Add Fortify Charts To BB Main Repo

chart/templates/fortify/gitrepository.yaml

+{{- $pkg := "fortify" }}
+{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: {{ $pkg }}
+  namespace: {{ .Release.Namespace }}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ (get .Values.addons $pkg).git.repo }}
+  ref:
+    {{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}

chart/templates/fortify/helmrelease.yaml

+{{- $pkg := "fortify" }}
+{{- $fluxSettingsFortify := merge (get .Values.addons $pkg).flux .Values.flux -}}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: {{ $pkg }}
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: {{ $pkg }}
+    {{- include "commonLabels" . | nindent 4}}
+  annotations:
+    checksum/bigbang-values: {{ include (print $.Template.BasePath "/fortify/values.yaml") . | sha256sum }}
+spec:
+  releaseName: {{ $pkg }}
+  targetNamespace: {{ $pkg }}
+  chart:
+    spec:
+      {{- if eq (get .Values.addons $pkg).sourceType "git" }}
+      chart: {{ (get .Values.addons $pkg).git.path }}
+      sourceRef:
+        kind: GitRepository
+        name: fortify
+        namespace: {{ .Release.Namespace }}
+      {{- else }}
+      chart: {{ (get .Values.addons $pkg).helmRepo.chartName }}
+      version: {{ (get .Values.addons $pkg).helmRepo.tag }}
+      sourceRef:
+        kind: HelmRepository
+        name: {{ (get .Values.addons $pkg).helmRepo.repoName }}
+        namespace: {{ .Release.Namespace }}
+      {{- end }}
+      interval: 5m
+
+  {{- toYaml $fluxSettingsFortify | nindent 2 }}
+
+  {{- if (get .Values.addons $pkg).postRenderers }}
+  postRenderers:
+  {{ toYaml (get .Values.addons $pkg).postRenderers | nindent 4 }}
+  {{- end }}
+  valuesFrom:
+    - name: {{ .Release.Name }}-{{ $pkg }}-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-{{ $pkg }}-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-{{ $pkg }}-values
+      kind: Secret
+      valuesKey: "overlays"
+
+  {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled }}
+  dependsOn:
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.kyvernoPolicies.enabled }}
+    - name: kyverno-policies
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}
\ No newline at end of file

chart/templates/fortify/imagepullsecret.yaml

+{{- $pkg := "fortify" }}
+{{- if and (get .Values.addons $pkg).enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: {{ $pkg }}
+  labels:
+    app.kubernetes.io/name: {{ $pkg }}
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}

chart/templates/fortify/namespace.yaml

+{{- $pkg := "fortify" }}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: {{ $pkg }}
+  labels:
+    {{- if .Values.istio.enabled }}
+    istio-injection: enabled
+    {{- end }}
+    app.kubernetes.io/name: {{ $pkg }}
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file

chart/templates/fortify/values.yaml

+{{- $pkg := "fortify" }}
+
+{{- /* Create secret */ -}}
+{{- if (get .Values.addons $pkg).enabled }}
+{{- include "values-secret" (dict "root" $ "package" (get .Values.addons $pkg) "name" $pkg "defaults" (include (printf "bigbang.defaults.%s" $pkg) .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.fortify" -}}
+
+imagePullSecrets:
+- name: private-registry
+imagePullPolicy: {{ .Values.imagePullPolicy }}
+
+externalURL: https://fortify.{{ .Values.domain }}
+
+domain: {{ .Values.domain }}
+
+istio:
+  enabled: {{ .Values.istio.enabled }}
+  fortify:
+    gateways:
+    - istio-system/{{ default "public" .Values.addons.fortify.ingress.gateway }}
+
+networkPolicies:
+  enabled: {{ .Values.networkPolicies.enabled }}
+  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+  ingressLabels:
+    {{- $gateway := default "public" .Values.addons.fortify.ingress.gateway }}
+    {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
+    {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
+
+monitoring:
+  enabled: {{ .Values.monitoring.enabled }}
+
+sso:
+  enabled: {{ default "false" .Values.addons.fortify.sso.enabled }}
+
+{{- end }}

chart/values.schema.json

@@ -957,6 +957,13 @@
             }
           ]
         },
+        "fortify": {
+          "allOf": [
+            {
+              "$ref": "#/$defs/basePackage"
+            }
+          ]
+        },
         "haproxy": {
           "type": "object",
           "required": [

chart/values.yaml

@@ -1413,6 +1413,35 @@ addons:
     # -- Post Renderers.  See docs/postrenders.md
     postRenderers: []
 
+  fortify:
+    # -- Toggle deployment of Fortify.
+    enabled: false
+
+    # -- Choose source type of "git" or "helmRepo"
+    sourceType: "git"
+
+    git:
+      repo: https://repo1.dso.mil/big-bang/apps/third-party/fortify.git
+      path: "./chart"
+      tag: "0.2.0-bb.11"
+    helmRepo:
+      repoName: "registry1"
+      chartName: "fortify"
+      tag: "0.2.0-bb.11"
+
+    # -- Flux reconciliation overrides specifically for the Fortify Package
+    flux: {}
+
+    # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
+    ingress:
+      gateway: ""
+
+    # -- Values to passthrough to the fortify chart: https://repo1.dso.mil/big-bang/apps/third-party/fortify.git
+    values: {}
+
+    # -- Post Renderers.  See docs/postrenders.md
+    postRenderers: []
+
   # ----------------------------------------------------------------------------------------------------------------------
   # Deployment of HAProxy is automatically toggled depending on Monitoring SSO and Monitoring Istio Injection
   #

docs/packages.md

@@ -59,6 +59,7 @@
 | [Nexus](https://repo1.dso.mil/big-bang/apps/developer-tools/nexus) |  ![Nexus](https://repo1.dso.mil/big-bang/apps/developer-tools/nexus/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/544) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1605) |
 | [Sonarqube](https://repo1.dso.mil/big-bang/apps/developer-tools/sonarqube) |  ![Sonarqube](https://repo1.dso.mil/big-bang/apps/developer-tools/sonarqube/badges/main/pipeline.svg) | N/A | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/503) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1508) |
 | [Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor) |  ![Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor/badges/main/pipeline.svg) | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/2939) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/2939) |
+| [Fortify](https://repo1.dso.mil/big-bang/apps/third-party/fortify) |  ![Fortify](https://repo1.dso.mil/big-bang/apps/third-party/fortify/badges/main/pipeline.svg) | [N/A](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/issues/33) | Yes | [Yes](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/merge_requests/51) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/merge_requests/52) |
 
 > `*` inherited from Gitlab when installed in the same namespace.
 

tests/test-values.yaml

@@ -954,6 +954,15 @@ addons:
           persistence:
             size: 256Mi
 
+  fortify:
+    enabled: false
+    flux:
+      timeout: 5m
+    ingress:
+      gateway: ""
+    sso:
+      enabled: false
+
   gitlab:
     enabled: false
     sso:
@@ -1463,6 +1472,7 @@ addons:
         scripts:
           envs:
             docker_host: "containers.bigbang.dev"
+
   velero:
     enabled: false
     plugins: