diff --git a/chart/templates/fortify/gitrepository.yaml b/chart/templates/fortify/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..c4e5d87d65d705805b49eb9880af979acf438976
--- /dev/null
+++ b/chart/templates/fortify/gitrepository.yaml
@@ -0,0 +1,15 @@
+{{- $pkg := "fortify" }}
+{{- if and (eq (get .Values.addons $pkg).sourceType "git") (not .Values.offline) (get .Values.addons $pkg).enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+ name: {{ $pkg }}
+ namespace: {{ .Release.Namespace }}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ (get .Values.addons $pkg).git.repo }}
+ ref:
+ {{- include "validRef" (get .Values.addons $pkg).git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/fortify/helmrelease.yaml b/chart/templates/fortify/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b57b45e7be98fb5c63e0cde925924afdb9edecd7
--- /dev/null
+++ b/chart/templates/fortify/helmrelease.yaml
@@ -0,0 +1,63 @@
+{{- $pkg := "fortify" }}
+{{- $fluxSettingsFortify := merge (get .Values.addons $pkg).flux .Values.flux -}}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: {{ $pkg }}
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: {{ $pkg }}
+ {{- include "commonLabels" . | nindent 4}}
+ annotations:
+ checksum/bigbang-values: {{ include (print $.Template.BasePath "/fortify/values.yaml") . | sha256sum }}
+spec:
+ releaseName: {{ $pkg }}
+ targetNamespace: {{ $pkg }}
+ chart:
+ spec:
+ {{- if eq (get .Values.addons $pkg).sourceType "git" }}
+ chart: {{ (get .Values.addons $pkg).git.path }}
+ sourceRef:
+ kind: GitRepository
+ name: fortify
+ namespace: {{ .Release.Namespace }}
+ {{- else }}
+ chart: {{ (get .Values.addons $pkg).helmRepo.chartName }}
+ version: {{ (get .Values.addons $pkg).helmRepo.tag }}
+ sourceRef:
+ kind: HelmRepository
+ name: {{ (get .Values.addons $pkg).helmRepo.repoName }}
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ interval: 5m
+
+ {{- toYaml $fluxSettingsFortify | nindent 2 }}
+
+ {{- if (get .Values.addons $pkg).postRenderers }}
+ postRenderers:
+ {{ toYaml (get .Values.addons $pkg).postRenderers | nindent 4 }}
+ {{- end }}
+ valuesFrom:
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-{{ $pkg }}-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.kyvernoPolicies.enabled }}
+ - name: kyverno-policies
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/fortify/imagepullsecret.yaml b/chart/templates/fortify/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..7122078d76f1852f19e09f354b355107ad017324
--- /dev/null
+++ b/chart/templates/fortify/imagepullsecret.yaml
@@ -0,0 +1,14 @@
+{{- $pkg := "fortify" }}
+{{- if and (get .Values.addons $pkg).enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: {{ $pkg }}
+ labels:
+ app.kubernetes.io/name: {{ $pkg }}
+ {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
diff --git a/chart/templates/fortify/namespace.yaml b/chart/templates/fortify/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d1d918a110344d97f5a288685f020f9c0891abf6
--- /dev/null
+++ b/chart/templates/fortify/namespace.yaml
@@ -0,0 +1,14 @@
+{{- $pkg := "fortify" }}
+{{- if (get .Values.addons $pkg).enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: {{ $pkg }}
+ labels:
+ {{- if .Values.istio.enabled }}
+ istio-injection: enabled
+ {{- end }}
+ app.kubernetes.io/name: {{ $pkg }}
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/fortify/values.yaml b/chart/templates/fortify/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b1a868c0477858f91f53a5ca07d943b15b65ae7e
--- /dev/null
+++ b/chart/templates/fortify/values.yaml
@@ -0,0 +1,38 @@
+{{- $pkg := "fortify" }}
+
+{{- /* Create secret */ -}}
+{{- if (get .Values.addons $pkg).enabled }}
+{{- include "values-secret" (dict "root" $ "package" (get .Values.addons $pkg) "name" $pkg "defaults" (include (printf "bigbang.defaults.%s" $pkg) .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.fortify" -}}
+
+imagePullSecrets:
+- name: private-registry
+imagePullPolicy: {{ .Values.imagePullPolicy }}
+
