Merge branch 'master' into 'eck-istio-annotation'

# Conflicts: # chart/templates/_helpers.tpl

Merge branch 'master' into 'eck-istio-annotation'
94136360 · Tawsif Siddiqui · 5a34c895 · f2e03231 · 94136360 · 94136360
Commit 94136360 authored 3 years ago by Tawsif Siddiqui
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -145,15 +145,16 @@ bigbang.addValueIfSet can be used to nil check parameters before adding them to
    {{- end }}
  {{- end }}
 {{- end -}}
+
 {{/*
 Annotation for Istio version
 */}}
 {{- define "istioAnnotation" -}}
-  {{- if .Values.istio.git.semver -}}
-    bigbang.dev/istioVersion: {{ .Values.istio.git.semver | trimSuffix (regexFind "-bb.*" .Values.istio.git.semver) }}
-  {{- else if .Values.istio.git.tag -}}
-    bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb.*" .Values.istio.git.tag) }}
-  {{- else if .Values.istio.git.branch -}}
-    bigbang.dev/istioVersion: {{ .Values.istio.git.branch }}
-  {{- end -}}
+{{- if .Values.istio.git.semver -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.semver | trimSuffix (regexFind "-bb.*" .Values.istio.git.semver) }}
+{{- else if .Values.istio.git.tag -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb.*" .Values.istio.git.tag) }}
+{{- else if .Values.istio.git.branch -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.branch }}
+{{- end -}}
 {{- end -}}
--- a/chart/templates/kyverno/namespace.yaml
+++ b/chart/templates/kyverno/namespace.yaml
@@ -3,9 +3,6 @@ apiVersion: v1
 kind: Namespace
 metadata:
  labels:
-    admission.kyverno.sh/ignore: no-self-managing
-    control-plane: controller-manager
-    kyverno.sh/system: "yes"
    app.kubernetes.io/name: kyverno
    app.kubernetes.io/component: "core"
    {{- include "commonLabels" . | nindent 4}}

--- a/chart/templates/kyverno/values.yaml
+++ b/chart/templates/kyverno/values.yaml
@@ -3,6 +3,8 @@
 {{- end }}

 {{- define "bigbang.defaults.kyverno" -}}
+replicaCount: 3
+
 image:
  pullSecrets:
  - name: private-registry
@@ -13,8 +15,10 @@ networkPolicies:
  enabled: {{ .Values.networkPolicies.enabled }}
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}

-monitoring:
-  enabled: false #{{ .Values.monitoring.enabled }} To enable this, we need PodMonitor crd
+serviceMonitor:
+  enabled: {{ .Values.monitoring.enabled }}
+  dashboards:
+    namespace: monitoring

 istio:
  enabled: {{ .Values.istio.enabled }}

--- a/chart/templates/logging/promtail/values.yaml
+++ b/chart/templates/logging/promtail/values.yaml
@@ -5,6 +5,13 @@
 {{- define "bigbang.defaults.promtail" -}}
 hostname: {{ .Values.hostname }}

+initContainer:
+  image:
+    pullPolicy: {{ .Values.imagePullPolicy }}
+
+image:
+  pullPolicy: {{ .Values.imagePullPolicy }}
+
 openshift: {{ .Values.openshift }}

 istio:

--- a/chart/templates/twistlock/values.yaml
+++ b/chart/templates/twistlock/values.yaml
@@ -31,6 +31,11 @@ istio:
    gateways:
    - istio-system/{{ default "public" .Values.twistlock.ingress.gateway }}

+{{- if .Values.istio.enabled }}
+annotations:
+  {{ include "istioAnnotation" . }}
+{{- end }}
+
 console:
  image:
    imagePullPolicy: {{ .Values.imagePullPolicy }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -335,14 +335,10 @@ kyverno:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno
    path: "./chart"
-    tag: "2.1.2-bb.0"
+    tag: "2.1.3-bb.2"

  # -- Flux reconciliation overrides specifically for the Kyverno Package
-  flux:
-    install:
-      crds: CreateReplace
-    upgrade:
-      crds: CreateReplace
+  flux: {}

