0H9rgtg1S+AGWRJOG4tfJCTRpi9j/srVn
+ /x0wBVFyPiTV5oIjQgWoJgw4ZOz7XW23xmr9SpCP4ZwPu4q4I+KSlPb4pM0jSzZw
+ zpuvAKWJPkTxBGYewjjgImgWOGkhoIDah71djed3E/EtPULqSAUCjyXO4ktpI2HS
+ XgHvRRyHDbaKz7u9JuuGCRhQ0R0SQn4sGYwu5IiYiEP0sHcKs5p9Y/ThsyEKeyis
+ jMcf4GfW/yCmjudrfZ3V8yRDWG105QURx7qtSaMJ1nMGUFMq+bphDNRQopeBwUE=
+ =Ztvz
+ -----END PGP MESSAGE-----
+ fp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
+ encrypted_regex: ^(data|stringData)$
+ version: 3.6.1