Merge branch 'release-1.1' into 'master'

release 1.1.1

See merge request platform-one/big-bang/bigbang!268

chart/templates/NOTES.txt

@@ -115,3 +115,13 @@ PLATFORM ONE ANCHORE WARNING:
   Your SSO configuration will be ignored, the Anchore UI is only available for enterprise deployments.
 {{- end }}
 {{- end }}
+
+{{- if and $.Values.eckoperator.enabled $.Values.logging.enabled }}
+  {{- if $.Values.logging.sso.enabled }}
+    {{- if and (not $.Values.logging.license.trial) (not $.Values.logging.license.keyJSON) }}
+PLATFORM ONE LOGGING WARNING:
+  You have enabled SSO but not provided an enterprise license configuration to use. SSO is not functional without a license.
+  Edit the values for the eck-operator to specify a license key JSON or use the trial license for development.
+    {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/logging/eck-operator/eck-operator-helmrelease.yaml

@@ -42,6 +42,10 @@ spec:
       valuesKey: "eckoperator.yaml"
 
   values:
+    license:
+      trial: {{ .Values.logging.license.trial }}
+      keyJSON: |
+        {{ .Values.logging.license.keyJSON | nindent 8 }}
     podAnnotations:
       sidecar.istio.io/inject: "true"
       traffic.sidecar.istio.io/includeInboundPorts: "*"

chart/templates/logging/elasticsearch-kibana/ek-helmrelease.yaml

@@ -45,6 +45,15 @@ spec:
     hostname: {{ .Values.hostname }}
     istio:
       enabled: {{ .Values.istio.enabled }}
+    {{- if .Values.logging.sso.enabled }}
+    sso:
+      enabled: {{ .Values.logging.sso.enabled }}
+      client_id: {{ .Values.logging.sso.client_id }}
+      client_secret: {{ .Values.logging.sso.client_secret }}
+      oidc:
+        host: {{ .Values.sso.oidc.host }}
+        realm: {{ .Values.sso.oidc.realm }}
+    {{- end }}
     kibana:
       version: 7.9.2
       imagePullSecrets:

chart/templates/logging/elasticsearch-kibana/namespace.yaml

 {{- if or .Values.logging.enabled .Values.clusterAuditor.enabled }}
+{{- /* Default to istio being turned on, but disable if user sets istio to disable in the custom passthrough values.
+We have to do it this way because ownership of "istio.enabled" is owned by the chart but also BigBang.  Sourcing values from the passthrough values also means
+  we get to simplify the api space of BigBang just a little bit more.
+*/ -}}
+{{- $istio := .Values.logging.values.istio | default dict }}
+{{- $istioInjection := "enabled" }}
+{{- if and (hasKey $istio "enabled") (not $istio.enabled) }}
+{{- $istioInjection = "disabled" }}
+{{- end }}
 ---
 apiVersion: v1
 kind: Namespace
@@ -8,6 +17,7 @@ metadata:
     app.kubernetes.io/name: logging
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
+    istio-injection: {{ $istioInjection }}
 ---
 {{- if ( include "imagePullSecret" . ) }}
 apiVersion: v1

chart/values.yaml

@@ -165,6 +165,24 @@ logging:
     path: "./chart"
     tag: "0.1.4-bb.3"
 
+  sso:
+    # -- Toggle OIDC SSO for Kibana/Elasticsearch on and off.
+    # Enabling this option will auto-create any required secrets.
+    enabled: false
+
+    # -- Elasticsearch/Kibana OIDC client ID
+    client_id: ""
+
+    # -- Elasticsearch/Kibana OIDC client secret
+    client_secret: ""
+
+  license:
+    # -- Toggle trial license installation of elasticsearch.  Note that enterprise (non trial) is required for SSO to work.
+    trial: false
+
+    # -- Elasticsearch license in json format seen here: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana#enterprise-license
+    keyJSON: ""
+
   # -- Values to passthrough to the elasticsearch-kibana chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
   values: {}
 
@@ -174,9 +192,7 @@ eckoperator:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
     path: "./chart"
-    tag: "1.3.0-bb.3"
-
-  # -- Values to passthrough to the eck-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
+    tag: "1.3.0-bb.4"
   values: {}
 
 fluentbit: