diff --git a/CHANGELOG.md b/CHANGELOG.md
index 79352690898e0ece33fd3ada1616064bf9a4123f..270265bd343d34d677f3a22d5af788434dc03f6c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+## [1.17.0]
+
+* [!1.17.0](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.17.0); List of merge requests in this release.
+
## [1.16.2]
* [!919](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/919): Sonarqube version `9.2.6-bb.17-1` version bump to address erroneous duplicate template definitions for tolerations, nodeSelector & affinity
diff --git a/README.md b/README.md
index 5f2d2ba8a000356539b75cd79b1f339c87e1af97..f92e40ad224b15d642d7dec1aef59dd2059ea78f 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# bigbang
- 
+ 
Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
@@ -38,7 +38,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| Key | Type | Default | Description |
|-----|------|---------|-------------|
-| hostname | string | `"bigbang.dev"` | Domain used for BigBang created exposed services, can be overridden by individual packages. |
+| domain | string | `"bigbang.dev"` | Domain used for BigBang created exposed services, can be overridden by individual packages. |
| offline | bool | `false` | (experimental) Toggle sourcing from external repos. All this does right now is toggle GitRepositories, it is _not_ fully functional |
| registryCredentials | object | `{"email":"","password":"","registry":"registry1.dso.mil","username":""}` | Single set of registry credentials used to pull all images deployed by BigBang. |
| openshift | bool | `false` | Multiple sets of registry credentials used to pull all images deployed by BigBang. Credentials will only be created when a valid combination exists, registry, username, and password (email is optional) Or a list of registires: - registry: registry1.dso.mil username: "" password: "" email: "" - registry: registry.dso.mil username: "" password: "" email: "" Openshift Container Platform Feature Toggle |
@@ -48,7 +48,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| git.credentials.username | string | `""` | HTTP git credentials, both username and password must be provided |
| git.credentials.caFile | string | `""` | HTTPS certificate authority file. Required for any repo with a self signed certificate |
| git.credentials.privateKey | string | `""` | SSH git credentials, privateKey, publicKey, and knownHosts must be provided |
-| sso | object | `{"auth_url":"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth","certificate_authority":"","client_id":"","client_secret":"","jwks":"","oidc":{"host":"login.dso.mil","realm":"baby-yoda"},"token_url":"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"}` | Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages. |
+| sso | object | `{"auth_url":"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth","certificate_authority":"","client_id":"","client_secret":"","jwks":"","oidc":{"host":"login.dso.mil","realm":"baby-yoda"},"secretName":"tls-ca-sso","token_url":"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"}` | Global SSO values used for BigBang deployments when sso is enabled, can be overridden by individual packages. |
| sso.oidc.host | string | `"login.dso.mil"` | Domain for keycloak used for configuring SSO |
| sso.oidc.realm | string | `"baby-yoda"` | Keycloak realm containing clients |
| sso.certificate_authority | string | `""` | Keycloak's certificate authority (PEM Format). Entered using chomp modifier (see chart/dev-sso-values.yaml for example). Used by authservice to support SSO for various packages |
@@ -57,6 +57,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| sso.client_secret | string | `""` | OIDC client secret used for packages authenticated through authservice |
| sso.token_url | string | `"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/token"` | OIDC token URL template string (to be used as default) |
| sso.auth_url | string | `"https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/openid-connect/auth"` | OIDC auth URL template string (to be used as default) |
+| sso.secretName | string | `"tls-ca-sso"` | Kubernetes Secret containing the sso.certificate_authority value for SSO enabled application namespaces |
| flux | object | `{"install":{"remediation":{"retries":-1}},"interval":"2m","rollback":{"cleanupOnFail":true,"timeout":"10m"},"test":{"enable":false},"timeout":"10m","upgrade":{"cleanupOnFail":true,"remediation":{"remediateLastFailure":true,"retries":3}}}` | (Advanced) Flux reconciliation parameters. The default values provided will be sufficient for the majority of workloads. |
| networkPolicies | object | `{"controlPlaneCidr":"0.0.0.0/0","enabled":true,"nodeCidr":""}` | Global NetworkPolicies settings |
| networkPolicies.enabled | bool | `true` | Toggle all package NetworkPolicies, can disable specific packages with `package.values.networkPolicies.enabled` |
@@ -65,11 +66,11 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| istio.enabled | bool | `true` | Toggle deployment of Istio. |
| istio.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git"` | |
| istio.git.path | string | `"./chart"` | |
-| istio.git.tag | string | `"1.10.4-bb.0"` | |
+| istio.git.tag | string | `"1.10.4-bb.3"` | |
| istio.ingressGateways.public-ingressgateway.type | string | `"LoadBalancer"` | |
| istio.ingressGateways.public-ingressgateway.kubernetesResourceSpec | object | `{}` | |
| istio.gateways.public.ingressGateway | string | `"public-ingressgateway"` | |
-| istio.gateways.public.hosts[0] | string | `"*.{{ .Values.hostname }}"` | |
+| istio.gateways.public.hosts[0] | string | `"*.{{ .Values.domain }}"` | |
| istio.gateways.public.tls.key | string | `""` | |
| istio.gateways.public.tls.cert | string | `""` | |
| istio.flux | object | `{}` | Flux reconciliation overrides specifically for the Istio Package |
@@ -85,7 +86,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| jaeger.enabled | bool | `true` | Toggle deployment of Jaeger. |
| jaeger.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git"` | |
| jaeger.git.path | string | `"./chart"` | |
-| jaeger.git.tag | string | `"2.23.0-bb.1"` | |
+| jaeger.git.tag | string | `"2.23.0-bb.2"` | |
| jaeger.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Jaeger Package |
| jaeger.ingress.gateway | string | `""` | |
| jaeger.sso.enabled | bool | `false` | Toggle SSO for Jaeger on and off |
@@ -96,7 +97,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| kiali.enabled | bool | `true` | Toggle deployment of Kiali. |
| kiali.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git"` | |
| kiali.git.path | string | `"./chart"` | |
-| kiali.git.tag | string | `"1.39.0-bb.0"` | |
+| kiali.git.tag | string | `"1.39.0-bb.2"` | |
| kiali.flux | object | `{}` | Flux reconciliation overrides specifically for the Kiali Package |
| kiali.ingress.gateway | string | `""` | |
| kiali.sso.enabled | bool | `false` | Toggle SSO for Kiali on and off |
@@ -107,21 +108,21 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| clusterAuditor.enabled | bool | `true` | Toggle deployment of Cluster Auditor. |
| clusterAuditor.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git"` | |
| clusterAuditor.git.path | string | `"./chart"` | |
-| clusterAuditor.git.tag | string | `"0.3.0-bb.6"` | |
+| clusterAuditor.git.tag | string | `"0.3.0-bb.7"` | |
| clusterAuditor.flux | object | `{}` | Flux reconciliation overrides specifically for the Cluster Auditor Package |
| clusterAuditor.values | object | `{}` | Values to passthrough to the cluster auditor chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git |
| clusterAuditor.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| gatekeeper.enabled | bool | `true` | Toggle deployment of OPA Gatekeeper. |
| gatekeeper.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git"` | |
| gatekeeper.git.path | string | `"./chart"` | |
-| gatekeeper.git.tag | string | `"3.5.2-bb.0"` | |
+| gatekeeper.git.tag | string | `"3.5.2-bb.1"` | |
| gatekeeper.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the OPA Gatekeeper Package |
| gatekeeper.values | object | `{}` | Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git |
| gatekeeper.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| logging.enabled | bool | `true` | Toggle deployment of Logging (EFK). |
| logging.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git"` | |
| logging.git.path | string | `"./chart"` | |
-| logging.git.tag | string | `"0.1.20-bb.0"` | |
+| logging.git.tag | string | `"0.1.21-bb.0"` | |
| logging.flux | object | `{"timeout":"20m"}` | Flux reconciliation overrides specifically for the Logging (EFK) Package |
| logging.ingress.gateway | string | `""` | |
| logging.sso.enabled | bool | `false` | Toggle OIDC SSO for Kibana/Elasticsearch on and off. Enabling this option will auto-create any required secrets. |
@@ -140,14 +141,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| fluentbit.enabled | bool | `true` | Toggle deployment of Fluent-Bit. |
| fluentbit.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git"` | |
| fluentbit.git.path | string | `"./chart"` | |
-| fluentbit.git.tag | string | `"0.16.5-bb.0"` | |
+| fluentbit.git.tag | string | `"0.16.6-bb.0"` | |
| fluentbit.flux | object | `{}` | Flux reconciliation overrides specifically for the Fluent-Bit Package |
| fluentbit.values | object | `{}` | Values to passthrough to the fluentbit chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git |
| fluentbit.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| monitoring.enabled | bool | `true` | Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager). |
| monitoring.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git"` | |
| monitoring.git.path | string | `"./chart"` | |
-| monitoring.git.tag | string | `"14.0.0-bb.9"` | |
+| monitoring.git.tag | string | `"14.0.0-bb.10"` | |
| monitoring.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Monitoring Package |
| monitoring.ingress.gateway | string | `""` | |
| monitoring.sso.enabled | bool | `false` | Toggle SSO for monitoring components on and off |
@@ -173,7 +174,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.argocd.enabled | bool | `false` | Toggle deployment of ArgoCD. |
| addons.argocd.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git"` | |
| addons.argocd.git.path | string | `"./chart"` | |
-| addons.argocd.git.tag | string | `"3.6.8-bb.6"` | |
+| addons.argocd.git.tag | string | `"3.6.8-bb.8"` | |
| addons.argocd.flux | object | `{}` | Flux reconciliation overrides specifically for the ArgoCD Package |
| addons.argocd.ingress.gateway | string | `""` | |
| addons.argocd.sso.enabled | bool | `false` | Toggle SSO for ArgoCD on and off |
@@ -186,7 +187,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.authservice.enabled | bool | `false` | Toggle deployment of Authservice. if enabling authservice, a filter needs to be provided by either enabling sso for monitoring or istio, or manually adding a filter chain in the values here: values: chain: minimal: callback_uri: "https://somecallback" |
| addons.authservice.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git"` | |
| addons.authservice.git.path | string | `"./chart"` | |
-| addons.authservice.git.tag | string | `"0.4.0-bb.15"` | |
+| addons.authservice.git.tag | string | `"0.4.0-bb.17"` | |
| addons.authservice.flux | object | `{}` | Flux reconciliation overrides specifically for the Authservice Package |
| addons.authservice.values | object | `{}` | Values to passthrough to the authservice chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git |
| addons.authservice.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
@@ -213,7 +214,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.gitlab.hostnames.registry | string | `"registry"` | |
| addons.gitlab.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git"` | |
| addons.gitlab.git.path | string | `"./chart"` | |
-| addons.gitlab.git.tag | string | `"4.12.9-bb.3"` | |
+| addons.gitlab.git.tag | string | `"4.12.9-bb.6"` | |
| addons.gitlab.flux | object | `{}` | Flux reconciliation overrides specifically for the Gitlab Package |
| addons.gitlab.ingress.gateway | string | `""` | |
| addons.gitlab.sso.enabled | bool | `false` | Toggle OIDC SSO for Gitlab on and off. Enabling this option will auto-create any required secrets. |
@@ -261,12 +262,12 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.sonarqube.enabled | bool | `false` | Toggle deployment of SonarQube. |
| addons.sonarqube.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git"` | |
| addons.sonarqube.git.path | string | `"./chart"` | |
-| addons.sonarqube.git.tag | string | `"9.2.6-bb.17-1"` | |
+| addons.sonarqube.git.tag | string | `"9.6.3-bb.2"` | |
| addons.sonarqube.flux | object | `{}` | Flux reconciliation overrides specifically for the Sonarqube Package |
| addons.sonarqube.ingress.gateway | string | `""` | |
| addons.sonarqube.sso.enabled | bool | `false` | Toggle SAML SSO for SonarQube. Enabling this option will auto-create any required secrets. |
| addons.sonarqube.sso.client_id | string | `""` | SonarQube SAML client ID |
-| addons.sonarqube.sso.label | string | `""` | SonarQube SSO login button label |
+| addons.sonarqube.sso.provider_name | string | `""` | SonarQube SSO login button label |
| addons.sonarqube.sso.certificate | string | `""` | SonarQube plaintext SAML sso certificate. example: MITCAYCBFyIEUjNBkqhkiG9w0BA.... |
| addons.sonarqube.sso.login | string | `"login"` | SonarQube login sso attribute. |
| addons.sonarqube.sso.name | string | `"name"` | SonarQube name sso attribute. |
@@ -290,7 +291,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.anchore.enabled | bool | `false` | Toggle deployment of Anchore. |
| addons.anchore.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git"` | |
| addons.anchore.git.path | string | `"./chart"` | |
-| addons.anchore.git.tag | string | `"1.13.0-bb.7"` | |
+| addons.anchore.git.tag | string | `"1.13.0-bb.10"` | |
| addons.anchore.flux | object | `{"upgrade":{"disableWait":true}}` | Flux reconciliation overrides specifically for the Anchore Package |
| addons.anchore.adminPassword | string | `""` | Initial admin password used to authenticate to Anchore. |
| addons.anchore.enterprise | object | `{"enabled":false,"licenseYaml":"FULL LICENSE\n"}` | Anchore Enterprise functionality. |
@@ -351,7 +352,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.velero.enabled | bool | `false` | Toggle deployment of Velero. |
| addons.velero.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git"` | |
| addons.velero.git.path | string | `"./chart"` | |
-| addons.velero.git.tag | string | `"2.23.5-bb.1"` | |
+| addons.velero.git.tag | string | `"2.23.6-bb.1"` | |
| addons.velero.flux | object | `{}` | Flux reconciliation overrides specifically for the Velero Package |
| addons.velero.plugins | list | `[]` | Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi |
| addons.velero.values | object | `{}` | Values to passthrough to the Velero chart: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/chart/values.yaml |
@@ -359,7 +360,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.keycloak.enabled | bool | `false` | Toggle deployment of Keycloak. if you enable Keycloak you should uncomment the istio passthrough configurations above istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough |
| addons.keycloak.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git"` | |
| addons.keycloak.git.path | string | `"./chart"` | |
-| addons.keycloak.git.tag | string | `"11.0.1-bb.2"` | |
+| addons.keycloak.git.tag | string | `"11.0.1-bb.6"` | |
| addons.keycloak.database.host | string | `""` | Hostname of a pre-existing database to use for Keycloak. Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. |
| addons.keycloak.database.type | string | `"postgres"` | Pre-existing database type (e.g. postgres) to use for Keycloak. |
| addons.keycloak.database.port | int | `5432` | Port of a pre-existing database to use for Keycloak. |
diff --git a/base/gitrepository.yaml b/base/gitrepository.yaml
index 104e7adda3d6e35288f9c0b76324c1629673bfec..c2c36ed55df67a0625fbf8fbcef05cc19ae774ad 100644
--- a/base/gitrepository.yaml
+++ b/base/gitrepository.yaml
@@ -11,4 +11,4 @@ spec:
interval: 10m
url: https://repo1.dso.mil/platform-one/big-bang/bigbang.git
ref:
- tag: 1.16.2
+ tag: 1.17.0
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 0e04166bbd53ab5ee2bec76a2dff6bb7ace9b2b5..344ef777ea0a332746a32df1c2d2c4336d6238a1 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: bigbang
-version: 1.16.2
+version: 1.17.0
description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
type: application