diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dddd908606c540752b8fc7c609fc0e160fc9acaa..cfd815bb2916855fb6bc46d2f583b7a6c53eb920 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,520 +1,4 @@
-# Bigbang CI pipelines defintiions
-# There are 4 different use-cases/pipelines that are supported by this file:
-# 1) Build and test changes made from a Merge Reuqest using a docker-in-docker (DIND) K3D cluster deployment inside the
-# gitlab runner.
-# 2) Build and test a commit to the Master branch (default branch) using a AWS created K3S cluster which is deployed
-# using Terraform
-# 3) Build and test a new release and/or tagged commit using a docker-in-docker (DIND) K3D cluster deployment inside the
-# gitlab runner. Once a successful build and test is completed, package the build and perform a release operation.
-# 4) Periodically at a scheduled time, build and test the master branch using a AWS created K3S cluster which is deployed
-# using Terraform
-
-# global rules for when pipelines run
-workflow:
- rules:
- # run pipeline for manual tag events such as a new release
- - if: $CI_COMMIT_TAG
- # run pipeline on merge request events
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- # run pipeline on commits to default branch
- - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
- # skip pipeline for branches that start with "docs"
- - if: '$CI_COMMIT_REF_NAME =~ /^doc*/i'
- when: never
- # Enabled CI pipeline testing it commit message contains "test-ci"
- - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_MESSAGE =~ /.*test-ci.*/i
-
-# Include templates and cluster creation jobs
include:
- - local: '/.gitlab-ci/templates.yml'
-
-# Pipeline stages
-# - Smoke tests are executed for all pipelines except scheduled nightly runs.
-# -
-stages:
- - 🔥 smoke tests
- - 🔌 network up
- - âš“ cluster up
- - 🌌 bigbang up
- - 🤞 test
- - 💣 bigbang down
- - 💣 cluster down
- - 💣 network down
- - 📦 package
- - 🚀 release
-
-variables:
- RELEASE_BUCKET: umbrella-bigbang-releases
- IMAGE_LIST: images.txt
- IMAGE_PKG: images.tar.gz
- REPOS_PKG: repositories.tar.gz
- VALUES_FILE: chart/values.yaml
- CI_VALUES_FILE: tests/ci/k3d/values.yaml
- REGISTRY1_USER: $REGISTRY1_USER
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Pre Stage Jobs. This execute before any job is run.
-#
-
-pre vars:
- image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
- stage: .pre
- extends:
- - .bigbang-gitlab-runner-tags
- artifacts:
- reports:
- dotenv: variables.env
- script:
- # Create the TF_VAR_env variable
- - echo "TF_VAR_env=$(echo $CI_COMMIT_REF_SLUG | cut -c 1-7)-$(echo $CI_COMMIT_SHA | cut -c 1-7)" >> variables.env
- - cat variables.env
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-
-#-----------------------------------------------------------------------------------------------------------------------
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Smoke Tests
-#
-
-.chart_changes: &chart_changes
- changes:
- - chart/**/*
- - .gitlab-ci.yml
- - .gitlab-ci/jobs/**/*
- - scripts/**/*
- - tests/**/*
- - base/flux/*
-
-.deploy_bigbang: &deploy_bigbang
- - |
- set -e
- for deploy_script in $(find ./tests/deploy -type f -name '*.sh' | sort); do
- chmod +x ${deploy_script}
- echo -e "\e[0Ksection_start:`date +%s`:${deploy_script##*/}[collapsed=true]\r\e[0K\e[33;1m${deploy_script##*/}\e[37m"
- ./${deploy_script}
- echo -e "\e[0Ksection_end:`date +%s`:${deploy_script##*/}\r\e[0K"
- done
-
-.test_bigbang: &test_bigbang
- - |
- set -e
- for test_script in $(find ./tests/tests -type f -name '*.sh' | sort); do
- echo -e "\e[0Ksection_start:`date +%s`:${test_script##*/}[collapsed=true]\r\e[0K\e[33;1m${test_script##*/}\e[37m"
- chmod +x ${test_script}
- echo "Executing ${test_script}..."
- ./${test_script} && export EXIT_CODE=$? || export EXIT_CODE=$?
- if [[ ${EXIT_CODE} -ne 0 ]]; then
- if [[ ${EXIT_CODE} -ne 123 ]]; then
- echo -e "\e[31m⌠${test_script} failed, see log output above and cluster debug.\e[0m"
- exit ${EXIT_CODE}
- fi
- # 123 error codes are allowed to continue
- echo -e "\e[31mâš ï¸ ${test_script} failed but was allowed to continue, see log output above and cluster debug.\e[0m"
- EXIT_FLAG=1
- fi
- echo -e "\e[0Ksection_end:`date +%s`:${test_script##*/}\r\e[0K"
- done
- if [[ -n "$EXIT_FLAG" ]]; then
- echo -e "\e[31mâš ï¸ WARNING: One or more BB tests failed but were allowed to continue. See output of scripts above for details.\e[0m"
- fi
-clean install:
- stage: 🔥 smoke tests
- extends:
- - .k3d-ci
- variables:
- CLUSTER_NAME: "clean-${CI_COMMIT_SHORT_SHA}"
- rules:
- # Always run a clean installation test unless we are deploying the AWS cluster installation during a scheduled test (nightly master test)
- - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
- when: never
- - *chart_changes
- script:
- - *deploy_bigbang
- # Fetch list of all images ran (retry crictl up to 6x)
- - echo -e "\e[0Ksection_start:`date +%s`:images_used[collapsed=true]\r\e[0K\e[33;1mImages Used\e[37m"
- - cid=$(docker ps -aqf "name=k3d-${CI_JOB_ID}-server-0")
- - images=$(timeout 65 bash -c "until docker exec $cid crictl images -o json; do sleep 10; done;")
- - echo $images | jq -r '.images[].repoTags[0] | select(. != null)' | tee images.txt
- - echo -e "\e[0Ksection_end:`date +%s`:images_used\r\e[0K"
- - *test_bigbang
- - |
- if [[ $EXIT_FLAG -eq 1 ]]; then
- exit 123
- fi
- artifacts:
- paths:
- - images.txt
- - "test-artifacts/"
- expire_in: 3 days
- when: always
- allow_failure:
- exit_codes: 123
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-upgrade:
- stage: 🔥 smoke tests
- dependencies:
- - pre vars
- extends:
- - .k3d-ci
- rules:
- # skip job for nightly master and "test-ci::infra" labeled pipelines
- - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
- when: never
- # skip job when MR title starts with 'SKIP UPGRADE'
- - if: '$CI_MERGE_REQUEST_TITLE =~ /SKIP UPGRADE/'
- when: never
- # run pipeline on merge request events
- - if: $CI_PIPELINE_SOURCE == "merge_request_event"
- <<: *chart_changes
- variables:
- CLUSTER_NAME: "upgrade-${CI_COMMIT_SHORT_SHA}"
- script:
- - echo "🌌 Install Big Bang from ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}"
- - echo -e "\e[0Ksection_start:`date +%s`:git_master[collapsed=true]\r\e[0K\e[33;1mGit Fetch Master\e[37m"
- - git fetch && git checkout ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}
- - echo -e "\e[0Ksection_end:`date +%s`:git_master\r\e[0K"
- - *deploy_bigbang
- - *test_bigbang
- - echo "🌌 Upgrade Big Bang from ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}"
- - echo -e "\e[0Ksection_start:`date +%s`:git_upgrade[collapsed=true]\r\e[0K\e[33;1mGit Upgrade\e[37m"
- - git reset --hard && git clean -fd
- - git checkout ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
- - echo -e "\e[0Ksection_end:`date +%s`:git_upgrade\r\e[0K"
- - *deploy_bigbang
- - *test_bigbang
- - |
- if [[ $EXIT_FLAG -eq 1 ]]; then
- exit 123
- fi
- artifacts:
- paths:
- - "test-artifacts/"
- expire_in: 3 days
- when: always
- allow_failure:
- exit_codes: 123
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Rules for execution of AWS based K3S cluster deployment: Infrastructure jobs
-#
-
-# Abstract for job manually triggering infrastructure builds
-.infra fork:
- stage: 🔌 network up
- rules:
- # Run on scheduled jobs OR when `test-ci` label is assigned
- - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
- allow_failure: false
-
-# Abstract for jobs responsible for creating infrastructure
-.infra create:
- rules:
- # Run on scheduled jobs OR when `test-ci` label is assigned
- - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
- # skip job when branch name starts with "hotfix" or "patch"
- - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
- when: never
-
-# Abstract for jobs responsible for cleaning up infrastructure OR when `test-ci` label is assigned
-.infra cleanup:
- rules:
- # Run on scheduled jobs
- - if: '($CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master") || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::infra(,|$)/'
- allow_failure: true
- when: always
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Infrastructure: Networking
-#
-
-aws/network up:
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra fork
- - .network up
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- auto_stop_in: 1 hour
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-aws/network down:
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra cleanup
- - .network down
- stage: 💣 network down
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- action: stop
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-#-----------------------------------------------------------------------------------------------------------------------
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Infrastructure: RKE2
-#
-
-# Create RKE2 cluster on AWS
-aws/rke2/cluster up:
- stage: âš“ cluster up
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra create
- - .rke2 up
- needs:
- - job: aws/network up
- - job: pre vars
- artifacts: true
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-# Install BigBang on RKE2 cluster on AWS
-aws/rke2/bigbang up:
- stage: 🌌 bigbang up
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra create
- - .kubectl-output
- needs:
- - job: aws/rke2/cluster up
- artifacts: true
- before_script:
- - mkdir -p ~/.kube
- - cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
- # Deploy a default storage class for aws
- - kubectl apply -f ${CI_PROJECT_DIR}/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
- script:
- - *deploy_bigbang
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-# Run tests on BigBang on RKE2 cluster on AWS
-aws/rke2/bigbang test:
- stage: 🤞 test
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra create
- - .kubectl-output
- needs:
- - job: aws/rke2/cluster up
- artifacts: true
- - job: aws/rke2/bigbang up
- before_script:
- - mkdir -p ~/.kube
- - cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
- script:
- ## Move this yum install to the dockerfile for the builder
- ## putting it here now for a quick way to install dig
- - echo -e "\e[0Ksection_start:`date +%s`:host_setup[collapsed=true]\r\e[0K\e[33;1mHost Setup\e[37m"
- - yum install bind-utils -y
- - echo -e "\e[0Ksection_end:`date +%s`:host_setup\r\e[0K"
- - *test_bigbang
- - |
- if [[ $EXIT_FLAG -eq 1 ]]; then
- exit 123
- fi
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- allow_failure:
- exit_codes: 123
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
- artifacts:
- paths:
- - "test-artifacts/"
- expire_in: 3 days
- when: always
-
-# Uninstall BigBang on RKE2 cluster on AWS
-aws/rke2/bigbang down:
- stage: 💣 bigbang down
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra cleanup
- - .kubectl-output
- needs:
- - job: aws/rke2/cluster up
- artifacts: true
- - job: aws/rke2/bigbang test
- before_script:
- - mkdir -p ~/.kube
- - cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
- script:
- - helm un -n bigbang bigbang
- # TODO: Smarter wait
- - sleep 180
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-# Destroy RKE2 cluster on AWS
-aws/rke2/cluster down:
- stage: 💣 cluster down
- extends:
- - .bigbang-gitlab-runner-tags
- - .infra cleanup
- - .rke2 down
- needs:
- - job: aws/rke2/bigbang down
- - job: pre vars
- artifacts: true
- environment:
- name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-#-----------------------------------------------------------------------------------------------------------------------
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Release Jobs
-#
-
-package:
- stage: 📦 package
- image: registry.dso.mil/platform-one/big-bang/bigbang/synker:0.0.3
- extends:
- - .bigbang-gitlab-runner-tags
- rules:
- # run job for manual tag events or test-ci::release MRs
- - if: '$CI_COMMIT_TAG || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::release(,|$)/'
- before_script:
- # Set up auth
- - mkdir -p /root/.docker
- - |
- jq -n '{"auths": {"registry.dso.mil": {"auth": $bb_registry_auth}, "registry1.dso.mil": {"auth": $registry1_auth}, "registry.il2.dso.mil": {"auth": $il2_registry_auth}, "docker.io": {"auth": $bb_docker_auth} } }' \
- --arg bb_registry_auth ${BB_REGISTRY_AUTH} \
- --arg registry1_auth ${REGISTRY1_AUTH} \
- --arg il2_registry_auth ${IL2_REGISTRY_AUTH} \
- --arg bb_docker_auth ${DOCKER_AUTH} > /root/.docker/config.json
- script:
- - echo -e "\e[0Ksection_start:`date +%s`:synker_pull[collapsed=true]\r\e[0K\e[33;1mSynker Pull\e[37m"
- - cp ./scripts/package/synker.yaml ./synker.yaml
- # Populate images list in synker config
- - |
- for image in $(cat images.txt); do
- yq -i e "(.source.images |= . + \"${image}\")" "./synker.yaml"
- done
- - synker pull -b=1
- - echo -e "\e[0Ksection_end:`date +%s`:synker_pull\r\e[0K"
- # Create image list from synker, overwrite since ./synker.yaml contains everything at this point
- - yq e '.source.images | .[] | ... comments=""' "./synker.yaml" > images.txt
- # Tar up synker as well?
- - cp /usr/local/bin/synker synker.yaml /var/lib/registry/
- # Grab the registry image
- - crane pull registry:2 registry.tar
- - mv registry.tar /var/lib/registry/
- - echo -e "\e[0Ksection_start:`date +%s`:package_synker[collapsed=true]\r\e[0K\e[33;1mPackage Images\e[37m"
- - tar -czvf $IMAGE_PKG /var/lib/registry
- - echo -e "\e[0Ksection_end:`date +%s`:package_synker\r\e[0K"
- # Package dependent repos
- - echo -e "\e[0Ksection_start:`date +%s`:package_repos[collapsed=true]\r\e[0K\e[33;1mPackage Repos\e[37m"
- - ./scripts/package/gits.sh
- - tar -czf $REPOS_PKG repos/
- - echo -e "\e[0Ksection_end:`date +%s`:package_repos\r\e[0K"
- # Prep release
- - mkdir -p release
- - mv $IMAGE_LIST $IMAGE_PKG $REPOS_PKG release/
- # Publish packages to s3 release
- - |
- if [ -z $CI_COMMIT_TAG ]; then
- aws s3 sync --quiet release/ s3://umbrella-bigbang-releases/tests/${CI_COMMIT_SHA}
- else
- aws s3 sync --quiet release/ s3://umbrella-bigbang-releases/umbrella/${CI_COMMIT_TAG}
- fi
- after_script: []
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-release:
- stage: 🚀 release
- image: registry.gitlab.com/gitlab-org/release-cli:latest
- extends:
- - .bigbang-gitlab-runner-tags
- rules:
- # run job for manual tag events or test-ci::release MRs
- - if: '$CI_COMMIT_TAG || $CI_MERGE_REQUEST_LABELS =~ /(^|,)test-ci::release(,|$)/'
- variables:
- RELEASE_ENDPOINT: https://${RELEASE_BUCKET}.s3-${AWS_DEFAULT_REGION}.amazonaws.com/umbrella/${CI_COMMIT_TAG}
- script:
- # Use release-cli to cut a release in Gitlab or simulate a dry-run & print asset links
- - |
- if [ -z $CI_COMMIT_TAG ]; then
- RELEASE_ENDPOINT="https://${RELEASE_BUCKET}.s3-${AWS_DEFAULT_REGION}.amazonaws.com/tests/${CI_COMMIT_SHA}"
- printf "Release will run: \n\
- release-cli create --name \"Big Bang \${CI_COMMIT_TAG}\" --tag-name \${CI_COMMIT_TAG} \n\
- --description \"Automated release notes are a WIP.\" \n\
- --assets-link \"{\"name\":\"${IMAGE_LIST}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_LIST}\"}\" \n\
- --assets-link \"{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}\" \n\
- --assets-link \"{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}\"\n"
- else
- release-cli create --name "Big Bang ${CI_COMMIT_TAG}" --tag-name ${CI_COMMIT_TAG} \
- --description "Automated release notes are a WIP." \
- --assets-link "{\"name\":\"${IMAGE_LIST}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_LIST}\"}" \
- --assets-link "{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}" \
- --assets-link "{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}"
- fi
- retry:
- max: 2
- when:
- - unknown_failure
- - stuck_or_timeout_failure
- - runner_system_failure
-
-#-----------------------------------------------------------------------------------------------------------------------
+ - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates'
+ ref: master
+ file: '/pipelines/bigbang.yaml'
\ No newline at end of file
diff --git a/.gitlab-ci/README.md.gotmpl b/.gitlab-ci/README.md.gotmpl
deleted file mode 100644
index ed39cb360738d992a09e17515ee423a780f0eda7..0000000000000000000000000000000000000000
--- a/.gitlab-ci/README.md.gotmpl
+++ /dev/null
@@ -1,34 +0,0 @@
-{{ template "chart.header" . }}
-{{ template "chart.deprecationWarning" . }}
-
-{{ template "chart.badgesSection" . }}
-
-{{ template "chart.description" . }}
-
-{{ template "chart.homepageLine" . }}
-
-> _This is a mirror of a government repo hosted on [Repo1](https://repo1.dso.mil/) by [DoD Platform One](http://p1.dso.mil/). Please direct all code changes, issues and comments to https://repo1.dso.mil/platform-one/big-bang/bigbang_
-
-Big Bang follows a [GitOps](#gitops) approach to configuration management, using [Flux v2](#flux-v2) to reconcile Git with the cluster. Environments (e.g. dev, prod) and packages (e.g. istio) can be fully configured to suit the deployment needs.
-
-## Usage
-
-Big Bang is intended to be used for deploying and maintaining a DoD hardened and approved set of packages into a Kubernetes cluster. Deployment and configuration of ingress/egress, load balancing, policy auditing, logging, monitoring, etc. are handled via Big Bang. Additional packages (e.g. ArgoCD, GitLab) can also be enabled and customized to extend Big Bang's baseline. Once deployed, the customer can use the Kubernetes cluster to add mission specific applications.
-
-Additional information can be found in [Big Bang Overview](./docs/1_overview.md).
-
-## Getting Started
-
-To start using Big Bang, you will need to create your own Big Bang environment tailored to your needs. The [Big Bang customer template](https://repo1.dso.mil/platform-one/big-bang/customers/template/) is provided for you to copy into your own Git repository and begin modifications. Follow the instructions in [Big Bang Getting Started](./docs/2_getting_started.md) to customize and deploy Big Bang.
-
-{{ template "chart.maintainersSection" . }}
-
-{{ template "chart.sourcesSection" . }}
-
-{{ template "chart.requirementsSection" . }}
-
-{{ template "chart.valuesSection" . }}
-
-## Contributing
-
-Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing to Big Bang.
diff --git a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml b/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
deleted file mode 100644
index ec68aa2b4195446382b118d09cd958c0deead21c..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-.k8s-util:
- image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/k8s-ci:v1.20.4-bb.3
-
-.dind-runner:
- tags:
- - bigbang
- - umbrella
- - privileged
- - dogfood
-
-# In cluster k3s using K3D with the docker daemon as a sidecar
-#
-# This will connect to a remote docker daemon over tls tcp (defined at installation of gitlab runners) and create
-# a k3d cluster in a custom built docker bridge network.
-#
-.k3d-ci:
- extends:
- - .k8s-util
- - .dind-runner
- # services:
- # # Added in through gitlab ci configuration, left in incase some poor soul needs to come debug this later
- # - name: docker:20.10.5-dind
- variables:
- DOCKER_HOST: tcp://localhost:2376
- DOCKER_TLS_CERTDIR: "/certs"
- DOCKER_TLS_VERIFY: 1
- DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
- DOCKER_DRIVER: overlay2
- before_script:
- - echo -e "\e[0Ksection_start:`date +%s`:k3d_up[collapsed=true]\r\e[0K\e[33;1mK3D Cluster Create\e[37m"
- # Give docker-in-docker time to come alive
- - i=0; while [ "$i" -lt 12 ]; do docker info &>/dev/null && break; sleep 5; i=$(( i + 1 )) ; done
- - docker network create ${CI_JOB_ID} --driver=bridge -o "com.docker.network.driver.mtu"="1450" --subnet=172.20.0.0/16
- - chmod +x tests/ci/k3d/deploy_k3d.sh; echo "Executing tests/ci/k3d/deploy_k3d.sh..."; ./tests/ci/k3d/deploy_k3d.sh
- - until kubectl get deployment coredns -n kube-system -o go-template='{{.status.availableReplicas}}' | grep -v -e '<no value>'; do sleep 1s; done
- - chmod +x tests/ci/k3d/metallb/install_metallb.sh; echo "Executing tests/ci/k3d/metallb/install_metallb.sh..."; ./tests/ci/k3d/metallb/install_metallb.sh
- - kubectl get all -A
- - echo -e "\e[0Ksection_end:`date +%s`:k3d_up\r\e[0K"
- after_script:
- - echo -e "\e[0Ksection_start:`date +%s`:k3d_down[collapsed=true]\r\e[0K\e[33;1mK3D Cluster Delete\e[37m"
- - kubectl get all -A
- - echo -e "\e[0Ksection_start:`date +%s`:show_event_log[collapsed=true]\r\e[0K\e[33;1mCluster event log:\e[37m"
- - kubectl get events -A
- - echo -e "\e[0Ksection_end:`date +%s`:show_event_log\r\e[0K"
- - kubectl get gitrepository,helmrelease,kustomizations -A
- - k3d cluster delete ${CI_JOB_ID}
- - docker network rm ${CI_JOB_ID}
- - echo -e "\e[0Ksection_end:`date +%s`:k3d_down\r\e[0K"
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml b/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml
deleted file mode 100644
index 2f28876a310f82c2e042615f0651a89962877a52..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml
+++ /dev/null
@@ -1,57 +0,0 @@
-.calc_unique_cidr: &calc_unique_cidr
- - apk add python3 py3-boto3
- - echo "Calculating unique cidr range for vpc"
- - TF_VAR_vpc_cidr=$(terraform output vpc_cidr | tr -d '\n' | tr -d '\r' | grep 10) || TF_VAR_vpc_cidr=$(python3 ../../../get-vpc.py | tr -d '\n' | tr -d '\r')
- - echo "Using VPC CIDR $TF_VAR_vpc_cidr for $CLUSTER_NAME cluster"
- - export TF_VAR_vpc_cidr=$TF_VAR_vpc_cidr
-
-.network:
- extends: .terraformer
- variables:
- TF_ROOT: ".gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci"
-
-.network up:
- extends: .network
- script:
- - echo -e "\e[0Ksection_start:`date +%s`:network_up[collapsed=true]\r\e[0K\e[33;1mNetwork Up\e[37m"
- - *calc_unique_cidr
- - echo "Creating network with cidr range ${TF_VAR_vpc_cidr}"
- # Loop to retry network up terraform apply due to issues locking terraform.state in s3
- - |
- set -e
- attempt_counter=0
- max_attempts=2
- until [ $(terraform apply -auto-approve >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} == ${max_attempts} ];then
- echo "Error applying network up terraform"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- echo "Attempt failed to apply will retry in 30 seconds"
- sleep 30
- done
- - echo -e "\e[0Ksection_end:`date +%s`:network_up\r\e[0K"
-
-.network down:
- extends:
- - .network
- - .terraform destroy workspace
- script:
- - echo -e "\e[0Ksection_start:`date +%s`:network_down[collapsed=true]\r\e[0K\e[33;1mNetwork Down\e[37m"
- - *calc_unique_cidr
- - echo "Destroying network"
- # Loop to retry network terraform destory
- - |
- set -e
- attempt_counter=0
- max_attempts=2
- until [ $(terraform destroy -auto-approve >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} == ${max_attempts} ];then
- echo "Error destroying network terraform"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- echo "Attempt failed to destroy will retry in 30 seconds"
- sleep 30
- done
- - echo -e "\e[0Ksection_end:`date +%s`:network_down\r\e[0K"
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile b/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile
deleted file mode 100644
index abe1b0b8bbc306db3882e51f70ff29af06e3e853..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile
+++ /dev/null
@@ -1,12 +0,0 @@
-[[source]]
-name = "pypi"
-url = "https://pypi.org/simple"
-verify_ssl = true
-
-[dev-packages]
-
-[packages]
-boto3 = "*"
-
-[requires]
-python_version = "3.8"
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile.lock b/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile.lock
deleted file mode 100644
index 6c105c2ea73148471c96ad9baf4daa8187a8d34b..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/Pipfile.lock
+++ /dev/null
@@ -1,75 +0,0 @@
-{
- "_meta": {
- "hash": {
- "sha256": "0ba145c19353da73840755ed85984b6653241c800c6ad2c772805a6089dfb424"
- },
- "pipfile-spec": 6,
- "requires": {
- "python_version": "3.8"
- },
- "sources": [
- {
- "name": "pypi",
- "url": "https://pypi.org/simple",
- "verify_ssl": true
- }
- ]
- },
- "default": {
- "boto3": {
- "hashes": [
- "sha256:b091cf6581dc137f100789240d628a105c989cf8f559b863fd15e18c1a29b714",
- "sha256:bd4c26d304abba8d96817bb83917bb2e19123f5ce1a5dd26255f866daeff61c7"
- ],
- "index": "pypi",
- "version": "==1.16.17"
- },
- "botocore": {
- "hashes": [
- "sha256:33f650b2d63cc1f2d5239947c9ecdadfd8ceeb4ab8bdefa0a711ac175a43bf44",
- "sha256:81184afc24d19d730c1ded84513fbfc9e88409c329de5df1151bb45ac30dfce4"
- ],
- "version": "==1.19.17"
- },
- "jmespath": {
- "hashes": [
- "sha256:b85d0567b8666149a93172712e68920734333c0ce7e89b78b3e987f71e5ed4f9",
- "sha256:cdf6525904cc597730141d61b36f2e4b8ecc257c420fa2f4549bac2c2d0cb72f"
- ],
- "markers": "python_version >= '2.6' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==0.10.0"
- },
- "python-dateutil": {
- "hashes": [
- "sha256:73ebfe9dbf22e832286dafa60473e4cd239f8592f699aa5adaf10050e6e1823c",
- "sha256:75bb3f31ea686f1197762692a9ee6a7550b59fc6ca3a1f4b5d7e32fb98e2da2a"
- ],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==2.8.1"
- },
- "s3transfer": {
- "hashes": [
- "sha256:2482b4259524933a022d59da830f51bd746db62f047d6eb213f2f8855dcb8a13",
- "sha256:921a37e2aefc64145e7b73d50c71bb4f26f46e4c9f414dc648c6245ff92cf7db"
- ],
- "version": "==0.3.3"
- },
- "six": {
- "hashes": [
- "sha256:30639c035cdb23534cd4aa2dd52c3bf48f06e5f4a941509c8bafd8ce11080259",
- "sha256:8b74bedcbbbaca38ff6d7491d76f2b06b3592611af620f8426e82dddb04a5ced"
- ],
- "markers": "python_version >= '2.7' and python_version not in '3.0, 3.1, 3.2, 3.3'",
- "version": "==1.15.0"
- },
- "urllib3": {
- "hashes": [
- "sha256:19188f96923873c92ccb987120ec4acaa12f0461fa9ce5d3d0772bc965a39e08",
- "sha256:d8ff90d979214d7b4f8ce956e80f4028fc6860e4431f731ea4a8c08f23f99473"
- ],
- "markers": "python_version != '3.4'",
- "version": "==1.26.2"
- }
- },
- "develop": {}
-}
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/get-vpc.py b/.gitlab-ci/jobs/networking/aws/dependencies/get-vpc.py
deleted file mode 100755
index 995d570d6d841be3cea6270bbcc49a52bb6660ed..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/get-vpc.py
+++ /dev/null
@@ -1,37 +0,0 @@
-import boto3
-import operator
-import ipaddress
-initial_cidr = "10.10.0.0/16"
-client = boto3.client('ec2', region_name='us-gov-west-1')
-res = client.describe_vpcs(Filters=[{}])
-vpcIds = list(map(operator.itemgetter("CidrBlock"), res["Vpcs"]))
-vpcIds.sort()
-unique_cidr = False
-while not unique_cidr:
- found_cidr_overlap = False
- for cidr in vpcIds:
- aws_cidr = ipaddress.IPv4Network(cidr)
- try:
- proposed_cidr = ipaddress.IPv4Network(initial_cidr)
- except:
- logger.error("Couldn't convert cidr of " + str(initial_cidr))
- sys.exit(2)
-
- if aws_cidr.overlaps(proposed_cidr):
- found_cidr_overlap = True
- break
- allowed_private_cidr = ipaddress.IPv4Network("10.0.0.0/8")
- if not found_cidr_overlap:
- if allowed_private_cidr.overlaps(proposed_cidr):
- unique_cidr = True
- final_vpc = initial_cidr
- else:
- logger.error("Proposed cidr not in private ip space: " + str(initial_cidr))
- sys.exit(2)
- else:
- try:
- initial_cidr = str(ipaddress.ip_address(initial_cidr.split("/")[0]) + 65536) + "/16"
- except:
- logger.error("Couldn't update cidr of " + str(initial_cidr))
- sys.exit(2)
-print(final_vpc)
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/ci.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/ci.tf
deleted file mode 100644
index 3b8ab4d9ba64d3db34387c68fb233e4472d805d1..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/ci.tf
+++ /dev/null
@@ -1,21 +0,0 @@
-terraform {
- backend "s3" {
- bucket = "umbrella-tf-states"
- key = "terraform.tfstate"
- region = "us-gov-west-1"
- dynamodb_table = "umbrella-tf-states-lock"
- workspace_key_prefix = "aws-networking"
- }
-}
-
-module "ci" {
- source = "../../main"
-
- # Set by CI - "TF_VAR_env=$(echo $CI_COMMIT_REF_SLUG | cut -c 1-7)-$(echo $CI_COMMIT_SHA | cut -c 1-7)"
- env = var.env
- # Set by CI - "TF_VAR_ci_pipeline_url=$ci_pipeline_url"
- ci_pipeline_url = var.ci_pipeline_url
-
- # Calculated in CI
- vpc_cidr = var.vpc_cidr
-}
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/outputs.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/outputs.tf
deleted file mode 100644
index ae2f9895de88b0a19ccb7908927237ca3f757c12..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "vpc_id" {
- value = module.ci.vpc_id
-}
-
-output "public_subnets" {
- value = module.ci.public_subnet_ids
-}
-
-output "private_subnets" {
- value = module.ci.private_subnet_ids
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/variables.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/variables.tf
deleted file mode 100644
index 429085660957d648fe465011bc5c930e8edef823..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/ci/variables.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-variable "vpc_cidr" {}
-variable "env" {}
-variable "ci_pipeline_url" {}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/dev.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/dev.tf
deleted file mode 100644
index 938f4d280e34886c3d501ba2b6d014fe24f3f35e..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/dev.tf
+++ /dev/null
@@ -1,5 +0,0 @@
-module "dev" {
- source = "../../main"
- env = "dev"
- vpc_cidr = "10.255.0.0/16"
-}
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/outputs.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/outputs.tf
deleted file mode 100644
index 808207547dabb5212db46d508ba6151eb5f948ee..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "vpc_id" {
- value = module.dev.vpc_id
-}
-
-output "public_subnets" {
- value = module.dev.public_subnet_ids
-}
-
-output "private_subnets" {
- value = module.dev.private_subnet_ids
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/main.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/main.tf
deleted file mode 100644
index 59350f01bfef3b1d60f8fd0ec2b9664bcbe618ca..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/main.tf
+++ /dev/null
@@ -1,145 +0,0 @@
-## TODO: Revisit the terraform gitlab http backend
-# terraform {
-# backend "http" {}
-# }
-
-provider "aws" {
- region = var.aws_region
-}
-
-
-locals {
- public_subnet_cidrs = [
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 0),
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 1),
- ]
-
- private_subnet_cidrs = [
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 2),
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 3),
- ]
-
- intra_subnet_cidrs = [
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 4),
- cidrsubnet(var.vpc_cidr, ceil(log(6, 2)), 5),
- ]
-
- name = "umbrella-${var.env}"
-
- tags = {
- "terraform" = "true",
- "env" = var.env,
- "project" = "umbrella",
- "ci_pipeline_url" = var.ci_pipeline_url
- }
-}
-
-#
-# Network
-#
-module "vpc" {
- source = "terraform-aws-modules/vpc/aws"
- version = "2.78.0"
-
- name = local.name
- cidr = var.vpc_cidr
-
- azs = ["${var.aws_region}a", "${var.aws_region}b", "${var.aws_region}c"]
- public_subnets = local.public_subnet_cidrs
- private_subnets = local.private_subnet_cidrs
- intra_subnets = local.intra_subnet_cidrs
-
- enable_nat_gateway = true
- single_nat_gateway = true
- enable_dns_hostnames = true
- enable_dns_support = true
-
- # Use AWS VPC private endpoints to mirror functionality on airgapped (T)C2S environments
- # S3: for some vendors cluster bootstrapping/artifact storage
- # STS: for caller identity checks
- # EC2: for cloud manager type requests (such as auto ebs provisioning)
- # ASG: for cluster autoscaler
- # ELB: for auto elb provisioning
- enable_s3_endpoint = true
- enable_sts_endpoint = true
- enable_ec2_endpoint = true
- enable_ec2_autoscaling_endpoint = true
- enable_elasticloadbalancing_endpoint = true
-
- ec2_endpoint_security_group_ids = [aws_security_group.endpoints.id]
- ec2_endpoint_subnet_ids = module.vpc.intra_subnets
- ec2_endpoint_private_dns_enabled = true
-
- ec2_autoscaling_endpoint_security_group_ids = [aws_security_group.endpoints.id]
- ec2_autoscaling_endpoint_subnet_ids = module.vpc.intra_subnets
- ec2_autoscaling_endpoint_private_dns_enabled = true
-
- elasticloadbalancing_endpoint_security_group_ids = [aws_security_group.endpoints.id]
- elasticloadbalancing_endpoint_subnet_ids = module.vpc.intra_subnets
- elasticloadbalancing_endpoint_private_dns_enabled = true
-
- sts_endpoint_security_group_ids = [aws_security_group.endpoints.id]
- sts_endpoint_subnet_ids = module.vpc.intra_subnets
- sts_endpoint_private_dns_enabled = true
-
- # Prevent creation of EIPs for NAT gateways
- reuse_nat_ips = false
-
- # Add in required tags for proper AWS CCM integration
- public_subnet_tags = merge({
- "kubernetes.io/cluster/${local.name}" = "shared"
- "kubernetes.io/role/elb" = "1"
- }, local.tags)
-
- private_subnet_tags = merge({
- "kubernetes.io/cluster/${local.name}" = "shared"
- "kubernetes.io/role/internal-elb" = "1"
- }, local.tags)
-
- intra_subnet_tags = merge({
- "kubernetes.io/cluster/${local.name}" = "shared"
- }, local.tags)
-
- tags = merge({
- "kubernetes.io/cluster/${local.name}" = "shared"
- }, local.tags)
-}
-
-# Shared Private Endpoint Security Group
-resource "aws_security_group" "endpoints" {
- name = "${local.name}-endpoint"
- description = "${local.name} endpoint"
- vpc_id = module.vpc.vpc_id
-
- ingress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-
- egress {
- from_port = 0
- to_port = 0
- protocol = "-1"
- cidr_blocks = ["0.0.0.0/0"]
- }
-}
-
-#
-# TGW Attachments
-# Attaches the management vpc (the hub) to the created vpc (the spokes).
-#
-module "spoke" {
- source = "git::https://repo1.dso.mil/platform-one/big-bang/terraform-modules/spoke-tgw-attachments.git"
-
- name = local.name
- hub_vpc_id = var.hub_vpc_id
- hub_tgw = var.hub_tgw
- hub_tgw_rt = var.hub_tgw_rt
- hub_tgwa = var.hub_tgwa
-
- spoke_vpc_id = module.vpc.vpc_id
- spoke_subnets = module.vpc.private_subnets
- spoke_rt_ids = module.vpc.private_route_table_ids
-}
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/outputs.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/outputs.tf
deleted file mode 100644
index 89359c18b0d70f59763d3ba9d7436a4a8b9e6f51..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/outputs.tf
+++ /dev/null
@@ -1,11 +0,0 @@
-output "vpc_id" {
- value = module.vpc.vpc_id
-}
-
-output "private_subnet_ids" {
- value = module.vpc.private_subnets
-}
-
-output "public_subnet_ids" {
- value = module.vpc.public_subnets
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/variables.tf b/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/variables.tf
deleted file mode 100644
index adef9bc204a5f2fdecbf024f7a72c9b9aa7ead56..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/networking/aws/dependencies/terraform/main/variables.tf
+++ /dev/null
@@ -1,37 +0,0 @@
-variable "env" {}
-
-variable "vpc_cidr" {
- description = "The CIDR block for the VPC. Default value is a valid CIDR"
- type = string
-}
-
-variable "aws_region" {
- type = string
- default = "us-gov-west-1"
-}
-
-#
-# Spoke variables
-# We can hardcode these for now... they haven't changed in 8 months
-#
-variable "hub_vpc_id" {
- default = "vpc-5f627a3b"
-}
-
-variable "hub_tgw" {
- default = "tgw-0c324b57d019790f4"
-}
-
-variable "hub_tgwa" {
- default = "tgw-attach-0dce16098dd33fd2c"
-}
-
-variable "hub_tgw_rt" {
- default = "tgw-rtb-04b66987e7d96a3d4"
-}
-
-variable "ci_pipeline_url" {
- type = string
- default = "none"
- description = "URL to the pipeline that created this resource"
-}
diff --git a/.gitlab-ci/jobs/rke2/.gitlab-ci.yml b/.gitlab-ci/jobs/rke2/.gitlab-ci.yml
deleted file mode 100644
index ad348902b5b7da3c2da14c0f7d91232a113f6e11..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/.gitlab-ci.yml
+++ /dev/null
@@ -1,53 +0,0 @@
-.rke2 tf:
- extends: .terraformer
- variables:
- TF_ROOT: ".gitlab-ci/jobs/rke2/dependencies/terraform/env/ci"
-
-.rke2 up:
- extends: .rke2 tf
- script:
- - echo -e "\e[0Ksection_start:`date +%s`:rke2_up[collapsed=true]\r\e[0K\e[33;1mRKE2 Up\e[37m"
- # Fetch dependencies
- - apk add bash aws-cli
- # Loop to retry rke2 terraform apply
- - |
- set -e
- attempt_counter=0
- max_attempts=2
- until [ $(terraform apply -input=false -auto-approve >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} == ${max_attempts} ];then
- echo "Error applying rke2 cluster up terraform"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- echo "Attempt failed to apply will retry in 30 seconds"
- sleep 30
- done
- - mv rke2.yaml ${CI_PROJECT_DIR}/rke2.yaml
- - echo -e "\e[0Ksection_end:`date +%s`:rke2_up\r\e[0K"
- artifacts:
- paths:
- - ${CI_PROJECT_DIR}/rke2.yaml
-
-.rke2 down:
- extends:
- - .rke2 tf
- - .terraform destroy workspace
- script:
- - echo -e "\e[0Ksection_start:`date +%s`:rke2_down[collapsed=true]\r\e[0K\e[33;1mRKE2 Down\e[37m"
- # Loop to retry rke2 terraform destory
- - |
- set -e
- attempt_counter=0
- max_attempts=2
- until [ $(terraform destroy -input=false -auto-approve >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} == ${max_attempts} ];then
- echo "Error destroying rke2 cluster terraform"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- echo "Attempt failed to destroy will retry in 30 seconds"
- sleep 30
- done
- - echo -e "\e[0Ksection_end:`date +%s`:rke2_down\r\e[0K"
-
diff --git a/.gitlab-ci/jobs/rke2/README.md b/.gitlab-ci/jobs/rke2/README.md
deleted file mode 100644
index 8b6f45e943cc77ea6adb81ddbcdeef229cdbc107..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/README.md
+++ /dev/null
@@ -1,36 +0,0 @@
-# rke2
-
-This folder contains _one example_ of deploying `rke2`, and is tuned specifically to run BigBang CI. While it can be used as an example for deployments, please ensure you're taking your own needs into consideration.
-
-## What's deployed
-
-* `rke2` cluster
- * sized according to BigBang CI Needs as non-ha
- * if ha is desired, simply change `servers = 3` in the installation or upgrade
-* aws govcloud (`us-gov-west-1`)
-* stig'd rhel8 (90-95% depending on user configuration)
-* airgap
-* single autoscaling generic agent nodepool
- * sized according to BigBang CI needs as 2 `m5a.4xlarge` instances
- * if additional nodes are needed, simply add more nodepools
-
-## How's it deployed
-
-The `rke2` terraform modules used can be found on repo1 [here](https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform).
-
-Both `ci` and `dev` setups exist, the example below can be run locally for development workflows where local clusters may not suffice:
-
-```bash
-# ensure BigBang's CI network exists
-cd .gitlab-ci/jobs/networking/aws/dependencies/terraform/env/dev
-terraform init
-terraform apply
-
-# deploy rke2
-cd .gitlab-ci/jobs/rke2/dependencies/terraform/env/dev
-terraform init
-terraform apply
-
-# kubeconfig will be copied locally after terraform completes in ~5m
-kubectl --kubeconfig rke2.yaml get no,all -A
-```
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml b/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
deleted file mode 100644
index 93fef6bec30f5177e287c9ffc5095b4454544ba8..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
+++ /dev/null
@@ -1,14 +0,0 @@
-apiVersion: storage.k8s.io/v1
-kind: StorageClass
-metadata:
- name: ebs
- annotations:
- storageclass.kubernetes.io/is-default-class: "true"
-provisioner: kubernetes.io/aws-ebs
-parameters:
- type: gp2
-reclaimPolicy: Delete
-allowVolumeExpansion: true
-mountOptions:
- - debug
-volumeBindingMode: WaitForFirstConsumer
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/ci-airgap.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/ci-airgap.tf
deleted file mode 100644
index 44f5b4587da3e3c6e12ea2b5d7923112822b9f9b..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/ci-airgap.tf
+++ /dev/null
@@ -1,29 +0,0 @@
-terraform {
- backend "s3" {
- bucket = "umbrella-tf-states"
- key = "terraform.tfstate"
- region = "us-gov-west-1"
- dynamodb_table = "umbrella-tf-states-lock"
- workspace_key_prefix = "rke2"
- }
-}
-
-data "terraform_remote_state" "networking" {
- backend = "s3"
- config = {
- bucket = "umbrella-tf-states"
- key = "terraform.tfstate"
- region = "us-gov-west-1"
- workspace_key_prefix = "aws-networking"
- }
- workspace = var.env
-}
-
-module "ci" {
- source = "../../main"
-
- env = var.env
- ci_pipeline_url = var.ci_pipeline_url
- vpc_id = data.terraform_remote_state.networking.outputs.vpc_id
- subnets = data.terraform_remote_state.networking.outputs.intra_subnets
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/variables.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/variables.tf
deleted file mode 100644
index 2ae56f77d590b6f00553ed72a2315ad73a81249c..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci-airgap/variables.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-variable "aws_region" {
- default = "us-gov-west-1"
-}
-
-variable "env" {}
-variable "ci_pipeline_url" {}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/ci.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/ci.tf
deleted file mode 100644
index fed3a12ec886c8e8391230a72991fe1321fb976b..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/ci.tf
+++ /dev/null
@@ -1,30 +0,0 @@
-terraform {
- backend "s3" {
- bucket = "umbrella-tf-states"
- key = "terraform.tfstate"
- region = "us-gov-west-1"
- dynamodb_table = "umbrella-tf-states-lock"
- workspace_key_prefix = "rke2"
- }
-}
-
-data "terraform_remote_state" "networking" {
- backend = "s3"
- config = {
- bucket = "umbrella-tf-states"
- key = "terraform.tfstate"
- region = "us-gov-west-1"
- workspace_key_prefix = "aws-networking"
- }
- workspace = var.env
-}
-
-module "ci" {
- source = "../../main"
-
- env = var.env
- ci_pipeline_url = var.ci_pipeline_url
- vpc_id = data.terraform_remote_state.networking.outputs.vpc_id
- private_subnets = data.terraform_remote_state.networking.outputs.private_subnets
- public_subnets = data.terraform_remote_state.networking.outputs.public_subnets
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/variables.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/variables.tf
deleted file mode 100644
index 2ae56f77d590b6f00553ed72a2315ad73a81249c..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/ci/variables.tf
+++ /dev/null
@@ -1,6 +0,0 @@
-variable "aws_region" {
- default = "us-gov-west-1"
-}
-
-variable "env" {}
-variable "ci_pipeline_url" {}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
deleted file mode 100644
index 9662d59903df49ace6892543c8f5c11b4edb8d75..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/dev.tf
+++ /dev/null
@@ -1,42 +0,0 @@
-provider "aws" {
- region = "us-gov-west-1"
-}
-
-data "terraform_remote_state" "networking" {
- backend = "local"
- config = {
- path = "../../../../../networking/aws/dependencies/terraform/env/dev/terraform.tfstate"
- }
-}
-
-# Private Key
-resource "tls_private_key" "ssh" {
- algorithm = "RSA"
- rsa_bits = 4096
-}
-
-resource "local_file" "pem" {
- filename = "rke2.pem"
- content = tls_private_key.ssh.private_key_pem
- file_permission = "0600"
-}
-
-
-module "dev" {
- source = "../../main"
-
- env = "dev"
- vpc_id = data.terraform_remote_state.networking.outputs.vpc_id
- private_subnets = data.terraform_remote_state.networking.outputs.private_subnets
- public_subnets = data.terraform_remote_state.networking.outputs.public_subnets
- ssh_authorized_keys = [tls_private_key.ssh.public_key_openssh]
-}
-
-resource "aws_security_group_rule" "dev-ssh" {
- from_port = 22
- to_port = 22
- protocol = "tcp"
- security_group_id = module.dev.cluster_sg
- type = "ingress"
- cidr_blocks = ["0.0.0.0/0"]
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/variables.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/variables.tf
deleted file mode 100644
index 794825b3cded98265eb5e386868aed853e53f9b3..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/env/dev/variables.tf
+++ /dev/null
@@ -1,3 +0,0 @@
-variable "aws_region" {
- default = "us-gov-west-1"
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
deleted file mode 100644
index 5641aee3e6347fb951f286de9c7649ceef32ba2d..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/main.tf
+++ /dev/null
@@ -1,131 +0,0 @@
-locals {
- name = "umbrella-${var.env}"
-
- # Bigbang specific OS tuning
- os_prep = <<EOF
-# Configure aws cli default region to current region, it'd be great if the aws cli did this on install........
-aws configure set default.region $(curl -s http://169.254.169.254/latest/meta-data/placement/region)
-
-# Tune vm sysctl for elasticsearch
-sysctl -w vm.max_map_count=524288
-
-# SonarQube host pre-requisites
-sysctl -w fs.file-max=131072
-ulimit -n 131072
-ulimit -u 8192
-
-# Preload kernel modules required by istio-init, required for selinux enforcing instances using istio-init
-modprobe xt_REDIRECT
-modprobe xt_owner
-modprobe xt_statistic
-# Persist modules after reboots
-printf "xt_REDIRECT\nxt_owner\nxt_statistic\n" | sudo tee -a /etc/modules
-EOF
-
- tags = {
- "project" = "umbrella"
- "env" = var.env
- "terraform" = "true",
- "ci_pipeline_url" = var.ci_pipeline_url
- }
-}
-
-module "rke2" {
- source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git?ref=v1.1.9"
-
- cluster_name = local.name
- vpc_id = var.vpc_id
- subnets = var.private_subnets
- ami = var.server_ami
- servers = var.servers
- instance_type = var.server_instance_type
- ssh_authorized_keys = var.ssh_authorized_keys
- controlplane_internal = var.controlplane_internal
- rke2_version = var.rke2_version
-
- rke2_config = <<EOF
-disable:
- - rke2-ingress-nginx
-EOF
-
- block_device_mappings = {
- size = 100
- encrypted = true
- type = "gp3"
- }
-
- enable_ccm = var.enable_ccm
- download = var.download
-
- pre_userdata = local.os_prep
-
- tags = merge({}, local.tags, var.tags)
-}
-
-module "generic_agents" {
- source = "git::https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-aws-terraform.git//modules/agent-nodepool?ref=v1.1.9"
-
- name = "generic-agent"
- vpc_id = var.vpc_id
- subnets = var.private_subnets
- ami = var.agent_ami
- asg = var.agent_asg
- spot = var.agent_spot
- instance_type = var.agent_instance_type
- ssh_authorized_keys = var.ssh_authorized_keys
- rke2_version = var.rke2_version
-
- enable_ccm = var.enable_ccm
- enable_autoscaler = var.enable_autoscaler
- download = var.download
-
- # TODO: These need to be set in pre-baked ami's
- pre_userdata = local.os_prep
-
- block_device_mappings = {
- size = 150
- encrypted = true
- type = "gp3"
- }
-
- # Required data for identifying cluster to join
- cluster_data = module.rke2.cluster_data
-
- tags = merge({}, local.tags, var.tags)
-}
-
-# Example method of fetching kubeconfig from state store, requires aws cli
-resource "null_resource" "kubeconfig" {
- depends_on = [module.rke2]
-
- provisioner "local-exec" {
- interpreter = ["bash", "-c"]
- command = "aws s3 cp ${module.rke2.kubeconfig_path} rke2.yaml"
- }
-}
-
-## Adding tags on VPC and Subnets to match uniquely created cluster name
-resource "aws_ec2_tag" "vpc_tags" {
- resource_id = var.vpc_id
- key = "kubernetes.io/cluster/${module.rke2.cluster_name}"
- value = "shared"
-}
-
-resource "aws_ec2_tag" "public_subnets_tags" {
- count = length(var.public_subnets)
- resource_id = var.public_subnets[count.index]
- key = "kubernetes.io/cluster/${module.rke2.cluster_name}"
- value = "shared"
-}
-
-resource "aws_ec2_tag" "private_subnets_tags" {
- count = length(var.private_subnets)
- resource_id = var.private_subnets[count.index]
- key = "kubernetes.io/cluster/${module.rke2.cluster_name}"
- value = "shared"
-}
-
-output "cluster_sg" {
- description = "Cluster SG ID, used for dev ssh access"
- value = module.rke2.cluster_data.cluster_sg
-}
\ No newline at end of file
diff --git a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf b/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
deleted file mode 100644
index 7911c9ae0eb2f4c07a97f6e012f48ba1512e8f4b..0000000000000000000000000000000000000000
--- a/.gitlab-ci/jobs/rke2/dependencies/terraform/main/variables.tf
+++ /dev/null
@@ -1,84 +0,0 @@
-variable "env" {}
-variable "aws_region" {
- default = "us-gov-west-1"
-}
-variable "vpc_id" {}
-
-variable "private_subnets" {
- type = list(string)
-}
-
-variable "public_subnets" {
- type = list(string)
-}
-
-variable "tags" {
- type = map(string)
- default = {}
-}
-
-#
-# Cluster variables
-#
-variable "controlplane_internal" {
- default = true
-}
-
-variable "enable_ccm" {
- default = true
-}
-
-variable "enable_autoscaler" {
- default = true
-}
-
-variable "ssh_authorized_keys" {
- type = list(string)
- default = []
-}
-
-variable "download" {
- type = bool
- default = false
- description = "Toggle dependency downloading"
-}
-
-#
-# Server variables
-#
-variable "server_ami" {
- # RHEL 8.3 RKE2 v1.20.7+rke2r2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
- default = "ami-04fc9486a0c1633cb"
-}
-variable "server_instance_type" {
- default = "m5a.2xlarge"
-}
-variable "servers" {
- default = 1
-}
-variable "rke2_version" {
- default = "v1.20.5+rke2r1"
-}
-
-#
-# Generic agent variables
-#
-variable "agent_ami" {
- # RHEL 8.3 RKE2 v1.20.7+rke2r2 STIG: https://repo1.dso.mil/platform-one/distros/rancher-federal/rke2/rke2-image-builder
- default = "ami-04fc9486a0c1633cb"
-}
-variable "agent_instance_type" {
- default = "m5a.4xlarge"
-}
-variable "agent_asg" {
- default = { min : 3, max : 10, desired : 3 }
-}
-variable "agent_spot" {
- default = true
-}
-
-variable "ci_pipeline_url" {
- type = string
- default = "none"
- description = "URL to the pipeline that created this resource"
-}
diff --git a/.gitlab-ci/templates.yml b/.gitlab-ci/templates.yml
deleted file mode 100644
index a8e5046fcf8d1554533587e5258cc38248f7010b..0000000000000000000000000000000000000000
--- a/.gitlab-ci/templates.yml
+++ /dev/null
@@ -1,82 +0,0 @@
-include:
- # "Default" AWS Networking
- - local: '/.gitlab-ci/jobs/networking/aws/.gitlab-ci.yml'
-
- # Clusters in CI
- - local: '/.gitlab-ci/jobs/ci-cluster/.gitlab-ci.yml'
-
- # RKE2 Gitlab CI jobs
- - local: '/.gitlab-ci/jobs/rke2/.gitlab-ci.yml'
-
-#-----------------------------------------------------------------------------------------------------------------------
-# Gitlab Runner tag templates
-#
-
-.bigbang-gitlab-runner-tags:
- tags:
- - bigbang
- - dogfood
- - generic
-
-.kubectl-output:
- image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/k8s-ci:v1.20.4-bb.3
- extends: .bigbang-gitlab-runner-tags
- after_script:
- - echo -e "\e[0Ksection_start:`date +%s`:kubectl_get_all[collapsed=true]\r\e[0K\e[33;1mkubectl get all -A\e[37m"
- - kubectl get all -A
- - echo -e "\e[0Ksection_end:`date +%s`:kubectl_get_all\r\e[0K"
- - echo -e "\e[0Ksection_start:`date +%s`:kubectl_get_helmrelease[collapsed=true]\r\e[0K\e[33;1mkubectl get helmrelease -A\e[37m"
- - kubectl get helmrelease -A
- - echo -e "\e[0Ksection_end:`date +%s`:kubectl_get_helmrelease\r\e[0K"
-
-.terraformer:
- image:
- name: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/terraform:0.13.5
- entrypoint:
- - /usr/bin/env
- - "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
- interruptible: false
- variables:
- TF_IN_AUTOMATION: "1"
- TF_VAR_ci_pipeline_url: $CI_PIPELINE_URL
- before_script:
- - echo -e "\e[0Ksection_start:`date +%s`:terraform_init[collapsed=true]\r\e[0K\e[33;1mTerraform Init\e[37m"
- - echo "$TF_VAR_env"
- - cd ${CI_PROJECT_DIR}/${TF_ROOT}
- - terraform version
- - terraform init -input=false
- # Loop to retry terraform workspace creation due to issues locking terraform.state in s3
- - |
- set -e
- attempt_counter=0
- max_attempts=5
- until [ $(terraform workspace select $TF_VAR_env >/dev/null || terraform workspace new $TF_VAR_env >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} -eq ${max_attempts} ];then
- echo "Error creating workspace"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- sleep 5
- done
- - terraform validate
- - echo -e "\e[0Ksection_end:`date +%s`:terraform_init\r\e[0K"
-
-.terraform destroy workspace:
- after_script:
- - echo -e "\e[0Ksection_start:`date +%s`:terraform_destroy_workspace[collapsed=true]\r\e[0K\e[33;1mTerraform Destroy Workspace\e[37m"
- - cd ${CI_PROJECT_DIR}/${TF_ROOT}
- # Loop to retry terraform workspace destory
- - |
- set -e
- attempt_counter=0
- max_attempts=2
- until [ $(terraform workspace select default >/dev/null && terraform workspace delete "${TF_VAR_env}" >/dev/null; echo $?) -eq 0 ]; do
- if [ ${attempt_counter} == ${max_attempts} ];then
- echo "Error destroying terraform workspace"
- exit 1
- fi
- attempt_counter=$(($attempt_counter+1))
- echo "Attempt failed to destroy workspace will retry in 30 seconds"
- sleep 30
- done
- - echo -e "\e[0Ksection_end:`date +%s`:terraform_destroy_workspace\r\e[0K"
\ No newline at end of file
diff --git a/chart/ingress-certs.yaml b/chart/ingress-certs.yaml
index 4fd56cea5feafd6eca80aa4584a3178c0c1e199e..6262f6726e71c29db773cea0400c84c696d82f2d 100644
--- a/chart/ingress-certs.yaml
+++ b/chart/ingress-certs.yaml
@@ -123,3 +123,128 @@ istio:
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
+
+addons:
+ keycloak:
+ ingress:
+ key: |
+ -----BEGIN PRIVATE KEY-----
+ MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbaLWaC86eG74Z
+ D5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpBtvV5x9F88gMz
+ yhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+mrUniVT8WNrRL
+ C1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+AfaGSHheKo5h
+ xTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqUB4dAge+imwAs
+ ZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKNB/8mi1pylWqN
+ UjedV4A5AgMBAAECggEBAM56xORaljBO9WAKOotNK+1rNBO6jAYTWQeY95CeolSP
+ y/PvobcZa6QICAL16o3DlSqQroTTmf7WllLnq4PWueA43+ETWSMaxAsqWE0laTTd
+ qyfV/8lvhzTv5/+z/TIZnmoCDFT2Wm9iPdudpfXbKp+ghFnYFJVwmVITRbB91InX
+ 38LaEvLWFnJ3/DPYursaXerwwrm50d0PCdpa/ceqBCVHlpT3Zc0lT0rYpDVtc9BG
+ 3gjbvKwhVUQBDfD3FGEobxhbc5eEH6JEf0PUWKnsU5F0qRKjQnfM19XKbczP+9gY
+ 71BDL1sALSZxxJXW865+7GeXKCtxObkcCwYbf8UrS30CgYEA+HSH4ZpuHZ8IKIbs
+ vFaAjsEMkRfZPao8b/g4/JCg4TuOpAdFZUTSPWmdUq3i/J8o9b+e8/bznn9HLHIT
+ qyreSyiRUQRtcniSL1ZUHSzzW9QefYKzPghGYHXQLIBAWt50PDaMfPQ6Sj1NaEPH
+ h3hq4YNYNMQP/QVmfFdiT4xVA6cCgYEA4hJgSc17hh/u84uYAKhg2zSlFG5LlYKc
+ Yb2aFQJhFz2QqGxMeOXyIVDFD6btGcOLtPt4RdsBuCLZZzFBDUlWL7rY9qlL+/+P
+ ERStyHE9gFBDa0KWfvQxHSXIuxN2mkokktiVfaTisi8SWEKRJYp+B8HCa5lSDBti
+ eXcGBK3hWR8CgYBJ+aBPmsR4i1ZJgsrP1M2YM4CDXt9uzdYK3JRTFtjf1vTEf+m4
+ mkIiyORvrphr8ROn//La3sdwhKLzZ8/VYgEnzZ9eyPuxXpbgA0suGKkoyUJ+ykCG
+ Er6pj8p4xYLjy2I+X1t7BNiqLBB1H+Ezw7XHCW1k4I+GHWqDUR1TZAwX9wKBgFhy
+ KAm3wqPuymWuL4HSXlJkflFH9XpA5z22GBowHBwjkfzSofiKvfgayX4eKJTz1Cyy
+ VZO+4yVPPQ8KThEMqBN0Xn3iLkAg87ATDwpkg1M4E6hbHNX+Y1ir96R5MOWcLELn
+ SVUmtSpREDRHltHBJR2TyKSgD2F9NUGgN1KNVKSxAoGARyx7VceWlpdmnr+i26UH
+ B4h6/rL/nY7M2oWgUaj7FeygcfemtO6cV+R1Bl876Q9Dx797hZ4ddGAgxmDFsv8J
+ f6SSzTJBB6IGxt+1ZcxD4uFXUrOVFv00br/Re14bsXQcMwi9kEJF2idbR5E7O2qc
+ qbLlPssjuZS5pDnRa05bEIQ=
+ -----END PRIVATE KEY-----
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIFHzCCBAegAwIBAgISA9KlIFfDVyxZ1/qZXl4HMuIOMA0GCSqGSIb3DQEBCwUA
+ MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+ EwJSMzAeFw0yMTA5MjcxNDU1MDdaFw0yMTEyMjYxNDU1MDZaMBgxFjAUBgNVBAMM
+ DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb
+ aLWaC86eG74ZD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpB
+ tvV5x9F88gMzyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+m
+ rUniVT8WNrRLC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+
+ AfaGSHheKo5hxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqU
+ B4dAge+imwAsZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKN
+ B/8mi1pylWqNUjedV4A5AgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD
+ VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+ BBYEFLUbMi65bMLlINPzTplLjtCHZfa0MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+ QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
+ Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
+ MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
+ NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
+ cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBElGUusO7Or8RAB9io
+ /ijA2uaCvtjLMbU/0zOWtbaBqAAAAXwn948JAAAEAwBGMEQCIBkkdKr6WRtmZYO8
+ kuchAYDxGPaCnU9FYU3BZBpsbJvLAiButEYn4AvTFiZMILymyuuqct/eFjIR9MEE
+ pNotyaD+bQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABfCf3
+ kGUAAAQDAEcwRQIhAOOOX0qpI8xjqARUfU4ErGe8icHORlNHHzP/a6b3XE4ZAiBp
+ fMNh3oihXS1e6EM9Xs8m+9nuCi7rqLNSkCNuwisK7zANBgkqhkiG9w0BAQsFAAOC
+ AQEABMjkLKKxYyL4ZT6BPuOyqC4hnczDYUmZdCCysLu7psCjrZIAlSRxLIWXdWir
+ ogi/Vf+wdPKk38NDar0T9+rfAehuvQjQKCzIKVzr+MGauW0Wytwt63EgLIl2znvX
+ jWEIUwDQkqeFzPMbov8BK8hdLibBSz9nLrT0Zyw9mgRIzslemsi62+AjSNERTCTv
+ qyhinnBHLd3dGLOAXexwXu7ic2ZwCgnSgcli+MWC30QOh6ePJJqgw6OpwvOC9DAV
+ fkvGYFXlgYXnhQeLr0/4tzw3koclRWe/qgjAdAjB03yp1e53b+j9NoOfyobo1MFe
+ nMqEgcgAiA2VuE62Q4HE0Rs5wA==
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+ TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+ cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+ WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+ RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+ AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+ R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+ sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+ NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+ Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+ /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+ AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+ Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+ FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+ AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+ Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+ gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+ PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+ CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+ lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+ avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+ yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+ yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+ hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+ HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+ MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+ nLRbwHOoq7hHwg==
+ -----END CERTIFICATE-----
+ -----BEGIN CERTIFICATE-----
+ MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+ MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+ DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+ TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+ cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+ AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+ wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+ LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+ 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+ bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+ sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+ Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+ FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+ SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+ PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+ TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+ SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+ c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+ +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+ b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+ U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+ MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+ 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+ 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+ WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+ he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+ Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+ -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/chart/keycloak-dev-values.yaml b/chart/keycloak-dev-values.yaml
deleted file mode 100644
index 2816fb29f9eb89998c109f8ae31e2d8e06f3aed7..0000000000000000000000000000000000000000
--- a/chart/keycloak-dev-values.yaml
+++ /dev/null
@@ -1,217 +0,0 @@
-comments: |
- This example values override file is provided FOR DEVELOPMENT PURPOSES ONLY
- Operational deployments use a different configuration including but not limited to:
- - a custom realm would not automatically be loaded.
- - needed secrets would be created independently through a GitOps process rather than using the keycolak chart to create secrets
- - the certificate would not be inlined in the values.yaml but instead the keycloak-tlscert and keycloak-tlskey secrets are created independently through a GitOps process
- - an external database would be used
- - master realm would be disabled to prevent admin login
-
- If you are deploying this development configuration on a k3d cluster, multiple istio ingress is not supported by default.
- You must follow the instructions in the development environment addendum to configure k3d with MetalLB.
- /docs/developer/development-environment.md#multi-ingress-gateway-support-with-metallb-and-k3d
-
- Here are some of the URL paths that are available in Keycloak
- Admin UI. Default credentials for development are admin:password
- https://keycloak.bigbang.dev/auth/admin
- User registration and/or account page
- https://keycloak.bigbang.dev/
-
- For a keycloak realm config file that already has some sso clients configured, reach out to one of the Keycloak package codeowners.
- Within the Keycloak admin UI delete the existing custom realm, and then import the new one.
- If the cert in the example values override file has expired. Get a current *.bigbang.dev cert at /chart/ingress-certs.yaml.
- Then open a Gitlab issue so we can update the example file with the new cert.
-
-
-domain: bigbang.dev
-
-flux:
- interval: 1m
- rollback:
- cleanupOnFail: false
-
-istio:
- ingressGateways:
- passthrough-ingressgateway:
- type: "LoadBalancer"
-
- gateways:
- passthrough:
- ingressGateway: "passthrough-ingressgateway"
- hosts:
- - "*.{{ .Values.domain }}"
- tls:
- mode: "PASSTHROUGH"
-
-addons:
- keycloak:
- enabled: true
-
- ingress:
- gateway: "passthrough"
-
- # *.bigbang.dev
- key: |
- -----BEGIN PRIVATE KEY-----
- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbaLWaC86eG74Z
- D5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpBtvV5x9F88gMz
- yhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+mrUniVT8WNrRL
- C1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+AfaGSHheKo5h
- xTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqUB4dAge+imwAs
- ZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKNB/8mi1pylWqN
- UjedV4A5AgMBAAECggEBAM56xORaljBO9WAKOotNK+1rNBO6jAYTWQeY95CeolSP
- y/PvobcZa6QICAL16o3DlSqQroTTmf7WllLnq4PWueA43+ETWSMaxAsqWE0laTTd
- qyfV/8lvhzTv5/+z/TIZnmoCDFT2Wm9iPdudpfXbKp+ghFnYFJVwmVITRbB91InX
- 38LaEvLWFnJ3/DPYursaXerwwrm50d0PCdpa/ceqBCVHlpT3Zc0lT0rYpDVtc9BG
- 3gjbvKwhVUQBDfD3FGEobxhbc5eEH6JEf0PUWKnsU5F0qRKjQnfM19XKbczP+9gY
- 71BDL1sALSZxxJXW865+7GeXKCtxObkcCwYbf8UrS30CgYEA+HSH4ZpuHZ8IKIbs
- vFaAjsEMkRfZPao8b/g4/JCg4TuOpAdFZUTSPWmdUq3i/J8o9b+e8/bznn9HLHIT
- qyreSyiRUQRtcniSL1ZUHSzzW9QefYKzPghGYHXQLIBAWt50PDaMfPQ6Sj1NaEPH
- h3hq4YNYNMQP/QVmfFdiT4xVA6cCgYEA4hJgSc17hh/u84uYAKhg2zSlFG5LlYKc
- Yb2aFQJhFz2QqGxMeOXyIVDFD6btGcOLtPt4RdsBuCLZZzFBDUlWL7rY9qlL+/+P
- ERStyHE9gFBDa0KWfvQxHSXIuxN2mkokktiVfaTisi8SWEKRJYp+B8HCa5lSDBti
- eXcGBK3hWR8CgYBJ+aBPmsR4i1ZJgsrP1M2YM4CDXt9uzdYK3JRTFtjf1vTEf+m4
- mkIiyORvrphr8ROn//La3sdwhKLzZ8/VYgEnzZ9eyPuxXpbgA0suGKkoyUJ+ykCG
- Er6pj8p4xYLjy2I+X1t7BNiqLBB1H+Ezw7XHCW1k4I+GHWqDUR1TZAwX9wKBgFhy
- KAm3wqPuymWuL4HSXlJkflFH9XpA5z22GBowHBwjkfzSofiKvfgayX4eKJTz1Cyy
- VZO+4yVPPQ8KThEMqBN0Xn3iLkAg87ATDwpkg1M4E6hbHNX+Y1ir96R5MOWcLELn
- SVUmtSpREDRHltHBJR2TyKSgD2F9NUGgN1KNVKSxAoGARyx7VceWlpdmnr+i26UH
- B4h6/rL/nY7M2oWgUaj7FeygcfemtO6cV+R1Bl876Q9Dx797hZ4ddGAgxmDFsv8J
- f6SSzTJBB6IGxt+1ZcxD4uFXUrOVFv00br/Re14bsXQcMwi9kEJF2idbR5E7O2qc
- qbLlPssjuZS5pDnRa05bEIQ=
- -----END PRIVATE KEY-----
- cert: |
- -----BEGIN CERTIFICATE-----
- MIIFHzCCBAegAwIBAgISA9KlIFfDVyxZ1/qZXl4HMuIOMA0GCSqGSIb3DQEBCwUA
- MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
- EwJSMzAeFw0yMTA5MjcxNDU1MDdaFw0yMTEyMjYxNDU1MDZaMBgxFjAUBgNVBAMM
- DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb
- aLWaC86eG74ZD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpB
- tvV5x9F88gMzyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+m
- rUniVT8WNrRLC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+
- AfaGSHheKo5hxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqU
- B4dAge+imwAsZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKN
- B/8mi1pylWqNUjedV4A5AgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD
- VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
- BBYEFLUbMi65bMLlINPzTplLjtCHZfa0MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
- QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
- Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
- MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
- NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
- cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBElGUusO7Or8RAB9io
- /ijA2uaCvtjLMbU/0zOWtbaBqAAAAXwn948JAAAEAwBGMEQCIBkkdKr6WRtmZYO8
- kuchAYDxGPaCnU9FYU3BZBpsbJvLAiButEYn4AvTFiZMILymyuuqct/eFjIR9MEE
- pNotyaD+bQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABfCf3
- kGUAAAQDAEcwRQIhAOOOX0qpI8xjqARUfU4ErGe8icHORlNHHzP/a6b3XE4ZAiBp
- fMNh3oihXS1e6EM9Xs8m+9nuCi7rqLNSkCNuwisK7zANBgkqhkiG9w0BAQsFAAOC
- AQEABMjkLKKxYyL4ZT6BPuOyqC4hnczDYUmZdCCysLu7psCjrZIAlSRxLIWXdWir
- ogi/Vf+wdPKk38NDar0T9+rfAehuvQjQKCzIKVzr+MGauW0Wytwt63EgLIl2znvX
- jWEIUwDQkqeFzPMbov8BK8hdLibBSz9nLrT0Zyw9mgRIzslemsi62+AjSNERTCTv
- qyhinnBHLd3dGLOAXexwXu7ic2ZwCgnSgcli+MWC30QOh6ePJJqgw6OpwvOC9DAV
- fkvGYFXlgYXnhQeLr0/4tzw3koclRWe/qgjAdAjB03yp1e53b+j9NoOfyobo1MFe
- nMqEgcgAiA2VuE62Q4HE0Rs5wA==
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
- TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
- cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
- WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
- RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
- AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
- R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
- sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
- NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
- Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
- /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
- AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
- Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
- FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
- AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
- Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
- gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
- PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
- ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
- CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
- lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
- avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
- yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
- yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
- hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
- HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
- MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
- nLRbwHOoq7hHwg==
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
- MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
- DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
- TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
- cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
- AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
- ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
- wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
- LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
- 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
- bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
- sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
- Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
- FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
- SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
- PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
- TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
- SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
- c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
- +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
- ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
- b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
- U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
- MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
- 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
- 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
- WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
- he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
- Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
- -----END CERTIFICATE-----
-
- values:
- replicas: 1
- secrets:
- env:
- stringData:
- CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
- KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
- X509_CA_BUNDLE: /etc/x509/https/cas.pem
- certauthority:
- stringData:
- cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
- customreg:
- stringData:
- customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
- realm:
- stringData:
- realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
- extraVolumes: |-
- - name: certauthority
- secret:
- secretName: {{ include "keycloak.fullname" . }}-certauthority
- - name: customreg
- secret:
- secretName: {{ include "keycloak.fullname" . }}-customreg
- - name: realm
- secret:
- secretName: {{ include "keycloak.fullname" . }}-realm
- extraVolumeMounts: |-
- - name: certauthority
- mountPath: /etc/x509/https/cas.pem
- subPath: cas.pem
- readOnly: true
- - name: customreg
- mountPath: /opt/jboss/keycloak/customreg.yaml
- subPath: customreg.yaml
- readOnly: true
- - name: realm
- mountPath: /opt/jboss/keycloak/realm.json
- subPath: realm.json
- readOnly: true
-
-
diff --git a/docs/developer/development-environment.md b/docs/developer/development-environment.md
index 683589d5eb7abd0704927cb60d2a5ef9acfb9761..3dd281e3d1adc71601b3cb15272a3ebce51f4ffe 100644
--- a/docs/developer/development-environment.md
+++ b/docs/developer/development-environment.md
@@ -208,7 +208,7 @@ cd ./bigbang
./scripts/install_flux.sh -u your-user-name -p your-pull-secret
```
-**Note1:** When deploying to k3d, the load balancer must be added to `excludedResources` under several violations for gatekeeper. This can be done by modifying `chart/values.yaml` file or passing an override file (e.g. `chart/k3d-dev-values.yaml`) with the values set below. This is for development purposes only.
+**Note1:** When deploying to k3d, the load balancer must be added to `excludedResources` under several violations for gatekeeper. This can be done by modifying `chart/values.yaml` file or passing an override file (e.g. `docs/example_configs/opa-overrides-k3d.yaml`) with the values set below. This is for development purposes only.
```yaml
gatekeeper:
diff --git a/chart/dev-sso-values.yaml b/docs/example_configs/dev-sso-values.yaml
similarity index 99%
rename from chart/dev-sso-values.yaml
rename to docs/example_configs/dev-sso-values.yaml
index 53d2261a9de6dfa5f5d7cec1fd503a1c417d7622..1edc1a1927d532ad0d4b755756680cbd1399ba39 100644
--- a/chart/dev-sso-values.yaml
+++ b/docs/example_configs/dev-sso-values.yaml
@@ -278,4 +278,4 @@ addons:
# -----END CERTIFICATE-----
# make a valid pem file with proper wrapping at 64 characters per line
# fold -w 64 nexus-x509.txt > nexus.pem
- # In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
+ # In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
\ No newline at end of file
diff --git a/chart/google-auth-example-values.yaml b/docs/example_configs/google-auth-example-values.yaml
similarity index 100%
rename from chart/google-auth-example-values.yaml
rename to docs/example_configs/google-auth-example-values.yaml
diff --git a/docs/example_configs/keycloak-dev-values.yaml b/docs/example_configs/keycloak-dev-values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..4c9d1c1b8f603a0ebf0a4921769002ea7dc65150
--- /dev/null
+++ b/docs/example_configs/keycloak-dev-values.yaml
@@ -0,0 +1,102 @@
+comments: |
+ This example values override file is provided FOR DEVELOPMENT PURPOSES ONLY
+ Operational deployments use a different configuration including but not limited to:
+ - a custom realm would not automatically be loaded.
+ - needed secrets would be created independently through a GitOps process rather than using the keycolak chart to create secrets
+ - the certificate would not be inlined in the values.yaml but instead the keycloak-tlscert and keycloak-tlskey secrets are created independently through a GitOps process
+ - an external database would be used
+ - master realm would be disabled to prevent admin login
+
+ If you are deploying this development configuration on a k3d cluster, multiple istio ingress is not supported by default.
+ You must follow the instructions in the development environment addendum to configure k3d with MetalLB.
+ /docs/developer/development-environment.md#multi-ingress-gateway-support-with-metallb-and-k3d
+
+ Here are some of the URL paths that are available in Keycloak
+ Admin UI. Default credentials for development are admin:password
+ https://keycloak.bigbang.dev/auth/admin
+ User registration and/or account page
+ https://keycloak.bigbang.dev/
+
+ For a keycloak realm config file that already has some sso clients configured, reach out to one of the Keycloak package codeowners.
+ Within the Keycloak admin UI delete the existing custom realm, and then import the new one.
+ If the cert in the example values override file has expired. Get a current *.bigbang.dev cert at /chart/ingress-certs.yaml.
+ Then open a Gitlab issue so we can update the example file with the new cert.
+
+
+domain: bigbang.dev
+
+flux:
+ interval: 1m
+ rollback:
+ cleanupOnFail: false
+
+istio:
+ ingressGateways:
+ passthrough-ingressgateway:
+ type: "LoadBalancer"
+
+ gateways:
+ passthrough:
+ ingressGateway: "passthrough-ingressgateway"
+ hosts:
+ - "*.{{ .Values.domain }}"
+ tls:
+ mode: "PASSTHROUGH"
+
+addons:
+ keycloak:
+ enabled: true
+
+ ingress:
+ gateway: "passthrough"
+
+ key: |
+ -----BEGIN PRIVATE KEY-----
+ INSERT KEY HERE
+ -----END PRIVATE KEY-----
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ INSERT CERT HERE
+ -----END CERTIFICATE-----
+
+ values:
+ replicas: 1
+ secrets:
+ env:
+ stringData:
+ CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
+ KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
+ X509_CA_BUNDLE: /etc/x509/https/cas.pem
+ certauthority:
+ stringData:
+ cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
+ customreg:
+ stringData:
+ customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
+ realm:
+ stringData:
+ realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
+ extraVolumes: |-
+ - name: certauthority
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-certauthority
+ - name: customreg
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-customreg
+ - name: realm
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-realm
+ extraVolumeMounts: |-
+ - name: certauthority
+ mountPath: /etc/x509/https/cas.pem
+ subPath: cas.pem
+ readOnly: true
+ - name: customreg
+ mountPath: /opt/jboss/keycloak/customreg.yaml
+ subPath: customreg.yaml
+ readOnly: true
+ - name: realm
+ mountPath: /opt/jboss/keycloak/realm.json
+ subPath: realm.json
+ readOnly: true
+
diff --git a/chart/dev-k3d-values.yaml b/docs/example_configs/opa-overrides-k3d.yaml
similarity index 100%
rename from chart/dev-k3d-values.yaml
rename to docs/example_configs/opa-overrides-k3d.yaml
diff --git a/docs/example_configs/public-ingressgateway-cert.yaml b/docs/example_configs/public-ingressgateway-cert.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..15f43338686460c9a449318aae4a5aef67dd195f
--- /dev/null
+++ b/docs/example_configs/public-ingressgateway-cert.yaml
@@ -0,0 +1,12 @@
+istio:
+ gateways:
+ public:
+ tls:
+ key: |
+ -----BEGIN PRIVATE KEY-----
+ INSERT KEY HERE
+ -----END PRIVATE KEY-----
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ INSERT CERT HERE
+ -----END CERTIFICATE-----
\ No newline at end of file
diff --git a/hack/.sops.yaml b/hack/.sops.yaml
deleted file mode 100644
index 8060c617d16e5d54c970745dd39ec879884e4be2..0000000000000000000000000000000000000000
--- a/hack/.sops.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-creation_rules:
- - encrypted_regex: '^(data|stringData)$'
- pgp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
\ No newline at end of file
diff --git a/hack/bigbang-dev.asc b/hack/bigbang-dev.asc
deleted file mode 100644
index 03ac4f1e0e4e5e35334083942b723f970e0db25c..0000000000000000000000000000000000000000
--- a/hack/bigbang-dev.asc
+++ /dev/null
@@ -1,106 +0,0 @@
------BEGIN PGP PRIVATE KEY BLOCK-----
-
-lQcYBF6nwXwBEAC6BT43a6da1PguseECgEm0qYTktZ1hUhh/eYJS5W4WBH0b/T4W
-XUiVqCfYL9fLf0YsFfhx+N+t7qcErVyWT0KiFpuOLL0v50bYoRLPDQ+FaoJ1A8Pl
-x4UNBk5fmTvzfZaJuZakofD41glLAWk5H/aP+A4a9q3+sh9rVaaggXi4XEnX7N0a
-fha2YI57yuPUOGr/UNHWaLXtbvTU04AZGe30lMcJ/z/lFxEchdO4erHreX1RrfuQ
-la8ObHs69Mji1OImqs48ceW/OaWMFuCVbV3oFXnlL/W++szUrLer2iVOBxmIIoDE
-8Tx/U9x0xd87N3Yi/8Ayx/jm+Z6Z0JUfaSB5Fa6bj9p3Azu4F4Lk40HyFnP6kuPK
-CdlzWytuZ5Y5nd8y+4cyMggBpd5RqvuTVnwfvNE8W3HDNc8fteQmSbIAdyS2WUsg
-v51pdI59KvFiQ61reFQ/sEJuCNrUwYo0ffkC1RmOOkwO6/IERPznpTGwuxHRhq0d
-MZls1t9AaJ8gzAgHp1SCpjV5hu43ygf1QsKk5SORUxRp8Q3vzVkeI4ZvlhOi/BRC
-SOoEcGKTtJ8d8T5ZskiTlsFkbjiv7t2Wtaq8C2dWV3Y3gOFfa+NExYlsa4Cagxhs
-Nv9p6WTNmYjtI9ZN3ALd2wjY6sxcdbrgc+TiQ5cOmRN23MPm4hisvFEl+QARAQAB
-AA//RbSdQcs3ZRQVA/pn5LYJ6Ib1Y3aiyMsonuv7Z/DNNbbs4sYcs+i0wE/Iznvv
-EzRYKUD6XkryFo0tTNVhsnl08KQkGjytj/vMUnTZRXkRbd8hj5OfnsULGHxadfxH
-uNBAzs8aogqE79nUlaSrt1pA3GYJcxUo0h4RI/lufQrHH96FVUJPABRrkl/QRJcc
-lHOntJCmcP+/3H8Ng4rVn5JV1qbBhv99A+2G3fdQBPsFHMXjre3SLLXKaU9BRjBf
-7o/zRqYOrhvICcYiQMJ52cSnwcX6bWVxYuU8SB2Inf8ap4iFirvTIPl8wAG+xIs5
-QUlhHXBUpzLEFFlJkz3UA3czUUflCdOXKgwz0oc8dbWP81kqaiLFM+XvyC4a5VWG
-18K6tkVpsTRCdre6hZlnqg3ZpydNvmDcCvrUP9FAtV8Kmrfm8CY+sGvfbZvJmH1j
-GGGwjPwQmorzbAZGXgAuDpGLvRO5tp20AAyNSGjfqCrNIrt2RtEvSL7Eo1xWJK4W
-5OzpWyXQPNEIzuaAeXBRjYdLLBVHFU8TJ1riSm6JvchPCjW+dlOO5R2DDZkt/VJg
-MshRNqbXwTWNdiMn6ZwxmttxjnrFMKp3feCetDt1iaUYRanYQGPW2lOrSXB+A11v
-WorkV5O5/L3nQb72cvIbZ5crx4DziVTnSK2jrwqe6XUMNPkIAMT9wBSBcCtVcdNo
-LqDGS4zTY6aBHrmBW7SCDrFP638oe1ujO/uxLSy0uK9wTxNmUJ5GqqwimTtHfp3Z
-HsviSzRrepW0t1l0Cil7tArSXdUkmjnDx0YPY4cOk6V5ICVY0JmO9w6JgkGbzcHc
-tjMHR/w/1monopp2lwyjoSA1xtSf4iKggsa/enI2xwiqP9wMGG0HO7edoEWuv7b0
-Vgf8fD8bW7Gn1CucADNOZ+AqNqUNIGHXvC8pe6ZdiF6bViCrItmZ6Fco9i1PLiyT
-ZGMaVgSjcRrVosVPCF0pYtHieeecl+L/RFwQGE2IwCUotbGQSeKklPYsubm+Qol+
-E6J2Q9sIAPG+NA+c2dvSBdqJnd3ZsGiAWBLGTDYkCD69r67PGataflTQpkd67fgY
-wkjRDXTFPVX9PV3kG6ravvRNl6QsTJhqN3pLxEsKBXb9JFPvLBPf/8r75ZqG3PS7
-bTg2M/pIWsSSLQQUIfTbTOboDs/IfPZZs9CW+LlQOJ9/mVFW08luxpp0YkPZ0fjD
-3ekNLAqzbYvHlCbFAdsjwW9vrqFLgOoXZ5sYTItCLw8nU2rnubzxCrI3bIAQCsyW
-k1Quag9QGH4h9K/NvdVI9pPgWIdGN2IR0qfAtfH5dvYraCihYlhnTUUzC89dKbW3
-rPzhinK8r2380CdIle6K1ivM/QIHT7sH/imyED3rCIozw8G1a6ybTzEFuLHigBQH
-S1UDYZaGxsCIi/XiAXJ2JoyoSkF79V4bmIO+8ojOev9AuZSU54XJSjFIzLqu/BAK
-mbViAGcKUkAUr9vF9H4LjfoHVLHJCsZcNzloljeCLyrRU/2DKyfpPbv6nxcoqNuT
-vThiZRmDh43OH/BqSBB/CynX7yNbDvsQI7LuL0JjfA15u5DdEblc5sOU64tLAHSn
-X34QpwnLGmMBkHO94gQaLZiFRGD60B+ETydhxS8JntIWCyfymuO+xENWT5llmlXL
-MVKAqbeMD6LV9HNrIlF9nh0sd3kjRCeFwMjq6tbaflo2M6ot/QdgfXB6GrQ7Ymln
-YmFuZy1kZXYgKFNoYXJlZCBERVZFTE9QTUVOVCBPTkxZIGtleSkgPGJpZ2JhbmdA
-ZHNvcC5pbz6JAk4EEwEIADgWIQRBv/i68lhgOfYpPYNaLoIMJf5SfAUCXqfBfAIb
-AwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRBaLoIMJf5SfEkVD/9knHz9n34F
-tdFXKnf/ArtvXVd3JMyxR14ucLN3V7AOJWPzS367nFk0usTt1Cn4FbDJwKww1gJi
-R0H1oguN5JqnjB7i+UzZRB1hVx1FMtJvEriZR4t16vpCQwzty/RkWfW3rk919ofk
-s9Y36UHdZof35cazRjJybXhh2tZdoCGxp+SXmc10q2XTmBK4YNu8iOcnJmgKKxku
-IWUt6bAT+HdfsUv2H5/viJdORjZ46D0Zp2KdexrWz3LckGAXKuGnKySTIe8qydE7
-ljXlhudwcukJfb6Ciy6eIvgeAlkjdeTHB7SH+P8A52a8sMFySqFcIWTMSv/xXqSl
-jc4F0w/CFFys0hzg7tqHAzVlUACrwpa/6gr/peMUUCIv9TBfd4CHU/VdwpkwIBct
-dpbL12QA0h0GClHxGh3Ihmp2uFVEbrEaay+Ca1AlKMgbh0JgFBJzGWJ0csiDwXfF
-qSxGWUrapkD9ZKicZ5vo/lcKidf0jRzlnxYivxb8V5G11ZK2qCs2kTf07SyEqmK8
-f57+r/d6M/vTZHm5UAugJGoFdzbkoQ8pxiw8prMH5JUwrGRJ40wH+gcIljZaYTCb
-icfbfrWny+pczzh7gu8ZrdAu6Nz2OuV1IFcgnFC6koMXBU6FqlV+eVGZ27cc99Fc
-3FhacBwccLYJRRLv+K9xHvSq0is0ggXtiJ0HGARep8F8ARAAqYKHzCZUd+IRhGkF
-FCvqGrQ/X9IKvZP9oaSOPDKw6qJ9Tyn0JidNwElqf4OgLcw80/18sjA6IFyVo/Xo
-Pzf/jhqa6dAuJLDHis6V8FK23UNVq8nzb7RgbDSXcSrdJdAwgpVTGiBIQiTkWeni
-pOHnJj4EeZ4hR1o5L5GdoTyaXzuPlpeQ+qtJV2DEwINawnOsTf3UhZhtGmG96Pxl
-dngg61qMsXhzXqrhiRKdsABf+99oRFsQN5jHxN5FVzOHbWfvEqrV+8+CU/1qzPTI
-kMVmMLKvZH/KXl+1QwNZq9RrtRFO7tlZKaAzR+8q/M0NM42/LbV5EMVAzuux7NTM
-sxDDQkFwC/H7wa2L3s5XvOviV2Ffb/1hUp1DkPOxs78xjWsSpBtBgopDoGNlLe4V
-haXEUgQb4XvfRtDlaVlx7yuYePus7meCwj88pQRl2TgLhC3SQWW4arLHuFPR3ccC
-B3lmbB1F2q36XD6/5EOsWSV7SIJIQjve0+/is3KGaQ3p/uojotWxDyEcvncXk8ne
-gJAAvZ+NhZdz3/JE2JTxCX7nwtF1ycfGVac6hcEUJHl9YuHYUQuPVpIfAPu2zdtd
-VkQ2do7nLFKK444Nj5q78NO+tLp8t+wY1OAwXhe1iFc2+GJyVvD0BY+eew2xhpB6
-mFPBYsgsLOGl54jvi9YMWWsUmmUAEQEAAQAP/AnjWmaXSdAgeOMfeTNfCG38W8IM
-L6I1ctMuFTn/vwBA8Exg5yQeoNN5tOOxWvOw+U9odxCx7YIbxILnAmBFtPumI6lG
-ApsTUOCRAoAdYxtvJR07T58Rh5poSvlIBdSB24KSkWFxxqVNH6D7GsSBhQlfDsXF
-aq2N3s4ekXJpZZvujoa7WrK0sTeOpouQXgf/1WpLR01vwdWLJBfmOUj64vi3tINZ
-wmkgUL29P0OYEgFQW/W41i5YFDcwvBzFHb5NFM4i9w6UYUbi/orsMJL5YOewVLjp
-F3X/4UQCewWiA5JxawhV13StKrCki/5pO77pIuDYuDI5P3mSmDN3imVbsfggH1rQ
-3X8SpbnCTkN8sj//08XWNEvHZQgc2LURR6DgvU1y36ABuopOw2vDRJwCXohmIfQx
-lDgAYoQDyPxo2vuPk33U2pGtGM7wubR7wSs69fVut4rykkaihH14tnA26WMvFgs0
-Q8b7hnz51V5AFEmmpI8DlToEWFGccQpFrkC6+WE3XEnLRTXigKZbFVhohWRwbHls
-wlNehHdyQdI7YlEMLNQPTBgdXBXshF+VyBPj/oNnxMrotJ/4ahBIRvm8GdBln8ji
-EVb2yL5JCUfarE0MgKW/nUbsFCwyQkBUDaR/uhgZhlbbvdaTePWpI+xpIu7JRdwN
-O8tLg326NQNy1mGhCADE1TdxSknhKo9D/Wz8xR1w1IVEiedbLZ269uiJdqj1Mpk7
-Y0LkwhLtagsEVklc/SWzT4sioZAJVobgA5UCbIQvUNWDdqt3QWYMPqH/Q0rQHYfb
-73gtmVslZXWGTWIuvwPQ1r8mu4fzq2D9839D0gr3EiviXXARi3+FSjjBKLuycbwq
-ddj24aBUwfLf4Ex3R3IzGhEJlHPiMV0n19OJx2J5sDpvHb/NmtebyKUEtfpQRbR3
-2vvMT9M4bUqZnKsldbZYfDig9vHytLQHgoOTdAAmtnLCMmci6hkKABmtXk7i/DWo
-dbZM691EbpLY+FpEXKXISvAnTFZFv7tctvnPS+mpCADcdr24c92047pHDadBsoHr
-d/0jcBiUVEI/CUfDHAub9xCwQKAd3n61acqK5v41/fbmxZ5/yMHsBLaGwbVO6aKH
-uBPHSxDYBSdt9w4kg/1bwFmaDwNjJh0ciTO9dsbRE1h2rCiQwWQK9wP0NHWblObU
-yipt2JpWlXtCKu5tQ4uW6LspBW4KsOU8FFlZK/ktkAxKK/Ll4QVI8FQ0S7w0b9Up
-G1Lv6vw00GkQ/DTqdKn8nqNjaS00VGPdzWInfF2BOAu3th4XWNAvFlvTAJUY6Dik
-RIu5qxA8KcrAAGRDh1T3N//2CEuBVBwxFeB94aDCfzGisN48mnx7t8zgzxGKHfhd
-B/0frxgDgyJfsu724Xa2hQ8zXUh4Gbav8aWH6ay+VPUL7o8ZrjW7OaB5V6eAv0FS
-g3f33bdzBRcH1Hs1AXVrJVKPz2NTmY74ERJH7BJxOmq09SsXFCROyvGio1JJ1Voc
-o/mDyH5BYaln69Qe4QGXLRP2Qx5Ty8KccNDpBVDm6bXgLXZ+SqQFedUivK0pC3aD
-lW6yHLjz+YHpZMrulfGbBkgJ2izH2dY1DQfCn8SpdQxnZ5nOD3maM3I2Qu5e3m+k
-v5SuJRWAY/fppRV7X4o+Jt6zZHEb2aznTXCr4GcrHk2s+Eu/FWQGV0inkVM4/r/o
-z82Z4dFozHsAfm/zbO2WmVTffS2JAjYEGAEIACAWIQRBv/i68lhgOfYpPYNaLoIM
-Jf5SfAUCXqfBfAIbDAAKCRBaLoIMJf5SfApjD/92OQL7TnpAzaRGNM01O1KULaGT
-dak/fEpkcT11k1dJx67oSkvdoaiR+SLmk/hrIVbu1lH77woRXrlittBJadlLll1h
-qdHguDwACD7AVi2FavToMSUHqz/MMhUdKrowyOveFm+0x+RxQhY9HwisldigZrOe
-j3VtVQGcGINXbaNuGTICRqNg1xCvgs2oDSGtTMCScug3LMEghJXPeHdwrW/GpRh2
-8ZLHm/PzmM14TR8iWjfZEM06tv6qhg65EL4Em4nWQwQn80nqm4c0Zy6F9Jwkfnv1
-mkTbHJpTP48IiP5mvXem4syGBaHVvG9LuzJeLBWOjuEPAAAL+6C4vRFa+oJ/OOiM
-oLUmer286d5zqbpoNOV29EC/a/nsfA16MXxWBcSWK9dyqzG7+ZcLFRDwdvhdc3kZ
-wyxNGHhptNTp0SxdobAkCyGuE1RS5knYCcM2tvvEVlaPssnWhVT89s3bwUZyzyM9
-Ie3AnI0Yj3jTVgEOHiGi1ZexSMksSHFsTowFMSQqt/AIWnm/KOgQ7vAKn51TWZMo
-gIJjC1zS0f9XjZbg1SudTjqyNBcD77pEEellPvvWfEweHxv7Q0JjhJ0SA56l3FRF
-Xfm0Hf6kILHEx0EFlIdMsOLZzsv8S4nFGc7dsO0JtwVMnEZoU7Rx3pPBJZdlzjF/
-t3glfNsEJr6a7JAimw==
-=f3R4
------END PGP PRIVATE KEY BLOCK-----
diff --git a/hack/flux-install.sh b/hack/flux-install.sh
deleted file mode 100755
index f5b7509f69b1f9209f515eb190003ed9588d3f21..0000000000000000000000000000000000000000
--- a/hack/flux-install.sh
+++ /dev/null
@@ -1,76 +0,0 @@
-#!/bin/bash
-
-# This script will deploy your Iron Bank pull secret to a secret in Kubernetes
-# Using the pull secret, it will download and install Flux2 on the cluster
-# After Flux2 is installed, the secret will be removed from the cluster
-
-# Constants
-reg=registry1.dso.mil
-repo=ironbank/fluxcd
-fluxver="v0.2.4"
-ns=flux-system
-sec=regcred
-
-# Options
-while getopts n: flag
-do
- case "${flag}" in
- n) ns=${OPTARG};;
- esac
-done
-
-# Check tools
-check_tool() {
- {
- which $1 > /dev/null
- } || {
- echo "Need to install $1"
- exit 1
- }
-}
-check_tool docker
-check_tool kubectl
-check_tool flux
-
-flux check --pre
-if [ $? -ne 0 ]; then echo ERROR: Flux prerequisites failed!; exit 1; fi
-
-echo
-echo Logging into ${reg} ...
-
-# Authenticate with registry
-docker login ${reg}
-if [ $? -ne 0 ]; then echo ERROR: Registry authentication failed!; exit 1; fi
-
-echo
-echo Setting up image pull credentials in cluster ...
-
-# Generate secret
-if ! kubectl get namespace ${ns} > /dev/null 2>&1; then
- kubectl create ns ${ns};
- if [ $? -ne 0 ]; then echo ERROR: Namespace creation failed!; exit 1; fi
-fi
-if kubectl get secret ${sec} -n ${ns} > /dev/null 2>&1; then
- kubectl delete secret ${sec} -n ${ns}
-fi
-kubectl create secret generic ${sec} -n ${ns} --from-file=.dockerconfigjson=${HOME}/.docker/config.json --type=kubernetes.io/dockerconfigjson
-if [ $? -ne 0 ]; then echo ERROR: Secret creation failed!; exit 1; fi
-
-echo Successfully setup image pull credentials.
-echo
-echo Installing flux ${fluxver} from ${reg} ...
-echo Please be patient. It can take a long time to pull the images from ${reg}.
-
-# Install flux
-flux install -n ${ns} --registry=${reg}/${repo} --image-pull-secret=${sec} --version=${fluxver} --timeout 30m
-if [ $? -ne 0 ]; then echo ERROR: Flux install failed!!; exit 1; fi
-
-echo
-echo Cleaning up image pull credentials
-
-# Remove secret (no longer needed)
-kubectl delete secret ${sec} -n ${ns}
-if [ $? -ne 0 ]; then echo ERROR: Secret deletion failed!; exit 1; fi
-
-echo
-echo Successfull installed flux ${fluxver} from ${reg}
\ No newline at end of file
diff --git a/hack/pin.sh b/hack/pin.sh
deleted file mode 100755
index 5879cbcbbed82f1858df1907921f3c4abaaf694c..0000000000000000000000000000000000000000
--- a/hack/pin.sh
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/bin/bash
-
-# This script can be used to pull out the values that are needed to pin the current deployments git commits to prevent
-# internal packages from moving:
-
-# After deploying a healthy environment, run this script and take the output values section and merge into
-# the values file for the deployemnt:
-
-# ./hack/pin.sh
-
-# istio:
-# git:
-# commit: f40172dd278e4f3551e6a1e8d4c8625771fbf928
-# branch: chart-release
-# clusterAuditor:
-# git:
-# commit: 4ca478df04063ec8cd91b3ae2d2472b77675495d
-# branch: chart-release
-# gatekeeper:
-# git:
-# commit: 714069053e9696f5e116deb2f677f1c2d213e9b6
-# branch: chart-release
-# logging:
-# git:
-# commit: 02d6e9a073d196ecdf0951941c432beea642fc73
-# branch: release-v0.2.x
-# monitoring:
-# git:
-# commit: 014fb187b81eb976e76a4bb1a76bb4479aa2cea3
-# branch: release-v0.2.x
-# twistlock:
-# git:
-# commit: faf038197291915713e0f213a4e35991e72f73f6
-# branch: chart-release
-
-function get_commit() {
- kubectl get gitrepositories.source.toolkit.fluxcd.io -n bigbang $1 -o jsonpath="{ .status.artifact.revision }" | cut -f2 -d "/"
-}
-
-function get_branch() {
- kubectl get gitrepositories.source.toolkit.fluxcd.io -n bigbang $1 -o jsonpath="{ .status.artifact.revision }" | cut -f1 -d "/"
-}
-
-# create script to product the pins for
-echo """
-istio:
- git:
- commit: `get_commit istio`
- branch: `get_branch istio`
-clusterAuditor:
- git:
- commit: `get_commit cluster-auditor`
- branch: `get_branch cluster-auditor`
-gatekeeper:
- git:
- commit: `get_commit gatekeeper`
- branch: `get_branch gatekeeper`
-logging:
- git:
- commit: `get_commit logging`
- branch: `get_branch logging`
-monitoring:
- git:
- commit: `get_commit monitoring`
- branch: `get_branch monitoring`
-twistlock:
- git:
- commit: `get_commit twistlock`
- branch: `get_branch twistlock`
-"""
\ No newline at end of file
diff --git a/hack/secrets/authservice.yaml b/hack/secrets/authservice.yaml
deleted file mode 100644
index 849c06d069d83185f7df1f2c8741f62d59ce4829..0000000000000000000000000000000000000000
--- a/hack/secrets/authservice.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: authservice-config
- namespace: istio-system
-data:
- config.json: ENC[AES256_GCM,data:yeHCrpjDGgn44xNfYJxhKd9hM5IL7P93KFcZRHm76DeXMwtphtmg2eUpoNJzz6SE1I01bVC6l/RtoVPxS6V8tO/hB2Lc3zZAgDLt+CdTOrY0fKGkHewm2O0NGyuYXUfkD0zQ35vmgMWtYObA+klQrS5JTfysyXrmsuG7ZvEBc1WSa7p40SyKUYSo7MooB+Q2Jm4K6HKKFm2Yg2pZ9CGSsb/GcRZVLK6fZOnQn1faqCpWFNTLNgyiovfDeEVg0F9bOO579FRjecfEeXbqIiKbr1+ztN/+yhRozQpsMBvfBDLT8R6U54LRPLSX213jzNY5yWYbLXVYGwq6EBZ7rYVUoPUDM429lqVtXxBwSZNI4dwxbj2QbY/0f75OgD0RM1c36F97DugklAOBmF1rqPMuCaojAk3I9S0OxffzbVNECLN7Nv2nKbtDl9bKuH5gTji/KQC1qJdKtWmK7QqoVh31LCJLa7aI6FTTZIdeONH9gXoubdnirp1hIoU92pMGOxfMsUWwK4gM2Q8+U230lBYwVAMHAQPxmD3iOr0DQb5e0DuhK1UF5xnCrYXteYvaq7L/6k2C7vionxdKZ+UDc6Jcub2QlS83WWjdI4VAefMA9Zrk1OmH+5TJhP1yMeXPEMLZZxUpz4umRuWk8H5j8S0clkAj37YJMnVKDYiVDJMQh49v/WKEAkSK7afw6lhAa1JIvZCCmOv9CD9nATEMjvXPM/pEVF5SfBr/6PtmGVjXw1XlELrgznfX09KEHHuoHfSupNAW7Vw6ljn+rK7n+yn/9f9MteENSBB9nYyre3DiVbjUiqcs8D82Z4/h8DnkTXHKEqb5gQT3mBR3LIiRhCvdN7Z9ywdciFevLEZyqZXLKtkwhUV01qUMQMbJtM5O1DeWc76mDPsykEs4zZR0Rc+CyvOgSj+wqC/i+hxyawoH9wccTIekO5+2WpEWZ1oAl3JIqMG2t8CxDt2KGzwiW5MKSMxSdUf4XpcOdzZbazMhEqSuFwaANDrxKJslwl5/vEcR+fy+JDPy8UFFUzRJ8YzOZa0vbYEgpdm2yvCDYkRRVsEs5OXnDtFKpVQGkHbZ7TT+wADJ5pCaM/2+WSi3Q82aH/a5NjxrTGH3sdVYKz39ucTopplpfwQMv9g6ksH1pbWqAbKZbMgHza6q0VN2KE/ss49jKBEARufxsO3qL7vEgpZr0Tu2a/mundGqKTymt43gfBh76I+pA2kvx3EiSYS7yFT6S1BeYCo1eWBZP0HHBkTuYv0N6CPJtGnc1iwKXaYb8TKqQV44AJh1ct77+d5DRYK7RAVOce8+hu4fBFSC9k4xg3k1hJbqkx9S+038uWf0OwCEvn8KZfsfW8LLaHkWiTAzFybAcA0SL1ZQntM4ZU07C10hHmMk1zgaWW0vMI66W+/UX3Qh4ZLQqUceALlIxQD3ktkpZZpXvoV4qkuuSzI2RUPYsEq1joLMPyfnhS+BDMi571pXPzwstnmsCQZcDAVWgNowqWphywtMkQFrIiIpPRKVyblYj4H4L2SUvlDnBUK2VSnHdcL4BHJeZiCMdA+rWgnAX5Ij0vHb4OdOBYr6fk9QDAmhAEUSgwSILjgBchkVpowdgkSEmmGxlqniICJIhgITJuiFI9E072yNRnaY30Ze6r4C8l75OJa3CFp7pAg9V8uobWhD8jbUvEHH1ecHQU8lfLqM06OA7IZQyRHGjVGrCMZDZnxvh/S9kmx/cA3dTedH5ouqIXdO2fhv5JPWJb/J2+qYjT+Hzb5S5B3ZGM3pSVdZiqmbiR1+f7jvqLMASIMNxXiJJccc6IA49mv9lXhtz/RVUbE/DxrrkbCJBHxzECV3yab9sB3bF4Dp5ASn4OoiWXRCOrtOHB6D878DHBAUJVRDN9vumF35wPNzEeLQa4W/fcvwofI6Zp3J9E+m0zL0orF26HMmPR/LqJeg8c9HEEYxWvwJGJDMKH6sobtZIDu6mb5Nv7hbdVccjc0ly0FeShbWxJDB43xDAXooolfyS8dE+V9YywPg5iooT2uErGmN6e4kxN75RaV9ADH4j5dqxfZYUSJFL6FBCK11fruTgTqxKWy8oBz5T6O5dG/00zQu7SF7z3I5ep8H7O7l23008b8BSiDSmb3MOlvEjCrhw+NqBm9JfUO1hJAEKhNJ4l9TPZOjucpu7qWlVbGdTSMjUCNdUH6SMnGU9RFY3t9yBDzKVOhHnVJpe588zYcCm1yLqIA5wPzX8VLsuc6BMEDxgf2XApcHpegodCkUQO9WuWBJb8ahT5kPdxDlN61FJNs1n7Scp2Y6/1qVdh6fup5jY0P+FxpgAyfuVCzdtRMlkbeyxxfyyztafhBbSJ9GS6ZKJ1TAGl6WB1Y5VD7kXbLHcAgFn83twdEDOK9dSo3/Bo94hBiTYgEmewH6SdWH1Ds1pA8uexlyLHWhBHPREJeN7F18/y+Kx5VJaF9CW4874h2WMexTJvNy9w9C4Txyr4osM9R/0wtaxHvU7SjuKZropItz2WKjNrn3YhDwXQ8kcbSg9SK5zBtSXIH6gGhW6ifakY5/+EYSWRI7nN5gGnci2TWLmRPgKErNFTdg0bvaQ6joTdQAMVjDakjgsk7wgAEsuI88L2DokpPXvVTDEr82I/ysAtyTp93CgRi7tuvkx1g/qE4vZhSUKC60xGxdqiP5RHHphT8Trpu//btd+kI0CSDn+w7eWNnnj35EGz/xOE4NPix9M115kwvau2NUyA/fOP33GnSLuyavV65AwO8FbE0MA8vKP/bO3AFb2xROSThcD42jfJnCQRTTxFxeJgbykOLe0zSZybw0NQ/EJs/SmITdXiQWE//9ozOt4IhxXgmYvUgl4yW3VExg6iPWbOOcs0rPp5eXJeF/J19XZ00nW8TXHDGjDio2P5yc1feaI85pAAZREjQ0kBheLYoNmQeVQIgh0CfUzf7Etl/DE4p3sfbmmdyln8XMvoq5MTE2/gEMEx91K7dJvB6qaSI+kiCzj+tLjigZEan+sgQNkV3/NEA+Nml/t9jyoLxxG/WYyM4G8XN+qubm2y3nBjq+eHQgd0fadm2I8AI1AYP7DnV16zu5VYWdVw/W5I0iNIbRzGOD+gtz2R+jbSsjaYg05g4444korcIM6sBHk/J5piCr1ZSaAUClws6IlZ/rqhqKrkrKZ/fQXoyLp2q5dVw0IBbjIMkouwN1SeukalLcFwVoiKnHr2iCiLKSfz8BVt9WZfaL5xj6MPX6z7YioJC0gzzyMzo5WE7+jOEBKDxC7rX7LuZLFv52DMz0v/3xXCtCzXJpbDqqBF/9Q1Y0zEJ6C2qsFdx8yMu5Tl9oagALjdqtriRwF9qwjW9anS2DJSqXUCQe0Lk2TQL7W3nAIlCc6al6QFidtci64BWX6hQ9njTGFZRxXiLfjghi5r/AJP2RSnBiA5VP5YJhWkh+Z1P54QyqlnFSWJMelP8IVLiMVJrtYNpH7jPoqOJoW5LT2c4Ar5z+pJA+nK7FneUCHEtVXAorgiTV69rWsFKrOMWAWPnWwx5nwIH1rMKGZmBHMTbNtIdtbpyC6QkJNsDUJSv9KSxAooFiYxZMIucT3KdWfbR4BuZFk4Wiz1B1AKWEmf/1J5/zEyLY5E4Rb9mSKHcJPXtVgOsHe5U5LdP48WR7cep3zSZ3JrqzfH+o+CAjkh79fld/Cvzoo02pN0IhHzhvDnnMygjOuUsoDC+iYb5CoPEcik8VvAwsEFK0f6mLCKjYMQDjxAgrq/8wKBwKYAXjhLi133p2NUoCA9+OQOlCSv7BygQ9iG+SekabS+4Tziqe6cFqDDz9KvzGRZyLD3fkX+bpGRo9uKloldvlVQ0BJ+3PADvHAm5XqrqtI0isW3Z/I9qnJnD15piRLyJAUDObI4HRHUF5Txexg9v3SAUSVguSn0tSujHNM+3oLpkhwD/Y/crqx0AN5YK/b8RJVht/IXfn0sI0xLvqcLtbiXktG9XBOtPkTxePj5ELzRaeHv4NGE58CAEanFsTyI22ePwKiISr1OdpyzxIMNWgew/kzX2R4Pf63w6J0ebiNIDLSBsNbSsXsbp5mlaCmjIx06RLArviNG+ZigxGzfeVRzYCUVVOld58SJNrFgcgcY1fNQKYQChZx+tlx65YWKpy6zNB0aCRTmRmHCsWsm4dT3y7v4zPGE3D9emhwdMwhjr0mkBTRv8VYFJ/4VtKFkz6Mnq7991BajMWkOZLqtH3otbwNRahtqFiUey5ZmQrNVYgIHQUw2Ks1HMY7BGkwRmdhaXPjB0J8/dGKir3OiZe5f8UjcMCeIwRICzFgrPn8nd9F7jiFd8FrO8r9FW2Oo089r4M6X0f/FvkHOJKkyCpQdqZ1rBPibPUhuHugZRb0A52A8DJzeNkJvmyDhjn+x3+yty4BEaXreHYPH3vIc6nOxefa5y3gS+UfzXl+8GUPbQRq/LGD92xVccfhZZjZGznOFrQDvjICGk/yEECa/9JY4IAK2UR+1UTaoY0U33Nc3yFW/20dkSc1QQWsio/8qkJkz1f2TPprCWstYTWRCb/FArAmMyEmo03y3zm5rApgPD56Eo=,iv:bpn4VO7gA0MYMBgmgoDwIblHGlVW3Ekmg8wNmYl0YD0=,tag:tQKh11BYua3PdBXHDuejcg==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- lastmodified: '2020-11-20T20:10:39Z'
- mac: ENC[AES256_GCM,data:ox2+A0U6gJY/m6zrWs0b9zNRrnuIy/3JdPaFyENcttGA00Fuhsb8Yqefgy1lU/mrO4SSZEq8tfEnIezP0OhOFYku8uUjYNdV89KDdDq+VAQGNE2nVZk/2v3BidBmxE8g7BW+NmBTVjjEFqWHHx6pC8iNBg4/hdqtY4QlHcgxHWs=,iv:EWsQ1BCIto+jM3s9q/uymxurSIAV91k7yDTkx0jtBSA=,tag:kjgaqwqJMur0oRmV8XF6Ew==,type:str]
- pgp:
- - created_at: '2020-11-20T20:10:38Z'
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA93W3Fi3CqSYARAAmhjQ6dahjX4RFXwErHl5pJBYwNuRC6WyJZXYwDqWwxd0
- eAIJ8/FyFqdHYG3lCAnICqLbdC/0UaXnBa5KDEMAcz7xHheq9NQCAuVL4sxyLklq
- JdTO55SHPU3SO04cG++sB8VZhi0tUORMmNA0NoLrkMzx14V3UjEY3fWye4hL26a2
- Ei6QhdbGHhEdq6/8nOOQXc1h8fAzchiJ5316fNIg/tdr6My0mUuDwi/pWeow4j5o
- iiEtK6OsPPKgE4UaclQj2+CDKPhP4z6Ljuwd7EBPjrdywkHUmmbx3mJk6BOUiMdN
- EvpVXpcz3sTu4RKmdzqDHocwbvxFW/cuXaAWWzaM3BpR970Itz1qV663RN3uuMr5
- hnkiCiwk0T12dZ5B+DK7kdirT0my9mPkOM4+BmpTUvsiTF2OVI5+zwt/h4ZtUy1e
- QVEpzSVpGsY/EN+2hFEuEmBnNBi8gmzMRa+FZJyvs26K8AeH0Rja4sjFYf8ccAfx
- 6b3XLhOci6xa1Ik3HeWlOf78bMwnuHl0H9rgtg1S+AGWRJOG4tfJCTRpi9j/srVn
- /x0wBVFyPiTV5oIjQgWoJgw4ZOz7XW23xmr9SpCP4ZwPu4q4I+KSlPb4pM0jSzZw
- zpuvAKWJPkTxBGYewjjgImgWOGkhoIDah71djed3E/EtPULqSAUCjyXO4ktpI2HS
- XgHvRRyHDbaKz7u9JuuGCRhQ0R0SQn4sGYwu5IiYiEP0sHcKs5p9Y/ThsyEKeyis
- jMcf4GfW/yCmjudrfZ3V8yRDWG105QURx7qtSaMJ1nMGUFMq+bphDNRQopeBwUE=
- =Ztvz
- -----END PGP MESSAGE-----
- fp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
- encrypted_regex: ^(data|stringData)$
- version: 3.6.1
diff --git a/hack/secrets/ingress-cert.yaml b/hack/secrets/ingress-cert.yaml
deleted file mode 100644
index 1cc3b1f7b349be02017b68d77fa43de7152b43e8..0000000000000000000000000000000000000000
--- a/hack/secrets/ingress-cert.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: public-cert
- namespace: istio-system
-type: kubernetes.io/tls
-data:
- tls.crt: ENC[AES256_GCM,data:gSfqw6yy00451KyiPvtqnjiqnOoglapEUIIYCOg6RCkjvRAcmTgY/7kp0BN39IX+xUoBPgVQA0LVo4emBL1Q+zWqRXorvGIPUytTh17gFiWpn3hoOS0Soyvmc6Ai3LN6J8YG/AwGxMue3NKUnlflal9Ei0jXTnbQCiAKHI8AHQiTxCA9zlqKznxgPewchNnb5h81ByyK8BAYKfyQHpcDLFiIwLiDGOizyGG1xs4K2MT5Xh1poND59MkQfRQb5N3ZMO97Y0FEFbqLjp9oD09kyC8oRrKcb01vM/K6kaGdX0z8gMp/XZACq/VxmKP41W6YJXXWKCJP3Ujdlvktye2zuDDlKKTP10N1T1vfvLDV51p6Pq25AVSonElXArBZ2pGj/utPLQf2ZvZhxUAMiSKIadL7vKVwvAiU8F6uJ1w62b1WEgZggNJ12/4hsfzPNXjHj4m1sJD3lPdHbtB6a2e4dkldX4oRoHPNMRGGTobK3lGvYSN5fU7faD1X9qTZQFDcXc1YjYZtnxBLpeHonSeTnBN97eUWp9lkqSPb8PBfzx7QudwBq5PBYKQDKbgaaoDiUAvyqGqnxKMBzjx6VO7y/i3xFPyO5b9nAoXjwzymC6KUpNMyxIoiiywRfLaPbrxcRbRbs9UGgAO70MvebfT3XO4m6eFxOWhOOk1hYC4MqN8iP3PLqHcIqPZhSbMJiFfx8ag036bkPlDWSiflhMhvCUHaGcwU+L3tEJluT9FA/Klg7TlOZlOxllveqANLe5M9oSFtYzX7rI8KVNntCQgwAURDEvNhQfZZOONQNHu6Y4PeREg755n0yjQ3IUhvbVxc78kfwMCWAuEEMdYGd7CzJpOSxCVvtDkvu2hVkqWbF0zu7B7phPehEojs8xLqkQc/wDrMtlYad0bMCFel0ZjLvOK5/QIOgpKu++iZAUMW/pNXiRNXcPNCQZRyI3UWVJr7Xc4tflCD0cjhOGi/YE24Z9nKtOsOklSHrLelx0dKJNKTRG7T7nFAmTJFqp6HPf8N0f+rKB54CNgRoTndvrQJYFjogt+tRo1toca5CY6/oS9jem6hGPcXQn08kuQ9l5+OsiorxvHo69rajIm6BzkJCUtLh2hl5XAQMPvVdXvV+tHzzWEiKDmitdEBbcYtyVT2sZzmT769qEXqCdCSkfmWKUM5GhBD2cqhE2P0pQMCQ8lCbG8MT2dts2FDHhBakDBg15wi076dQ0CYo+vszPSGQPuxgbgSP19PsAcxYVRXVL7zgejJ8OUY6ZGCzT68i9Eb7n4mt8oqUVwaxRgSXSQ07obZke132PAyO9gOTDJN7vGfDPUbaHDP3k+4zinQUtJ3sL7pJCGBJR0kylupI3ogWLmyW3oGyOlQk/OtczGqOt/jELOGZBiU/EeSYlN9dMDuzv8Qc6DAnlPbFYH65N//zT6HUJRpgb8+0gw600KDS7KTJvxp1S+7u9SeLIA+CzqQHCGWUe2OPAhUKq7tmWty7pYYzmJsWpgdH/AuO4v6nGXjwAMHZ1vbzxWInX6cdoOSWj4N9JSGrHR+Vu6YDoYVHItA1Rz3w59GD6GRvK1uBYpPaoTfsvHh8WQwM8QwsQ0ss2O11l2LlT3DP0cSGmmsWiMn1iqbHB+xRNxaKJ0Ub9qA9LpdSwvNP3GeCGDd4wTcB3vvpzkAFVDhyKyupeMDhFzXCpvxkvt5fFU/CBfoCyL7cRWZb8PitqL1ZYp7hoxYS8UP7zkv/BLAVCtcAfCelyqj1bJXUsUS9q/p4bdL/EbAJ+RnpjW5xvDhvU38y//btiz0Odl1eYp1w91R7GRkNbsZtJYEAVAR3Z3e1ucm3iVvQTkA+E/nsaFsIQnUoctM/7Gg5cj6YNFMwpAAMwCqMyWAcoNhJlm4nXKWeYrqN8RhZTdqZomvyVvmiQXht7X0c0X6TwnPrjxEJnnQz4jv7cAUDuxsDbsHleazwXf4n2BgglfDN6RA7GegLUkVcqZRuLy51gmuFi3yxbbZC1Ely2pQn63JmtsrarllcBuF9e7mXqcyLQ4TjgnH05SOVfigvXQNOxaIysEFK2sgsPJ6+lbZj7IVBREhjZ5Z7khtRvIguP43V24LEMaJnutazRVryBBaL4SxX2YEIcM+7oPEVo44MTCS7zcnuq16uwJDTC2vv6FPsN3NSmoepqeDu1P2qZt8vV63Dy7qAQH19UIDzpLR0ynf/vBzbgGhJXRksHBMKk/v0o/s6d3gstwDlZEaRrs63PvN7xFFKvT0tjypLjADcY18U+gWJPfKs8x+lRGnDSJM0wkwxuj45XeuoURygajeJhK/0/9FJ77vFpZrqNqR1dhLTEoxFO9rtjMszidlj/SULcUVch2TKMdAzZHwIvcR47SNi9CYSsNat5kzMmne4zS2moPRltL9+fKw+VshTx70Hy7G3LSgtOw+pSJF/eOvKnq3ZS8qLTyHQH6cLhAWNoN7ui2CtdBm7l1RltuYqzc6JWl/g8CKc89aU5a5vR80VjQr2BxQN9sW8C1ndBZH0J/rcHyK2ni90fn7fFBs4gPdi8Ezd7WfLRGT5QpphtuLXaABPzBaggwEvZ+TfN7I/X4m+Q0Oc/GgXcwprbgdy60LD7zRTBVFN9uvAPNZKQiRqeC3faqCDZGyP8ManahVBM6ZEwnBfSmz3pOPhju7DiFQhRN1PxLcYopKzc06ri5itWMTyHrlFd5fmY9P94wm8012S8CMicxekFxVowNlWo2YtjQTb1H+t0Mcm6A1LxAT/gEzdrSykO9fLknvDIAJv47DgBbSW1Vo3qZz6Z9tj+w/TSLXGdw812RxIB71ez8RgXYnHA3FeKXuYJaptikG2JJWgyElF480to99F94HG9lhRZR/+hYnAGDAkQvCEX2VaTDFkflLs9DFVqm5iWWiQ84OpK4HmbDP4Vlpf4V9sNNNNz5bb93KxkkA26bODeEhQVrdujljxP8+zOdXynq+R2c0Ss+te+cURgNqy78LAW6lYKYekOhMuTambTlDwrfezj1If/J0K6ofyZ9cckY6SbajTGJYSL3JaoR6/PAYL+QZ2/dDzX4QEVOV2sFH2Ot7A299vXSL/AIZ1sWwbXl6/TdexvSIw2Lwk9U9xVfkp2ZDMoL2WcCmPRLZwCOtz+nrALdbaCO4s1XnHQvGlAlW5q4kKl/PyNk8SLxGIaNaCzYk64P7vhV672Ffcb1HuMXaV5IW6zYvfKxadVYUN9Yj4SivRAXayMLFhIlzNyZvXXWolkCRFuywl+XjFEhzNTby8wLg+9X/6txnXa/DcCi/jvLZKVWQNCD/Sn5A/3Io6fqKmK30rVohC1bA+LQH8HxfG4J66lpQtKNXc61fHZO4sbxXmMIQX6PyZqvBmP62W7PJAs6i5ZAL7ySQOK0HOOgHCGCiHXIoS8wI8+bOKNUaQhnpl89LkcW6U6lsCWffe5dNduJmFHid4SCExrAZaR4KOp22h5QSJVzVudypJ+ntniwzGiy52CPxQeu2fCyC5vvfdjMe6/IfNGrezQKTtTnCvgrKnuhiDP+/5pK3jYlUJ492yIBdGzwklymmOok+bCLvyZYR+inBLRORqCpciYOj0UwNmiwFGX/JLGtb499QbluxgtJ8+jJH7xXWh9plbaKeWqadCnqK62MJ5A5zhUYpqk8nBnIVOyaWfzOtZn3PEaOcV0tSwqxkoA8fJGbYvN1vN7sGxNu5Rlz1HeqxOekbYbzk2REY7aAJce2Jc0fFKTTlfSrIG2D6P3wZM0jV//WASa05PPmdCdRVgIyCoZikB4xYfR0X4OBhsuIgpavNChq3ka+VXL2/D2E3286lHh8M54Wn40vpWXmR0JgaEaWz8NipJw74AZEu9v1Z3kybMjQmbpn2v2mjbnhKYFLWd+xcrTXpDohbgsabYR5kk++nZIaoOyhBDHlWT683yssi9kjIA/q+bfColip+nhAsxNZ00ebOuUhz681ZBJt8AKdhJSa3+oXCLM8MX5SvTgA1OtvMueni2W4rweMCEJ5bq/aFhMuwHBC27hCjArtG2DNK6vqgrloQr2NsJK7oipNLjdrp0HRhVrB5P8oP9FpXd/rDocLRL+ZeXGj3dw5999/ZSvoy2OUggtLuozJH48OXrup2R+Vx633uxy/ZzkjP8MUaEwhThkpAW28y6A+Pq48tXawzdsRJb+JCnCVXZPvPT0K38UbOqv3FDwD8NuYYKAoShu6HZRJ9qCv4iYKQROF4/9SjRGhXm7zehO6ZTlw3XshbdcQZPSqq4rqTTViqPfVRRtzqnbtcQi19P2OANBXSsfrD09rHImLgkOYCqXDBLO9E4f2UsM0FofEFs/I1tYmbl39VsczmaGIArDNtYFqnup8ak9QJx3vLqgu4nSvKPw8gfSjzxmV0thE3a/aXjgPiRr+tQf/5HS/JHi46/p5JnemDMy9448qbP8NcK0QSBmjG/5p3KiTDraOtaKQVnBVoPfNoDA/M0SzE8/dCZr3Qg7HCRoAqPCBrXi1lrZmVkeCdOXKWz7BGkgD+SwU1tzTD+34D9SoY90Nr+3mIs1/uLq5XzG0/P8umJof7l9Y6BrlgDZIRvZm/TGlspwkSToPAo6eqNg3g+NO8acBBuUAaI3kkMolCpWxga51WACF2KR/wmeza+r1+OvKuqcI9hUrLwuQuLck+O+8edZiHB2qEugzwUEKllpwBRNfskspHCm2vT6IoSg/zTuhFn7NTb1VzRG2vWIuAudoMZ85Cs5ps3e8U8aa+cq4RYLV/TqgOaLPySYrDM96NxIvFddDwgFdFdvTEWvgvgQ7CYasA9x3bTtJtootKzVF8sR5NtViqXOqIMdyufGd8ZYomvj/lhQG02EMomyEha5na1gdeXKJNmzEp71AceHhI6JUUOwqiXWmL+HRph5t6Lv/ti9AFsfnUtZp1BFbjlSphSPXSgOAsbQXz0D1aeH/AS5mIl58rxhz8/Pw2Jy57VG7q7QvwveL4fB/BKpHwGcVnRw2yMON7Hvkgav20nKlF+quro4buxjfCDAwPCtxaUj2bQQ5ro0yG6Jv36YXTMIjkK26ySOpq70wRWenmE6BUDGYn6Vo6NaxkhWugOyWwJy/GThnYZkLYJTo9JotBVGdpA3612eOjlLXLfdkoZ4Q9IGz+nIWnV/t2WGuGnrzieyboZ42iB5fRzMi1H8umh632qA39OZHx5i1VrMAwvvAq8WXn6UemcLstTl4FNzn0f5H2yJtliDAXq/D87uokD7dGpTa5dyS7dZ1LCXwtnlo08LILsUP3YBIBGvRidXtMwZzZ1TB4ZS9mBututxLGF4MIhdHltspetfzykzt+/CWLgc8D99jGfzVvnC0H2M6FQKIKf5yuXpUABsG4SrhRZqKtnoj3la2dhZvWedY1Ztc6Yh2Q54Fl5/bcrtGJCIEwetsFqdBnCbOrIrrjugdl3QQcEG98lMVKKU6+pWrphFlzY2K615HF+OZHaQXV83KHAmLBKgmjq9EBzY+GTQh8po7EICW2K6fzL+Z9LMH8o2zD+mkL4SpVecDrfzRCMXFnnpvvRlv+ayC8HVpW/eWO3UZeU8CU/26hMDPlMdGkyUhdWiATJp/wo76QfOKGYaX31OgH6KIB1+AUqkbI91J+TmWmyXyb8QqqhAMW61gUPbicBG2hraVYHaNZPCUwiT1fpYPqPuY4fsfZk19oAInbeYCeFuwis00wBPI5CqMOHqvkcHYkPvhOmxldYu1SkZe0UiOs5XIonfUOUdL7I3o1LuRd4bSMVsSeO9p7pNQzVO2etgwuiTw4o0HIE/H+beMERXphl0nXaGFoQ/0YMGLWL1EVx2vYAyzOAwgRLNw4DMZDWX0A5mTo5qCL5Xk2MkKM4r9KzM8ti8z9hTEPGLB9zWYZOXihS5F+Kxexi+OZjqpks4yGT+Z3MqdvymgtZs/ANjbSP4sXH9qpeoUt5QF11nhSD+JhNJEkt56BC4AM9ltu45JDmNeybHZMzArVIS5ibGNsiIwQk5SGItdWJBtKlYDrwZZdg5h50P6lFMS8aAVY6uV4KQzvxVTkZvzqaDpfCfyoJ6EzYoM2qG/vT4xxxBEQsyMxFpWehso60Oc5P72kGRgefIrTycomhYl+BXp4kAjOhvs44xi8GnbbYzVMws4ZV44ezJaO4cuk1nxVFN/qaDDWGxO1NhkHtii2iHO0U6Q/wcr8/K9OVhBYaWzCqIHG/avv8b9fYtEBbJm6uycwworxj7JJQ98dgEjXWIDUB1b+TYo/+Ztxn1jZpoPV6ksmPmSEyyGop0S8Yv6r3UTYAmZdeVJLAVZ4ZZNXzorbr976aR+ogZp6ABP+DEvaOrD3QQOeTeKEcOeYMiKtw2TJg4qjQd4NPZpitWdKrJIL6lAz4pxL2qbBpOLCI/eMmmOP/eO/a+bbuSIT954UZ1QQCFhG1PqTXvpzF46VIJyh7BZm9MH3DO4IsuX6g3NpMLYHOYt6fMJf6R9qGClT2NdoP1HxBR2z8d+KSudqRN0j40gP39IzY+SYo59OoG1fj5cxTFtc5UlHjSS4hn3CsasKDY4Y91MbCNkGjADX++Jg1C3oNg43W0tOFwr6epDpfpqYg0mbKMRam3OckRHCbHG8F9Rlhv/8HjwcKmZD0cT52Ve5xZGHCMwpCe26T3rATk6IGZKu0UlP4DCLVUUL1cFN9P3tRMJVwQ4v6c16kP1tDCt2YyRwrSgFnOAvpJ9wAwFLyWvLKTQ2Us+My07ICeTwBoPmEOVG3q9aqlBzY92uPBf2kb9We7gn8VErjBD4BDJvfnDgkzOrHk6Q7tpIZhz6Np/l41KhQLVEZRR7jJQTuyoD6JSGv1NQdtvOM0tQEkrVihVTXLmUkLEE+tq/MyqjTMc3+WTejwvepYlK9fvcjgIS4m8a8AyA2ac+BZ6oa6BS+JguqmgbDyHPBVGvryUdf4Pi8n7/AylCTIdhU5n1FE7TwqGjhO2k8Xbzm+3qeRrYYB2ieg2zHTwEZ9VN+ZsexHFKzaXqqtkVQmRZONYMq4fPO9jAaGUOuRlLMBJ4ciYFmaqKzj17iEjD6sLa7ovCWG5oYDFDBxX31Ab7VKSvU7bcJ99AwffdgH73E5OIBJFKVDOcjS5B2e5lgf/UaCB9UC/IrkaDXDmtNilXZl+qouFvxqH+ZLx6XGoz+tZBJ/shrRCWfRMvnfddqsIlP945Y9mtWinFRPNV5+JH1tirwQ0bChkcDX+3MOI8yvx3GWneRlOpal7Z/Kzr6kLdudR0EkL5b0b5L4cPkGyIjpqBpJX4mFJW8/IaMD0fwMDhkzCxDEW1a0hjMXKen9F5soaORHzQ5uI1t/uM3bt0wj779vKj7/l0nnlT7Az3OP4jCH/Tn60xMD65w3baA0diGCitRj/OamXbV8AhEMd1auOiK+4JmW+b6ib3DR6zHxpsb8KePDQsj7mcgS+p744L/HWcAbHKJKAeyeplh/sHsPiv+EuUQcnS/BxHjP62HR3Hcj1zeVL/0atGQulg2AzeLelIEzRzq7dtLSBhMnKsBIXu27ma6k1I0VePb+JKOV5kdQB7UEBmBxQIMbxlyof/Yz1Zmrds9iIdx71+TLo4+DzMicoZae49S4WlYlWzVP/NBlDefaLpSNz2i0qxt3NJxZ/hjFG4CeVoBXoh6xGeqSvK9cPVJdRLuUWbWDjuH4y4OZ+auXKedB4d7Mp3890B2DM4FHQ6CTiwL6TZB8AqnWjnzf7wCOmn+9IKSEZw63fX8nH79fLOmaFjTW9K7/omcAkSZdBoNFSNIMAsOei9B+P8fFI3XCk7woB6bn743RsjozGb6qmg9oo8+MBTJLydEhuyBUxIhl8/haI8EbIZupcVYxb7WAgtGIR7O/SzWjGwUuTYK4LaZCECsV2Y0g3QmKXF46Spgr4AwqPr66TB8g2tSViDnin/wjE/iMrN+iV+bPQHYa9IqgqKZbxOq/00DjB3mBbO+keylXSssMi23PfjcwboXBGJmmuXxMkSfjWDqzCTanqr5iccJItmi87R8k2B9qc/3iM+ZRtsBxYkodcXURhx7VG2e7iB6iIlYc3PQXZafgoKM85qmWuyyuvnNR7syEK0FJFZ2hJjchGY7fU+Pqu2TvalIbeKB4NhYzf2wmPdev01Bx56iz1Uw0BUF9MAb5lwbwo6fYVNAoA/Rg7ROfFn/Ak6/kuj/x6UyvUBIdn4qn9bAOZM6J/c0tXM8jm/l5mSEMtjZyMLRpXi6okOeCWwcfA8g7xzaLa1OQPgjgfKv60HrpRta0HFYXr5Zqao+MK5gGQ0N139ST9NVplYJ9gm1bDfF0s3k9BHucVT+xNVMDQKnMl5F0E7Fd1EtWiEPn5ETJyNf0q5HlbIeh8FSK+IIu6hhUR2vnSP1GIyX53tpJ23zT+vS44NakY0EEpEqnRUn64v0XPzHRGu1r9YeDHqogtNRf7hvuwxO0s72iRSogx/j2V/LdChMHhPiJpLV6pTvX0pA7oELZuPBntkA3mUwmycBcAJZK3m2SIPh4Nj+3ZQh39TwJqfmtsfpO0ipDNl9ko7YMA4UB7KIUWC7GfcMcTDLGibPzYsvaF9jK4yUXa3fBzB+HO+vEn/mRjN8STzfPJZXjS50Ma2At/jLZCblmfs4cOg69Mw/AMk4nSWFwGFJppBmOUxYEdEu9bv0gsi3H2yJEHcenp+4hCw9asZk/EluNpiZhGimt8ws4tGxrrtFMvc4OrQaXopZ6MZJR3cJ5LY7uEr17Tuq17wzZMdDTy4cUSPuSV1IHbn2iquK5HNaS4nS6jel4oREn0DXsFD4RYf2WCEfkHVrO3CG7Jr5dXdx4qDTyEt6P/HxJWhZt5SDxMl5QtlYx/fVpQ25dRr0YrHuboa2wA703msk5TEoEEwvFrH0XGh7GH1Zqpztx1ELqegXCeX6VVEF4oD1i0Fi2xLI8WeYmYrWYljpAWjTGZHHPDYUGe5wh4z+C9e/MnTJAzEFCeyTbK8vvxJo/9YehCkNIoZSqE58CPYCKGrlqysUgEhFqCmyTVDcW1f4H02HZHUg94jMDHWWmzYKeeSWM0gl4oqR7N6Q4aIhlhujSnaSCdIJ0e1V7a+1nMw7LXlf2KNLznryZGxirFiG3PeCWpxD32A5S4trUmLvhtdHsdrS/NFrOZhfQmKoFP6D3mbeFlh8VoI7nq9oQ/FVhz+6wPovauIn9gkGEpPopJXIBa4hJspKGcSdaU6GR/NgViGig4f3agIK8toII5TDZLJZkIPbot6nKIbqDiIAq3j1uUOhBuegLnyt6eYm+eifqW2fQvoFh0Uq9v2e/md+SQEV2bwddX4d4YstDfMcBU76bL7f77gbMqLtOG8s86VlBaaicN3JSiABDs2yCLxadVe11MmvQCXgZI79yO4r0heUzlpBs1tF4tUNC9Tnix0ZDDeEYOZ7nH/88TUvk2eL8UpfBYGy01WByNn5qGLsEJAY7aEN+Y+mE1kXMtbuyx9MYV7nOft90Yaa+cEaWgQfARuh0lS+lemc0s6ZG8PUdxeeGjf9Zl1a0XkVZqBiEvG0iHwqBlAy4Mh1SkeKhU0sSBdSvkUkQbafdRCvNDfnHbAku7oyWiXBVUyHl8JA59CnUweJrMNuLzlDzLZjYktHyQmlW9lELPAeUAv4rmn3o42lOt9FukjOgM2uukh1m794geMRKxPA+iQvVe3UgZtj8b/Id+5pxXzPmV+WRlFZNbps1UJVQBtLo668nQrWltj5quGOwCw76cEIjACLH5fRy4WP8bAdMKx/fQVckVMqCRYv6bNY7Hbg4dhkw+3mc+Yw8/KUqDlNYBSJg8/CnB31c+HvLLSACYdnFRb6hg+L34Dty2joHRZ520UFSWD23lOb0h4FbljQMfJzfhgLE7SaVDhzj3o7b6zZQEYRhojj2AMz9BrSwfzFGDWQNKN9aqaXmybb3V8R+NlE8fHYZAl,iv:3OFX2BqcwzIsmlyFUDnasDys6RTpyLRa8znUX/LiEgU=,tag:qHGPKfp3eWygXv1tYsd9RA==,type:str]
- tls.key: ENC[AES256_GCM,data:Sc8CgfudITWAaliJGdjjH0cHouqzlQHiIB6fgSFGO7s3Yy6OGbjfnAztZdiVOcedllKmFMi/NdULkADBsjzFmy05y/G5l2KMaJj0jvi1RWGE8EF7SENjjxGLQoY0VCoT1vliie0CFYyR9hblTZH1TCSb/7NtPcO4Lt8v0XH8tX0O2OYOFTrDXHKbkMGpJ4eI7D/3yYU/Pig62assNMb1eQvw9xDYE/aIzmymw0k5l6Z8lS0LYmMG4wHUKNPtY/NqVVFf2X2a+RzgzdPoOIDzIQ+WLmAuFByi6ATGxjwClXIu0qYaoaDDvOM8NSNrUZXx7EQ9BrVni2AMXVnSrVsIDU4C9rmwtXVoZzDCt8wZrklQBOf5gZ6ndUh5QjynA6MIKojcHvuNTjx0E2n4Le+GJN/K/v8zI4QQmNFnBghIiLF9/kEAyZs9gSKPf3YBfzbpaCVN7iQz6VK74XAAVRt38cpI0OVGFLdXKdkQThUXBgwS17OlkkUTs7dFKvaaYVHppsQMwFBUfO2pjFEWKsCmG2ijrzYrk/APRXT4VEijYEFSQ3GxnZdYF4BrS8ZWZ0TJiekUoB5VB8jsAWbMb5TZC7TUMkeBSlSn1D0tkvKGuBRwNlBp9dfGKeXjRdxE3ks/VsDM/uBC1IJhp/sHSn0oXqec5YeFRcg5zvZlxfjR/D91ClEx/y9DPvmFlcl0bcjPEZPzQ71BZL0IW8DNpZ4wQdOkFzTnVt1mRwRyMhD+xC5qjXI2JiLX43rs6yb7iY9SFuHli1jbRZ/f17YPXxfYnNJn1UZ/9G3/8k8tBc+UJ0+tlqtpXoPmqzGDZV4/d1709JuvDXdgG7ZvtdUWCOywHct+moRYpGCcGysaj/R0R6e5mjk0UwCRfPAfaBlBdyU5StlfooWA+5oJ9WhdUjp+3zI3A9C2BlrVVxWDn/b3WrkDq8Mtdyr+x41Qc+C/nworcg1pgsHYD6cX7RJENkr4k5PUFxas6n1pkQojlTt4UFQFyDtZnfwBCSKQWdcr/jWQIbp83io57w/5k/vGpcMk9fMnluRUWUDiJmdWvDHddHn4WLTlJnnuTo+XW4QnS8rPeOwPfn8+cXC3rhbeSn8YBvEBd2hKzfCw23ki2yup5zLVLGLJd5/aRwm3VSdovaUOy7qxtt8DyQVoUh5EnT4DNcrH5FCaXHstzRd6V78mgOe0+IFLOnJdMHuC9zZiQEQ8/BMNG/KmUzPu+QNEA2X9oWiMElx7TKxRqPIeMWozq+vo/AhbiMOGarpE/Vmln0h4aElC60bixrRUYowDfvvqFMHp4VA206HUAc+MOpIVIGL+nA/wZI+nFihKUVupecPq+GmfnIJHuj48nVoLeniaE533phv9+6vj/XO7Yh9wVFtTS8AhHAQXeb4sZvfHh1gX5lXmqxGwbDEHYyVgbv9z9FOpBuciOShdNtPW0WwjKvHyt6D87gEyuCLcGvLnJnAJ+LX21G/wnisjygvhh45CcFYLYWHzKN9bxbaZZagZzjVkXmyHexPReKz34OZ/jBoVcj74X5WiNdSymwbUaDFQBUoACsaNNCzS88UZsU0EekVzoHncaP38JZZyLSJ0C1xYXvwVVmxM/sHJiwU4ow6VXnBzsq+85XwlK7++y9ujfNFkaJBywkcLf6Ey1ixI0Ma1a6eSuBNBi5cIIU1wjMBfveHjjRVKdFVlT78gM4LKpurE9da6fmQGscsnEpEnpxcyoRm9YoStPS75SbCUiWROLHvHmRfKDPT2ZGBPVrNlA2PtLMjBlWyHk3PWTiVsq/qRBfS3jIbbP8ylDkiAao1HJk0e/nxVp8eFuUgxEJjcMSbyBCvk2PB1XF19u/3Meioy4nkgQerD6sA3OmlQc+7nfBcA6/u4yyTMv4tTI4RJmIhVnU3RBLkC/btw3g82kYGwZ9Ze/9vgxoOU4HshSig+YalCJzt3fPkIMBMWDwYoX8f39fxx5gJHGVJlE7L1D7qyDY0jaymTl2DSNZrxlIvfMoZNNC/VS89h65pqDaYfnHfVW5lmyJ78uquz2338WK8EfOb/D3SNQlXN2XoPIm7BUIWpOT7pAaINWSnpjU7cSpDfieXIFrZNtHNF/ZtE1pBbYc1XZxDk/mHESgkOYKwZ9wG3OmwAw9ao6K6PR8QFXmLVYn4bwe+QeXrcxTkdpYjU4BHFHow/PcVfQRveoa7kfYlG1oagVLTCRRLkVcm0BB7KSGmdRCAnqNSXWzPNmzrib8iJBs9V1AK3yAFzeI4KUnZzbPGKUsA2EyFsw/R65PHzWln8jW8gc80Uf789eSrsSXI6AVvJXHmL2ju1rEOumhdBl1VE3TsSF2dTH8kBLGQB1N3uHvfEIktI0WBCZJPJfBSDrZO4c3IsGWIzXNke5scx9r3YX/+lNmGK3Gwi/eGgG/wrKbfIDvH9IbA8CyOpRalNYymL8pYFXdpkvAt0RFNl75UAbCeW5+WOh7uZ3xKxlTvLyly+zNlSKzNpf52f5oV9TCiu9S+cV1Xix+9/2/wXDp4lPrspk4jAOPdCzI9J9G31G5+BgmcBzFVBAONl6sxggkSNqWmSp9aolaQy/NUmalT9FJ9B+Pvo2gBX2tOs/KfwjR1kmnzceZ3xKSyE4kHgaEMY2bjYKAH57D2tIHHgPoI1zBrbcjhvNDm4JHqe4Ylo2Pp3DD0bR3BIrJ5QWUTCGlrZ5kkJgsBTcaw5AriG2J+oL1OZfO1Sjb2o34U6niKn7Tf1Ln9PiliMH4s5iJZr5TqVqVeInfKRec3Si0e5qIsc2Q/3qKhWvZh1fzrEaS3ar7vBAK3RG+tC9KZ8FEDbXcp/eFi4G/R+VFaKH6VCDv3u4SPSgW2wUgqFCjeXmw6vYGp+EFamM8DbhLvxTMXQcYUoy/a8eIKr1M+8x3/7buZD2XnM1OUpuqpw/C9KBC5a5J10ToiOl0GSRAMhLbuXPbCtDYtSffkBTHTm1hLfe7CMIiAVLZWDfJXi1EOxTwSaOF/WMuTKcM3hrT3x2iYsk556NABaxlwFNp+CqQ==,iv:IaANd0HVJ714GB8B/2EZN/r30Gar9ctrhUfE4Lz5ljI=,tag:DrRXiXJnriY0feYOLPTtBw==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- lastmodified: '2021-09-28T14:32:02Z'
- mac: ENC[AES256_GCM,data:EkhIlU1W9ByqrVgnrKSGQIwCBEWA0rJ4zrOrDJiLmzhtGksscKRRN+nKYva0ftBM5JGKMHwYppGZeamaWgbIigaZqJak2zqU7LNtRgvVVM2L56K7Oqg3EZc3Q82PzqSXk5Vc9szYLP8LgRnex1KGbUDhees3BerCSd6BHZECBuM=,iv:d60vUa+tFqimjRh9CSO3dkLkPs0++HykShkg1kvXoMk=,tag:GYs1k18F0jsdAqTJLZKQnQ==,type:str]
- pgp:
- - created_at: '2021-09-28T14:32:01Z'
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA93W3Fi3CqSYAQ//f3EAaNVwvmx4UsiES2/EY2ZcQa0rNB5AP6q2YSFyQUQS
- 0O/ifkxr0i1ESaPAKAYDRkuaMwnJE3AxkSd4oDFmzlElkfZE6KHezWvC0FBv9R2h
- fB02XFNN6thakGQJ9Xwl6lyazPDSn9cIrbUHH6zdkmRhYjoGFGFBvYrS8M8DRjyr
- KVyCs/b7V4eYTS0dxS4gXrUAzGHKevkb2wuZL5llBYkkYBnTD5z/L/zFAhVP8beW
- cz/JpaFsQHyF9xaxOs3sNNS08vuizq2XgIGA395k3/M5B+1U6gdV1YWvKgYHOch0
- cdErKADxioLvCTGrpFc+eIjSIly2BKUKWgXCb33hnEIXQPZq3Poi2FMIRsytSNHi
- Hm/N4QH4t1uAj7kwXIlitd9XjZCTIzTmZd2HyhcJmhI/gCHytzFwRLbMF2oczE+3
- IToHaGxkgvfa3OtXxWBZQ3N+frSgfOy9JTPKTOl8RpwVM2t2QfIHuK56XqADC7aN
- VkOc/5t+k+giX80pIqkBHD+3oaMQbAUIq+CGAqFfAm3dAaqf7rgc+8MBDZkAVEZa
- BT3bK7F+MhrrdtnAsTob+Gz8yXAvOeFAuwjJMDn6nYUpccRipCMmj5lqfPjOxdmj
- 94TAxX78Zzh3ymP3z0YYOUTbE5McIcLvPEJBuXPOqadiHYYWh0vDKzlI5l8a6C7S
- XAFR7II3NIqVDVB8NQl+M64aI+JgvA8XwjNM8rdmVo1vg8xurY6B/kyDvrhXQjtm
- L3KuAN6QJKdfoV6bTwhxIuBG+kSPmeDQkBCPBNU5WtQrhoq6/YTFMnjFWSzp
- =gheX
- -----END PGP MESSAGE-----
- fp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
- encrypted_regex: ^(data|stringData)$
- version: 3.6.1
diff --git a/hack/sops-create.sh b/hack/sops-create.sh
deleted file mode 100755
index ffd910cc2484078707ddfc71b4252bb3567da076..0000000000000000000000000000000000000000
--- a/hack/sops-create.sh
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/bin/bash
-
-# This script will deploy install the bigbang-dev.asc private key into a sops-gpg secret in the bigbang namespace
-
-# Constants
-file=$(realpath `dirname "$0"`)/bigbang-dev.asc
-ns=bigbang
-secret=sops-gpg
-key=bigbangkey.asc
-
-# Check tools
-check_tool() {
- {
- which $1 > /dev/null
- } || {
- echo "Need to install $1"
- exit 1
- }
-}
-check_tool kubectl
-
-echo Installing SOPS secret from ${file} into ${ns}/${secret}...
-
-kubectl create namespace ${ns} 2> /dev/null
-kubectl create secret generic ${secret} --namespace=${ns} --from-file=${key}=${file}
-if [ $? -ne 0 ]; then echo ERROR: Secret creation failed!; exit 1; fi
-
-echo Success!
-echo
\ No newline at end of file
diff --git a/scripts/latest.sh b/scripts/latest.sh
deleted file mode 100755
index 585af7b5186279c78d6eac2ef237a28b4d321c70..0000000000000000000000000000000000000000
--- a/scripts/latest.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/bin/bash
-
-# This script looks at all the deployed images from iron bank and identifies if the
-# currently deployed version is the latest in IronBank. Could be used as part of CI
-# or as general awareness for development
-
-# Needs crane( https://github.com/google/go-containerregistry/tree/main/cmd/crane )
-# to be configured before hand via
-
-# crane auth login -p ${REGISTRY1_CREDENTIALS} -u ${REGISTRY1_USER} registry1.dso.mil
-
-images=`kubectl get pods -A -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c | grep "registry1" | awk '{ print $2 }'`
-
-
-for i in $images
-do
- image=`echo "$i" | awk '{split($0,a,":"); print a[1] }'`
- tag=`echo "$i" | awk '{split($0,a,":"); print a[2] }'`
-
- upstream_tag=`crane ls $image | grep -v "latest" | sort -r | head -n1`
-
- if [[ "$tag" != "$upstream_tag" ]]
- then
- echo "Update for $image: $tag ----> $upstream_tag"
- fi
-done
\ No newline at end of file
diff --git a/scripts/package/gits.sh b/scripts/package/gits.sh
deleted file mode 100755
index addab91c7cbd0baf723d3c02e9136a438811349b..0000000000000000000000000000000000000000
--- a/scripts/package/gits.sh
+++ /dev/null
@@ -1,20 +0,0 @@
-#!/bin/bash
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-set -x
-
-mkdir -p repos/
-
-# "Package" ourselves
-# Do it this way on purpose (instead of cp or rsync) to ensure this never includes any unwanted "build" artifacts
-git -C repos/ clone -b ${CI_COMMIT_REF_NAME} ${CI_PROJECT_URL}
-
-# Clone core
-yq e ".*.git.repo | select(. != null) | path | .[-3] " "${VALUES_FILE}" | while IFS= read -r package; do
- git -C repos/ clone --no-checkout $(yq e ".${package}.git.repo" "${VALUES_FILE}")
-done
-
-# Clone addons
-yq e ".addons.*.git.repo | select(. != null) | path | .[-3]" "${VALUES_FILE}" | while IFS= read -r package; do
- git -C repos/ clone --no-checkout $(yq e ".addons.${package}.git.repo" "${VALUES_FILE}")
-done
diff --git a/scripts/package/synker.Dockerfile b/scripts/package/synker.Dockerfile
deleted file mode 100644
index 68f9d7a4c65f4473da8b2616ddc1fe1333a0d8a3..0000000000000000000000000000000000000000
--- a/scripts/package/synker.Dockerfile
+++ /dev/null
@@ -1,40 +0,0 @@
-FROM golang:1.13 AS builder
-
-# Download build dependencies
-RUN apt-get update && apt-get install -y \
- git libgpgme-dev libassuan-dev libbtrfs-dev libdevmapper-dev liblvm2-dev musl-dev \
- && apt-get clean
-
-# Clone the latest release of p8kr and built the binrary statically
-RUN git clone https://repo1.dso.mil/platform-one/hagrid/sync.git synker && \
- cd synker && \
- make binary-local-static DISABLE_CGO=1
-
-#
-FROM registry.access.redhat.com/ubi8/ubi:8.3
-
-COPY --from=registry:2 /bin/registry /usr/local/bin/registry
-COPY --from=builder /go/synker/synker /usr/local/bin/synker
-
-RUN yum install -y unzip git jq
-
-# Install yq
-RUN curl -sfL -o /usr/local/bin/yq https://github.com/mikefarah/yq/releases/download/v4.6.1/yq_linux_amd64 && \
- chmod +x /usr/local/bin/yq
-
-# Install aws cli
-RUN curl -sL https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip -o /tmp/awscliv2.zip && \
- unzip -qq -d /tmp /tmp/awscliv2.zip && \
- /tmp/aws/install && \
- rm -rf /tmp/aws*
-
-# Install crane
-RUN curl -sL https://github.com/google/go-containerregistry/releases/download/v0.4.1/go-containerregistry_Linux_x86_64.tar.gz -o /tmp/crane.tar.gz && \
- mkdir -p /tmp/crane && \
- tar -zxf /tmp/crane.tar.gz -C /tmp/crane && \
- mv /tmp/crane/crane /usr/local/bin/crane && \
- chmod +x /usr/local/bin/crane && \
- rm -rf /tmp/crane*
-
-RUN yum clean all && \
- rm -r /var/cache/dnf
diff --git a/scripts/package/synker.yaml b/scripts/package/synker.yaml
index 8082218573a6ea000378d6afd41862f870e208b6..f6e25d9b806b19283950284b268b7a28e4434799 100644
--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -50,4 +50,4 @@ source:
# the gitlab-runner-helper image only gets pulled when a pipeline runs. So it must be listed here
- registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v14.3.1
# Don't include until fortify is supported
- #- registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dotnet-fortify:20.2.0
+ #- registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dotnet-fortify:20.2.0
\ No newline at end of file
diff --git a/hack/remove-ns-finalizer.sh b/scripts/remove-ns-finalizer.sh
old mode 100755
new mode 100644
similarity index 61%
rename from hack/remove-ns-finalizer.sh
rename to scripts/remove-ns-finalizer.sh
index 1d3c2a12d04ea6928d590d09709a7dd7e9f369a0..58dba90b332f8f05be14dd4a73d3ea771f141688
--- a/hack/remove-ns-finalizer.sh
+++ b/scripts/remove-ns-finalizer.sh
@@ -3,4 +3,4 @@
NS=$1
shift
-kubectl get ns $NS -o json | jq '.spec.finalizers = []' | kubectl replace --raw "/api/v1/namespaces/$NS/finalize" -f -
\ No newline at end of file
+kubectl get ns $NS -o json | jq '.spec.finalizers = []' | kubectl replace --raw "/api/v1/namespaces/$NS/finalize" -f -
diff --git a/scripts/semver_diff.sh b/scripts/semver_diff.sh
deleted file mode 100755
index dce17246cbf22a13bd194aedb70d5682c7c1729a..0000000000000000000000000000000000000000
--- a/scripts/semver_diff.sh
+++ /dev/null
@@ -1,21 +0,0 @@
-#!/usr/bin/env bash
-
-# return sem_a - sem_b
-# sem_a and sem_b must be of same semver length
-# Ex:
-# ./hack/semver_diff.sh 1.2.3 1.1.1
-# 0.1.2
-
-sem_a=$1
-sem_b=$2
-
-IFS=. arr_a=(${sem_a##*-})
-IFS=. arr_b=(${sem_b##*-})
-
-result=()
-
-for i in "${!arr_a[@]}"; do
- result+=($((${arr_a[$i]}-${arr_b[$i]})))
-done
-
-IFS=. echo "${result[*]}"
\ No newline at end of file
diff --git a/hack/sync.sh b/scripts/sync.sh
similarity index 100%
rename from hack/sync.sh
rename to scripts/sync.sh
diff --git a/tests/ci/.sops.yaml b/tests/ci/.sops.yaml
deleted file mode 100644
index 8060c617d16e5d54c970745dd39ec879884e4be2..0000000000000000000000000000000000000000
--- a/tests/ci/.sops.yaml
+++ /dev/null
@@ -1,3 +0,0 @@
-creation_rules:
- - encrypted_regex: '^(data|stringData)$'
- pgp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
\ No newline at end of file
diff --git a/tests/ci/k3d/config.yaml b/tests/ci/k3d/config.yaml
deleted file mode 100644
index 1ea988005818077d70bc96ec443491f10b44962a..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/config.yaml
+++ /dev/null
@@ -1,22 +0,0 @@
-apiVersion: k3d.io/v1alpha2
-kind: Simple
-name: ci
-servers: 1
-options:
- k3s:
- extraServerArgs:
- - --disable=traefik
- k3d:
- wait: true
-volumes:
- - volume: /etc/machine-id:/etc/machine-id
- nodeFilters:
- - server[*]
- - agent[*]
-ports:
- - port: 80:80
- nodeFilters:
- - loadbalancer
- - port: 443:443
- nodeFilters:
- - loadbalancer
diff --git a/tests/ci/k3d/deploy_k3d.sh b/tests/ci/k3d/deploy_k3d.sh
deleted file mode 100644
index 7b6d7dae6df931f88430be16771c0bec021554e9..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/deploy_k3d.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-set -x
-docker login -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
-# if keycloak label or all packages label add deploy k3d without loadbalancer so metallb can be used
-if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" || $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
- k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/disable-servicelb-config.yaml --network ${CI_JOB_ID}
-else
- k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/config.yaml --network ${CI_JOB_ID}
-fi
diff --git a/tests/ci/k3d/disable-servicelb-config.yaml b/tests/ci/k3d/disable-servicelb-config.yaml
deleted file mode 100644
index e0bf17a1969555bd446cc95975977879ab2bd1aa..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/disable-servicelb-config.yaml
+++ /dev/null
@@ -1,23 +0,0 @@
-apiVersion: k3d.io/v1alpha2
-kind: Simple
-name: ci
-servers: 1
-options:
- k3s:
- extraServerArgs:
- - --disable=traefik
- - --disable=servicelb
- k3d:
- wait: true
-volumes:
- - volume: /etc/machine-id:/etc/machine-id
- nodeFilters:
- - server[*]
- - agent[*]
-ports:
- - port: 80:80
- nodeFilters:
- - loadbalancer
- - port: 443:443
- nodeFilters:
- - loadbalancer
\ No newline at end of file
diff --git a/tests/ci/k3d/metallb/install_metallb.sh b/tests/ci/k3d/metallb/install_metallb.sh
deleted file mode 100644
index e67808483b74349a375801e18c2dc93750fd2da1..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/metallb/install_metallb.sh
+++ /dev/null
@@ -1,12 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-set -x
-
-if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" || $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
- kubectl create -f tests/ci/k3d/metallb/metallb.yaml
- kubectl create -f tests/ci/k3d/metallb/metallb-config.yaml
-else
- echo "Keycloak not present, Metallb will not be install"
-fi
diff --git a/tests/ci/k3d/metallb/metallb-config.yaml b/tests/ci/k3d/metallb/metallb-config.yaml
deleted file mode 100644
index 4b2c1d4c7c50fa23346b968c560e722ddb88dc79..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/metallb/metallb-config.yaml
+++ /dev/null
@@ -1,12 +0,0 @@
-apiVersion: v1
-kind: ConfigMap
-metadata:
- namespace: metallb-system
- name: config
-data:
- config: |
- address-pools:
- - name: default
- protocol: layer2
- addresses:
- - 172.20.1.240-172.20.1.243
diff --git a/tests/ci/k3d/metallb/metallb.yaml b/tests/ci/k3d/metallb/metallb.yaml
deleted file mode 100644
index d84f43a5371e2ee0369dcb467075b4a16a13c157..0000000000000000000000000000000000000000
--- a/tests/ci/k3d/metallb/metallb.yaml
+++ /dev/null
@@ -1,450 +0,0 @@
-apiVersion: v1
-kind: Namespace
-metadata:
- name: metallb-system
- labels:
- app: metallb
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities: []
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- hostIPC: false
- hostNetwork: false
- hostPID: false
- privileged: false
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- ranges:
- - max: 65535
- min: 1
- rule: MustRunAs
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: policy/v1beta1
-kind: PodSecurityPolicy
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
-spec:
- allowPrivilegeEscalation: false
- allowedCapabilities:
- - NET_RAW
- allowedHostPaths: []
- defaultAddCapabilities: []
- defaultAllowPrivilegeEscalation: false
- fsGroup:
- rule: RunAsAny
- hostIPC: false
- hostNetwork: true
- hostPID: false
- hostPorts:
- - max: 7472
- min: 7472
- - max: 7946
- min: 7946
- privileged: true
- readOnlyRootFilesystem: true
- requiredDropCapabilities:
- - ALL
- runAsUser:
- rule: RunAsAny
- seLinux:
- rule: RunAsAny
- supplementalGroups:
- rule: RunAsAny
- volumes:
- - configMap
- - secret
- - emptyDir
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
----
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- labels:
- app: metallb
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-rules:
-- apiGroups:
- - ''
- resources:
- - services
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ''
- resources:
- - services/status
- verbs:
- - update
-- apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - policy
- resourceNames:
- - controller
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-rules:
-- apiGroups:
- - ''
- resources:
- - services
- - endpoints
- - nodes
- verbs:
- - get
- - list
- - watch
-- apiGroups: ["discovery.k8s.io"]
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
-- apiGroups:
- - ''
- resources:
- - events
- verbs:
- - create
- - patch
-- apiGroups:
- - policy
- resourceNames:
- - speaker
- resources:
- - podsecuritypolicies
- verbs:
- - use
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-rules:
-- apiGroups:
- - ''
- resources:
- - configmaps
- verbs:
- - get
- - list
- - watch
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-rules:
-- apiGroups:
- - ''
- resources:
- - pods
- verbs:
- - list
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: Role
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
-rules:
-- apiGroups:
- - ''
- resources:
- - secrets
- verbs:
- - create
-- apiGroups:
- - ''
- resources:
- - secrets
- resourceNames:
- - memberlist
- verbs:
- - list
-- apiGroups:
- - apps
- resources:
- - deployments
- resourceNames:
- - controller
- verbs:
- - get
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:controller
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:controller
-subjects:
-- kind: ServiceAccount
- name: controller
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- labels:
- app: metallb
- name: metallb-system:speaker
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: metallb-system:speaker
-subjects:
-- kind: ServiceAccount
- name: speaker
- namespace: metallb-system
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: config-watcher
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: config-watcher
-subjects:
-- kind: ServiceAccount
- name: controller
-- kind: ServiceAccount
- name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: pod-lister
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: pod-lister
-subjects:
-- kind: ServiceAccount
- name: speaker
----
-apiVersion: rbac.authorization.k8s.io/v1
-kind: RoleBinding
-metadata:
- labels:
- app: metallb
- name: controller
- namespace: metallb-system
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: Role
- name: controller
-subjects:
-- kind: ServiceAccount
- name: controller
----
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- labels:
- app: metallb
- component: speaker
- name: speaker
- namespace: metallb-system
-spec:
- selector:
- matchLabels:
- app: metallb
- component: speaker
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: speaker
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- env:
- - name: METALLB_NODE_NAME
- valueFrom:
- fieldRef:
- fieldPath: spec.nodeName
- - name: METALLB_HOST
- valueFrom:
- fieldRef:
- fieldPath: status.hostIP
- - name: METALLB_ML_BIND_ADDR
- valueFrom:
- fieldRef:
- fieldPath: status.podIP
- # needed when another software is also using memberlist / port 7946
- # when changing this default you also need to update the container ports definition
- # and the PodSecurityPolicy hostPorts definition
- #- name: METALLB_ML_BIND_PORT
- # value: "7946"
- - name: METALLB_ML_LABELS
- value: "app=metallb,component=speaker"
- - name: METALLB_ML_SECRET_KEY
- valueFrom:
- secretKeyRef:
- name: memberlist
- key: secretkey
- image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-speaker:v0.10.2
- name: speaker
- ports:
- - containerPort: 7472
- name: monitoring
- - containerPort: 7946
- name: memberlist-tcp
- - containerPort: 7946
- name: memberlist-udp
- protocol: UDP
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- add:
- - NET_RAW
- drop:
- - ALL
- readOnlyRootFilesystem: true
- hostNetwork: true
- nodeSelector:
- kubernetes.io/os: linux
- serviceAccountName: speaker
- terminationGracePeriodSeconds: 2
- tolerations:
- - effect: NoSchedule
- key: node-role.kubernetes.io/master
- operator: Exists
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- labels:
- app: metallb
- component: controller
- name: controller
- namespace: metallb-system
-spec:
- revisionHistoryLimit: 3
- selector:
- matchLabels:
- app: metallb
- component: controller
- template:
- metadata:
- annotations:
- prometheus.io/port: '7472'
- prometheus.io/scrape: 'true'
- labels:
- app: metallb
- component: controller
- spec:
- containers:
- - args:
- - --port=7472
- - --config=config
- env:
- - name: METALLB_ML_SECRET_NAME
- value: memberlist
- - name: METALLB_DEPLOYMENT
- value: controller
- image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-controller:v0.10.2
- name: controller
- ports:
- - containerPort: 7472
- name: monitoring
- securityContext:
- allowPrivilegeEscalation: false
- capabilities:
- drop:
- - all
- readOnlyRootFilesystem: true
- nodeSelector:
- kubernetes.io/os: linux
- securityContext:
- runAsNonRoot: true
- runAsUser: 65534
- serviceAccountName: controller
- terminationGracePeriodSeconds: 0
\ No newline at end of file
diff --git a/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml b/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml
deleted file mode 100644
index f242fa3d50d3f282f0e5647d4d51bacfb1d902dc..0000000000000000000000000000000000000000
--- a/tests/ci/keycloak-certs/keycloak-passthrough-values.yaml
+++ /dev/null
@@ -1,126 +0,0 @@
-addons:
- keycloak:
- ingress:
- # *.bigbang.dev
- gateway: "passthrough"
- key: |
- -----BEGIN PRIVATE KEY-----
- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbaLWaC86eG74Z
- D5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpBtvV5x9F88gMz
- yhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+mrUniVT8WNrRL
- C1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+AfaGSHheKo5h
- xTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqUB4dAge+imwAs
- ZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKNB/8mi1pylWqN
- UjedV4A5AgMBAAECggEBAM56xORaljBO9WAKOotNK+1rNBO6jAYTWQeY95CeolSP
- y/PvobcZa6QICAL16o3DlSqQroTTmf7WllLnq4PWueA43+ETWSMaxAsqWE0laTTd
- qyfV/8lvhzTv5/+z/TIZnmoCDFT2Wm9iPdudpfXbKp+ghFnYFJVwmVITRbB91InX
- 38LaEvLWFnJ3/DPYursaXerwwrm50d0PCdpa/ceqBCVHlpT3Zc0lT0rYpDVtc9BG
- 3gjbvKwhVUQBDfD3FGEobxhbc5eEH6JEf0PUWKnsU5F0qRKjQnfM19XKbczP+9gY
- 71BDL1sALSZxxJXW865+7GeXKCtxObkcCwYbf8UrS30CgYEA+HSH4ZpuHZ8IKIbs
- vFaAjsEMkRfZPao8b/g4/JCg4TuOpAdFZUTSPWmdUq3i/J8o9b+e8/bznn9HLHIT
- qyreSyiRUQRtcniSL1ZUHSzzW9QefYKzPghGYHXQLIBAWt50PDaMfPQ6Sj1NaEPH
- h3hq4YNYNMQP/QVmfFdiT4xVA6cCgYEA4hJgSc17hh/u84uYAKhg2zSlFG5LlYKc
- Yb2aFQJhFz2QqGxMeOXyIVDFD6btGcOLtPt4RdsBuCLZZzFBDUlWL7rY9qlL+/+P
- ERStyHE9gFBDa0KWfvQxHSXIuxN2mkokktiVfaTisi8SWEKRJYp+B8HCa5lSDBti
- eXcGBK3hWR8CgYBJ+aBPmsR4i1ZJgsrP1M2YM4CDXt9uzdYK3JRTFtjf1vTEf+m4
- mkIiyORvrphr8ROn//La3sdwhKLzZ8/VYgEnzZ9eyPuxXpbgA0suGKkoyUJ+ykCG
- Er6pj8p4xYLjy2I+X1t7BNiqLBB1H+Ezw7XHCW1k4I+GHWqDUR1TZAwX9wKBgFhy
- KAm3wqPuymWuL4HSXlJkflFH9XpA5z22GBowHBwjkfzSofiKvfgayX4eKJTz1Cyy
- VZO+4yVPPQ8KThEMqBN0Xn3iLkAg87ATDwpkg1M4E6hbHNX+Y1ir96R5MOWcLELn
- SVUmtSpREDRHltHBJR2TyKSgD2F9NUGgN1KNVKSxAoGARyx7VceWlpdmnr+i26UH
- B4h6/rL/nY7M2oWgUaj7FeygcfemtO6cV+R1Bl876Q9Dx797hZ4ddGAgxmDFsv8J
- f6SSzTJBB6IGxt+1ZcxD4uFXUrOVFv00br/Re14bsXQcMwi9kEJF2idbR5E7O2qc
- qbLlPssjuZS5pDnRa05bEIQ=
- -----END PRIVATE KEY-----
- cert: |
- -----BEGIN CERTIFICATE-----
- MIIFHzCCBAegAwIBAgISA9KlIFfDVyxZ1/qZXl4HMuIOMA0GCSqGSIb3DQEBCwUA
- MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
- EwJSMzAeFw0yMTA5MjcxNDU1MDdaFw0yMTEyMjYxNDU1MDZaMBgxFjAUBgNVBAMM
- DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb
- aLWaC86eG74ZD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpB
- tvV5x9F88gMzyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+m
- rUniVT8WNrRLC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+
- AfaGSHheKo5hxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqU
- B4dAge+imwAsZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKN
- B/8mi1pylWqNUjedV4A5AgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD
- VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
- BBYEFLUbMi65bMLlINPzTplLjtCHZfa0MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
- QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
- Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
- MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
- NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
- cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBElGUusO7Or8RAB9io
- /ijA2uaCvtjLMbU/0zOWtbaBqAAAAXwn948JAAAEAwBGMEQCIBkkdKr6WRtmZYO8
- kuchAYDxGPaCnU9FYU3BZBpsbJvLAiButEYn4AvTFiZMILymyuuqct/eFjIR9MEE
- pNotyaD+bQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABfCf3
- kGUAAAQDAEcwRQIhAOOOX0qpI8xjqARUfU4ErGe8icHORlNHHzP/a6b3XE4ZAiBp
- fMNh3oihXS1e6EM9Xs8m+9nuCi7rqLNSkCNuwisK7zANBgkqhkiG9w0BAQsFAAOC
- AQEABMjkLKKxYyL4ZT6BPuOyqC4hnczDYUmZdCCysLu7psCjrZIAlSRxLIWXdWir
- ogi/Vf+wdPKk38NDar0T9+rfAehuvQjQKCzIKVzr+MGauW0Wytwt63EgLIl2znvX
- jWEIUwDQkqeFzPMbov8BK8hdLibBSz9nLrT0Zyw9mgRIzslemsi62+AjSNERTCTv
- qyhinnBHLd3dGLOAXexwXu7ic2ZwCgnSgcli+MWC30QOh6ePJJqgw6OpwvOC9DAV
- fkvGYFXlgYXnhQeLr0/4tzw3koclRWe/qgjAdAjB03yp1e53b+j9NoOfyobo1MFe
- nMqEgcgAiA2VuE62Q4HE0Rs5wA==
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
- MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
- TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
- cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
- WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
- RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
- AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
- R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
- sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
- NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
- Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
- /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
- AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
- Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
- FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
- AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
- Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
- gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
- PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
- ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
- CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
- lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
- avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
- yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
- yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
- hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
- HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
- MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
- nLRbwHOoq7hHwg==
- -----END CERTIFICATE-----
- -----BEGIN CERTIFICATE-----
- MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
- MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
- DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
- TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
- cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
- AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
- ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
- wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
- LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
- 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
- bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
- sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
- Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
- FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
- SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
- PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
- TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
- SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
- c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
- +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
- ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
- b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
- U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
- MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
- 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
- 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
- WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
- he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
- Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
- -----END CERTIFICATE-----
diff --git a/tests/ci/passthrough-gateway.yaml b/tests/ci/passthrough-gateway.yaml
deleted file mode 100644
index bb9b63a62c82e09160f7bd9700a9fbca484110d3..0000000000000000000000000000000000000000
--- a/tests/ci/passthrough-gateway.yaml
+++ /dev/null
@@ -1,16 +0,0 @@
-istio:
- ingressGateways:
- passthrough-ingressgateway:
- type: "LoadBalancer" # or "NodePort"
- kubernetesResourceSpec: {} # https://istio.io/latest/docs/reference/config/istio.operator.v1alpha1/#KubernetesResourcesSpec
- # Node ports are assigned starting from nodePortBase. The nodePortBase specifies the start of a range of 4 unused node ports.
- # Node port will be assigned as follows: Port 15021 (Status) = nodePortBase, Port 80 = nodePortBase+1, Port 443 = nodePortBase+2, Port 15443 (SNI) = nodePortBase+3
- # Node port base should be in the range from 30000 to 32764
- # nodePortBase: 32000 # Alternatively, the kubernetesResourceSpec can be used to configure all port parameters
- gateways:
- passthrough:
- ingressGateway: "passthrough-ingressgateway"
- hosts:
- - "*.{{ .Values.domain }}"
- tls:
- mode: "PASSTHROUGH"
\ No newline at end of file
diff --git a/tests/ci/secrets/README.md b/tests/ci/secrets/README.md
deleted file mode 100644
index a4815e613817be529f49a779f228c5bff229b779..0000000000000000000000000000000000000000
--- a/tests/ci/secrets/README.md
+++ /dev/null
@@ -1,40 +0,0 @@
-# Update certificate
-
-## Lets Encrypt
-
-```bash
-sudo certbot certonly --manual -d "*.dev.bigbang.dev" -d "*.test.bigbang.dev" -d "*.default.bigbang.dev" -d "*.bigbang.dev" -d bigbang.dev --agree-tos --preferred-challenges dns-01
-```
-
-Copy certs:
-
-```bash
-mkdir certs
-sudo cp /etc/letsencrypt/live/bigbang.dev/fullchain.pem certs/
-sudo cp /etc/letsencrypt/live/bigbang.dev/privkey.pem certs/
-sudo chown -R tom certs
-```
-
-
-## Unencrypt Cert
-
-```bash
-kubectl create secret tls public-cert -n istio-system --key=certs/privkey.pem --cert=certs/fullchain.pem --dry-run=client -oyaml > ingress-cert.yaml
-```
-
-## Recrypt Cert
-
-```
-sops --encrypt \
- --pgp=41BFF8BAF2586039F6293D835A2E820C25FE527C \
- --encrypted-regex '^(data|stringData)$' \
- --in-place ingress-cert.yaml
-```
-
-## Copy to another location
-
-TODO we should consolidate this
-
-```bash
-cp ingress-cert.yaml ../../../hack/secrets
-```
diff --git a/tests/ci/secrets/authservice-config.yaml b/tests/ci/secrets/authservice-config.yaml
deleted file mode 100644
index 849c06d069d83185f7df1f2c8741f62d59ce4829..0000000000000000000000000000000000000000
--- a/tests/ci/secrets/authservice-config.yaml
+++ /dev/null
@@ -1,37 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: authservice-config
- namespace: istio-system
-data:
- config.json: ENC[AES256_GCM,data:yeHCrpjDGgn44xNfYJxhKd9hM5IL7P93KFcZRHm76DeXMwtphtmg2eUpoNJzz6SE1I01bVC6l/RtoVPxS6V8tO/hB2Lc3zZAgDLt+CdTOrY0fKGkHewm2O0NGyuYXUfkD0zQ35vmgMWtYObA+klQrS5JTfysyXrmsuG7ZvEBc1WSa7p40SyKUYSo7MooB+Q2Jm4K6HKKFm2Yg2pZ9CGSsb/GcRZVLK6fZOnQn1faqCpWFNTLNgyiovfDeEVg0F9bOO579FRjecfEeXbqIiKbr1+ztN/+yhRozQpsMBvfBDLT8R6U54LRPLSX213jzNY5yWYbLXVYGwq6EBZ7rYVUoPUDM429lqVtXxBwSZNI4dwxbj2QbY/0f75OgD0RM1c36F97DugklAOBmF1rqPMuCaojAk3I9S0OxffzbVNECLN7Nv2nKbtDl9bKuH5gTji/KQC1qJdKtWmK7QqoVh31LCJLa7aI6FTTZIdeONH9gXoubdnirp1hIoU92pMGOxfMsUWwK4gM2Q8+U230lBYwVAMHAQPxmD3iOr0DQb5e0DuhK1UF5xnCrYXteYvaq7L/6k2C7vionxdKZ+UDc6Jcub2QlS83WWjdI4VAefMA9Zrk1OmH+5TJhP1yMeXPEMLZZxUpz4umRuWk8H5j8S0clkAj37YJMnVKDYiVDJMQh49v/WKEAkSK7afw6lhAa1JIvZCCmOv9CD9nATEMjvXPM/pEVF5SfBr/6PtmGVjXw1XlELrgznfX09KEHHuoHfSupNAW7Vw6ljn+rK7n+yn/9f9MteENSBB9nYyre3DiVbjUiqcs8D82Z4/h8DnkTXHKEqb5gQT3mBR3LIiRhCvdN7Z9ywdciFevLEZyqZXLKtkwhUV01qUMQMbJtM5O1DeWc76mDPsykEs4zZR0Rc+CyvOgSj+wqC/i+hxyawoH9wccTIekO5+2WpEWZ1oAl3JIqMG2t8CxDt2KGzwiW5MKSMxSdUf4XpcOdzZbazMhEqSuFwaANDrxKJslwl5/vEcR+fy+JDPy8UFFUzRJ8YzOZa0vbYEgpdm2yvCDYkRRVsEs5OXnDtFKpVQGkHbZ7TT+wADJ5pCaM/2+WSi3Q82aH/a5NjxrTGH3sdVYKz39ucTopplpfwQMv9g6ksH1pbWqAbKZbMgHza6q0VN2KE/ss49jKBEARufxsO3qL7vEgpZr0Tu2a/mundGqKTymt43gfBh76I+pA2kvx3EiSYS7yFT6S1BeYCo1eWBZP0HHBkTuYv0N6CPJtGnc1iwKXaYb8TKqQV44AJh1ct77+d5DRYK7RAVOce8+hu4fBFSC9k4xg3k1hJbqkx9S+038uWf0OwCEvn8KZfsfW8LLaHkWiTAzFybAcA0SL1ZQntM4ZU07C10hHmMk1zgaWW0vMI66W+/UX3Qh4ZLQqUceALlIxQD3ktkpZZpXvoV4qkuuSzI2RUPYsEq1joLMPyfnhS+BDMi571pXPzwstnmsCQZcDAVWgNowqWphywtMkQFrIiIpPRKVyblYj4H4L2SUvlDnBUK2VSnHdcL4BHJeZiCMdA+rWgnAX5Ij0vHb4OdOBYr6fk9QDAmhAEUSgwSILjgBchkVpowdgkSEmmGxlqniICJIhgITJuiFI9E072yNRnaY30Ze6r4C8l75OJa3CFp7pAg9V8uobWhD8jbUvEHH1ecHQU8lfLqM06OA7IZQyRHGjVGrCMZDZnxvh/S9kmx/cA3dTedH5ouqIXdO2fhv5JPWJb/J2+qYjT+Hzb5S5B3ZGM3pSVdZiqmbiR1+f7jvqLMASIMNxXiJJccc6IA49mv9lXhtz/RVUbE/DxrrkbCJBHxzECV3yab9sB3bF4Dp5ASn4OoiWXRCOrtOHB6D878DHBAUJVRDN9vumF35wPNzEeLQa4W/fcvwofI6Zp3J9E+m0zL0orF26HMmPR/LqJeg8c9HEEYxWvwJGJDMKH6sobtZIDu6mb5Nv7hbdVccjc0ly0FeShbWxJDB43xDAXooolfyS8dE+V9YywPg5iooT2uErGmN6e4kxN75RaV9ADH4j5dqxfZYUSJFL6FBCK11fruTgTqxKWy8oBz5T6O5dG/00zQu7SF7z3I5ep8H7O7l23008b8BSiDSmb3MOlvEjCrhw+NqBm9JfUO1hJAEKhNJ4l9TPZOjucpu7qWlVbGdTSMjUCNdUH6SMnGU9RFY3t9yBDzKVOhHnVJpe588zYcCm1yLqIA5wPzX8VLsuc6BMEDxgf2XApcHpegodCkUQO9WuWBJb8ahT5kPdxDlN61FJNs1n7Scp2Y6/1qVdh6fup5jY0P+FxpgAyfuVCzdtRMlkbeyxxfyyztafhBbSJ9GS6ZKJ1TAGl6WB1Y5VD7kXbLHcAgFn83twdEDOK9dSo3/Bo94hBiTYgEmewH6SdWH1Ds1pA8uexlyLHWhBHPREJeN7F18/y+Kx5VJaF9CW4874h2WMexTJvNy9w9C4Txyr4osM9R/0wtaxHvU7SjuKZropItz2WKjNrn3YhDwXQ8kcbSg9SK5zBtSXIH6gGhW6ifakY5/+EYSWRI7nN5gGnci2TWLmRPgKErNFTdg0bvaQ6joTdQAMVjDakjgsk7wgAEsuI88L2DokpPXvVTDEr82I/ysAtyTp93CgRi7tuvkx1g/qE4vZhSUKC60xGxdqiP5RHHphT8Trpu//btd+kI0CSDn+w7eWNnnj35EGz/xOE4NPix9M115kwvau2NUyA/fOP33GnSLuyavV65AwO8FbE0MA8vKP/bO3AFb2xROSThcD42jfJnCQRTTxFxeJgbykOLe0zSZybw0NQ/EJs/SmITdXiQWE//9ozOt4IhxXgmYvUgl4yW3VExg6iPWbOOcs0rPp5eXJeF/J19XZ00nW8TXHDGjDio2P5yc1feaI85pAAZREjQ0kBheLYoNmQeVQIgh0CfUzf7Etl/DE4p3sfbmmdyln8XMvoq5MTE2/gEMEx91K7dJvB6qaSI+kiCzj+tLjigZEan+sgQNkV3/NEA+Nml/t9jyoLxxG/WYyM4G8XN+qubm2y3nBjq+eHQgd0fadm2I8AI1AYP7DnV16zu5VYWdVw/W5I0iNIbRzGOD+gtz2R+jbSsjaYg05g4444korcIM6sBHk/J5piCr1ZSaAUClws6IlZ/rqhqKrkrKZ/fQXoyLp2q5dVw0IBbjIMkouwN1SeukalLcFwVoiKnHr2iCiLKSfz8BVt9WZfaL5xj6MPX6z7YioJC0gzzyMzo5WE7+jOEBKDxC7rX7LuZLFv52DMz0v/3xXCtCzXJpbDqqBF/9Q1Y0zEJ6C2qsFdx8yMu5Tl9oagALjdqtriRwF9qwjW9anS2DJSqXUCQe0Lk2TQL7W3nAIlCc6al6QFidtci64BWX6hQ9njTGFZRxXiLfjghi5r/AJP2RSnBiA5VP5YJhWkh+Z1P54QyqlnFSWJMelP8IVLiMVJrtYNpH7jPoqOJoW5LT2c4Ar5z+pJA+nK7FneUCHEtVXAorgiTV69rWsFKrOMWAWPnWwx5nwIH1rMKGZmBHMTbNtIdtbpyC6QkJNsDUJSv9KSxAooFiYxZMIucT3KdWfbR4BuZFk4Wiz1B1AKWEmf/1J5/zEyLY5E4Rb9mSKHcJPXtVgOsHe5U5LdP48WR7cep3zSZ3JrqzfH+o+CAjkh79fld/Cvzoo02pN0IhHzhvDnnMygjOuUsoDC+iYb5CoPEcik8VvAwsEFK0f6mLCKjYMQDjxAgrq/8wKBwKYAXjhLi133p2NUoCA9+OQOlCSv7BygQ9iG+SekabS+4Tziqe6cFqDDz9KvzGRZyLD3fkX+bpGRo9uKloldvlVQ0BJ+3PADvHAm5XqrqtI0isW3Z/I9qnJnD15piRLyJAUDObI4HRHUF5Txexg9v3SAUSVguSn0tSujHNM+3oLpkhwD/Y/crqx0AN5YK/b8RJVht/IXfn0sI0xLvqcLtbiXktG9XBOtPkTxePj5ELzRaeHv4NGE58CAEanFsTyI22ePwKiISr1OdpyzxIMNWgew/kzX2R4Pf63w6J0ebiNIDLSBsNbSsXsbp5mlaCmjIx06RLArviNG+ZigxGzfeVRzYCUVVOld58SJNrFgcgcY1fNQKYQChZx+tlx65YWKpy6zNB0aCRTmRmHCsWsm4dT3y7v4zPGE3D9emhwdMwhjr0mkBTRv8VYFJ/4VtKFkz6Mnq7991BajMWkOZLqtH3otbwNRahtqFiUey5ZmQrNVYgIHQUw2Ks1HMY7BGkwRmdhaXPjB0J8/dGKir3OiZe5f8UjcMCeIwRICzFgrPn8nd9F7jiFd8FrO8r9FW2Oo089r4M6X0f/FvkHOJKkyCpQdqZ1rBPibPUhuHugZRb0A52A8DJzeNkJvmyDhjn+x3+yty4BEaXreHYPH3vIc6nOxefa5y3gS+UfzXl+8GUPbQRq/LGD92xVccfhZZjZGznOFrQDvjICGk/yEECa/9JY4IAK2UR+1UTaoY0U33Nc3yFW/20dkSc1QQWsio/8qkJkz1f2TPprCWstYTWRCb/FArAmMyEmo03y3zm5rApgPD56Eo=,iv:bpn4VO7gA0MYMBgmgoDwIblHGlVW3Ekmg8wNmYl0YD0=,tag:tQKh11BYua3PdBXHDuejcg==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- lastmodified: '2020-11-20T20:10:39Z'
- mac: ENC[AES256_GCM,data:ox2+A0U6gJY/m6zrWs0b9zNRrnuIy/3JdPaFyENcttGA00Fuhsb8Yqefgy1lU/mrO4SSZEq8tfEnIezP0OhOFYku8uUjYNdV89KDdDq+VAQGNE2nVZk/2v3BidBmxE8g7BW+NmBTVjjEFqWHHx6pC8iNBg4/hdqtY4QlHcgxHWs=,iv:EWsQ1BCIto+jM3s9q/uymxurSIAV91k7yDTkx0jtBSA=,tag:kjgaqwqJMur0oRmV8XF6Ew==,type:str]
- pgp:
- - created_at: '2020-11-20T20:10:38Z'
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA93W3Fi3CqSYARAAmhjQ6dahjX4RFXwErHl5pJBYwNuRC6WyJZXYwDqWwxd0
- eAIJ8/FyFqdHYG3lCAnICqLbdC/0UaXnBa5KDEMAcz7xHheq9NQCAuVL4sxyLklq
- JdTO55SHPU3SO04cG++sB8VZhi0tUORMmNA0NoLrkMzx14V3UjEY3fWye4hL26a2
- Ei6QhdbGHhEdq6/8nOOQXc1h8fAzchiJ5316fNIg/tdr6My0mUuDwi/pWeow4j5o
- iiEtK6OsPPKgE4UaclQj2+CDKPhP4z6Ljuwd7EBPjrdywkHUmmbx3mJk6BOUiMdN
- EvpVXpcz3sTu4RKmdzqDHocwbvxFW/cuXaAWWzaM3BpR970Itz1qV663RN3uuMr5
- hnkiCiwk0T12dZ5B+DK7kdirT0my9mPkOM4+BmpTUvsiTF2OVI5+zwt/h4ZtUy1e
- QVEpzSVpGsY/EN+2hFEuEmBnNBi8gmzMRa+FZJyvs26K8AeH0Rja4sjFYf8ccAfx
- 6b3XLhOci6xa1Ik3HeWlOf78bMwnuHl0H9rgtg1S+AGWRJOG4tfJCTRpi9j/srVn
- /x0wBVFyPiTV5oIjQgWoJgw4ZOz7XW23xmr9SpCP4ZwPu4q4I+KSlPb4pM0jSzZw
- zpuvAKWJPkTxBGYewjjgImgWOGkhoIDah71djed3E/EtPULqSAUCjyXO4ktpI2HS
- XgHvRRyHDbaKz7u9JuuGCRhQ0R0SQn4sGYwu5IiYiEP0sHcKs5p9Y/ThsyEKeyis
- jMcf4GfW/yCmjudrfZ3V8yRDWG105QURx7qtSaMJ1nMGUFMq+bphDNRQopeBwUE=
- =Ztvz
- -----END PGP MESSAGE-----
- fp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
- encrypted_regex: ^(data|stringData)$
- version: 3.6.1
diff --git a/tests/ci/secrets/ingress-cert.yaml b/tests/ci/secrets/ingress-cert.yaml
deleted file mode 100644
index 55f9f1b1d81e3d475d3295228a498d92e4fd21fb..0000000000000000000000000000000000000000
--- a/tests/ci/secrets/ingress-cert.yaml
+++ /dev/null
@@ -1,39 +0,0 @@
-apiVersion: v1
-kind: Secret
-metadata:
- name: public-cert
- namespace: istio-system
-type: kubernetes.io/tls
-data:
- tls.crt: ENC[AES256_GCM,data:0TSPbPMrHwaEOxrZoEGV0as3//35rVcsvbecjJ1DWgcRz3Biml9hyu8cRWO6X654SO2TQRfmxXPXYxg94c3L2Gy3MDpHnFHax73r26OF5QaUJoEZT6fJHr7D0fTbqkJCYfoF3nQcqJSR2+kRnRxdzE0djcn3hCtM0+JJvx5trb9KG2g4CzAF1OJoGvXAStcR4gwLC1rmyPZcZmAVZ+lD5aRnLEHrbhTgPoJRuVbSfnGhsPo9JD4gBEB/PzAZLAqh96hxpN2DI7V2QzXzo6FZp4jO1mQaD+xls9HhtlH1yIIoIx1GXtcj0KpTNTWHp6urPhNnxuUzfq8vNHr+25kRlpVurSTBLjkz6wM6RiNEKofjqTgU1uywhLUPmw7O8KSOJtWW8+vLHgb9FqEsBdHAyFP7yIbq2Hqm0DO64UhMO2yBd81wqKaERWYT/guJPbV5At1706/gp7yQAKvkSaWzX9CJGcLWyWxw/sE2ttRZpunm1VmVz7CAAG36LQhhJx2sQdzvEVApbnCcx1Ix5+Q8gtrDIPassPxezKZkEnrvr94RzvAld6EEuvJb9QcJgMA4PsBR/ihhYsYwp9Fi1UFjDZQV31bu0pVTZ/JOFOltka770BqFNKg5sEEwYXLJbt7Gdj0tfX5djEfRBlxLIEObdC8Iyk0vgUlWQUBabrOwLzvIumur7Q9VGep+fpmapLV52jZsEC7RBRGOyaTdhvEvDX6/0728lWw+SlPUYIrfpKJm8eR46nTEc59bWJXkfrE3/FtPaOGQhXqdpcsvizZPpV5DE5YLHBHrZFpTYcmOmljs1ttVQFSDrr+H7mEFL84eeINsNUKIYbkf0EUHeWS3yYzRi80OKU8ViKhPo/PoJoo3YAa6G1J7THhc2aI+RhlTD9wSHwOXrdleEcQ5vJK1SVrF/nOcwwYFDAj6y1/+8sAd5vceOG0isWVCvWuQNNhc46JFesNbu0RrZHJ+59JNEgLqYDNLocnrLU5PBJGMOFhSz2qBpcRcOHpYdzWin4/CweRFIDOFCGEsncGfgpEBJisl3Q7vqgEiF32UslMbOVU8l2m8YVxHkyBXGpuEG1s3L/CcHLszzB9ACvX32aJzlNhYduWNrv3zmswq4YvPNmp49eBxxfkh1KP39cLTYfAY8XMpren87Pk1tnIRWrVAcCjkdZJeshMM5cZDPQSJJuRFi1ruLP6PlypVkZxG5A8TzrQOXZIwfmAbsEURJ1Pcn3AOeWye0pvJvs3r/VyRB6/CG019aXJ9+QpeuPEZQkid+RYbYalgmWiek0lnb7OqH13/76c5s3aDtrc1AVcEjyer96z9BBofdHkeqnNLMITZWv+/IjcQGJAaM19X/5xOR2Xib0eOmIiJmBAavP2Fy4EBt64W8ehXHyqaqXUDhVWcFdI0GzOSNST3ya9XCyENO9KWD0s+zJKlecctT/GrfhNER2vhwLkU17Z5tmbk5fHrepofOXpk+81+KOMIMMEknZvZ0cWOebolL66A0rsdC+1K1DuMdm83JxlsLj/KxkOBanKLS76PZ/MiniCpUx+r7KYxmR+aJCV4aadOgCoShtDAXKY5nnR4VdD12hK+asmXXS7h6mBiKSikBgnaWxOf3fs4+DEbdVsGlwzxfFxkZYzqL25EbJi0o/tZoTp67iVTFGMsM3OTXSYfURkBLAGkUTjAddoZ1PfcvYgpTTnFoQHq+XXrK8jsvbh/sb4t5eDkiSBQCWWriJSctZ6aAAkKvBIULlnBkXCXC32Fzp4DdBiLFHUdj1c59HTMeUcPtOfK3/HhsI9Ms+o9Bnc61jrCtMyjJhtJi+/tDE0m0XW3rB3P/xUA2JHjOdwghJh4mdjabuNVqZtBiCeMOMF1oFFdfiRKEeU3sTYKg7wGO+QFe6SZtnHl0cGBV/74IJqzuck8RlfMGpqsYTTymnUlRdd0TKfjCA0zX9VDlYzaN6xL6dSm55CHkQ9H4Qj9d+gF4Q9MR53nq7/owjoIpljiht4Mn8uxaPXmadiUX1HWAwnbm+IX6Cti1snofKiHKCk9X43t+q8Lh0Pz71Z2NoabzEZ1agzbaMwNj3R8IcSUEb9D2swrvmBU12GvsigCKTMt9xq/wlchpAg5StcfMV0EQu3fAENUVuNLFHk1PAdm9vq9OF6bvgCNCsznmyCQgSiHY+knmYdjIUTu7PEpkjkupXaCi6vrsBCo1xUoOayKHo3C1PR2XDqUJRtCH2wecezwVSH/A0JdeqMZG1yPx1wPb1JLkor96Zj7U/afcIwSesrzQRGp6GqpKeEK5S+XLSKch5exg/2bDL7ORmHrObRao9l1c+nD6+E3XgOe8a/eFXWTpIo6RDzH2qy26IBOW8USyrW4pKqbIiY44hKnOjM+Jfl6QFW5P6YVAH2Ple/6ex+QQzM0zf4brc3/0QvCOK1AwwBtnpJBEEzyMl/nBX3kcwVuyqStLO3MXq3uRQdaU7LUkbdoBholB6aQQNUouFwAQjHp1PP/z3Ijrr1f7u9IfHCtssMObDo2o+bJuXDkeGfQlbuVnQ/OK8NFkInmUBvUZX8bLZpSYAarxEgheI19DlfE+eaYiuQAYPAplYMXNAa7q8xbyUhOhUz0eDK8HW/Z5szV6wKvW2w5k5+XjivRr6bt/QxznFsVLMQuW2lhaiSB9glUvJCz16XjPSjHrGieSjnLVbLf0Wi4yhS/MTJNLpzbWsZgTmSUZNFOkjE4Kct3s9SW+6PQi2u8NrCWE9RkHTfqTcnY+y70FUddZyJZqvxUeopoA4GrK18oHzsrJRgtmAySqrBvnZCzcKR07aCTcW8dcCFvoLSQwgDoaK//oqsONtiOR73eNSPf4pkiCPLiaAL+sVJ++/23UQbYKxdbgd49i9YzH/v38znbDmYFLkv5DhQLmdz5Dr8sE1C60tXfReoUv8QPSgMx1zivrfrguct+5VcnrlOlUguvGvAPi2MbgSBPQIN36FF1BhRGq1WGhG9Rqb43/hGWIV1dkOatAXtwdpgJ5PhPbLZwNJH1pxHzTJBCALnCUR43b+6M3S9Oc4mu2Fi3y/RfqCfXa8I1b2J8Pv1yoizC2Mv409bkeT3MGEBSdxfoTYDNNDmtMmeloejcM55YxgIjHdmhK/RgI/mE+fB9LmJN2wxW4BZO5srNJKL3n5D3WYaIDRGY6o096KKQ8uSddZB6aKF93d2RQCG3jg0+5CwWt0APvSEkdggypNtva81GOomQq+WmehGsfODR3ntu62GyyZAOlB4Hpnos5tIaMckKaco6MvdpX3YDbFNqTKzsBkWZmvXNUn3Ci9AIqGgJEdXdt7GhFFMf1KZQ31+EunXSq80eeFzlvhUHOD5tKplNhtSdHsj159tY6+GpmZXOhhewbJUfF8ZmBzv9IE7j4HwNYqHeDzXJuBFZQKOjz07lY3pM4Rw9YfGaewym93q0lcUJkuD+MFIWWvRZKnYCeZP/5ou9p1FdTdLsz6UicO5Y1skl5xXh7P0HS1rFEixwTYnXdapC39d1rtnNT7Wlyz/0iryFjiGBgMd4sW1JZwZuopzOWWtikQzHeg0rxtUO/LZrhDPjn2SPz/NW8WqF9DFGJuJhHr/O1+Z/4JPnRU+YCf46F7y8GC87uRw8SHynbYy/p90oLz2EPsihTCmOGolkLpzolaSF+MYUEpMwCQBtMM/chOQeso36mfYdylpckxKFCnq4MPBocmjs77bcvYoXkYua+FBroZdDKkTVAVl6iYbmSOMcv1aMmVNuf3Ty+PvMN63ZX6A9GjBEcOfu4H/Gnsn+QEK5uSqXVu0gabZZT6oFSLw68aYpR6iQdiNgj/FW31EbKFzkWjZcON+fWIg8X6gWn5Y+K7zOjp7owFfQ1iObIds4IZeOoxfO8/Te3OHJD1A32CDFKlMHjnE1sLZi10Iwh8onwwMwPsLv02SEf39s9uyQCk1MNgfgUxBJAvL1yxfPfuLz5vwdJqdSihK0yWj07NRxS333fdyPDrlyIf+VOHkGMWPzEtwBhp2PVnDejwBLDcVZKEg8ABnusctDxtZpyr8Fu6I908nXOOy35swNJ4Ns7kOXxEaar5QsG/0YyarmLDk2oki2syv4a2fjJl+XXLu9CfvEHVUEeGUas4HDtGmT+8duaoHhCCmmu/CigJnGRMkF9jJEhO8CXwUpwJyTkHX7P5QmyzCBK4UroC8w5usiHgT7+2EfmZrFubJCZjtbd6vxANCCEvPk4AhAxgvWxpGIa08cwwxtqz+9GwpJKgrb7k5ivAkk2AUkmaSl1XDgmdVY/uLLWsawBykRMsfR024CnVJtzTZQKt0OqjH2z8+hoqCMrzIvvrRqUaulnzSzOS2SJh+RJiPDxDjmgxDwdVkMu9iU6juWzMu2wQ5zOD5Np20sJtZgUd4fciwFN7xUu4IF00ISyVPFVTK1uqbxzC5lDaTyx1C/Hw7qLG60Mne3AGGVYOhnD3q0BRXdwz588EyAwmwpZannQMnjcIB5nkQXlCK142I7WDLPwAKdKVbYSQa87YzRnRgJeTt/yWOfCJuVe6lse1ZFP5k9ZOtnDqKbuB/NEfNv67JpO8IDfy9bQBtsiWF/jDf2+GBRvDhXiYGW1SfFD1DI2Rhepp+rO/nkxelgKLrZTWZSyjCyOv3CfxfZhVtvAJNS3XIQyVs6hcPeSWXBrgUeI4fmbGrAt75ttt8LaNYz+fpEvdFscRA24Q6dWO8geFhQS+A5+aR1j+iCMkVLynW2O9FAHqe2585UtwMF8NLpnCr2ZVIg5NN/seIAdRBgJv4F/GjX1J3d3NO3ZdCJpf1XtU1Dx4QvdvlTkr659MHZWibRKnfMBuIi1D90bYadRmACX1bJYOWfUWzNYohlu+YIr6fJrEP4vD2FV17lJEpb+iNxgHVSIzKhnz5SG3L3axCUq2ke9Ayzum1cccm8fQSllFAnnvXJb8cz15QW4L5yOONm9fOx3k4TyusoDjPBlWVe3uM3iasZc7lzr5AgFBDBaA15WRVlimMiwBuWIjw2BRcGVhL8q4Wu7RDDVzW8NGo2aaVoEDXdE1C1MRLZIHldRZwAkZTOg6nLluaDGqytI9YlSyuOS1EZmJ/6zkXd5ntgpvHZGCmv+wPqFQ4uCICMHJqKIBWWM1IGUEN5Pvlfmzi8ieFbqXXCyupVljFNKb5NBQyMUZwcudScX8Eit29w/0rXuzLWq6y84oREmcgz7/6ufIvVPUNOLviXTUOkkSXVqASIMEvKoV0ABC3a7t51freF/mLyAt/Yy+CmONxnmPAuho9JfDLnk4BsBmAvAvHYVsZxYxmzzk/t9733Leo0m5KdxYS+Z9xdewMMc0PnyJssEHdk4hdcdcHbQ1mzuF4d0k1AX3JUW6uhfcSfldZKg/qnR8Q+ADy2DoW78TDiB7QJa+vuPB9is+y1Z/0LsCqiiOltvAWOsRSXeDwmFVtdDlKUtHtdZo4DQgNJGmsz2u2nGX125/Cs/EQukTnLxhy6rJ7pCDWnhKqo1gjHwSXWEoTBDSxz6zwY/vq2T8eQL/Qa32U5VhMjnm/9Ym0ZxeKWhpuyzaNp3UyiH4ILSspShGTNBPqRYixl9f7xjNh/cniF8y+go3QM/0hYbobyZZ269hSLAaGCwrhDMyNMHkJWXlD2cz7/4QHgVgxDvvTztfKh+segoj1qVZeqIPA1Mwjp8MYUAyJUnUEOFWcZ/ZyMFfVcUmnDrNWoE5iJx5ScaqUIroVTgMRtXc971POEYS1kOCMhn57M5e3iNNYfP2k+YTNR95/cgTk7XUs0HZX1Z6q+Kk329qWXoraLUcr4H1JhsuLR7+WbkXieaCj9CQdGk4dXuxlrJJI0Vajn4hM4fJtAPy5baxJULWYaFTbuwsduCH1hmL6aulKcjxjYDYiRO5Wpohbd7vO1mTaU+Ags7NfVenIFtwBD9JUGi8m72DWy9rAcTbStIle/x/xYBWYZsN+A9RG8ru97JJY90adHvJZeTTkPfs/9WwP+YCZw7zT7p0k76ZwzC8ZMf61B5ja2XrKJjER0B/5ifgNbWcZmGQVurbJL0qX+3t7J/UvTCax705ngXGu4hwl/TOFyLPgSD8fkCx97mH0lUSna81am4ohY87rVeNvH2BQmyVavqKv0wlJdEXRhLxxLJpUHyqnVsktj0epFGRPMmG70skXDrbW8yxBgToqVlism95gc/CFMyZJWDAd/hckme0INLxOBLC1KMpTopBaZB6QdP87E0OW1KYZdY3ZFrJ4UPc/WFo5XwIUSq3qz5i4NI9w+K213vN4o2R49X3cBveAiOMCPkXnr5oAONdqHS33244JvsdK4+tUO6w2GJo1egoVLgRSNBPzmcvJya1D2wxnbH0FWXhhPOX/HavOV35XZnKwols5Xl8nq1027aOUqZSXyKn5fWYADZMkariSmYMEdWL0rcaIKV9qn9a2RMccfBFGGFeMGF9MzQnkssMUSaA5sChfpSwhtb5bk1/xdLXKlD+0qoE6Dt2RBuNYd4NlpcZ4WXU//4+p7YvaQA5BksUQ4Ag1wBtFLnf5Bmi3k3ZEhyKHw388FbToMK9KTU7IvyT/Aqem6qYn2L/pJSELNPovmTJr4KAT8wW1ZdLpC1hsFfCUhUYn5954Gk9HqRmbBtszeJqeR5sU1QCbnx93Gg73ytEwXNEDXK6QuYElpwmk8Cezw+hHJcC7vco1hWadHeiKfyNaBNCZEsuIASjuFx0hOJvT63kuxBrp5FdZTxcz7EaayrAwRxcItO0mE+VjSu80HUWnNCtBb8pUhuawgUppOg6h36Y1BzHe0TyseEYNDqcowCnIeq8lkTfJv9xCUrqgJT9cmsJ77Vv6bSZSLP/d3y7JFZtdmCLwFSMoQadJV92Mtg8TqNLKhjAbcfs8SFOYMOHfeHrkufmbZNMIscKzC70z+1ANT/QmmmF4i0yERsBVdEh50+EyS4zUykFvSRE2pUh3s/lSqS9n+csHG74A4ChQG79+o8SXReCnIsCdNOm/0gPGzZrMPQC3hSnRLmy77JZdxxqbCE6xzJQ/iQqV3X8ABXBWGsxXwRyimfNtnY204kxAwpQDVvS8GNuppdjZaW6QnClsPyEOKdrL0ZdUzgY/4Q/B4sDhNIBxiGfSFktjRi07Gsisv7hA9ooGHUMPBbKIRb/2AaLOfJ/HaEmBca0U/StQLnkApBB3df9vVEPrUnzGfJvIdr0YeL+KoUsC2W76YX9m5HEvAxt/iUjD454TATG/8RMTk7Z2SQLFElwiVjOliQZY/F0qtDsI8Rh0+b9OXwTGGysMozDOtKcg0AZxb4ya2JPiGJw89yN7ELOXwFwPCgthX38iT6V5qzCrH/8hqON7UwMXq2X8rvRMouwG0/DccvefO4UjBSdb9VzSQsiX0vxBZMOjYW/06QWzK9AAWHg4NVUkStSI/mjfJxyVjTw3mQ1INzNOfoHTARBUhVWIpBUkabza4sle5KBPsThU9U5eiTDGI5BbhmkxJrOYWDCYg2uIRiPpFp3d0Emq98DNXa7RDzxWIi7QBbajdZ8eLDRCdZzWI2H911VrpRBFiTExhXu/pu6VlrF1XdXrF15OHV3N0ughB2LRe7PES/j9B1XQZ1BL8HvLuWkeMNgKb376UXB6FlW6G839iw7v7IDmqHJZNkjKR6vaySD6+9aYieockkJ1Sr9xMC86by4G7Wcunn2t7P2uxUd45+IJYuSfzxb+byM5RCJdy1ukVXU8LmDhZ+zAxg/BQ4bGOnnHp+aspEFB5HF2RYwShvacjXyGuiYTwRGkaDMlo8vP9nadOLT3LZSOgzEEhsq3WSVsZ/2rNigRslt9Pk+3X1RcW7/7FHIHny1zZKQkXRINZLLp3Tg1Wl7gfDAr7NPxeYyV9vLGvJ0ym/t0JUToLl60JeF/WwUmXDwCLraWdRHaSItzVEuzx8CRKKfox7R/cce5oUrkRVmM3xMx1KpU/pjrfUjyyamKfLPDE2mxl6ge+a/2kmFl7//1NikNNURfRQ7KpDVx+sx/tuQobZY9iLvEftPG3LLJZhiEmPcOp/S94zIuLuInqh8QxH5YxeN/w7PpYT+4Zq8CUXuNKA86OT7Y2DpH7T4YzJdd2VBAFEboDPPpFQzmfvswhpXjKgp4KfMB+M0QwxDUZvexkU9+KBtu3fjJtl0L+Ip8HmN+fOfEzZ3ovGiuJA1AlKmjDleOzf0zLklM6Om5fE+J3iVFCFfhoC3JyImAN/Y2+pzy8LuLZ3ctA9Q4Z4VxH49ksPwo9beN9U+ODZLXHSgnc0zYyogGxpsP0BXYZNacR+wNC5CJoTyaUoCM3e0hl0YuPMEiX4u3cE4wU/Tl9SIIE5seFHAcP94SUZU0Q7cEJkdKKCU+aZxkH6t0ZmTq4gMsNIdBv/ajZ3mAS0JuGGzaYayG/5DvHYWalAwGT59GIxv3Lnh2vrlrsayaVSt7DcyVkj4bpM3vM/SOt/JPj1qGcl3z9YB16q62WCrcFUBVbpZxRbzSXdadSQ7dayKVh5g37igSMHBttPYkRe59k5Dno++RlNGvhlj0H9gK7l2HKzG5zPrlnotFGOPGb0/iZ34XxrNfTyS8xmC06pg7iNoTVe72s7DfPkuBuhmP4AaX0/yTZw9qjF5fqdq4FUoo2sC29KbDVh189JX9RTomVKIfV0FziJaAdEnccHIS+SEBbhHzi9aB1isP6CFfdykjCm0enaT8E/27eMin6nIeY/CZcxd/fYQRHML8RpQqmQK9w3PE5tBrf2kuRUdDAn6dAVTgHPyleYXtRrCT4uLbOPRyrFFGPPdIi05qHVqg0ZOdPxs6JjWv4CNEUS6jOkP3082rEbl8OfXniZpTCLCoo/Nx4fKhzb4Jwkel/WUPKjPJulU4xe/eGHTUJ13hyedJTyi+gq8+oGSkvJr183YfqYpsvR2onTu5YHiZ6m5R+KpSztocgpEvuXGO0dKqecRt2wNaP5FTQPgqu6ytiPd6OQpyxIfLkpzgG2hM9eorqVxCKIzyIR+EJAORs53lKKa99SOwvd1aH2zKSRbvoscyJQZfKYXpRHkx/1ABooEF7A6UtETiEVRxUf1KvZHYixI2fCgrKd9NwCAeHrtzxr7SnkoPiU5hdfbiPEgcUrT0SipX+q+2U8fB8i4upxAW1abYWOoDUleZdvwYAxH0ahJepfmRxnW85Davfiwypa97kVr7U6/uPNsMgytVhy+Pn6QPXt43FqpnYp95WDa9HkPTmNGsbA/MNeq9U+dIMM+CI2dgAlXyAY8qSOvNqIPnk+Eu6WJXibSEWWaL5eOZ30PfphzSsDIcuBOtEma+PZPHTB+k7B+oFdKsNtc0poKOPCtoV1rAANkjWKwUDJqvRZYIZnNWhcqPwJllxga7JRb57mLUVMjtWFSZYkavmyOlwOQCsFn4aVSgshYIFP8g/z5d7YlWkakyHvSBYuZleD7pyEYJn8NSLeoD+1W3sVJbYDpovGtKhcfzXrwNiNAmEIMESKZu+so5q6HSOAAQitoOddUnBz6gVaaZDNV1z1/Ao1kBnb+7SiwABzoqYNzYYcHwnIQLc64PVXtbXMGWzfV98Ydc47zNFiLNVTK8PC6E4TLBX5lb1vdMEU0RrBBKYQ3dUpiPfpRCJJRkXxc4ivSTL2NdLWWyD0O5BkdEoUSEc8uuLIdEbaaVJRUoStZKMzHmnfqfJfWcJXwlEVLczJG7OM8dfE7a32T+tw7JfsF3sDUNdWBBl8IKe4FQecxyGYlqd3z4mIOJQLvY1YLZoOA3PGxzTHQqcIvMQQFH1o5lLeV2lChIzgbGVP+o1241wUHfORAO5iEJXdzGvnZC/q+UQuZDsJ5+io4+b5vfuJI0yoI3hfOAF+EpgBtKEeJn3S550i+HeIgfR/iKfpQBngXKwwnyUgCaUyOW48ajnB0R1RjWLObGOawkH0xws7ZDAOsAwe0qP,iv:2nERBpuvQQn/yrHtuG6JUbDENeYTHyYpOsfFOBQJ4qI=,tag:wDUiAP/Zlnmg8yZ8IJV/tg==,type:str]