  # -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git
  values: {}
@@ -361,7 +357,7 @@ logging:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
    path: "./chart"
-    tag: "0.2.0-bb.0"
+    tag: "0.3.0-bb.0"

  # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
  flux:
@@ -532,7 +528,7 @@ twistlock:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
    path: "./chart"
-    tag: "0.0.12-bb.0"
+    tag: "0.1.0-bb.0"

  # -- Flux reconciliation overrides specifically for the Twistlock Package
  flux: {}

--- a/docs/guides/using_bigbang/image_pull_policy.md
+++ b/docs/guides/using_bigbang/image_pull_policy.md
@@ -21,6 +21,7 @@ We have also documented the package overrides required if you want to set a sing
 | Fluentbit | `Always` | <pre lang="yaml">fluentbit:<br>  values:<br>    image:<br>      pullPolicy: IfNotPresent</pre> |
 | Monitoring | Varies | <pre lang="yaml">monitoring:<br>  values: <br>    kube-state-metrics:<br>      image:<br>        pullPolicy: IfNotPresent<br>    grafana:<br>      image:<br>        pullPolicy: IfNotPresent<br>      sidecar:<br>        imagePullPolicy: IfNotPresent<br>    prometheus-node-exporter:<br>      image:<br>        pullPolicy: IfNotPresent<br>    prometheusOperator:<br>      image:<br>        pullPolicy: IfNotPresent<br>      admissionWebhooks:<br>        cleanupProxy:<br>          image:<br>            pullPolicy: IfNotPresent<br>        patch: <br>          image:<br>            pullPolicy: IfNotPresent<br>    prometheus:<br>      prometheusSpec:<br>        containers:<br>          - name: "prometheus"<br>            imagePullPolicy: IfNotPresent<br>          - name: "config-reloader"<br>            imagePullPolicy: IfNotPresent<br>    alertmanager:<br>      alertmanagerSpec:<br>        containers:<br>          - name: "alertmanager"<br>            imagePullPolicy: IfNotPresent<br>          - name: "config-reloader"<br>            imagePullPolicy: IfNotPresent</pre> |
 | Twistlock | `IfNotPresent` | <pre lang="yaml">twistlock:<br>  values:<br>    console:<br>      image:<br>        imagePullPolicy: IfNotPresent</pre>  |
+| Promtail  | `IfNotPresent` | <pre lang="yaml">promtail:<br>  values:<br>    init:<br>      image:<br>        pullPolicy: IfNotPresent<br>    image:<br>      pullPolicy: IfNotPresent</pre>  |
 | ArgoCD | Varies | <pre lang="yaml">addons:<br>  argocd:<br>    values:<br>      global:<br>        image:<br>          imagePullPolicy: IfNotPresent<br>      controller:<br>        image:<br>          imagePullPolicy: IfNotPresent<br>      dex:<br>        image:<br>          imagePullPolicy: IfNotPresent<br>      redis-bb:<br>        image:<br>          pullPolicy: IfNotPresent<br>      server:<br>        image:<br>          imagePullPolicy: IfNotPresent<br>      repoServer:<br>        image:<br>          imagePullPolicy: IfNotPresent</pre> |
 | Authservice | `IfNotPresent` | <pre lang="yaml">addons:<br>  authservice:<br>    values:<br>      image:<br>        pullPolicy: IfNotPresent</pre> |
 | MinIO Operator | `IfNotPresent` | <pre lang="yaml">addons:<br>  minioOperator:<br>    values:<br>      operator:<br>        image:<br>          pullPolicy: IfNotPresent</pre> |

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -203,18 +203,9 @@ gatekeeper:
 kyverno:
  enabled: false
  values:
-    replicas: 1
+    replicaCount: 1
    bbtests:
      enabled: true
-      scripts:
-        image: registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1
-        additionalVolumeMounts:
-          - name: "{{ .Chart.Name }}-test-config"
-            mountPath: /yaml
-        additionalVolumes:
-          - name: "{{ .Chart.Name }}-test-config"
-            configMap:
-              name: "{{ .Chart.Name }}-test-config"

 logging:
  enabled: true