Big Bang Release Airgap Automated Testing

5d73026b · Danny Gershman · Christopher O'Connell · 033e9726 · 5d73026b · 5d73026b
Commit 5d73026b authored 1 year ago by Danny Gershman Committed by Christopher O'Connell 1 year ago
--- a/README.md
+++ b/README.md
@@ -4,7 +4,7 @@ Big Bang is a declarative, continuous delivery tool for deploying DoD hardened a

 > _If viewing this from Github, note that this is a mirror of a government repo hosted on [Repo1](https://repo1.dso.mil/) by [DoD Platform One](http://p1.dso.mil/).  Please direct all code changes, issues and comments to [https://repo1.dso.mil/big-bang/bigbang](https://repo1.dso.mil/big-bang/bigbang)

-## Usage & Scope
+## Usage & Scope 

 Big Bang's scope is to provide publicly available installation manifests for packages required to adhere to the DoD DevSecOps Reference Architecture and additional useful utilities. Big Bang packages are broken into three categories:


--- a/docs/assets/configs/zarf/config/custom.yaml
+++ b/docs/assets/configs/zarf/config/custom.yaml
+monitoring:
+  enabled: false
+
+neuvector:
+  enabled: false
--- a/docs/assets/configs/zarf/config/kyverno.yaml
+++ b/docs/assets/configs/zarf/config/kyverno.yaml
+# Use Kyverno instead of Gatekeeper
+gatekeeper:
+  enabled: false
+clusterAuditor:
+  enabled: false
+kyverno:
+  enabled: true
+kyvernoPolicies:
+  enabled: true
+  values:
+    policies:
+      disallow-shared-subpath-volume-writes:
+        validationFailureAction: audit
+      restrict-host-ports:
+        validationFailureAction: audit
+      restrict-capabilities:
+        validationFailureAction: audit
+      restrict-image-registries:
+        validationFailureAction: audit
+      disallow-host-namespaces:
+        validationFailureAction: audit
+      disallow-privileged-containers:
+        validationFailureAction: audit
+      require-non-root-user:
+        validationFailureAction: audit
+      restrict-host-path-mount-pv:
+        validationFailureAction: audit
--- a/docs/assets/configs/zarf/metallb/config.yaml
+++ b/docs/assets/configs/zarf/metallb/config.yaml
+---
+apiVersion: metallb.io/v1beta1
+kind: IPAddressPool
+metadata:
+  name: primary-pool
+  namespace: metallb-system
+spec:
+  addresses:
+    - "###ZARF_VAR_PRIVATE_IP_1###/32"
+
+#---
+#apiVersion: metallb.io/v1beta1
+#kind: IPAddressPool
+#metadata:
+#  name: secondary-pool
+#  namespace: metallb-system
+#spec:
+#  addresses:
+#    - "###ZARF_VAR_PRIVATE_IP_2###/32"
+---
+apiVersion: metallb.io/v1beta1
+kind: L2Advertisement
+metadata:
+  name: empty
+  namespace: metallb-system
--- a/docs/assets/configs/zarf/metallb/metallb-native-0.13.9.yaml
+++ b/docs/assets/configs/zarf/metallb/metallb-native-0.13.9.yaml
--- a/docs/assets/configs/zarf/metallb/zarf.yaml
+++ b/docs/assets/configs/zarf/metallb/zarf.yaml
+kind: ZarfPackageConfig
+metadata:
+  name: metallb
+  description: "Deploy MetalLB"
+  version: 1.0.0
+  url: https://bigbang.dso.mil
+  architecture: amd64
+
+variables:
+  - name: PRIVATE_IP_1
+#  - name: PRIVATE_IP_2
+
+components:
+  - name: metallb
+    manifests:
+      - name: metallb-baseline
+        namespace: metallb-system
+        files:
+          - metallb-native-0.13.9.yaml
+      - name: metallb-config
+        namespace: metallb-system
+        files:
+          - config.yaml
+    images:
+      - quay.io/metallb/speaker:v0.13.9
+      - quay.io/metallb/controller:v0.13.9
--- a/docs/assets/configs/zarf/virtualservices/gitea.yaml
+++ b/docs/assets/configs/zarf/virtualservices/gitea.yaml
+apiVersion: networking.istio.io/v1alpha3
+kind: VirtualService
+metadata:
+  name: gitea
+  namespace: zarf
+spec:
+  gateways:
+    - istio-system/public
+  hosts:
+    - gitea.###ZARF_VAR_DOMAIN###
+  http:
+    - route:
+        - destination:
+            host: zarf-gitea-http.zarf.svc.cluster.local
+            port:
+              number: 3000
--- a/docs/assets/configs/zarf/zarf.yaml
+++ b/docs/assets/configs/zarf/zarf.yaml
+kind: ZarfPackageConfig
+metadata:
+  name: big-bang
+  description: "Deploy Big Bang Core"
+  version: BIGBANG_VERSION
+  url: https://p1.dso.mil/products/big-bang
+  architecture: amd64
+
+variables:
+  - name: DOMAIN
+    default: "bigbang.dev"
+    prompt: false
+
+components:
+  - name: metallb
+    required: false
+    import:
+      path: metallb
+  - name: bigbang
+    required: true
+    extensions:
+      bigbang:
+        version: BIGBANG_VERSION
+        valuesFiles:
+          - ../../../../chart/ingress-certs.yaml
+          - config/kyverno.yaml
+          - config/custom.yaml
+  - name: gitea-virtual-service
+    description: >
+      Expose the internal Zarf Gitea server through the Big Bang Istio deployment via a virtual service.
+      (only applies if you are using the Zarf-provided Gitea deployment - not an externally configured git host)
+    manifests:
+      - name: gitea
+        namespace: zarf
+        files:
+          - virtualservices/gitea.yaml