+externalURL: https://fortify.{{ .Values.domain }}
+
+domain: {{ .Values.domain }}
+
+istio:
+ enabled: {{ .Values.istio.enabled }}
+ fortify:
+ gateways:
+ - istio-system/{{ default "public" .Values.addons.fortify.ingress.gateway }}
+
+networkPolicies:
+ enabled: {{ .Values.networkPolicies.enabled }}
+ controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
+ ingressLabels:
+ {{- $gateway := default "public" .Values.addons.fortify.ingress.gateway }}
+ {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
+ {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
+
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+
+sso:
+ enabled: {{ default "false" .Values.addons.fortify.sso.enabled }}
+
+{{- end }}
diff --git a/chart/values.schema.json b/chart/values.schema.json
index 7325844369fded8a92965fde0f729da175dae5aa..a36f07ef2492e8f9dfe647065d0961bb086823cf 100644
--- a/chart/values.schema.json
+++ b/chart/values.schema.json
@@ -957,6 +957,13 @@
}
]
},
+ "fortify": {
+ "allOf": [
+ {
+ "$ref": "#/$defs/basePackage"
+ }
+ ]
+ },
"haproxy": {
"type": "object",
"required": [
diff --git a/chart/values.yaml b/chart/values.yaml
index 40c6b313a526afc14cfc83c5d2300f49d3446a4d..3ed4d0db9e4480a418653d63598790ce2b770e98 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1413,6 +1413,35 @@ addons:
# -- Post Renderers. See docs/postrenders.md
postRenderers: []
+ fortify:
+ # -- Toggle deployment of Fortify.
+ enabled: false
+
+ # -- Choose source type of "git" or "helmRepo"
+ sourceType: "git"
+
+ git:
+ repo: https://repo1.dso.mil/big-bang/apps/third-party/fortify.git
+ path: "./chart"
+ tag: "0.2.0-bb.11"
+ helmRepo:
+ repoName: "registry1"
+ chartName: "fortify"
+ tag: "0.2.0-bb.11"
+
+ # -- Flux reconciliation overrides specifically for the Fortify Package
+ flux: {}
+
+ # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
+ ingress:
+ gateway: ""
+
+ # -- Values to passthrough to the fortify chart: https://repo1.dso.mil/big-bang/apps/third-party/fortify.git
+ values: {}
+
+ # -- Post Renderers. See docs/postrenders.md
+ postRenderers: []
+
# ----------------------------------------------------------------------------------------------------------------------
# Deployment of HAProxy is automatically toggled depending on Monitoring SSO and Monitoring Istio Injection
#
diff --git a/docs/packages.md b/docs/packages.md
index 7a9d36403e39352f017c6ca2d17bca1eceb047cc..5e332a982c4f54ae9b089d1ecc2ae1ca0e36a567 100644
--- a/docs/packages.md
+++ b/docs/packages.md
@@ -59,6 +59,7 @@
| [Nexus](https://repo1.dso.mil/big-bang/apps/developer-tools/nexus) |  | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/544) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1605) |
| [Sonarqube](https://repo1.dso.mil/big-bang/apps/developer-tools/sonarqube) |  | N/A | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/503) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/1508) |
| [Harbor](https://repo1.dso.mil/big-bang/product/packages/harbor) |  | Yes | Yes | [Yes](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/2939) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests/2939) |
+| [Fortify](https://repo1.dso.mil/big-bang/apps/third-party/fortify) |  | [N/A](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/issues/33) | Yes | [Yes](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/merge_requests/51) | [Yes (STRICT)](https://repo1.dso.mil/big-bang/apps/third-party/fortify/-/merge_requests/52) |
> `*` inherited from Gitlab when installed in the same namespace.
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index 27e0f3ce1b3fbc13f03bdc6bb141a826a904849b..bdebb003c60788b3d4cc3ef2117a3a5029b18ac1 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -954,6 +954,15 @@ addons:
persistence:
size: 256Mi
+ fortify:
+ enabled: false
+ flux:
+ timeout: 5m
+ ingress:
+ gateway: ""
+ sso:
+ enabled: false
+
gitlab:
enabled: false
sso:
@@ -1463,6 +1472,7 @@ addons:
scripts:
envs:
docker_host: "containers.bigbang.dev"
+
velero:
enabled: false
plugins: