kiwi-sidecar

.gitignore

@@ -13,4 +13,9 @@ certs/
 /node_modules
 
 # debug
-npm-debug.log*
\ No newline at end of file
+npm-debug.log*
+
+# ignore developer specific files
+# (used frequently in deployments)
+patch.yaml
+notes
\ No newline at end of file

.gitlab-ci.yml

@@ -8,7 +8,7 @@ workflow:
     # run pipeline on commits to default branch
     - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
     # skip pipeline for branches that start with "docs"
-    - if: '$CI_COMMIT_REF_NAME =~ /^docs/'
+    - if: '$CI_COMMIT_REF_NAME =~ /^doc*/i'
       when: never
 
 # include templates
@@ -39,7 +39,7 @@ variables:
     - dogfood
 
 .bigbang:
-  image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/k3d-builder:0.0.1
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/k3d-builder:0.0.1
   extends: .bigbang-dogfood
   after_script:
     - kubectl get all -A
@@ -50,7 +50,7 @@ variables:
 #
 
 changelog:
-  image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
   stage: .pre
   extends:
     - .bigbang-dogfood
@@ -62,7 +62,7 @@ changelog:
   - ./scripts/lint_changelog.sh
 
 version:
-  image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
   stage: .pre
   extends:
     - .bigbang-dogfood
@@ -75,7 +75,7 @@ version:
   - ./scripts/lint_version.sh
 
 commits:
-  image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
   stage: .pre
   extends:
     - .bigbang-dogfood
@@ -87,7 +87,7 @@ commits:
   - ./scripts/lint_commits.sh
 
 pre vars:
-  image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
+  image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
   stage: .pre
   extends:
     - .bigbang-dogfood
@@ -184,8 +184,8 @@ upgrade:
     # skip job when branch name starts with "hotfix" or "patch"
     - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
       when: never
-    # run job on merge requests when manually activated
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    # run infrastructure pipelines only on merges into master, and run regardless of failure
+    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
       allow_failure: false
       when: manual
 
@@ -195,17 +195,17 @@ upgrade:
     # skip job when branch name starts with "hotfix" or "patch"
     - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
       when: never
-    # run pipeline on commits to default branch
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-    
+    # run infrastructure pipelines only on merges into master
+    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
+
 # Abstract for jobs responsible for cleaning up infrastructure
 .infra cleanup:
   rules:
     # skip job when branch name starts with "hotfix" or "patch"
     - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
       when: never
-    # run job on merge requests regardless of failure
-    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+    # run infrastructure pipelines only on merges into master, and run regardless of failure
+    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "master"'
       allow_failure: true
       when: always
 
@@ -340,7 +340,7 @@ aws/rke2/cluster down:
 
 package:
   stage: package
-  image: registry.dsop.io/platform-one/big-bang/umbrella/synker:0.0.1
+  image: registry.dso.mil/platform-one/big-bang/umbrella/synker:0.0.1
   extends:
     - .bigbang-dogfood
   rules:

.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/main.tf

@@ -130,7 +130,7 @@ resource "aws_security_group" "endpoints" {
 # Attaches the management vpc (the hub) to the created vpc (the spokes).
 #
 module "spoke" {
-  source = "git::https://repo1.dsop.io/platform-one/big-bang/terraform-modules/spoke-tgw-attachments.git"
+  source = "git::https://repo1.dso.mil/platform-one/big-bang/terraform-modules/spoke-tgw-attachments.git"
 
   name       = local.name
   hub_vpc_id = var.hub_vpc_id

.gitlab-ci/templates.yml

@@ -10,7 +10,7 @@ include:
 
 .terraformer:
   image:
-    name: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/terraform:0.13.5
+    name: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/terraform:0.13.5
     entrypoint:
       - /usr/bin/env
       - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

.gitlab/issue_templates/bug.md

+# Bug
+
+## Description
+
+Describe the problem, what were you doing when you noticed the bug?
+
+Provide any steps possible used to reproduce the error (ideally in an isolated fashion).
+
+## BigBang Version
+
+What version of BigBang were you running?
+
+This can be retrieved multiple ways:
+
+```bash
+# via helm
+helm ls -n bigbang
+
+# via the deployed umbrella git tag
+kubectl get gitrepository -n bigbang
+```
\ No newline at end of file

.gitlab/issue_templates/feature_request.md

+# Feature Request
+
+## Why
+
+What is the use case for the feature you are requesting? What are you trying to solve?
+
+The more detail here the better!
+
+## Proposed Solution
+
+If possible, provide details on the proposed solution.
+
+If your proposed solution _changes_ the existing behavior of a feature, please outline why your approach is recommended/better.

CHANGELOG.md

@@ -4,6 +4,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 ---
 
+## [1.0.7]
+
+* Added Kubernetes labels to all objects created by umbrella
+* Add OIDC integration for Grafana
+* Allow creation of wildcard cert for istio ingress to be passed to BigBang chart
+
 ## [1.0.6]
 
 * Added [HAProxy Addon](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/haproxy)
@@ -101,7 +107,7 @@ for setting ingressgateway to use nodeports
 
 ### Changed
 
-* Update Monitoring to [11.0.0-bb.2](https://repo1.dsop.io/platform-one/big-bang/apps/core/monitoring/-/tags/11.0.0-bb.2)
+* Update Monitoring to [11.0.0-bb.2](https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring/-/tags/11.0.0-bb.2)
 
 ---
 
@@ -113,11 +119,11 @@ for setting ingressgateway to use nodeports
 
 ### Changed
 
-* Updated Argo to [2.9.5-bb.1](https://repo1.dsop.io/platform-one/big-bang/apps/core/argocd/-/merge_requests/10) for Iron Bank images
-* Updated Authservice to [0.1.3-bb.0](https://repo1.dsop.io/platform-one/big-bang/apps/sandbox/authservice/-/blob/master/CHANGELOG.md#013-bb0) for authservice secret generation: https://repo1.dsop.io/platform-one/big-bang/apps/sandbox/authservice/-/blob/master/CHANGELOG.md#013-bb0
-* Updated ECK-Operator to [1.3.1-bb.1](https://repo1.dsop.io/platform-one/big-bang/apps/core/eck-operator/-/tags/1.3.0-bb.1)
-* Updated Twistlock to [0.0.2-bb.0](https://repo1.dsop.io/platform-one/big-bang/apps/security-tools/twistlock/-/tags/0.0.2-bb.0) to add istio.enabled flag
-* Updated Elasticsearch Kibana to [0.1.2-bb.0](https://repo1.dsop.io/platform-one/big-bang/apps/core/elasticsearch-kibana/-/tags/0.1.2-bb.0) and Pass istio.enabled to Elasticsearch Kibana
+* Updated Argo to [2.9.5-bb.1](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd/-/merge_requests/10) for Iron Bank images
+* Updated Authservice to [0.1.3-bb.0](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/authservice/-/blob/master/CHANGELOG.md#013-bb0) for authservice secret generation: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/authservice/-/blob/master/CHANGELOG.md#013-bb0
+* Updated ECK-Operator to [1.3.1-bb.1](https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator/-/tags/1.3.0-bb.1)
+* Updated Twistlock to [0.0.2-bb.0](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/tags/0.0.2-bb.0) to add istio.enabled flag
+* Updated Elasticsearch Kibana to [0.1.2-bb.0](https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana/-/tags/0.1.2-bb.0) and Pass istio.enabled to Elasticsearch Kibana
 
 ---
 

CODEOWNERS

 *                     @runyontr @joshwolf @megamind
 
-# [Chart Values]
+# ^[Chart Values]
 # chart/values.yaml
 # chart/Chart.yaml
 
-[Docs Owners]
+^[Docs Owners]
 docs/                 @michaelmcleroy @egoode
 
-[Kustomize Base Owners]
+^[Kustomize Base Owners]
 base/                 @michaelmcleroy
 
-[CI Owners]
+^[CI Owners]
 .gitlab-ci/           @zdzielinksi @iahmad @toladipupo
 tests/                @zdzielinksi @iahmad @toladipupo
 
-[Hack Owners]
+^[Hack Owners]
 scripts/              @zdzielinksi @iahmad @toladipupo @michaelmcleroy @egoode
 hack/                 @zdzielinksi @iahmad @toladipupo @michaelmcleroy @egoode
 
-[Istio and Authservice]
+^[Charter Owners]
+charter/              @runyontr @joshwolf
+
+^[Istio and Authservice]
 chart/Chart.yaml                @kenna81 @kavitha @cmcgrath
 chart/values.yaml               @kenna81 @kavitha @cmcgrath
 chart/templates/authservice     @kenna81 @kavitha @cmcgrath
 chart/templates/istio           @kenna81 @kavitha @cmcgrath
 
-[Anchore]
+^[Anchore]
 chart/Chart.yaml
 # chart/values.yaml
 # chart/templates/argocd
 
-[ArgoCD]
+^[ArgoCD]
 chart/Chart.yaml                @matthew.kaiser
 chart/values.yaml               @matthew.kaiser
 chart/templates/argocd          @matthew.kaiser
 
-# [Cluster Auditor]
+# ^[Cluster Auditor]
 # chart/Chart.yaml
 # chart/values.yaml
 # chart/templates/clusterauditor
 
-# [Gatekeeper]
+# ^[Gatekeeper]
 # chart/Chart.yaml
 # chart/values.yaml
 # chart/templates/gatekeeper
 
-[Logging]
+^[Logging]
 chart/Chart.yaml                @kavitha @ryan.j.garcia
 chart/values.yaml               @kavitha @ryan.j.garcia
 chart/templates/logging         @kavitha @ryan.j.garcia
 
-[Monitoring]
+^[Monitoring]
 chart/Chart.yaml                @lynnstill @ryan.j.garcia
 chart/values.yaml               @lynnstill @ryan.j.garcia
 chart/templates/monitoring      @lynnstill @ryan.j.garcia
 
-[Twistlock]
+^[Twistlock]
 chart/Chart.yaml                @thomas.burton
 chart/values.yaml               @thomas.burton
 chart/templates/twistlock       @thomas.burton
 
-[Gitlab]
+^[Gitlab]
 chart/Chart.yaml                @egoode @kevin.wilder
 chart/values.yaml               @egoode @kevin.wilder
 chart/templates/gitlab          @egoode @kevin.wilder

CONTRIBUTING.md

@@ -72,7 +72,7 @@ Here is a quick tip to squash all commits for a branch named `test`:
 
 ```
 git checkout test
-git reset $(git merge-base master $(git rev-parse --abbrev-ref HEAD))
+git reset $(git merge-base origin/master $(git rev-parse --abbrev-ref HEAD))
 git add -A
 git commit -m "feat: example conventional commit"
 git push --force
@@ -80,10 +80,10 @@ git push --force
 
 ## Iron Bank Images
 
-Per the [charter](https://repo1.dsop.io/platform-one/big-bang/charter), all Big Bang packages will leverage container images from [IronBank](https://ironbank.dsop.io/).  In order to pull these images, ImagePullSecrets must be provided to BigBang.  To obtain access to these images, follow the guides below.  These steps should NOT be used for production since the API keys for a user are only valid when the user is logged into [Registry1](https://registry1.dsop.io)
+Per the [charter](https://repo1.dso.mil/platform-one/big-bang/charter), all Big Bang packages will leverage container images from [IronBank](https://ironbank.dso.mil/).  In order to pull these images, ImagePullSecrets must be provided to BigBang.  To obtain access to these images, follow the guides below.  These steps should NOT be used for production since the API keys for a user are only valid when the user is logged into [Registry1](https://registry1.dso.mil)
 
-1) Register for a free Ironbank account [Here](https://sso-info.il2.dsop.io/new_account.html)
-1) Log into the [Iron Bank Registry](https://registry1.dsop.io), in the top right click your *Username* and then *User Profile* to get access to your *CLI secret*/API keys.
+1) Register for a free Ironbank account [Here](https://sso-info.il2.dso.mil/new_account.html)
+1) Log into the [Iron Bank Registry](https://registry1.dso.mil), in the top right click your *Username* and then *User Profile* to get access to your *CLI secret*/API keys.
 1) When installing BigBang, set the Helm Values `registryCredentials.username` and `registryCredentials.password` to match your Registry1 username and API token
 
 ## Local Kubernetes cluster
@@ -99,7 +99,7 @@ k3d cluster create --k3s-server-arg "--disable=traefik" --k3s-server-arg "--disa
 
 For development, it is quicker to test changes without having to push to Git.  To do this, we can bypass Flux2 and deploy Big Bang directly with its Helm chart.
 
-Start by creating `myvalues.yaml` to configure your local Big Bang.  Big Bang's template repository contains a starter [development values.yaml](https://repo1.dsop.io/platform-one/big-bang/customers/template/-/blob/main/dev/configmap.yaml).
+Start by creating `myvalues.yaml` to configure your local Big Bang.  Big Bang's template repository contains a starter [development values.yaml](https://repo1.dso.mil/platform-one/big-bang/customers/template/-/blob/main/dev/configmap.yaml).
 
 Configure `myvalues.yaml` to suit your needs.
 
@@ -121,7 +121,7 @@ For more extensive development, use the [Development Guide](docs/c_development.m
 
 ## Testing Big Bang Development Changes
 
-Development changes should be tested using a full GitOps environment.  The [Big Bang environment template](https://repo1.dsop.io/platform-one/big-bang/customers/template/) should be replicated, either on a branch or new repository, to start your deployment.  Follow the instructions in the [template's readme](https://repo1.dsop.io/platform-one/big-bang/customers/template/-/tree/main/README.md) and in the [Big Bang docs](./docs) for configuration.
+Development changes should be tested using a full GitOps environment.  The [Big Bang environment template](https://repo1.dso.mil/platform-one/big-bang/customers/template/) should be replicated, either on a branch or new repository, to start your deployment.  Follow the instructions in the [template's readme](https://repo1.dso.mil/platform-one/big-bang/customers/template/-/tree/main/README.md) and in the [Big Bang docs](./docs) for configuration.
 
 Follow the [Big Bang documentation](./docs) for testing a full deployment of Big Bang.
 
@@ -173,7 +173,7 @@ This stage is ran on every commit, and is a requirement for merging.
 
 Ultimately, BigBang is designed to deploy production ready workloads on real infrastructure.  While local and ephemeral clusters are excellent for fast feedback during development, changes must ultimately be tested on real clusters on real infrastructure.
 
-As part of BigBang's [charter](https://repo1.dsop.io/platform-one/big-bang/charter), it is expected work on any CNCF conformant kubernetes cluster, on multiple clouds, and on premise environments.  By very definition, this means infrastructure testing is _slow_.  To strive for a pipeline with a happy medium of providing fast feedback while still exhaustively testing against environments that closely mirror production, __infrastructure testing only occurs on manual actions on merge request commits.__
+As part of BigBang's [charter](https://repo1.dso.mil/platform-one/big-bang/charter), it is expected work on any CNCF conformant kubernetes cluster, on multiple clouds, and on premise environments.  By very definition, this means infrastructure testing is _slow_.  To strive for a pipeline with a happy medium of providing fast feedback while still exhaustively testing against environments that closely mirror production, __infrastructure testing only occurs on manual actions on merge request commits.__
 
 When you are comfortable your branch is ready to be merged, opening up an merge request will trigger the creation of a suite of infrastructure testing jobs which will require a manual action from a project maintainer (assuming previous linting and smoke tests have passed).  Once the commit(s) are validated against the infrastructure tests, your changes are ready to be merged!
 
@@ -191,7 +191,7 @@ For each cloud, a BigBang owned network will be created that conform with the ap
 
 Several types of clusters are created within the previously provisioned network(s), and follow the vendors recommended iac approach.
 
-For example, an `rke2` cluster is created that leverages the upstream [terraform modules](https://repo1.dsop.io/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform), and an `eks` cluster is created with the upstream [terraform modules](https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks).
+For example, an `rke2` cluster is created that leverages the upstream [terraform modules](https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform), and an `eks` cluster is created with the upstream [terraform modules](https://docs.microsoft.com/en-us/azure/developer/terraform/create-k8s-cluster-with-tf-and-aks).
 
 It is a hard requriement at this stage that every cluster outputs an admin scoped `kubeconfig` as a gitlab ci artifact.  This artifact will be leveraged in the following stages for interacting with the created cluster.
 

Packages.md

@@ -4,22 +4,22 @@
 
 | Package | Status |
 | ----    | ---  |
-| [Istio Operator](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator) |  ![Istio Operator Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/istio-operator/badges/main/pipeline.svg) |
-| [Istio Controlplane](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane) | ![Istio Controlplane Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/istio-controlplane/badges/main/pipeline.svg) | 
-| [Monitoring](https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring) | ![Monitoring Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/monitoring/badges/main/pipeline.svg) |
-| [ECK Operator](https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator) | ![ECK Operator Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/eck-operator/badges/main/pipeline.svg) | 
-| [Elasticsearch Kibana](https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana) |![EK Operator Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/elasticsearch-kibana/badges/main/pipeline.svg)  |
-| [Fluentbit](https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit) | ![Fluentbit Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/fluentbit/badges/main/pipeline.svg)  |
-| [OPA Gatekeeper](https://repo1.dso.mil/platform-one/big-bang/apps/core/policy) | ![OPA Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/policy/badges/main/pipeline.svg) |
-| [Argocd](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd) |![Argo Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/argocd/badges/main/pipeline.svg)  |
-| [Cluster Auditor](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor) | ![Cluster Auditor Build](https://repo1.dsop.io/platform-one/big-bang/apps/core/cluster-auditor/badges/main/pipeline.svg)  |
+| [Istio Operator](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator) |  ![Istio Operator Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator/badges/main/pipeline.svg) |
+| [Istio Controlplane](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane) | ![Istio Controlplane Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane/badges/main/pipeline.svg) | 
+| [Monitoring](https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring) | ![Monitoring Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring/badges/main/pipeline.svg) |
+| [ECK Operator](https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator) | ![ECK Operator Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator/badges/main/pipeline.svg) | 
+| [Elasticsearch Kibana](https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana) |![EK Operator Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana/badges/main/pipeline.svg)  |
+| [Fluentbit](https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit) | ![Fluentbit Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit/badges/main/pipeline.svg)  |
+| [OPA Gatekeeper](https://repo1.dso.mil/platform-one/big-bang/apps/core/policy) | ![OPA Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/badges/main/pipeline.svg) |
+| [Argocd](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd) |![Argo Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd/badges/main/pipeline.svg)  |
+| [Cluster Auditor](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor) | ![Cluster Auditor Build](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor/badges/main/pipeline.svg)  |
 
 
 ## Security
 | Package | Status |
 | ----    | ---  |
-| [Keycloak](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak) |  ![Keycloak Build](https://repo1.dsop.io/platform-one/big-bang/apps/security-tools/keycloak/badges/main/pipeline.svg) |
-| [Twistlock](https://repo1.dsop.io/platform-one/big-bang/apps/security-tools/twistlock) |  ![Twistlock Build](https://repo1.dsop.io/platform-one/big-bang/apps/security-tools/twistlock/badges/main/pipeline.svg) |
+| [Keycloak](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak) |  ![Keycloak Build](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/badges/main/pipeline.svg) |
+| [Twistlock](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock) |  ![Twistlock Build](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/badges/main/pipeline.svg) |
 | [Anchore Enterprise](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise) | ![Anchore Build](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/badges/main/pipeline.svg)
 | [Authservice](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/authservice) | ![Authservice Build](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/authservice/badges/main/pipeline.svg)
 
@@ -28,4 +28,4 @@
 | Package | Status |
 | ----    | ---  |
 | [Gitlab](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab)  | ![Gitlab Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/badges/main/pipeline.svg)    |
-| [Gitlab Runner](https://repo1.dsop.io/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  ![Gitlab Runner Build](https://repo1.dsop.io/platform-one/big-bang/apps/developer-tools/gitlab-runner/badges/main/pipeline.svg) |
+| [Gitlab Runner](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner) |  ![Gitlab Runner Build](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/badges/main/pipeline.svg) |

README.md

@@ -10,7 +10,7 @@ Additional information can be found in [Big Bang Overview](./docs/1_overview.md)
 
 ## Getting Started
 
-To start using Big Bang, you will need to create your own Big Bang environment tailored to your needs.  The [Big Bang customer template](https://repo1.dsop.io/platform-one/big-bang/customers/template/) is provided for you to copy into your own Git repository and begin modifications.  Follow the instructions in [Big Bang Getting Started](./docs/2_getting_started.md) to customize and deploy Big Bang.
+To start using Big Bang, you will need to create your own Big Bang environment tailored to your needs.  The [Big Bang customer template](https://repo1.dso.mil/platform-one/big-bang/customers/template/) is provided for you to copy into your own Git repository and begin modifications.  Follow the instructions in [Big Bang Getting Started](./docs/2_getting_started.md) to customize and deploy Big Bang.
 
 ### Contributing
 

base/gitrepository.yaml

@@ -9,6 +9,6 @@ spec:
     /**/*.txt
     /**/*.sh
   interval: 10m
-  url: https://repo1.dsop.io/platform-one/big-bang/umbrella.git
+  url: https://repo1.dso.mil/platform-one/big-bang/umbrella.git
   ref:
-    tag: 1.0.5
+    tag: 1.0.7

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 1.0.7
\ No newline at end of file
+version: 1.0.7

chart/ingress-certs.yaml

+istio:
+  ingress:
+    key: |
+      -----BEGIN PRIVATE KEY-----
+      MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/D0ec03HNoIEK
+      y1b58HynHMpf/ozsUmnQ5PRBlxMuf7kwMICaBpAwIiyKf8a34sBg3xv1KXe5hUlf
+      0aOXhK3LRg3VMhRw0Q8bLwc3qaUViqqa3niYqsOjg3bTiTM/oQZDyN09oFJTvG2T
+      +bcpX6IdIu3elsXQL7iETtl6e3MKF+NrLh/nDXGh89suBxFmkKqlYi8OYgxa0smK
+      rRQdapRaCfdYwfhYUmpzP64YIkjBnjlHa+QM901iSC/p21Iog3iGM1VyeGKCjd3a
+      g9mm+es0MXVtvTR9nPJtVgfDN8izmdbEkKYcxsGuy9EWFkqzNpSRmIBAFmRE0RZa
+      khStc/5jAgMBAAECggEAXJb7DXUq4Yu2/ZQtQlLZFeNN79dcU+pcfW93L5IXKaGc
+      DU50BDDKD4mALF5f3x10PX3h/p1p9+4v8M+XiAY0cx4v9fGfFk06FOJljQQZjKb2
+      prbJmrKmvMco/rquq1dNwevFy+e1/f6C3ANYUCSYW6ZhwE0w8AMwWG4d1s2cona6
+      y+2dCBDmPPeZMAi6fV52G5YRULGkkfZTc9OJnx4Mivtuf8sjahNLnaLgL+kscf0s
+      amWpMqQ++EpXSj/bb1pNxqtQmm9bn9gxX8WWwUCVrZTpV4gmaoekhAU1H0CDglmH
+      7ByeMYlVYZ40SPhTzWTqQJGQg/seSJBOHTm59vLygQKBgQDhEHpQ5QofK902RrH6
+      Nuoui8WUS4w8y3X+jJ/6WC7Wlp94H29+ag7Z9BOMw7ReKlICCwUYLpKO9oeTHKT/
+      LmIDq03Leduj34K5t/BHcMfwpGMabPRDgWM5r0rJUNxIGtqTpJmOEOHCB+yXRiTO
+      GJtuDmmL8Vkrh0S6xck7D2tHrwKBgQDZUkBwjtylRoRYflZspGwp3e5ECmNf2GYp
+      9ZypaycDNDK06av0Jk+DNKQ3XFmRpID56lyUN4fPV/ICphPYE+C88J5rXAvdmG/7
+      1UTZN68FaObNrwH2H1H5pdlCiaezIPXcjOfr9Fyf3q+W3mo54bnIc3uuXNTu8QSA
+      W1S4uahtjQKBgQDg9hp872M9oxebH/DYHLnZSqZ0Q0tqnShVBnUFw80Vezrs0+ca
+      4aH0o25DHn8UPJL6Lc+qyyp9Mdhz6IbX9qHL7xd0klpDo67EOiI3FnkThQz2Jf/F
+      1fe7egZz0ZpNjGH8f+NoyGEQE+Gdl2REiP4bdNZ1JgmuY6gEVJx+pzvhSwKBgQCU
+      ZDOYKBTFzibkfi/pM0SgOehOEYHVml/4WrvEe2RCLcxJ+BzwM5CrmLBhFPAcIOXo
+      wHzCwEA99mFMKbb3Hmug1/R0fn+jqkkc/n1qjTk3Sm//FncSZkSFYRe+9VvLVsBK
+      /vQGC++LQnVHYUvLhjRjiWd0ofLLzUszkimBkVROqQKBgQDbF8zopHsx9esG56wa
+      swAacYfmfqS6d2WOGdMVX4lLBm6i8AXjsUPDM7uCPgFYNME8nabnCUUUUp/ay9K9
+      y0MSGIBODQBuG3oQh50WFrMS9DS81CeN6Pw0OfyJbcVipfzR91enLVrtu2VHR6k/
+      yaBUIExh8TljUL3lXmmsogyTtA==
+      -----END PRIVATE KEY-----
+    cert: |
+      -----BEGIN CERTIFICATE-----
+      MIIFbjCCBFagAwIBAgISAw26hxsmWVkOG9m/gVhtkSG5MA0GCSqGSIb3DQEBCwUA
+      MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+      EwJSMzAeFw0yMTAxMTYwMDQwNDNaFw0yMTA0MTYwMDQwNDNaMBwxGjAYBgNVBAMM
+      ESouZGV2LmJpZ2JhbmcuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+      AQEAvw9HnNNxzaCBCstW+fB8pxzKX/6M7FJp0OT0QZcTLn+5MDCAmgaQMCIsin/G
+      t+LAYN8b9Sl3uYVJX9Gjl4Sty0YN1TIUcNEPGy8HN6mlFYqqmt54mKrDo4N204kz
+      P6EGQ8jdPaBSU7xtk/m3KV+iHSLt3pbF0C+4hE7ZentzChfjay4f5w1xofPbLgcR
+      ZpCqpWIvDmIMWtLJiq0UHWqUWgn3WMH4WFJqcz+uGCJIwZ45R2vkDPdNYkgv6dtS
+      KIN4hjNVcnhigo3d2oPZpvnrNDF1bb00fZzybVYHwzfIs5nWxJCmHMbBrsvRFhZK
+      szaUkZiAQBZkRNEWWpIUrXP+YwIDAQABo4ICkjCCAo4wDgYDVR0PAQH/BAQDAgWg
+      MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
+      A1UdDgQWBBTrbZ6+wAuQ0OIBbN8V8hXbLkufuDAfBgNVHSMEGDAWgBQULrMXt1hW
+      y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
+      Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
+      b3JnLzBjBgNVHREEXDBagg0qLmJpZ2JhbmcuZGV2ghUqLmRlZmF1bHQuYmlnYmFu
+      Zy5kZXaCESouZGV2LmJpZ2JhbmcuZGV2ghIqLnRlc3QuYmlnYmFuZy5kZXaCC2Jp
+      Z2JhbmcuZGV2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgw
+      JgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYB
+      BAHWeQIEAgSB9ASB8QDvAHYARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2
+      gagAAAF3CNoNOwAABAMARzBFAiBCxBHYF5SXNE+UcCZRftFb+5XE+Onj8HtC4atE
+      kNm6qQIhANFpOLxz2e3JwrwHKdadcBDwc+Q2xLPYKJHpyQUVMJboAHUA9lyUL9F3
+      MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF3CNoNGgAABAMARjBEAiADpTYm
+      547TFUjhV83thTmZWJWsYZRzsZMeo7EamHedBgIgf92OPEoJGOGTmMUHR5nmEIgv
+      OU/BA5PVyEYOrHL42mYwDQYJKoZIhvcNAQELBQADggEBAAqLJb4kCmqtYUeWIFJH
+      gpqpYN2twKos3CxVSJoWz3keU40t21/IrqziZkFffoGOTtuBzaX8xsPPz1Vpp+4G
+      WKHVZLb46ykDFPGL9+GaoUKOscxqdWHyN1abH5QFq7lYlH6AyJJ7qIj7RYIJRYIr
+      XuDGFpw7pxzM/laud/mZP9rztG3xbcFxxuYxCTqB53PUnMF1VfXAgsGz9l8Z91VU
+      KQQxckFwe2xunlB6HqUg3ahJOHNdDLuFPz6WS35Eyl+xf2gXFW1jYpxOJRpzsxp9
+      aVIrak3GIa7QgCav++5tue++YM2TqrWqq9GM1ixPG7HRCIbGYh31Hs462qlLOIAn
+      PKE=
+      -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+      MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+      DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+      MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+      AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+      jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+      Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+      U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+      gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+      /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+      oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+      BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+      ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+      p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+      AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+      Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+      LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+      r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+      AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+      ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+      S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+      qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+      O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+      UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+      -----END CERTIFICATE-----

chart/templates/_helpers.tpl

@@ -71,4 +71,14 @@ Build common set of file extensions to include/exclude
     /**/*.md
     /**/*.txt
     /**/*.sh
+{{- end -}}
+
+{{/*
+Common labels for all objects
+*/}}
+{{- define "commonLabels" -}}
+app.kubernetes.io/instance: "{{ .Release.Name }}"
+app.kubernetes.io/version: "{{ .Chart.Version }}"
+app.kubernetes.io/part-of: "bigbang"
+app.kubernetes.io/managed-by: "flux"
 {{- end -}}
\ No newline at end of file

chart/templates/argocd/argocd-helmrelease.yaml

@@ -4,6 +4,10 @@ kind: HelmRelease
 metadata:
   name: argocd
   namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: argocd
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
 spec:
   targetNamespace: argocd
   chart:
@@ -31,7 +35,6 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
   valuesFrom:
     - name: values
       kind: Secret
@@ -39,7 +42,17 @@ spec:
   values:
     hostname: {{ .Values.hostname }}
     createNamespace: false
-    imagePullSecrets:
+    global:
+      imagePullSecrets:
+      - name: private-registry
+    controller:
+      imagePullSecrets:
+      - name: private-registry
+    dex:
+      imagePullSecrets:
+      - name: private-registry
+    redis:
+      imagePullSecrets:
       - name: private-registry
     server:
       config:

chart/templates/argocd/gitrepository.yaml

@@ -4,6 +4,10 @@ kind: GitRepository
 metadata:
   name: argocd
   namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: argocd
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
 spec:
   interval: {{ .Values.flux.interval }}
   url: {{ .Values.addons.argocd.git.repo }}

chart/templates/argocd/namespace.yaml

@@ -3,7 +3,9 @@ apiVersion: v1
 kind: Namespace
 metadata:
   labels:
-    app: {{ .Release.Name }}-argocd
+    app.kubernetes.io/name: authservice
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
   name: argocd
 
 ---

chart/templates/authservice/authservice-helmrelease.yaml

@@ -4,6 +4,10 @@ kind: HelmRelease
 metadata:
   name: authservice
   namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authservice
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
 spec:
   targetNamespace: authservice
   chart:
@@ -38,7 +42,7 @@ spec:
       valuesKey: "authservice.yaml"
   values:
     imagePullSecrets:
-      - name: private-registry
+    - name: private-registry
     global:
       oidc:
         host: {{ .Values.sso.oidc.host }}

chart/templates/authservice/gitrepository.yaml

@@ -4,6 +4,10 @@ kind: GitRepository
 metadata:
   name: authservice
   namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: authservice
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
 spec:
   interval: {{ .Values.flux.interval }}
   url: {{ .Values.addons.authservice.git.repo }}