Merge branch 'openshift-test-values' of https://repo1.dso.mil/big-bang/bigbang...

Merge branch 'openshift-test-values' of https://repo1.dso.mil/big-bang/bigbang into openshift-test-values

CHANGELOG.md

@@ -3,6 +3,14 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [2.27.0]
+
+- [!2.27.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.27.0); List of merge requests in this release.
+
+## [2.26.0]
+
+- [!2.26.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.26.0); List of merge requests in this release.
+
 ## [2.25.0]
 
 - [!2.25.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.25.0); List of merge requests in this release.

base/flux/kustomization.yaml

@@ -6,16 +6,16 @@ resources:
 images:
 - name: ghcr.io/fluxcd/helm-controller
   newName: registry1.dso.mil/ironbank/fluxcd/helm-controller
-  newTag: v0.37.4
+  newTag: v1.0.1
 - name: ghcr.io/fluxcd/kustomize-controller
   newName: registry1.dso.mil/ironbank/fluxcd/kustomize-controller
-  newTag: v1.2.2
+  newTag: v1.3.0
 - name: ghcr.io/fluxcd/notification-controller
   newName: registry1.dso.mil/ironbank/fluxcd/notification-controller
   newTag: v1.2.4
 - name: ghcr.io/fluxcd/source-controller
   newName: registry1.dso.mil/ironbank/fluxcd/source-controller
-  newTag: v1.2.4
+  newTag: v1.3.0
 
 patches:
   - target:

base/gitrepository.yaml

@@ -11,4 +11,4 @@ spec:
   interval: 10m
   url: https://repo1.dso.mil/big-bang/bigbang.git
   ref:
-    tag: 2.25.0
+    tag: 2.27.0

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 2.25.0
+version: 2.27.0
 description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
 
 type: application

chart/templates/anchore/helmrelease.yaml

-{{- $fluxSettingsAnchore := mergeOverwrite .Values.flux .Values.addons.anchore.flux -}}
+{{- $fluxSettingsAnchore := merge .Values.addons.anchore.flux .Values.flux -}}
 {{- if .Values.addons.anchore.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: anchore

chart/templates/argocd/helmrelease.yaml

-{{- $fluxSettingsArgo := mergeOverwrite .Values.flux .Values.addons.argocd.flux -}}
+{{- $fluxSettingsArgo := merge .Values.addons.argocd.flux .Values.flux -}}
 {{- if .Values.addons.argocd.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: argocd

chart/templates/authservice/helmrelease.yaml

-{{- $fluxSettingsAuthservice := mergeOverwrite .Values.flux .Values.addons.authservice.flux -}}
+{{- $fluxSettingsAuthservice := merge .Values.addons.authservice.flux .Values.flux -}}
 {{- if and .Values.istio.enabled (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled)) }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: authservice

chart/templates/authservice/values.yaml

-{{- if and .Values.istio.enabled (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled)) }}
+{{- if and .Values.istio.enabled (or .Values.addons.authservice.enabled (and .Values.monitoring.enabled .Values.monitoring.sso.enabled) (and .Values.jaeger.enabled .Values.jaeger.sso.enabled) (and .Values.tempo.enabled .Values.tempo.sso.enabled) (and .Values.addons.thanos.enabled .Values.addons.thanos.sso.enabled)) }}
 {{- include "values-secret" (dict "root" $ "package" .Values.addons.authservice "name" "authservice" "defaults" (include "bigbang.defaults.authservice" .)) }}
 {{- end }}
 
@@ -135,6 +135,27 @@ chains:
     {{- end }}
   {{- end }}
 
+  {{- if and .Values.addons.thanos.enabled .Values.addons.thanos.sso.enabled }}
+  thanos:
+    match:
+      header: ":authority"
+    {{- $thanosHosts := (dig "istio" "thanos" "hosts" dict .Values.addons.thanos.values) }}
+    {{- if $thanosHosts }}
+      prefix: {{ tpl ($thanosHosts | first) $ }}
+    callback_uri: https://{{ tpl ($thanosHosts | first) $ }}/login/generic_oauth
+    {{- else }}
+      prefix: {{ printf "thanos.%s" $domainName }}
+    callback_uri: https://thanos.{{ $domainName }}/login/generic_oauth
+    {{- end }}
+    client_id: "{{ .Values.addons.thanos.sso.client_id }}"
+    client_secret: "{{ .Values.addons.thanos.sso.client_secret }}"
+    {{- if not $legacy }}
+    authorization_uri: {{ include "sso.oidc.auth" . }}
+    token_uri: {{ include "sso.oidc.token" . }}
+    logout_redirect_uri: {{ include "sso.oidc.endsession" . }}
+    {{- end }}
+  {{- end }}
+
   {{- if and .Values.tempo.enabled .Values.tempo.sso.enabled }}
   tempo:
     match:

chart/templates/cluster-auditor/helmrelease.yaml

-{{- $fluxSettingsClusterAuditor := mergeOverwrite .Values.flux .Values.clusterAuditor.flux -}}
+{{- $fluxSettingsClusterAuditor := merge .Values.clusterAuditor.flux .Values.flux -}}
 {{- if .Values.clusterAuditor.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: cluster-auditor

chart/templates/eck-operator/helmrelease.yaml

-{{- $fluxSettingsEckOperator := mergeOverwrite .Values.flux .Values.eckOperator.flux -}}
+{{- $fluxSettingsEckOperator := merge .Values.eckOperator.flux .Values.flux -}}
 {{- if or .Values.eckOperator.enabled .Values.elasticsearchKibana.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: eck-operator

chart/templates/elasticsearch-kibana/helmrelease.yaml

-{{- $fluxSettingsEk := mergeOverwrite .Values.flux .Values.elasticsearchKibana.flux -}}
+{{- $fluxSettingsEk := merge .Values.elasticsearchKibana.flux .Values.flux -}}
 {{- if .Values.elasticsearchKibana.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: ek

chart/templates/fluentbit/helmrelease.yaml

-{{- $fluxSettingsFluentbit := mergeOverwrite .Values.flux .Values.fluentbit.flux -}}
+{{- $fluxSettingsFluentbit := merge .Values.fluentbit.flux .Values.flux -}}
 {{- if .Values.fluentbit.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: fluentbit

chart/templates/fortify/helmrelease.yaml

 {{- $pkg := "fortify" }}
-{{- $fluxSettingsFortify := mergeOverwrite .Values.flux (get .Values.addons $pkg).flux -}}
+{{- $fluxSettingsFortify := merge .Values.addons.fortify.flux .Values.flux -}}
 {{- if (get .Values.addons $pkg).enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: {{ $pkg }}

chart/templates/gatekeeper/helmrelease.yaml

-{{- $fluxSettingsGatekeeper := mergeOverwrite .Values.flux .Values.gatekeeper.flux -}}
+{{- $fluxSettingsGatekeeper := merge .Values.gatekeeper.flux .Values.flux -}}
 {{- if or .Values.gatekeeper.enabled .Values.clusterAuditor.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: gatekeeper

chart/templates/gitlab-runner/helmrelease.yaml

-{{- $fluxSettingsGitlabRunner := mergeOverwrite .Values.flux .Values.addons.gitlabRunner.flux -}}
+{{- $fluxSettingsGitlabRunner := merge .Values.addons.gitlabRunner.flux .Values.flux -}}
 {{- if .Values.addons.gitlabRunner.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: gitlab-runner

chart/templates/gitlab-runner/values.yaml

@@ -16,6 +16,7 @@ istio:
 
 networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
+  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
 
 # no longer necessary to directly pass through .Values.monitoring.enabled
 # the package chart uses: .Capabilities.APIVersions.Has "monitoring.coreos.com/v1" to toggle monitoring

chart/templates/gitlab/helmrelease.yaml

-{{- $fluxSettingsGitlab := mergeOverwrite .Values.flux .Values.addons.gitlab.flux -}}
+{{- $fluxSettingsGitlab := merge .Values.addons.gitlab.flux .Values.flux -}}
 {{- if .Values.addons.gitlab.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: gitlab

chart/templates/gitlab/values.yaml

@@ -25,6 +25,11 @@ istio:
     gateways:
     - istio-system/{{ default "public" .Values.addons.gitlab.ingress.gateway }}
 
+# Used for istio SSO serviceEntry
+sso:
+  enabled: {{ .Values.addons.gitlab.sso.enabled }}
+  host: {{ include "sso.host" . }}
+
 monitoring:
   enabled: {{ .Values.monitoring.enabled }}
 

chart/templates/grafana/helmrelease.yaml

-{{- $fluxSettingsMonitoring := mergeOverwrite .Values.flux .Values.grafana.flux -}}
+{{- $fluxSettingsMonitoring := merge .Values.grafana.flux .Values.flux -}}
 {{- if .Values.grafana.enabled }}
-apiVersion: helm.toolkit.fluxcd.io/v2beta2
+apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
   name: grafana