- tls.key: ENC[AES256_GCM,data:vAE7SFb8RfU114mXztJBuFdmp8YveEG54ZKXTOpX7E5yusabzSPnutPm2SmdmOMLW9z02sXqw66CbdPWrdgzFwVoy++C3vw97dxQn5e9ILYf3FAGdLSNOQD2GG0N5zLZeAXRwmjq0dIc34AL/w8C2qBerPefwDF6hHXzZulw3y+HU5wdEfpNG3RLnanYiEWs7/lUhIlYKrq5C8AUEX6kC6xt3Xj49p0eif4X0A7y7Fbb218Va/EGiUfIkIaECAQQ6WEKsp6zJ+BAXUd1lpm6Trp7i+s/3oUBJfZefQ2CW2M9cddQZMmY9Ypf21g5YIbgZG8wRDFTDeXyeRXnQEvVCSw/nqKBqhGk17R2Mjx0+onGY1L+5eTdKd9nC0SIVamRYac038/oak1YVRrpisQt5Lslw/RRy+Tc7GaKw+EhqAYSi1vHVyNIwotpPyIQEftDBW0mvMmAHorl9c8PTTLtEl9YiGpDAP0Nla8IF8AxEXmYVWDQgZ91GYMfDu5vD8Nlze1hgs/JL9q1IieBwfI2FUnho9Tt3OmjYMtN1JgVuCykouWLzbByIdeAy/7sdqCji9FS1yQEFcMXnAX3uixWqXcRgXaBoSW3pCURo7ou1ykrew7jTY5+mQ54FEk8rTF5YUeKMQcqUwCvw8CzsT4+WUh70AiMJJT3rQl9jNUWCWa5cqJNdFYnhmW4AfqYIPuUWTpRGhnqagg5xcsHzQAUpkNp+tf56rnB4v8a21tPMxMbfCR52zvss8EWehSTXnKJ90dPAaJpoE2Jy9j4pO0Ss056aUFMoCRRaxNF78dFDLcVIE9jvdosrAQ+SAnXkqSVzRUFv6P2Slf7RkOPY7wT1BaAQPlafwhiNAoGfuvTJxWfxKQox29Ah/Ce0ZBIz19f0F7wI76dg7T//gaIom9bVUEAJnWDP6U+t3CEMQZhuZPckE+Ce5vN1pecLOF3wGYySKwk7B49oStcWMz9oLG5vusSuIy83yejSo0BRD2VyWA33pGts6Ui+8w0w6fQwLsbu+DQf1DskLgA9NkAYLBF32adotTEjMr+OZUQbZr6Z6uD29Uq4pIReQfLTZ2FBW9JAY4PgsZyh0zR3qAuPoH1vbYAbCWpbt70rh6RzAnaic+86abbjaUf70re+SewMjYK2tkBAMGhqDAi07yeyNH+U599UD6uusL5AxiG5gbyAGICdyK8Goe9SuuwPeyji0KbpLYMiXcyH4gi4gPTNNtNVU7+8u1DLdsQLaBZc4In+YBBdZ3TN/Cedqn633mOQwIWgopW8b/JOCxNbgBudyuVxVNVhmGmq3O1RMgwgz7bX6P6hgciSKPi1QVI151vIQGggfhG+MEFKnFS/ed6cnZmNLHSeFPxzQ6Psai/gD04sF1Dk8mYHlEMiMcTGTFMUl+tXzyNzyEOLjne4LI10cG0Qp3RaFxeL3rIqCeVPyNjB6XwsILRyfRTK3C8EVf1s1fkSWjOJ4N0mjCnp2shAnifD4g9+mGos8siJ+vrSp4OtDM/DJLLxyhkBDBo+pqhvWYqTQtFzty2cb+kNS36uxY970PkZj1mzE/Q6tN3mtm7HJaXnPvJilJlO4r5pP2wOId4w7jkFXeqiuKGb+jbgAhDsw0mFzFNAmLGjE4JG2g1HvlXY9WL2UL6pfaxL/RIL1gjXdp1bOnPQ755d0yF4ZBEa2cwkn2fwxZki1u1g8LSJ0x2j1TytfjjGHLsLCmR4rueEE8H9t8V1lNYpcPw13BQ+2Py5xgWi37ievdQ+qfrc3FBsDjHaUenx/cKa6vAdFO0pQlXmBLngsNPB39trI2849qffu/Slpnt7ERJ9e3bFRUFpNcaJo9QvIKFgr1q24Ro0QBNnvjalUobzSEZyT5N2wVdjJwNeajCun8y7EMN8XibPF/1rDmsgCmhJa86nfMTJGLAbfK7oKrW5bXuo4hHapJT8OhLQKdEyCFshwZEEGX7cDssAidKq7fnHfNv0OZYrwzo2muFfhMftS6kDVE9tny20w7ccfaCUxzvlIxw4wYgjsTkF3fAQPMYyFkdgjXpzImGQtG4wAr2tUybzL6VrxLTzHsR2yX0AOm3beRh0JngcjpsNOK3CXEdqIEHvSi3QzWEhqAGHZWlHgo/m78ps4iKL24678V3Gj5y9Hp5ppl3qSqykpqO42o8S+iD+kNVWKYQA8TG60FKzxWh/ZR7LK67M7e8+FvoHblb3NTheoB1qDCMOenMwkcwE4anNSnVa5NbGoOdGV+AoPwZ/m6SDm4zuNRBnbLq4OF2yXuFgQBfAQrbJXjQ9LCwUqV1vKy5MBKknDLHTUrtYVQvlnlgdmeF1wAXML5kDyhN6Lzy3MKz62+aY8oHWMpenJK2q4dkWQNJZ6rqhpu7cYT8EuqyMbKT/5hshU9yRp+6XE6nxjsTTOHpOltfBd9rdwVKNVRxuURlJle7yrqd259hqZqynuplOMD9uQ/i3i08IcBJXT4lNmu1ppR+4syrxXudEEpdN1Sq3YPSXJg1z9aMkSgPdLthZkTZdE/XEfYRT34GnPPgqVCLWvm4GujzqR/NMuuueAXlT5xWfHSJgaC+h8vNnIuujcsz99SScm/IygjT32SnsUxpaQZaDkn+ZNXsFMT4AVckGpRsmqjG3BelFClP44P9V1Bn60742figHwyQFRQSAMknm5LHnQGMe+Z3Xxu4RRk594L9Y2QnLBdHadFVr7/TMwn9wHTXR7qM+XAGPU9Pr0306dFddg+ddc0vigjHVpa4xiUe9ZxKO/s4GHwwKTUKFzHfcahDpbyTrJxuph4aChMDKg6xogAPSOTe4N6aMqBR1sqsRC3tWgi+7EEz0oOfbYQhAWbd7t7jOHBa8wZF+GPss6Q/7JXOww7qv6tgH9GO/OWS/0LxswaGJBDV+52K5GWL8l9v8dfdNLgTr0SNE9hqT7O5wPpXGGW6l00zcc+xXoj/AVJ3zOk6WWFRSPF9r3civz/UBWOQNHBn3anEyIirN9TPZB9Ui2WTjyYP5xZV2taPJrruV/DYZPrmbg==,iv:pJK1C8vD9h1uR/A7XDXmteggnQbqzKKGGZKobEjuDoc=,tag:KPEczC4w5qXryiFZ4vH24Q==,type:str]
-sops:
- kms: []
- gcp_kms: []
- azure_kv: []
- hc_vault: []
- lastmodified: '2021-09-28T14:45:31Z'
- mac: ENC[AES256_GCM,data:cBvRS91hbWbT2wKFSnpEjvReaMLKVmowRWqpxpoUNtcUUV6ZyCXQGWzifLhTLoTIB5KRgkfZQ5zATxnO9ZbJns5L222blJ9uZ+1r7W8Jv/elsVy/lp2gz9snu6YEj7LpwTtaIadoS0tCtdktl+gsIHtMMgaHBPALbGrVakywafA=,iv:KKiOZM41L0qySzjJdvBtHulzqq9nMRI/NkAAIJbLX84=,tag:2rYPRH+ZhbMilUrLEvVI2A==,type:str]
- pgp:
- - created_at: '2021-09-28T14:45:30Z'
- enc: |
- -----BEGIN PGP MESSAGE-----
-
- hQIMA93W3Fi3CqSYAQ/+Ipg151I46NXWKkxxN7slDwKGR2chYARgQOlRpayIK5PD
- FU37uNtPfTHQTBXaPYMwoToD/QDsiuLOcfhWYNM8qZjmYJLqrTPxMKg+cXxmAFIX
- 4EKYdXCX7+otaysRcXqCvrCQNylEEmMIMK7HJvon3l9gM7G19+JBGvIqqd7su8NM
- HWCTWTvz9Fp3tPZeQ6nNeu3AB9cgZEFTRgxxSQTWKPXf2nMtbmvSI998DzSnSkVx
- 5o3f8G755sb0UxMdtDy7I7pXexsSTMZQb5nn9KckFWFShjTPXCgoJuZsqb47f7cQ
- 4nUK40zHNqmZV2zW5ONdBMaEADr23E+jyG1IlxAhBqkPevoPEDVvM4WZ02rB8fWK
- CpveUFWVuBSDsXGx/z9Bg6nRfV2gzKTg2IbBBSiUJE08Iwtc6AzqXxRW8iqs3Caj
- xhDes01qRse1s9YMbplPPSnoKk/T8ueW3P37axW2kA9GoIZt+GdvE+ebY5MlDdxV
- X/8bWXxhL1M5S48yv+wAVjROq+h90b2F6J0+xwHky/nR847ZuUo4TCUkygdeX7Eo
- BXpo4McsFTIWExbaPgC7O5wWe1Sx4hhJtJkJXTuvdLUfyrBSdCCmcVaEss9ttkSO
- P8M0FVVxEQyPvobzMjgWsCPG0gVbevAJm2roX0Y+gKkKrAwRDzQtDExUt8r3by7S
- XAGKAL5v+t+5JriJCJP3Yks55gBBoflJU7RIqCGhIdtgJV51wunkszqY7We+dlCQ
- KMbPzKkeMaA79BOFf2Rbx5cIkFNulzJvSlLMZLi6OGAYISnZzmmEbrcReaeC
- =A/YK
- -----END PGP MESSAGE-----
- fp: 41BFF8BAF2586039F6293D835A2E820C25FE527C
- encrypted_regex: ^(data|stringData)$
- version: 3.6.1
diff --git a/tests/ci/shared-secrets.yaml b/tests/ci/shared-secrets.yaml
deleted file mode 100644
index 5151fd122af61e06259a836a4a1b78daccced649..0000000000000000000000000000000000000000
--- a/tests/ci/shared-secrets.yaml
+++ /dev/null
@@ -1,45 +0,0 @@
----
-# NOTE: This exists because we are using gpg as the encryption key. In a production setting, we recommend using a
-# more secure means of encryption, such as AWS KMS or Vault. See https://github.com/mozilla/sops for a full list
-# of support encryption backends.
-apiVersion: v1
-kind: Secret
-metadata:
- name: sops-gpg
- namespace: bigbang
-data:
- bigbang-dev.asc: LS0tLS1CRUdJTiBQR1AgUFJJVkFURSBLRVkgQkxPQ0stLS0tLQoKbFFjWUJGNm53WHdCRUFDNkJUNDNhNmRhMVBndXNlRUNnRW0wcVlUa3RaMWhVaGgvZVlKUzVXNFdCSDBiL1Q0VwpYVWlWcUNmWUw5ZkxmMFlzRmZoeCtOK3Q3cWNFclZ5V1QwS2lGcHVPTEwwdjUwYllvUkxQRFErRmFvSjFBOFBsCng0VU5CazVmbVR2emZaYUp1WmFrb2ZENDFnbExBV2s1SC9hUCtBNGE5cTMrc2g5clZhYWdnWGk0WEVuWDdOMGEKZmhhMllJNTd5dVBVT0dyL1VOSFdhTFh0YnZUVTA0QVpHZTMwbE1jSi96L2xGeEVjaGRPNGVySHJlWDFScmZ1UQpsYThPYkhzNjlNamkxT0ltcXM0OGNlVy9PYVdNRnVDVmJWM29GWG5sTC9XKytzelVyTGVyMmlWT0J4bUlJb0RFCjhUeC9VOXgweGQ4N04zWWkvOEF5eC9qbStaNlowSlVmYVNCNUZhNmJqOXAzQXp1NEY0TGs0MEh5Rm5QNmt1UEsKQ2Rseld5dHVaNVk1bmQ4eSs0Y3lNZ2dCcGQ1UnF2dVRWbndmdk5FOFczSEROYzhmdGVRbVNiSUFkeVMyV1VzZwp2NTFwZEk1OUt2RmlRNjFyZUZRL3NFSnVDTnJVd1lvMGZma0MxUm1PT2t3TzYvSUVSUHpucFRHd3V4SFJocTBkCk1abHMxdDlBYUo4Z3pBZ0hwMVNDcGpWNWh1NDN5Z2YxUXNLazVTT1JVeFJwOFEzdnpWa2VJNFp2bGhPaS9CUkMKU09vRWNHS1R0SjhkOFQ1WnNraVRsc0ZrYmppdjd0Mld0YXE4QzJkV1YzWTNnT0ZmYStORXhZbHNhNENhZ3hocwpOdjlwNldUTm1ZanRJOVpOM0FMZDJ3alk2c3hjZGJyZ2MrVGlRNWNPbVJOMjNNUG00aGlzdkZFbCtRQVJBUUFCCkFBLy9SYlNkUWNzM1pSUVZBL3BuNUxZSjZJYjFZM2FpeU1zb251djdaL0ROTmJiczRzWWNzK2kwd0UvSXpudnYKRXpSWUtVRDZYa3J5Rm8wdFROVmhzbmwwOEtRa0dqeXRqL3ZNVW5UWlJYa1JiZDhoajVPZm5zVUxHSHhhZGZ4SAp1TkJBenM4YW9ncUU3OW5VbGFTcnQxcEEzR1lKY3hVbzBoNFJJL2x1ZlFySEg5NkZWVUpQQUJScmtsL1FSSmNjCmxIT250SkNtY1ArLzNIOE5nNHJWbjVKVjFxYkJodjk5QSsyRzNmZFFCUHNGSE1YanJlM1NMTFhLYVU5QlJqQmYKN28velJxWU9yaHZJQ2NZaVFNSjUyY1Nud2NYNmJXVnhZdVU4U0IySW5mOGFwNGlGaXJ2VElQbDh3QUcreElzNQpRVWxoSFhCVXB6TEVGRmxKa3ozVUEzY3pVVWZsQ2RPWEtnd3owb2M4ZGJXUDgxa3FhaUxGTStYdnlDNGE1VldHCjE4SzZ0a1Zwc1RSQ2RyZTZoWmxucWczWnB5ZE52bURjQ3ZyVVA5RkF0VjhLbXJmbThDWStzR3ZmYlp2Sm1IMWoKR0dHd2pQd1Ftb3J6YkFaR1hnQXVEcEdMdlJPNXRwMjBBQXlOU0dqZnFDck5JcnQyUnRFdlNMN0VvMXhXSks0Vwo1T3pwV3lYUVBORUl6dWFBZVhCUmpZZExMQlZIRlU4VEoxcmlTbTZKdmNoUENqVytkbE9PNVIyRERaa3QvVkpnCk1zaFJOcWJYd1RXTmRpTW42Wnd4bXR0eGpuckZNS3AzZmVDZXREdDFpYVVZUmFuWVFHUFcybE9yU1hCK0ExMXYKV29ya1Y1TzUvTDNuUWI3MmN2SWJaNWNyeDREemlWVG5TSzJqcndxZTZYVU1OUGtJQU1UOXdCU0JjQ3RWY2RObwpMcURHUzR6VFk2YUJIcm1CVzdTQ0RyRlA2MzhvZTF1ak8vdXhMU3kwdUs5d1R4Tm1VSjVHcXF3aW1UdEhmcDNaCkhzdmlTelJyZXBXMHQxbDBDaWw3dEFyU1hkVWttam5EeDBZUFk0Y09rNlY1SUNWWTBKbU85dzZKZ2tHYnpjSGMKdGpNSFIvdy8xbW9ub3BwMmx3eWpvU0ExeHRTZjRpS2dnc2EvZW5JMnh3aXFQOXdNR0cwSE83ZWRvRVd1djdiMApWZ2Y4ZkQ4Ylc3R24xQ3VjQUROT1orQXFOcVVOSUdIWHZDOHBlNlpkaUY2YlZpQ3JJdG1aNkZjbzlpMVBMaXlUClpHTWFWZ1NqY1JyVm9zVlBDRjBwWXRIaWVlZWNsK0wvUkZ3UUdFMkl3Q1VvdGJHUVNlS2tsUFlzdWJtK1FvbCsKRTZKMlE5c0lBUEcrTkErYzJkdlNCZHFKbmQzWnNHaUFXQkxHVERZa0NENjlyNjdQR2F0YWZsVFFwa2Q2N2ZnWQp3a2pSRFhURlBWWDlQVjNrRzZyYXZ2Uk5sNlFzVEpocU4zcEx4RXNLQlhiOUpGUHZMQlBmLzhyNzVacUczUFM3CmJUZzJNL3BJV3NTU0xRUVVJZlRiVE9ib0RzL0lmUFpaczlDVytMbFFPSjkvbVZGVzA4bHV4cHAwWWtQWjBmakQKM2VrTkxBcXpiWXZIbENiRkFkc2p3Vzl2cnFGTGdPb1haNXNZVEl0Q0x3OG5VMnJudWJ6eENySTNiSUFRQ3N5VwprMVF1YWc5UUdINGg5Sy9OdmRWSTlwUGdXSWRHTjJJUjBxZkF0Zkg1ZHZZcmFDaWhZbGhuVFVVekM4OWRLYlczCnJQemhpbks4cjIzODBDZElsZTZLMWl2TS9RSUhUN3NIL2lteUVEM3JDSW96dzhHMWE2eWJUekVGdUxIaWdCUUgKUzFVRFlaYUd4c0NJaS9YaUFYSjJKb3lvU2tGNzlWNGJtSU8rOG9qT2V2OUF1WlNVNTRYSlNqRkl6THF1L0JBSwptYlZpQUdjS1VrQVVyOXZGOUg0TGpmb0hWTEhKQ3NaY056bG9samVDTHlyUlUvMkRLeWZwUGJ2Nm54Y29xTnVUCnZUaGlaUm1EaDQzT0gvQnFTQkIvQ3luWDd5TmJEdnNRSTdMdUwwSmpmQTE1dTVEZEVibGM1c09VNjR0TEFIU24KWDM0UXB3bkxHbU1Ca0hPOTRnUWFMWmlGUkdENjBCK0VUeWRoeFM4Sm50SVdDeWZ5bXVPK3hFTldUNWxsbWxYTApNVktBcWJlTUQ2TFY5SE5ySWxGOW5oMHNkM2tqUkNlRndNanE2dGJhZmxvMk02b3QvUWRnZlhCNkdyUTdZbWxuClltRnVaeTFrWlhZZ0tGTm9ZWEpsWkNCRVJWWkZURTlRVFVWT1ZDQlBUa3haSUd0bGVTa2dQR0pwWjJKaGJtZEEKWkhOdmNDNXBiejZKQWs0RUV3RUlBRGdXSVFSQnYvaTY4bGhnT2ZZcFBZTmFMb0lNSmY1U2ZBVUNYcWZCZkFJYgpBd1VMQ1FnSEFnWVZDZ2tJQ3dJRUZnSURBUUllQVFJWGdBQUtDUkJhTG9JTUpmNVNmRWtWRC85a25IejluMzRGCnRkRlhLbmYvQXJ0dlhWZDNKTXl4UjE0dWNMTjNWN0FPSldQelMzNjduRmswdXNUdDFDbjRGYkRKd0t3dzFnSmkKUjBIMW9ndU41SnFuakI3aStVelpSQjFoVngxRk10SnZFcmlaUjR0MTZ2cENRd3p0eS9Sa1dmVzNyazkxOW9mawpzOVkzNlVIZFpvZjM1Y2F6UmpKeWJYaGgydFpkb0NHeHArU1htYzEwcTJYVG1CSzRZTnU4aU9jbkptZ0tLeGt1CklXVXQ2YkFUK0hkZnNVdjJINS92aUpkT1JqWjQ2RDBacDJLZGV4cld6M0xja0dBWEt1R25LeVNUSWU4cXlkRTcKbGpYbGh1ZHdjdWtKZmI2Q2l5NmVJdmdlQWxramRlVEhCN1NIK1A4QTUyYThzTUZ5U3FGY0lXVE1Tdi94WHFTbApqYzRGMHcvQ0ZGeXMwaHpnN3RxSEF6VmxVQUNyd3BhLzZnci9wZU1VVUNJdjlUQmZkNENIVS9WZHdwa3dJQmN0CmRwYkwxMlFBMGgwR0NsSHhHaDNJaG1wMnVGVkVickVhYXkrQ2ExQWxLTWdiaDBKZ0ZCSnpHV0owY3NpRHdYZkYKcVN4R1dVcmFwa0Q5WktpY1o1dm8vbGNLaWRmMGpSemxueFlpdnhiOFY1RzExWksycUNzMmtUZjA3U3lFcW1LOApmNTcrci9kNk0vdlRaSG01VUF1Z0pHb0ZkemJrb1E4cHhpdzhwck1INUpVd3JHUko0MHdIK2djSWxqWmFZVENiCmljZmJmcldueStwY3p6aDdndThacmRBdTZOejJPdVYxSUZjZ25GQzZrb01YQlU2RnFsVitlVkdaMjdjYzk5RmMKM0ZoYWNCd2NjTFlKUlJMditLOXhIdlNxMGlzMGdnWHRpSjBIR0FSZXA4RjhBUkFBcVlLSHpDWlVkK0lSaEdrRgpGQ3ZxR3JRL1g5SUt2WlA5b2FTT1BES3c2cUo5VHluMEppZE53RWxxZjRPZ0xjdzgwLzE4c2pBNklGeVZvL1hvClB6Zi9qaHFhNmRBdUpMREhpczZWOEZLMjNVTlZxOG56YjdSZ2JEU1hjU3JkSmRBd2dwVlRHaUJJUWlUa1dlbmkKcE9IbkpqNEVlWjRoUjFvNUw1R2RvVHlhWHp1UGxwZVErcXRKVjJERXdJTmF3bk9zVGYzVWhaaHRHbUc5NlB4bApkbmdnNjFxTXNYaHpYcXJoaVJLZHNBQmYrOTlvUkZzUU41akh4TjVGVnpPSGJXZnZFcXJWKzgrQ1UvMXF6UFRJCmtNVm1NTEt2WkgvS1hsKzFRd05acTlScnRSRk83dGxaS2FBelIrOHEvTTBOTTQyL0xiVjVFTVZBenV1eDdOVE0Kc3hERFFrRndDL0g3d2EyTDNzNVh2T3ZpVjJGZmIvMWhVcDFEa1BPeHM3OHhqV3NTcEJ0QmdvcERvR05sTGU0VgpoYVhFVWdRYjRYdmZSdERsYVZseDd5dVllUHVzN21lQ3dqODhwUVJsMlRnTGhDM1NRV1c0YXJMSHVGUFIzY2NDCkIzbG1iQjFGMnEzNlhENi81RU9zV1NWN1NJSklRanZlMCsvaXMzS0dhUTNwL3Vvam90V3hEeUVjdm5jWGs4bmUKZ0pBQXZaK05oWmR6My9KRTJKVHhDWDdud3RGMXljZkdWYWM2aGNFVUpIbDlZdUhZVVF1UFZwSWZBUHUyemR0ZApWa1EyZG83bkxGS0s0NDROajVxNzhOTyt0THA4dCt3WTFPQXdYaGUxaUZjMitHSnlWdkQwQlkrZWV3MnhocEI2Cm1GUEJZc2dzTE9HbDU0anZpOVlNV1dzVW1tVUFFUUVBQVFBUC9BbmpXbWFYU2RBZ2VPTWZlVE5mQ0czOFc4SU0KTDZJMWN0TXVGVG4vdndCQThFeGc1eVFlb05ONXRPT3hXdk93K1U5b2R4Q3g3WUlieElMbkFtQkZ0UHVtSTZsRwpBcHNUVU9DUkFvQWRZeHR2SlIwN1Q1OFJoNXBvU3ZsSUJkU0IyNEtTa1dGeHhxVk5INkQ3R3NTQmhRbGZEc1hGCmFxMk4zczRla1hKcFpadnVqb2E3V3JLMHNUZU9wb3VRWGdmLzFXcExSMDF2d2RXTEpCZm1PVWo2NHZpM3RJTloKd21rZ1VMMjlQME9ZRWdGUVcvVzQxaTVZRkRjd3ZCekZIYjVORk00aTl3NlVZVWJpL29yc01KTDVZT2V3VkxqcApGM1gvNFVRQ2V3V2lBNUp4YXdoVjEzU3RLckNraS81cE83N3BJdURZdURJNVAzbVNtRE4zaW1WYnNmZ2dIMXJRCjNYOFNwYm5DVGtOOHNqLy8wOFhXTkV2SFpRZ2MyTFVSUjZEZ3ZVMXkzNkFCdW9wT3cydkRSSndDWG9obUlmUXgKbERnQVlvUUR5UHhvMnZ1UGszM1UycEd0R003d3ViUjd3U3M2OWZWdXQ0cnlra2FpaEgxNHRuQTI2V012RmdzMApROGI3aG56NTFWNUFGRW1tcEk4RGxUb0VXRkdjY1FwRnJrQzYrV0UzWEVuTFJUWGlnS1piRlZob2hXUndiSGxzCndsTmVoSGR5UWRJN1lsRU1MTlFQVEJnZFhCWHNoRitWeUJQai9vTm54TXJvdEovNGFoQklSdm04R2RCbG44amkKRVZiMnlMNUpDVWZhckUwTWdLVy9uVWJzRkN3eVFrQlVEYVIvdWhnWmhsYmJ2ZGFUZVBXcEkreHBJdTdKUmR3TgpPOHRMZzMyNk5RTnkxbUdoQ0FERTFUZHhTa25oS285RC9Xejh4UjF3MUlWRWllZGJMWjI2OXVpSmRxajFNcGs3ClkwTGt3aEx0YWdzRVZrbGMvU1d6VDRzaW9aQUpWb2JnQTVVQ2JJUXZVTldEZHF0M1FXWU1QcUgvUTByUUhZZmIKNzNndG1Wc2xaWFdHVFdJdXZ3UFExcjhtdTRmenEyRDk4MzlEMGdyM0VpdmlYWEFSaTMrRlNqakJLTHV5Y2J3cQpkZGoyNGFCVXdmTGY0RXgzUjNJekdoRUpsSFBpTVYwbjE5T0p4Mko1c0RwdkhiL05tdGVieUtVRXRmcFFSYlIzCjJ2dk1UOU00YlVxWm5Lc2xkYlpZZkRpZzl2SHl0TFFIZ29PVGRBQW10bkxDTW1jaTZoa0tBQm10WGs3aS9EV28KZGJaTTY5MUVicExZK0ZwRVhLWElTdkFuVEZaRnY3dGN0dm5QUyttcENBRGNkcjI0YzkyMDQ3cEhEYWRCc29IcgpkLzBqY0JpVVZFSS9DVWZESEF1Yjl4Q3dRS0FkM242MWFjcUs1djQxL2ZibXhaNS95TUhzQkxhR3diVk82YUtICnVCUEhTeERZQlNkdDl3NGtnLzFid0ZtYUR3TmpKaDBjaVRPOWRzYlJFMWgyckNpUXdXUUs5d1AwTkhXYmxPYlUKeWlwdDJKcFdsWHRDS3U1dFE0dVc2THNwQlc0S3NPVThGRmxaSy9rdGtBeEtLL0xsNFFWSThGUTBTN3cwYjlVcApHMUx2NnZ3MDBHa1EvRFRxZEtuOG5xTmphUzAwVkdQZHpXSW5mRjJCT0F1M3RoNFhXTkF2Rmx2VEFKVVk2RGlrClJJdTVxeEE4S2NyQUFHUkRoMVQzTi8vMkNFdUJWQnd4RmVCOTRhRENmekdpc040OG1ueDd0OHpnenhHS0hmaGQKQi8wZnJ4Z0RneUpmc3U3MjRYYTJoUTh6WFVoNEdiYXY4YVdINmF5K1ZQVUw3bzhacmpXN09hQjVWNmVBdjBGUwpnM2YzM2JkekJSY0gxSHMxQVhWckpWS1B6Mk5UbVk3NEVSSkg3Qkp4T21xMDlTc1hGQ1JPeXZHaW8xSkoxVm9jCm8vbUR5SDVCWWFsbjY5UWU0UUdYTFJQMlF4NVR5OEtjY05EcEJWRG02YlhnTFhaK1NxUUZlZFVpdkswcEMzYUQKbFc2eUhManorWUhwWk1ydWxmR2JCa2dKMml6SDJkWTFEUWZDbjhTcGRReG5aNW5PRDNtYU0zSTJRdTVlM20rawp2NVN1SlJXQVkvZnBwUlY3WDRvK0p0NnpaSEViMmF6blRYQ3I0R2NySGsycytFdS9GV1FHVjBpbmtWTTQvci9vCno4Mlo0ZEZvekhzQWZtL3piTzJXbVZUZmZTMkpBallFR0FFSUFDQVdJUVJCdi9pNjhsaGdPZllwUFlOYUxvSU0KSmY1U2ZBVUNYcWZCZkFJYkRBQUtDUkJhTG9JTUpmNVNmQXBqRC85Mk9RTDdUbnBBemFSR05NMDFPMUtVTGFHVApkYWsvZkVwa2NUMTFrMWRKeDY3b1NrdmRvYWlSK1NMbWsvaHJJVmJ1MWxINzd3b1JYcmxpdHRCSmFkbExsbDFoCnFkSGd1RHdBQ0Q3QVZpMkZhdlRvTVNVSHF6L01NaFVkS3Jvd3lPdmVGbSsweCtSeFFoWTlId2lzbGRpZ1pyT2UKajNWdFZRR2NHSU5YYmFOdUdUSUNScU5nMXhDdmdzMm9EU0d0VE1DU2N1ZzNMTUVnaEpYUGVIZHdyVy9HcFJoMgo4WkxIbS9Qem1NMTRUUjhpV2pmWkVNMDZ0djZxaGc2NUVMNEVtNG5XUXdRbjgwbnFtNGMwWnk2RjlKd2tmbnYxCm1rVGJISnBUUDQ4SWlQNW12WGVtNHN5R0JhSFZ2RzlMdXpKZUxCV09qdUVQQUFBTCs2QzR2UkZhK29KL09PaU0Kb0xVbWVyMjg2ZDV6cWJwb05PVjI5RUMvYS9uc2ZBMTZNWHhXQmNTV0s5ZHlxekc3K1pjTEZSRHdkdmhkYzNrWgp3eXhOR0hocHROVHAwU3hkb2JBa0N5R3VFMVJTNWtuWUNjTTJ0dnZFVmxhUHNzbldoVlQ4OXMzYndVWnl6eU05CkllM0FuSTBZajNqVFZnRU9IaUdpMVpleFNNa3NTSEZzVG93Rk1TUXF0L0FJV25tL0tPZ1E3dkFLbjUxVFdaTW8KZ0lKakMxelMwZjlYalpiZzFTdWRUanF5TkJjRDc3cEVFZWxsUHZ2V2ZFd2VIeHY3UTBKamhKMFNBNTZsM0ZSRgpYZm0wSGY2a0lMSEV4MEVGbElkTXNPTFp6c3Y4UzRuRkdjN2RzTzBKdHdWTW5FWm9VN1J4M3BQQkpaZGx6akYvCnQzZ2xmTnNFSnI2YTdKQWltdz09Cj1mM1I0Ci0tLS0tRU5EIFBHUCBQUklWQVRFIEtFWSBCTE9DSy0tLS0tCg==
-
----
-apiVersion: source.toolkit.fluxcd.io/v1beta1
-kind: GitRepository
-metadata:
- name: secrets
- namespace: bigbang
-spec:
- interval: 1m0s
- # NOTE: We could use the same "bigbang" repository, but secrets are usually committed to a consumer owned repo,
- # so we are demonstrating that here with a new `GitRepository` resource pointed to the same repo
- url: https://repo1.dso.mil/platform-one/big-bang/bigbang.git
- ref:
- branch: master
----
-apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
-kind: Kustomization
-metadata:
- name: secrets
- namespace: bigbang
-spec:
- interval: 1m0s
- sourceRef:
- kind: GitRepository
- name: secrets
- namespace: bigbang
- # See the NOTE above
- # NOTE: This points to a folder _without_ a kustomization.yaml, flux generates the kustomization.yaml for us with resources comprised of all the files within the folder
- path: "./tests/ci/secrets"
- prune: true
- decryption:
- provider: sops
- secretRef:
- name: sops-gpg
\ No newline at end of file
diff --git a/tests/deploy/00_deploy_flux.sh b/tests/deploy/00_deploy_flux.sh
deleted file mode 100644
index 66376ae1192d2befd628a047ee5ed8d03ed4b716..0000000000000000000000000000000000000000
--- a/tests/deploy/00_deploy_flux.sh
+++ /dev/null
@@ -1,11 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-set -x
-
-# install flux with the dedicated helper script
-./scripts/install_flux.sh \
- --registry-username "${REGISTRY1_USER}" \
- --registry-password "${REGISTRY1_PASSWORD}" \
- --registry-email bigbang@bigbang.dev
diff --git a/tests/deploy/01_deploy_bigbang.sh b/tests/deploy/01_deploy_bigbang.sh
deleted file mode 100755
index 8d27158f53f9066a902d59d15306e26ad5d7331c..0000000000000000000000000000000000000000
--- a/tests/deploy/01_deploy_bigbang.sh
+++ /dev/null
@@ -1,60 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-set -x
-
-if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
- echo "🌌 all-packages label enabled, or on default branch or tag, enabling all addons"
- yq e ".addons.*.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
-else
- IFS=","
- for package in $CI_MERGE_REQUEST_LABELS; do
- if [ "$(yq e ".addons.${package}.enabled" $CI_VALUES_FILE 2>/dev/null)" == "false" ]; then
- echo "Identified \"$package\" from labels"
- yq e ".addons.${package}.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
- fi
- done
-fi
-
-# if keycloak enabled add ingress passthrough cert to addons.keycloak.ingress
-if [ "$(yq e ".addons.keycloak.enabled" "${CI_VALUES_FILE}")" == "true" ]; then
- yq eval-all 'select(fileIndex == 0) * select(filename == "tests/ci/keycloak-certs/keycloak-passthrough-values.yaml")' $CI_VALUES_FILE tests/ci/keycloak-certs/keycloak-passthrough-values.yaml > tmpfile && mv tmpfile $CI_VALUES_FILE
-#if keycloak is enabled add passthrough ingress gateway and gateway to istio.
- yq eval-all 'select(filename == "tests/ci/k3d/values.yaml") * select(filename == "tests/ci/passthrough-gateway.yaml")' $CI_VALUES_FILE tests/ci/passthrough-gateway.yaml > tmpfile && mv tmpfile $CI_VALUES_FILE
-fi
-
-# Set controlPlaneCidr for ci-infra jobs which are RKE2
-if [[ "$CI_PIPELINE_SOURCE" == "schedule" ]] && [[ "$CI_COMMIT_BRANCH" == "master" ]] || [[ "$CI_MERGE_REQUEST_LABELS" = *"test-ci::infra"* ]]; then
- echo "Updating networkPolicies.controlPlaneCidr since Environment is RKE2"
- yq e '.networkPolicies.controlPlaneCidr = "10.0.0.0/8"' $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
-fi
-
-# deploy BigBang using dev sized scaling
-echo "🚀 Installing BigBang with the following configurations:"
-cat $CI_VALUES_FILE
-
-helm upgrade -i bigbang chart -n bigbang --create-namespace \
- --set registryCredentials[0].username="${REGISTRY1_USER}" \
- --set registryCredentials[0].password="${REGISTRY1_PASSWORD}" \
- --set registryCredentials[0].registry=registry1.dso.mil \
- --set registryCredentials[1].username="${DOCKER_USER}" \
- --set registryCredentials[1].password="${DOCKER_PASSWORD}" \
- --set registryCredentials[1].registry=docker.io \
- -f ${CI_VALUES_FILE}
-
-# apply secrets kustomization pointing to current branch or master if an upgrade job
-if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
- echo "🚀 Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
- kubectl apply -f tests/ci/shared-secrets.yaml
-elif [[ $(git branch --show-current) == "${CI_MERGE_REQUEST_TARGET_BRANCH_NAME}" ]]; then
- echo "🚀 Deploying secrets from the ${CI_MERGE_REQUEST_TARGET_BRANCH_NAME} branch"
- cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_MERGE_REQUEST_TARGET_BRANCH_NAME"'|g' | kubectl apply -f -
-elif [ -z "$CI_COMMIT_TAG" ]; then
- echo "🚀 Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
- cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
-else
- echo "🚀 Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
- # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
- cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
-fi
diff --git a/tests/deploy/02_wait_for_helmreleases.sh b/tests/deploy/02_wait_for_helmreleases.sh
deleted file mode 100755
index d2594228d191637949c6755e7948e1d384236aee..0000000000000000000000000000000000000000
--- a/tests/deploy/02_wait_for_helmreleases.sh
+++ /dev/null
@@ -1,209 +0,0 @@
-#!/usr/bin/env bash
-
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-
-## Array of core HRs
-CORE_HELMRELEASES=("gatekeeper" "istio-operator" "istio" "monitoring" "eck-operator" "ek" "fluent-bit" "twistlock" "cluster-auditor" "jaeger" "kiali")
-
-## Array of addon HRs
-ADD_ON_HELMRELEASES=("argocd" "authservice" "gitlab" "gitlab-runner" "anchore" "sonarqube" "minio-operator" "minio" "mattermost-operator" "mattermost" "nexus-repository-manager" "velero")
-
-## Map of values-keys/labels to HRs: Only needed if HR name =/= label name
-declare -A ADD_ON_HELMRELEASES_MAP
-ADD_ON_HELMRELEASES_MAP["haproxy"]="haproxy-sso"
-ADD_ON_HELMRELEASES_MAP["gitlabRunner"]="gitlab-runner"
-ADD_ON_HELMRELEASES_MAP["minioOperator"]="minio-operator"
-ADD_ON_HELMRELEASES_MAP["mattermostoperator"]="mattermost-operator"
-ADD_ON_HELMRELEASES_MAP["nexus"]="nexus-repository-manager"
-
-## Function to test an array contains an element
-## Args:
-## $1: array to search
-## $2: element to search for
-function array_contains() {
- local array="$1[@]"
- local seeking=$2
- local in=1
- for element in ${!array}; do
- if [[ $element == "$seeking" ]]; then
- in=0
- break
- fi
- done
- return $in
-}
-
-## Function to check/wait on HR existence
-function check_if_hr_exist() {
- timeElapsed=0
- echo "â³ Waiting for $1 HR to exist"
- until kubectl get hr -n bigbang $1 &> /dev/null; do
- sleep 5
- timeElapsed=$(($timeElapsed+5))
- if [[ $timeElapsed -ge 60 ]]; then
- echo "⌠Timed out while waiting for $1 HR to exist"
- exit 1
- fi
- done
-}
-
-## Function to wait on all HRs
-function wait_all_hr() {
- timeElapsed=0
- while true; do
- hrstatus=$(kubectl get hr -n bigbang -o jsonpath='{.items[*].status.conditions[0].reason}')
- hrready=$(kubectl get hr -n bigbang -o jsonpath='{.items[*].status.conditions[0].status}')
- # HR ArtifactFailed, retry
- artifactfailedcounter=0
- while [[ $artifactfailedcounter -lt 3 ]]; do
- if [[ ! "$hrstatus" =~ ArtifactFailed ]]; then
- break
- else
- artifactfailedcounter=$(($artifactfailedcounter+1))
- echo "â³ Helm Artifact Failed, waiting 5 seconds."
- sleep 5
- hrstatus=$(kubectl get hr -n bigbang -o jsonpath='{.items[*].status.conditions[0].reason}')
- fi
- done
- # HR *Failed, exit
- if [[ "$hrstatus" =~ Failed ]]; then
- state=$(kubectl get hr -A -o go-template='{{range $items,$contents := .items}}{{printf "HR %s" $contents.metadata.name}}{{printf " status is %s\n" (index $contents.status.conditions 0).reason}}{{end}}')
- failed=$(echo "${state}" | grep "Failed")
- echo "⌠Found failed Helm Release(s). Exiting now."
- echo "⌠${failed}"
- failed_hrs=$(echo "{$failed}" | awk '{print $2}')
- for hr in $failed_hrs; do
- kubectl describe hr -n bigbang $hr
- done
- exit 1
- fi
- if [[ "$hrready" != *Unknown* ]]; then
- if [[ "$hrready" != *False* ]]; then
- echo "✅ All HR's deployed"
- break
- fi
- fi
- sleep 5
- timeElapsed=$(($timeElapsed+5))
- if [[ $timeElapsed -ge 1800 ]]; then
- echo "⌠Timed out while waiting for hr's to be ready."
- exit 1
- fi
- done
-}
-
-## Function to wait on all statefulsets
-function wait_sts() {
- timeElapsed=0
- while true; do
- sts=$(kubectl get sts -A -o jsonpath='{.items[*].status.replicas}' | xargs)
- totalSum=$(echo $sts | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
- readySts=$(kubectl get sts -A -o jsonpath='{.items[*].status.readyReplicas}' | xargs)
- readySum=$(echo $readySts | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
- if [[ $totalSum -eq $readySum ]]; then
- break
- fi
- sleep 5
- timeElapsed=$(($timeElapsed+5))
- if [[ $timeElapsed -ge 600 ]]; then
- echo "⌠Timed out while waiting for stateful sets to be ready."
- exit 1
- fi
- done
-}
-
-## Function to wait on all daemonsets
-function wait_daemonset(){
- timeElapsed=0
- while true; do
- dmnset=$(kubectl get daemonset -A -o jsonpath='{.items[*].status.desiredNumberScheduled}' | xargs)
- totalSum=$(echo $dmnset | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
- readyDmnset=$(kubectl get daemonset -A -o jsonpath='{.items[*].status.numberReady}' | xargs)
- readySum=$(echo $readyDmnset | awk '{for (i=1; i<=NF; i++) c+=$i} {print c}')
- if [[ $totalSum -eq $readySum ]]; then
- break
- fi
- sleep 5
- timeElapsed=$(($timeElapsed+5))
- if [[ $timeElapsed -ge 600 ]]; then
- echo "⌠Timed out while waiting for daemon sets to be ready."
- exit 1
- fi
- done
-}
-
-# Check for and run the wait_project function within <repo>/tests/wait.sh to wait for custom resources
-function wait_crd(){
- yq e '(.,.addons) | .[] | ... comments="" | (path | join("."))' "${CI_VALUES_FILE}" | while IFS= read -r package; do
- if [[ "$(yq e ".${package}.enabled" "${CI_VALUES_FILE}")" == "true" ]]; then
- gitrepo=$(yq e ".${package}.git.repo" "${VALUES_FILE}")
- version=$(yq e ".${package}.git.tag" "${VALUES_FILE}")
- if [[ -z "$version" || "$version" == "null" ]]; then
- version=$(yq e ".${package}.git.branch" "${VALUES_FILE}")
- fi
- if [[ -z "$version" || "$version" == "null" ]]; then
- continue
- fi
- printf "Checking for tests/wait.sh in %s:%s... " ${package} ${version}
- if curl -f "${gitrepo%.git}/-/raw/${version}/tests/wait.sh?inline=false" 1>${package}.wait.sh 2>/dev/null; then
- printf "found, running\n"
- . ./${package}.wait.sh
- wait_project
- else
- printf "not found\n"
- fi
- fi
- done
-}
-
-
-## Append all add-ons to hr list if "all-packages" or default branch/tag. Else, add specific ci labels to hr list.
-HELMRELEASES=(${CORE_HELMRELEASES[@]})
-if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
- HELMRELEASES+=(${ADD_ON_HELMRELEASES[@]})
- echo "🌌 All helmreleases enabled: all-packages label enabled, or on default branch or tag."
-elif [[ ! -z "$CI_MERGE_REQUEST_LABELS" ]]; then
- IFS=","
- for package in $CI_MERGE_REQUEST_LABELS; do
- # Check if package is in addons
- if array_contains ADD_ON_HELMRELEASES "$package"; then
- HELMRELEASES+=("$package")
- # Check to see if there is a mapping from label -> HR
- elif [ ${ADD_ON_HELMRELEASES_MAP[$package]+_} ]; then
- package="${ADD_ON_HELMRELEASES_MAP[$package]}"
- # Safeguard to doublecheck new package name is valid HR name
- if array_contains ADD_ON_HELMRELEASES "$package"; then
- HELMRELEASES+=("$package")
- fi
- fi
- done
- echo "✅ Found enabled helmreleases: ${HELMRELEASES[@]}"
-fi
-
-echo "â³ Waiting on GitRepositories"
-kubectl wait --for=condition=Ready --timeout 180s gitrepositories -n bigbang --all
-
-for package in "${HELMRELEASES[@]}";
-do
- check_if_hr_exist "$package"
-done
-
-echo "â³ Waiting on helm releases..."
-wait_all_hr
-echo "â³ Waiting for custom resources..."
-wait_crd
-
-kubectl get helmreleases,kustomizations,gitrepositories -A
-
-echo "â³ Waiting on Secrets Kustomization"
-kubectl wait --for=condition=Ready --timeout 300s kustomizations.kustomize.toolkit.fluxcd.io -n bigbang secrets
-
-# In case some helm releases are marked as ready before all objects are live...
-echo "â³ Waiting on all jobs, deployments, statefulsets, and daemonsets"
-kubectl wait --for=condition=available --timeout 600s -A deployment --all > /dev/null
-wait_sts
-wait_daemonset
-if kubectl get job -A -o jsonpath='{.items[].metadata.name}' &> /dev/null; then
- kubectl wait --for=condition=complete --timeout 300s -A job --all > /dev/null
-fi
diff --git a/tests/registries.yaml.template b/tests/registries.yaml.template
deleted file mode 100644
index e5e8fbf6ee954ba27f5798785d8b4b1830b9cece..0000000000000000000000000000000000000000
--- a/tests/registries.yaml.template
+++ /dev/null
@@ -1,6 +0,0 @@
-configs:
- "registry1.dso.mil":
- auth:
- username: robot${DOLLAR}bigbang
- password: ${REGISTRY1_PASSWORD}
-
diff --git a/tests/ci/k3d/values.yaml b/tests/test-values.yaml
similarity index 72%
rename from tests/ci/k3d/values.yaml
rename to tests/test-values.yaml
index 5fb7ba60af7220f9ad2f50f91ef833fb7cb439b0..345adda9e7cf7e755bf48dbe835b7e34fea03d8c 100644
--- a/tests/ci/k3d/values.yaml
+++ b/tests/test-values.yaml
@@ -1,79 +1,74 @@
-hostname: bigbang.dev
+domain: bigbang.dev
+
+sso:
+ # LetsEncrypt certificate authority
+ certificate_authority: |
+ -----BEGIN CERTIFICATE-----
+ MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
+ TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+ cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
+ WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
+ ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
+ MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
+ h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
+ 0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
+ A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
+ T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
+ B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
+ B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
+ KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
+ OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
+ jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
+ qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
+ rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
+ HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
+ hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
+ ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
+ 3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
+ NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
+ ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
+ TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
+ jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
+ oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
+ 4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
+ mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
+ emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
+ -----END CERTIFICATE-----
+
+ # Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
+ # https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/certs
+ # must be single quoted and double quotes must be escaped like this \"xxxx\"
+ jwks: '{\"keys\":[{\"kid\":\"4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"hiML1kjw-sw25BgaZI1AyfgcCRBPJKPE-wwttqa7NNxptr_5RCBGuJXqDyo3p1vjcbb8KjdKnXI7kWer8b2Pz_RP1m_QcPrKOxSluk7GZF8ARsc6FPGbzYgi8o8cBVSsaml6HZzpN3ZnH4DFZ27ifM-Ul_PyMxZ2aweohIaizXp-rgF7Rqpav5NXUwmcSyH8LP92NVIuFlD3HYTDGosVbfA_u_H25Z4XCGKW_vLDTNrl8PcA3HqIoD-vNavysdxAq_KNw7iLLc0KLsjFYSdJL_54H7QubsGR0AyIrLLurJbqAtvttGJK38k5XYWKIwYGtu6iiJwjSb7UtonVdPh8Vw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=\"],\"x5t\":\"mxFIwx7EdgxyC3Y6ODLx8yr8Bx8\",\"x5t#S256\":\"SdT7ScKVOnBW6qs_MuYdTGVtMGwYK_-nmQF9a_8lXco\"}]}'
+ oidc:
+ host: keycloak.bigbang.dev
+ realm: baby-yoda
flux:
+ timeout: 20m
interval: 1m
rollback:
cleanupOnFail: false
networkPolicies:
- controlPlaneCidr: 172.16.0.0/12
-
-logging:
enabled: true
- values:
- elasticsearch:
- master:
- count: 1
- persistence:
- size: 256Mi
- resources:
- requests:
- cpu: .5
- limits: {}
- heap:
- min: 1g
- max: 1g
- data:
- count: 2
- persistence:
- size: 256Mi
- resources:
- requests:
- cpu: .5
- limits: {}
- heap:
- min: 1g
- max: 1g
- kibana:
- count: 1
- bbtests:
- enabled: true
- cypress:
- artifacts: true
- envs:
- cypress_kibana_url: "https://kibana.bigbang.dev"
- secretEnvs:
- - name: cypress_elastic_password
- valueFrom:
- secretKeyRef:
- name: "logging-ek-es-elastic-user"
- key: elastic
- scripts:
- image: registry1.dso.mil/ironbank/stedolan/jq:1.6
- envs:
- elasticsearch_host: "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"
- desired_version: "{{ .Values.elasticsearch.version }}"
- secretEnvs:
- - name: ELASTIC_PASSWORD
- valueFrom:
- secretKeyRef:
- name: "logging-ek-es-elastic-user"
- key: elastic
-
-fluentbit:
- values:
- securityContext:
- privileged: true
- bbtests:
- enabled: true
- scripts:
- image: registry1.dso.mil/ironbank/stedolan/jq:1.6
- envs:
- fluent_host: "http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
- desired_version: "{{ .Values.image.tag }}"
+ controlPlaneCidr: 172.16.0.0/12
istio:
enabled: true
+ ingressGateways:
+ passthrough-ingressgateway:
+ type: "LoadBalancer"
+ gateways:
+ passthrough:
+ ingressGateway: "passthrough-ingressgateway"
+ hosts:
+ - "*.{{ .Values.domain }}"
+ tls:
+ mode: "PASSTHROUGH"
+ public:
+ tls:
+ key: "" # Gets added via chart/ingress-certs.yaml
+ cert: "" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
@@ -82,6 +77,9 @@ istio:
jaeger:
enabled: true
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
values:
bbtests:
enabled: true
@@ -92,6 +90,9 @@ jaeger:
kiali:
enabled: true
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
cr:
spec:
@@ -113,66 +114,6 @@ clusterAuditor:
memory: .5Gi
limits: {}
-monitoring:
- enabled: true
- values:
- prometheus:
- prometheusSpec:
- resources:
- requests:
- cpu: 100m
- memory: 200Mi
- limits: {}
- kube-state-metrics:
- resources:
- requests:
- cpu: 10m
- memory: 32Mi
- limits: {}
- prometheus-node-exporter:
- resources:
- requests:
- cpu: 100m
- memory: 30Mi
- limits: {}
- grafana:
- testFramework:
- enabled: false
- dashboards:
- default:
- k8s-deployment:
- gnetId: 741
- revision: 1
- datasource: Prometheus
- downloadDashboards:
- resources:
- limits:
- cpu: 20m
- memory: 20Mi
- requests:
- cpu: 20m
- memory: 20Mi
- dashboardProviders:
- dashboardproviders.yaml:
- apiVersion: 1
- providers:
- - name: 'default'
- orgId: 1
- folder: ''
- type: file
- disableDeletion: false
- editable: true
- options:
- path: /var/lib/grafana/dashboards
- bbtests:
- enabled: true
- cypress:
- artifacts: true
- envs:
- cypress_prometheus_url: 'https://prometheus.bigbang.dev'
- cypress_grafana_url: 'https://grafana.bigbang.dev'
- cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
-
gatekeeper:
enabled: true
values:
@@ -256,8 +197,150 @@ gatekeeper:
- name: "{{ .Chart.Name }}-kube-cache"
emptyDir: {}
+logging:
+ enabled: true
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana
+ license:
+ trial: false
+ values:
+ elasticsearch:
+ master:
+ count: 1
+ persistence:
+ size: 256Mi
+ resources:
+ requests:
+ cpu: .5
+ limits: {}
+ heap:
+ min: 1g
+ max: 1g
+ data:
+ count: 2
+ persistence:
+ size: 256Mi
+ resources:
+ requests:
+ cpu: .5
+ limits: {}
+ heap:
+ min: 1g
+ max: 1g
+ kibana:
+ count: 1
+ bbtests:
+ enabled: true
+ cypress:
+ artifacts: true
+ envs:
+ cypress_kibana_url: "https://kibana.bigbang.dev"
+ secretEnvs:
+ - name: cypress_elastic_password
+ valueFrom:
+ secretKeyRef:
+ name: "logging-ek-es-elastic-user"
+ key: elastic
+ scripts:
+ image: registry1.dso.mil/ironbank/stedolan/jq:1.6
+ envs:
+ elasticsearch_host: "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"
+ desired_version: "{{ .Values.elasticsearch.version }}"
+ secretEnvs:
+ - name: ELASTIC_PASSWORD
+ valueFrom:
+ secretKeyRef:
+ name: "logging-ek-es-elastic-user"
+ key: elastic
+
+fluentbit:
+ enabled: true
+ values:
+ securityContext:
+ privileged: true
+ bbtests:
+ enabled: true
+ scripts:
+ image: registry1.dso.mil/ironbank/stedolan/jq:1.6
+ envs:
+ fluent_host: "http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
+ desired_version: "{{ .Values.image.tag }}"
+
+monitoring:
+ enabled: true
+ sso:
+ enabled: false
+ prometheus:
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
+ alertmanager:
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
+ grafana:
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-grafana
+ scopes: "Grafana"
+ values:
+ prometheus:
+ prometheusSpec:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 200Mi
+ limits: {}
+ kube-state-metrics:
+ resources:
+ requests:
+ cpu: 10m
+ memory: 32Mi
+ limits: {}
+ prometheus-node-exporter:
+ resources:
+ requests:
+ cpu: 100m
+ memory: 30Mi
+ limits: {}
+ grafana:
+ testFramework:
+ enabled: false
+ dashboards:
+ default:
+ k8s-deployment:
+ gnetId: 741
+ revision: 1
+ datasource: Prometheus
+ downloadDashboards:
+ resources:
+ limits:
+ cpu: 20m
+ memory: 20Mi
+ requests:
+ cpu: 20m
+ memory: 20Mi
+ dashboardProviders:
+ dashboardproviders.yaml:
+ apiVersion: 1
+ providers:
+ - name: 'default'
+ orgId: 1
+ folder: ''
+ type: file
+ disableDeletion: false
+ editable: true
+ options:
+ path: /var/lib/grafana/dashboards
+ bbtests:
+ enabled: true
+ cypress:
+ artifacts: true
+ envs:
+ cypress_prometheus_url: 'https://prometheus.bigbang.dev'
+ cypress_grafana_url: 'https://grafana.bigbang.dev'
+ cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
+
twistlock:
enabled: true
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-twistlock
values:
console:
persistence:
@@ -278,6 +361,13 @@ twistlock:
addons:
argocd:
enabled: false
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
+ client_secret: anything-for-dev
+ provider_name: "P1 SSO"
+ groups: |
+ g, Impact Level 2 Authorized, role:admin
values:
controller:
resources:
@@ -353,6 +443,7 @@ addons:
enabled: false
sso:
enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab
flux:
timeout: 20m
values:
@@ -494,6 +585,13 @@ addons:
anchore:
enabled: false
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
+ enterprise:
+ enabled: false
+ licenseYaml: |
+ "TBD"
values:
ensureDbJobs:
resources:
@@ -635,6 +733,14 @@ addons:
sonarqube:
enabled: false
+ sso:
+ enabled: false
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
+ provider_name: "P1 SSO"
+ certificate: MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=
+ login: login
+ name: name
+ email: email
values:
plugins:
install: []
@@ -735,6 +841,10 @@ addons:
mattermost:
enabled: false
+ sso:
+ enabled: false
+ client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
+ client_secret: "no-secret"
elasticsearch:
enabled: true
values:
@@ -776,6 +886,54 @@ addons:
nexus:
enabled: false
+ # Nexus requires manual configuration in Keycloak client and cannot be tested with login.dso.mil
+ # you must test with your own dev deployment. Example: keycloak.bigbang.dev
+ # See more info in Nexus Package docs /docs/keycloak.md
+ # Nexus SSO is behind a paywall. You must have a valid license to enable SSO
+ # -- Base64 encoded license file.
+ # cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
+ #license_key: "enter-single-line-base64-encoded-string-here"
+ sso:
+ # -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
+ enabled: false
+ idp_data:
+ entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
+ # -- IdP Field Mappings
+ # -- NXRM username attribute
+ username: "username"
+ firstName: "firstName"
+ lastName: "lastName"
+ email: "email"
+ groups: "groups"
+ # -- IDP SAML Metadata XML as a single line string in single quotes
+ # -- this information is public and does not require a secret
+ # curl https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/descriptor ; echo
+ idpMetadata: 'enter-single-quoted-single-line-string-here'
+ role:
+ # id is the name of the Keycloak group (case sensitive)
+ - id: "Nexus"
+ name: "Keycloak Nexus Group"
+ description: "unprivilaged users"
+ privileges: []
+ roles: []
+ - id: "Nexus-Admin"
+ name: "Keycloak Nexus Admin Group"
+ description: "keycloak users as admins"
+ privileges:
+ - "nx-all"
+ roles:
+ - "nx-admin"
+ # NexusNotes: |
+ # Login to Nexus Admin UI and then get the x509 certificate from this path
+ # https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
+ # copy and paste the nexus single line certificate into a text file and save it
+ # vi nexus-x509.txt
+ # -----BEGIN CERTIFICATE-----
+ # put-single-line-nexus-x509-certificate-here
+ # -----END CERTIFICATE-----
+ # make a valid pem file with proper wrapping at 64 characters per line
+ # fold -w 64 nexus-x509.txt > nexus.pem
+ # In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
values:
persistence:
# Do NOT set this below 5Gi, nexus will fail to boot
@@ -865,7 +1023,9 @@ addons:
keycloak:
enabled: false
ingress:
- gateway: "public"
+ gateway: "passthrough"
+ key: "" # Gets added via chart/ingress-certs.yaml
+ cert: "" # Gets added via chart/ingress-certs.yaml
values:
replicas: 1
resources:
@@ -881,7 +1041,6 @@ addons:
cypress_url: "https://keycloak.bigbang.dev"
cypress_username: "admin"
cypress_password: "password"
- # Custom dev secret configuration
secrets:
env:
stringData:
@@ -897,7 +1056,7 @@ addons:
realm:
stringData:
realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
- extraVolumes: |-
+ extraVolumes: |-
- name: certauthority
secret:
secretName: {{ include "keycloak.fullname" . }}-certauthority
@@ -920,13 +1079,3 @@ addons:
mountPath: /opt/jboss/keycloak/realm.json
subPath: realm.json
readOnly: true
-
- extraVolumeMountsBigBang:
- - name: tlscert
- mountPath: /etc/x509/https/tls.crt
- subPath: tls.crt
- readOnly: true
- - name: tlskey
- mountPath: /etc/x509/https/tls.key
- subPath: tls.key
- readOnly: true
diff --git a/tests/tests/01_virtualservices.sh b/tests/tests/01_virtualservices.sh
deleted file mode 100755
index 0ac5100855f20928bb88600613b81c234fa7c324..0000000000000000000000000000000000000000
--- a/tests/tests/01_virtualservices.sh
+++ /dev/null
@@ -1,26 +0,0 @@
-#!/usr/bin/env bash
-
-# exit on error
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-
-# Populate /etc/hosts
-ip=$(kubectl -n istio-system get service public-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
-echo "Checking "
-
-hosts=`kubectl get virtualservices -A -o jsonpath="{ .items[*].spec.hosts[*] }"`
-for host in $hosts; do
- if [ $host == "keycloak.bigbang.dev" ]; then
- ip_passthrough=$(kubectl -n istio-system get service passthrough-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- echo "$ip_passthrough $host" >> /etc/hosts
- else
- echo "$ip $host" >> /etc/hosts
- fi
- echo "****************************************"
- echo "Begin curl $host"
- echo "****************************************"
- curl -svv https://$host/ > /dev/null
- echo "****************************************"
- echo "End curl $host"
- echo "****************************************"
-done
diff --git a/tests/tests/02_non_ironbank.sh b/tests/tests/02_non_ironbank.sh
deleted file mode 100755
index 24fc000f92720e98ac5fdb54f2057038e35e1f3a..0000000000000000000000000000000000000000
--- a/tests/tests/02_non_ironbank.sh
+++ /dev/null
@@ -1,10 +0,0 @@
-#!/usr/bin/env bash
-
-# exit on error
-set -e
-trap 'echo ⌠exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-
-# Quick check for non iron bank images
-echo "Showing images not from ironbank:"
-# Ignore rancher images since those are from k3d
-kubectl get pods -A -o jsonpath="{..image}" | tr -s '[[:space:]]' '\n' | sort | uniq -c | grep -v "registry1" | ( grep -v "rancher" || echo "None" )
diff --git a/tests/tests/03_helm_tests.sh b/tests/tests/03_helm_tests.sh
deleted file mode 100755
index d92fd6b0870ffb2ca2b110d794d4981a25990061..0000000000000000000000000000000000000000
--- a/tests/tests/03_helm_tests.sh
+++ /dev/null
@@ -1,137 +0,0 @@
-#!/usr/bin/env bash
-
-# exit on error
-set -e
-trap 'echo exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
-
-# Check clusterType and get original CoreDNS config
-clusterType="unknown"
-coreDnsName="unknown"
-touch newhosts
-if kubectl get configmap -n kube-system coredns &>/dev/null; then
- clusterType="k3d"
- coreDnsName="coredns"
- kubectl get configmap -n kube-system ${coreDnsName} -o jsonpath='{.data.NodeHosts}' > newhosts
-elif kubectl get configmap -n kube-system rke2-coredns-rke2-coredns &>/dev/null; then
- clusterType="rke2"
- coreDnsName="rke2-coredns-rke2-coredns"
- kubectl get configmap -n kube-system ${coreDnsName} -o jsonpath='{.data.Corefile}' > newcorefile
-fi
-
-# Safeguard in case configmap doesn't end with newline
-if [[ $(tail -c 1 newhosts) != "" ]]; then
- echo "" >> newhosts
-fi
-
-# Get each VS hostname + ingress gateway IP and add to newhosts
-for vs in $(kubectl get virtualservice -A -o go-template='{{range .items}}{{.metadata.name}}{{":"}}{{.metadata.namespace}}{{" "}}{{end}}'); do
- vs_name=$(echo ${vs} | awk -F: '{print $1}')
- vs_namespace=$(echo ${vs} | awk -F: '{print $2}')
- hosts=$(kubectl get virtualservice ${vs_name} -n ${vs_namespace} -o go-template='{{range .spec.hosts}}{{.}}{{" "}}{{end}}')
- gateway=$(kubectl get virtualservice ${vs_name} -n ${vs_namespace} -o jsonpath='{.spec.gateways[0]}' | awk -F/ '{print $2}')
- ingress_gateway=$(kubectl get gateway -n istio-system $gateway -o jsonpath='{.spec.selector.app}')
- external_ip=""
- if [[ ${clusterType} == "k3d" ]]; then
- external_ip=$(kubectl get svc -n istio-system $ingress_gateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
- elif [[ ${clusterType} == "rke2" ]]; then
- external_hostname=$(kubectl get svc -n istio-system $ingress_gateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
- external_ip=$(dig +short ${external_hostname} | tail -n1)
- fi
- for host in $hosts; do
- host=$(echo ${host} | xargs)
- # Remove previous entry if on upgrade job
- sed -i "/$host/d" newhosts
- echo "${external_ip} ${host}" >> newhosts
- done
-done
-
-# Patch CoreDNS and restart pod
-echo "Setting up CoreDNS for VS resolution..."
-hosts=$(cat newhosts) yq e -n '.data.NodeHosts = strenv(hosts)' > patch.yaml
-# For k3d
-if [[ ${clusterType} == "k3d" ]]; then
- kubectl patch configmap -n kube-system ${coreDnsName} --patch "$(cat patch.yaml)"
- kubectl rollout restart deployment -n kube-system ${coreDnsName}
- kubectl rollout status deployment -n kube-system ${coreDnsName} --timeout=30s
-# For rke2
-elif [[ ${clusterType} == "rke2" ]]; then
- # Add an entry to the corefile
- sed -i '/prometheus/i \ \ \ \ hosts /etc/coredns/NodeHosts {\n ttl 60\n reload 15s\n fallthrough\n }' newcorefile
- corefile=$(cat newcorefile) yq e -i '.data.Corefile = strenv(corefile)' patch.yaml
- kubectl patch configmap -n kube-system ${coreDnsName} --patch "$(cat patch.yaml)"
- kubectl patch deployment ${coreDnsName} -n kube-system -p '{"spec":{"template":{"spec":{"volumes":[{"name":"config-volume","configMap":{"items":[{"key":"Corefile","path":"Corefile"},{"key":"NodeHosts","path":"NodeHosts"}],"name":"'${coreDnsName}'"}}]}}}}'
- kubectl rollout status deployment -n kube-system ${coreDnsName} --timeout=30s
-# Add other distros in future as needed, catchall so tests won't error on this
-else
- echo "No known CoreDNS deployment found, skipping patching."
-fi
-
-# Gather all HRs we should test
-installed_helmreleases=$(helm list -n bigbang -o json | jq '.[].name' | tr -d '"' | grep -v "bigbang")
-mkdir -p test-artifacts
-ERRORS=0
-
-# For each HR, if it has helm tests: run them, capture exit code, output logs, and save cypress artifacts
-for hr in $installed_helmreleases; do
- echo "Running helm tests for ${hr}..."
- test_result=$(helm test $hr -n bigbang) && export EXIT_CODE=$? || export EXIT_CODE=$?
- test_result=$(echo "${test_result}" | sed '/NOTES/Q')
- namespace=$(echo "$test_result" | yq eval '."NAMESPACE"' -)
- test_suite=$(echo "$test_result" | yq eval '.["TEST SUITE"]' -)
- if [ ! $test_suite == "None" ]; then
- # Since logs are cluttery, only output when failed
- if [[ ${EXIT_CODE} -ne 0 ]]; then
- echo "⌠One or more tests failed for ${hr}"
- ERRORS=$((ERRORS + 1))
- for pod in $(echo "$test_result" | grep "TEST SUITE" | grep "test" | awk -F: '{print $2}' | xargs); do
- # Only output failed pod logs, not all test pods
- if [[ $(kubectl get pod -n ${namespace} ${pod} -o jsonpath='{.status.phase}' 2>/dev/null | xargs) == "Failed" ]]; then
- echo -e "---\nLogs for ${pod}:\n---"
- kubectl logs --tail=-1 -n ${namespace} ${pod}
- fi
- done
- echo "---"
- else
- echo "✅ All tests sucessful for ${hr}"
- fi
-
- # Grab script logs to save for the artifacts (don't get cypress because its not text friendly + we have the videos/screenshots)
- for pod in $(echo "$test_result" | grep "TEST SUITE" | grep "test" | awk -F: '{print $2}' | xargs); do
- if [[ ! "$pod" =~ "cypress" ]]; then
- if kubectl get pod -n ${namespace} ${pod} &>/dev/null; then
- mkdir -p test-artifacts/${hr}/scripts
- kubectl logs --tail=-1 -n ${namespace} ${pod} >> test-artifacts/${hr}/scripts/pod-logs.txt
- fi
- fi
- done
-
- # Always save off the artifacts if they exist
- if kubectl get configmap -n ${namespace} cypress-screenshots &>/dev/null; then
- mkdir -p test-artifacts/${hr}/cypress
- kubectl get configmap -n ${namespace} cypress-screenshots -o jsonpath='{.data.cypress-screenshots\.tar\.gz\.b64}' > cypress-screenshots.tar.gz.b64
- cat cypress-screenshots.tar.gz.b64 | base64 -d > cypress-screenshots.tar.gz
- tar -zxf cypress-screenshots.tar.gz --strip-components=2 -C test-artifacts/${hr}/cypress
- rm -rf cypress-screenshots.tar.gz.b64 cypress-screenshots.tar.gz
- kubectl delete configmap -n ${namespace} cypress-screenshots &>/dev/null
- fi
- if kubectl get configmap -n ${namespace} cypress-videos &>/dev/null; then
- mkdir -p test-artifacts/${hr}/cypress
- kubectl get configmap -n ${namespace} cypress-videos -o jsonpath='{.data.cypress-videos\.tar\.gz\.b64}' > cypress-videos.tar.gz.b64
- cat cypress-videos.tar.gz.b64 | base64 -d > cypress-videos.tar.gz
- tar -zxf cypress-videos.tar.gz --strip-components=2 -C test-artifacts/${hr}/cypress
- rm -rf cypress-videos.tar.gz.b64 cypress-videos.tar.gz
- kubectl delete configmap -n ${namespace} cypress-videos &>/dev/null
- fi
- else
- echo "😞 No tests found for ${hr}"
- fi
-done
-
-echo "Finished running all helm tests."
-
-if [ $ERRORS -gt 0 ]; then
- echo "⌠Encountered $ERRORS package(s) with errors while running tests. See output logs for failed test(s) above and artifacts in the job."
- exit 123
-else
- echo "✅ All helm tests run successfully."
-fi