diff --git a/chart/templates/_helpers.tpl b/chart/templates/_helpers.tpl
index ea9b587123d8a944f43bf420960ce25178944126..69873201a3967f39b473e0dafa3858401c1687cd 100644
--- a/chart/templates/_helpers.tpl
+++ b/chart/templates/_helpers.tpl
@@ -145,15 +145,16 @@ bigbang.addValueIfSet can be used to nil check parameters before adding them to
{{- end }}
{{- end }}
{{- end -}}
+
{{/*
Annotation for Istio version
*/}}
{{- define "istioAnnotation" -}}
- {{- if .Values.istio.git.semver -}}
- bigbang.dev/istioVersion: {{ .Values.istio.git.semver | trimSuffix (regexFind "-bb.*" .Values.istio.git.semver) }}
- {{- else if .Values.istio.git.tag -}}
- bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb.*" .Values.istio.git.tag) }}
- {{- else if .Values.istio.git.branch -}}
- bigbang.dev/istioVersion: {{ .Values.istio.git.branch }}
- {{- end -}}
+{{- if .Values.istio.git.semver -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.semver | trimSuffix (regexFind "-bb.*" .Values.istio.git.semver) }}
+{{- else if .Values.istio.git.tag -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.tag | trimSuffix (regexFind "-bb.*" .Values.istio.git.tag) }}
+{{- else if .Values.istio.git.branch -}}
+bigbang.dev/istioVersion: {{ .Values.istio.git.branch }}
+{{- end -}}
{{- end -}}
diff --git a/chart/templates/kyverno/namespace.yaml b/chart/templates/kyverno/namespace.yaml
index d0e14c6f031ae42066dd4550f94a1b2386527b55..cab4f70b11ea3462216ecf74d4242f02719d98ab 100644
--- a/chart/templates/kyverno/namespace.yaml
+++ b/chart/templates/kyverno/namespace.yaml
@@ -3,9 +3,6 @@ apiVersion: v1
kind: Namespace
metadata:
labels:
- admission.kyverno.sh/ignore: no-self-managing
- control-plane: controller-manager
- kyverno.sh/system: "yes"
app.kubernetes.io/name: kyverno
app.kubernetes.io/component: "core"
{{- include "commonLabels" . | nindent 4}}
diff --git a/chart/templates/kyverno/values.yaml b/chart/templates/kyverno/values.yaml
index 39c44a38fe94aa7cfbb1018947d89d159d4e8986..c251cc2e1b46606c053a24fe6cf97ad6c714662b 100644
--- a/chart/templates/kyverno/values.yaml
+++ b/chart/templates/kyverno/values.yaml
@@ -3,6 +3,8 @@
{{- end }}
{{- define "bigbang.defaults.kyverno" -}}
+replicaCount: 3
+
image:
pullSecrets:
- name: private-registry
@@ -13,8 +15,10 @@ networkPolicies:
enabled: {{ .Values.networkPolicies.enabled }}
controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
-monitoring:
- enabled: false #{{ .Values.monitoring.enabled }} To enable this, we need PodMonitor crd
+serviceMonitor:
+ enabled: {{ .Values.monitoring.enabled }}
+ dashboards:
+ namespace: monitoring
istio:
enabled: {{ .Values.istio.enabled }}
diff --git a/chart/templates/logging/promtail/values.yaml b/chart/templates/logging/promtail/values.yaml
index 076e2945d357080281e49076f70d6bcd2bc7d2ea..9da6a73365f0a4fb4331fb3227970a82c685c7d4 100644
--- a/chart/templates/logging/promtail/values.yaml
+++ b/chart/templates/logging/promtail/values.yaml
@@ -5,6 +5,13 @@
{{- define "bigbang.defaults.promtail" -}}
hostname: {{ .Values.hostname }}
+initContainer:
+ image:
+ pullPolicy: {{ .Values.imagePullPolicy }}
+
+image:
+ pullPolicy: {{ .Values.imagePullPolicy }}
+
openshift: {{ .Values.openshift }}
istio:
diff --git a/chart/templates/twistlock/values.yaml b/chart/templates/twistlock/values.yaml
index 74d7e543f9bc42c269c2eab91e373ac5074eedee..d4c2310eb147652d0aaf5b9e204b65f37f6135df 100644
--- a/chart/templates/twistlock/values.yaml
+++ b/chart/templates/twistlock/values.yaml
@@ -31,6 +31,11 @@ istio:
gateways:
- istio-system/{{ default "public" .Values.twistlock.ingress.gateway }}
+{{- if .Values.istio.enabled }}
+annotations:
+ {{ include "istioAnnotation" . }}
+{{- end }}
+
console:
image:
imagePullPolicy: {{ .Values.imagePullPolicy }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 4e2c529bbb7ef1b9d3f8fd9531508770fff53ec8..781ec61f7d28e9d2cc4819f9e407ec1ceb01577f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -335,14 +335,10 @@ kyverno:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno
path: "./chart"
- tag: "2.1.2-bb.0"
+ tag: "2.1.3-bb.2"
# -- Flux reconciliation overrides specifically for the Kyverno Package
- flux:
- install:
- crds: CreateReplace
- upgrade:
- crds: CreateReplace
+ flux: {}
# -- Values to passthrough to the kyverno chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git
values: {}
@@ -361,7 +357,7 @@ logging:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
path: "./chart"
- tag: "0.2.0-bb.0"
+ tag: "0.3.0-bb.0"
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
@@ -532,7 +528,7 @@ twistlock:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
path: "./chart"
- tag: "0.0.12-bb.0"
+ tag: "0.1.0-bb.0"
# -- Flux reconciliation overrides specifically for the Twistlock Package
flux: {}
diff --git a/docs/guides/using_bigbang/image_pull_policy.md b/docs/guides/using_bigbang/image_pull_policy.md
index 1485f85466de32bb7733ffabadac5dd0452ed383..fad18de57f58f766fc318cb080e841cb2a54172f 100644
--- a/docs/guides/using_bigbang/image_pull_policy.md
+++ b/docs/guides/using_bigbang/image_pull_policy.md
@@ -21,6 +21,7 @@ We have also documented the package overrides required if you want to set a sing
| Fluentbit | `Always` | <pre lang="yaml">fluentbit:<br> values:<br> image:<br> pullPolicy: IfNotPresent</pre> |
| Monitoring | Varies | <pre lang="yaml">monitoring:<br> values: <br> kube-state-metrics:<br> image:<br> pullPolicy: IfNotPresent<br> grafana:<br> image:<br> pullPolicy: IfNotPresent<br> sidecar:<br> imagePullPolicy: IfNotPresent<br> prometheus-node-exporter:<br> image:<br> pullPolicy: IfNotPresent<br> prometheusOperator:<br> image:<br> pullPolicy: IfNotPresent<br> admissionWebhooks:<br> cleanupProxy:<br> image:<br> pullPolicy: IfNotPresent<br> patch: <br> image:<br> pullPolicy: IfNotPresent<br> prometheus:<br> prometheusSpec:<br> containers:<br> - name: "prometheus"<br> imagePullPolicy: IfNotPresent<br> - name: "config-reloader"<br> imagePullPolicy: IfNotPresent<br> alertmanager:<br> alertmanagerSpec:<br> containers:<br> - name: "alertmanager"<br> imagePullPolicy: IfNotPresent<br> - name: "config-reloader"<br> imagePullPolicy: IfNotPresent</pre> |
| Twistlock | `IfNotPresent` | <pre lang="yaml">twistlock:<br> values:<br> console:<br> image:<br> imagePullPolicy: IfNotPresent</pre> |
+| Promtail | `IfNotPresent` | <pre lang="yaml">promtail:<br> values:<br> init:<br> image:<br> pullPolicy: IfNotPresent<br> image:<br> pullPolicy: IfNotPresent</pre> |
| ArgoCD | Varies | <pre lang="yaml">addons:<br> argocd:<br> values:<br> global:<br> image:<br> imagePullPolicy: IfNotPresent<br> controller:<br> image:<br> imagePullPolicy: IfNotPresent<br> dex:<br> image:<br> imagePullPolicy: IfNotPresent<br> redis-bb:<br> image:<br> pullPolicy: IfNotPresent<br> server:<br> image:<br> imagePullPolicy: IfNotPresent<br> repoServer:<br> image:<br> imagePullPolicy: IfNotPresent</pre> |
| Authservice | `IfNotPresent` | <pre lang="yaml">addons:<br> authservice:<br> values:<br> image:<br> pullPolicy: IfNotPresent</pre> |
| MinIO Operator | `IfNotPresent` | <pre lang="yaml">addons:<br> minioOperator:<br> values:<br> operator:<br> image:<br> pullPolicy: IfNotPresent</pre> |
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 5da9ac6c064a0d7bf0b7f75d3f46004bfc219a7d..2d91cd688578bf01191ec92d3153995a70fa1131 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -203,18 +203,9 @@ gatekeeper:
kyverno:
enabled: false
values:
- replicas: 1
+ replicaCount: 1
bbtests:
enabled: true
- scripts:
- image: registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1
- additionalVolumeMounts:
- - name: "{{ .Chart.Name }}-test-config"
- mountPath: /yaml
- additionalVolumes:
- - name: "{{ .Chart.Name }}-test-config"
- configMap:
- name: "{{ .Chart.Name }}-test-config"
logging:
enabled: true