diff --git a/chart/dev-sso-values.yaml b/chart/dev-sso-values.yaml
index 1797c428eaca11ba38666dba648e4e847c568a2d..673db530e0583b5a89a4bd610843d0ffd367435c 100644
--- a/chart/dev-sso-values.yaml
+++ b/chart/dev-sso-values.yaml
@@ -3,13 +3,16 @@
sso:
certificate_authority: '-----BEGIN CERTIFICATE-----\nMIIH0zCCBrugAwIBAgIQHeg1retyhPnWuzryBJeBvTANBgkqhkiG9w0BAQsFADCB\nujELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsT\nH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAy\nMDEyIEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEuMCwG\nA1UEAxMlRW50cnVzdCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eSAtIEwxSzAeFw0y\nMDEyMTUwMzE1MDJaFw0yMjAxMTQwMzE1MDJaMHMxCzAJBgNVBAYTAlVTMREwDwYD\nVQQIEwhDb2xvcmFkbzEZMBcGA1UEBxMQQ29sb3JhZG8gU3ByaW5nczEeMBwGA1UE\nChMVRGVwYXJ0bWVudCBvZiBEZWZlbnNlMRYwFAYDVQQDEw1sb2dpbi5kc28ubWls\nMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAymUXk7STDlepS5HJu0ca\nB57S5dfLp7zxYmcsGjo10YkHy3m9LASQCTyiioDrlwo2b+n8oZ7esGLv3RgggMwf\nxvLVyx1+lZDswxdQoXmjArTdbqpcSoq3Y1rvVp33/jGb3slBjQtcMt2QvaFv3fxy\ncwwINvJFEqsQS7zGUgpolJ3smKdcVpUSGZmzpYposuDlPUGeOJaQRMAACW5arWiT\nVkDhJD+OVOYEHW8uCQfghD3JJXu6Xp9SwlWe6UNOdxo9cq3s/XE4ZwEgffdLXP2A\nwuJF/7B7CFdZjIMptmOODyCeatC344iyubU0MiGCOm4W4wn0pQ0XJtAzWeYFKATL\n9BquNOzPUR6pMSFMvIEiS96zbVFuOYt2XKgPryWEYji3Oky082WWYOcXt0NnqnCj\nSafVU+2fQi4jQ0att5YXagEEPz83lQZdSKb2+grDeFg78VrEZAe+Y0mVu4/G93he\nUOqfZ9jdCnFXq8sEMG9bJJFKeOXkb1Da8Y0amfOw4hFd4UslrbvC5ZCUZNh6roOk\n8kast9QWtWFIGPC3f+Uq3gvx3GBHzIG9QPOq1CjSSAF3tWKuMTxK4zaS33mriJo0\nDv1CMX3FCmjT/qG3422guBL02hbGHveDSWk0/saY7ZWFifxnvKEdOi4ItnpMuQhE\nzx6/+t7FWuzBTPAeVqV1l2sCAwEAAaOCAxkwggMVMAwGA1UdEwEB/wQCMAAwHQYD\nVR0OBBYEFCLwpnkje7QKLWok+nWIeBEnIGfmMB8GA1UdIwQYMBaAFIKicHTdvFM/\nz3vU981/p2DGCky/MGgGCCsGAQUFBwEBBFwwWjAjBggrBgEFBQcwAYYXaHR0cDov\nL29jc3AuZW50cnVzdC5uZXQwMwYIKwYBBQUHMAKGJ2h0dHA6Ly9haWEuZW50cnVz\ndC5uZXQvbDFrLWNoYWluMjU2LmNlcjAzBgNVHR8ELDAqMCigJqAkhiJodHRwOi8v\nY3JsLmVudHJ1c3QubmV0L2xldmVsMWsuY3JsMCcGA1UdEQQgMB6CDWxvZ2luLmRz\nby5taWyCDWxvZ2luLmRzb3AuaW8wDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQG\nCCsGAQUFBwMBBggrBgEFBQcDAjBMBgNVHSAERTBDMDcGCmCGSAGG+mwKAQUwKTAn\nBggrBgEFBQcCARYbaHR0cHM6Ly93d3cuZW50cnVzdC5uZXQvcnBhMAgGBmeBDAEC\nAjCCAX4GCisGAQQB1nkCBAIEggFuBIIBagFoAHUAVhQGmi/XwuzT9eG9RLI+x0Z2\nubyZEVzA75SYVdaJ0N0AAAF2ZGTpIwAABAMARjBEAiAK+W9ukx92DJPFV87LexEg\n/qDFTjtkiLh/z+mLmDtOwQIgUD4YrMuo22sV9MeJ8JmzraCQVdUUIprw4K4HN+eO\n6W0AdwDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47EsAgRFwqcwAAAXZkZOlKAAAE\nAwBIMEYCIQDRpvbR/GroWSGlCIh1q0RUITb8RfI4skqqBa/FeU811AIhAPlRY4lv\nDC2u9MFSEiCVeaFYJRU0xvAwmHQMtrl+IE4iAHYARqVV63X6kSAwtaKJafTzfREs\nQXS+/Um4havy/HD+bUcAAAF2ZGTrYAAABAMARzBFAiEAifP8Y0nXFBykaTyzpWpv\nE3FDi8NCQeJFRMJqD7loTjMCIHVDio7r+zANTbIdRLRRzHoNzo//xfJ0JUqejNRA\naCpZMA0GCSqGSIb3DQEBCwUAA4IBAQB/wtYjDQiPLe99tZq98IyxOSJCli2mtlV9\ngSC67aj4rgW6g+C8P1bSoB5PamMq6rON5q0SXL3CQiQ7vegxCQnleDh0LWeKPFS2\njjSIl3CvrYfBlNBzw4H1uAa/yw+enr0So8oX8kdSTBFGnU4KoK646lFZRXSifFIU\nzzQ9QYYedmiP0iKs5LDYGAOsB/w/O94+zv6qGKXA1fVzBXAD54MddqGk9mHZTSyL\n6nsSTx4r8vCGQir7d2QuIGLD48zaYQz0TFcGKnBV3/9CB27RxJkRdMwUbMvNdp3C\nV+C2+jdR8xA/0qCnvSxHc1lTZgXxVkcu/wpqIBn3af5Ha8ddd0DU\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFDjCCA/agAwIBAgIMDulMwwAAAABR03eFMA0GCSqGSIb3DQEBCwUAMIG+MQsw\nCQYDVQQGEwJVUzEWMBQGA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2Vl\nIHd3dy5lbnRydXN0Lm5ldC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMDkg\nRW50cnVzdCwgSW5jLiAtIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MTIwMAYDVQQD\nEylFbnRydXN0IFJvb3QgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkgLSBHMjAeFw0x\nNTEwMDUxOTEzNTZaFw0zMDEyMDUxOTQzNTZaMIG6MQswCQYDVQQGEwJVUzEWMBQG\nA1UEChMNRW50cnVzdCwgSW5jLjEoMCYGA1UECxMfU2VlIHd3dy5lbnRydXN0Lm5l\ndC9sZWdhbC10ZXJtczE5MDcGA1UECxMwKGMpIDIwMTIgRW50cnVzdCwgSW5jLiAt\nIGZvciBhdXRob3JpemVkIHVzZSBvbmx5MS4wLAYDVQQDEyVFbnRydXN0IENlcnRp\nZmljYXRpb24gQXV0aG9yaXR5IC0gTDFLMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A\nMIIBCgKCAQEA2j+W0E25L0Tn2zlem1DuXKVh2kFnUwmqAJqOV38pa9vH4SEkqjrQ\njUcj0u1yFvCRIdJdt7hLqIOPt5EyaM/OJZMssn2XyP7BtBe6CZ4DkJN7fEmDImiK\nm95HwzGYei59QAvS7z7Tsoyqj0ip/wDoKVgG97aTWpRzJiatWA7lQrjV6nN5ZGhT\nJbiEz5R6rgZFDKNrTdDGvuoYpDbwkrK6HIiPOlJ/915tgxyd8B/lw9bdpXiSPbBt\nLOrJz5RBGXFEaLpHPATpXbo+8DX3Fbae8i4VHj9HyMg4p3NFXU2wO7GOFyk36t0F\nASK7lDYqjVs1/lMZLwhGwSqzGmIdTivZGwIDAQABo4IBDDCCAQgwDgYDVR0PAQH/\nBAQDAgEGMBIGA1UdEwEB/wQIMAYBAf8CAQAwMwYIKwYBBQUHAQEEJzAlMCMGCCsG\nAQUFBzABhhdodHRwOi8vb2NzcC5lbnRydXN0Lm5ldDAwBgNVHR8EKTAnMCWgI6Ah\nhh9odHRwOi8vY3JsLmVudHJ1c3QubmV0L2cyY2EuY3JsMDsGA1UdIAQ0MDIwMAYE\nVR0gADAoMCYGCCsGAQUFBwIBFhpodHRwOi8vd3d3LmVudHJ1c3QubmV0L3JwYTAd\nBgNVHQ4EFgQUgqJwdN28Uz/Pe9T3zX+nYMYKTL8wHwYDVR0jBBgwFoAUanImetAe\n733nO2lR1GyNn5ASZqswDQYJKoZIhvcNAQELBQADggEBADnVjpiDYcgsY9NwHRkw\ny/YJrMxp1cncN0HyMg/vdMNY9ngnCTQIlZIv19+4o/0OgemknNM/TWgrFTEKFcxS\nBJPok1DD2bHi4Wi3Ogl08TRYCj93mEC45mj/XeTIRsXsgdfJghhcg85x2Ly/rJkC\nk9uUmITSnKa1/ly78EqvIazCP0kkZ9Yujs+szGQVGHLlbHfTUqi53Y2sAEo1GdRv\nc6N172tkw+CNgxKhiucOhk3YtCAbvmqljEtoZuMrx1gL+1YQ1JH7HdMxWBCMRON1\nexCdtTix9qrKgWRs6PLigVWXUX/hwidQosk8WwBD9lu51aX8/wdQQGcHsFXwt35u\nLcw=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIEPjCCAyagAwIBAgIESlOMKDANBgkqhkiG9w0BAQsFADCBvjELMAkGA1UEBhMC\nVVMxFjAUBgNVBAoTDUVudHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50\ncnVzdC5uZXQvbGVnYWwtdGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3Qs\nIEluYy4gLSBmb3IgYXV0aG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVz\ndCBSb290IENlcnRpZmljYXRpb24gQXV0aG9yaXR5IC0gRzIwHhcNMDkwNzA3MTcy\nNTU0WhcNMzAxMjA3MTc1NTU0WjCBvjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUVu\ndHJ1c3QsIEluYy4xKDAmBgNVBAsTH1NlZSB3d3cuZW50cnVzdC5uZXQvbGVnYWwt\ndGVybXMxOTA3BgNVBAsTMChjKSAyMDA5IEVudHJ1c3QsIEluYy4gLSBmb3IgYXV0\naG9yaXplZCB1c2Ugb25seTEyMDAGA1UEAxMpRW50cnVzdCBSb290IENlcnRpZmlj\nYXRpb24gQXV0aG9yaXR5IC0gRzIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC6hLZy254Ma+KZ6TABp3bqMriVQRrJ2mFOWHLP/vaCeb9zYQYKpSfYs1/T\nRU4cctZOMvJyig/3gxnQaoCAAEUesMfnmr8SVycco2gvCoe9amsOXmXzHHfV1IWN\ncCG0szLni6LVhjkCsbjSR87kyUnEO6fe+1R9V77w6G7CebI6C1XiUJgWMhNcL3hW\nwcKUs/Ja5CeanyTXxuzQmyWC48zCxEXFjJd6BmsqEZ+pCm5IO2/b1BEZQvePB7/1\nU1+cPvQXLOZprE4yTGJ36rfo5bs0vBmLrpxR57d+tVOxMyLlbc9wPBr64ptntoP0\njaWvYkxN4FisZDQSA/i2jZRjJKRxAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAP\nBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRqciZ60B7vfec7aVHUbI2fkBJmqzAN\nBgkqhkiG9w0BAQsFAAOCAQEAeZ8dlsa2eT8ijYfThwMEYGprmi5ZiXMRrEPR9RP/\njTkrwPK9T3CMqS/qF8QLVJ7UG5aYMzyorWKiAHarWWluBh1+xLlEjZivEtRh2woZ\nRkfz6/djwUAFQKXSt/S1mja/qYh2iARVBCuch38aNzx+LaUa2NSJXsq9rD1s2G2v\n1fN2D807iDginWyTmsQ9v4IbZT+mD12q/OWyFcq1rca8PdCE6OoGcrBNOTJ4vz4R\nnAuknZoh8/CbCzB428Hch0P+vGOaysXCHMnHjf87ElgI5rY97HosTvuDls4MPGmH\nVHOkc8KT/1EQrBVUAdj8BbGJoX90g5pJ19xOe4pIb4tF9g==\n-----END CERTIFICATE-----'
-istio:
+kiali:
sso:
enabled: true
- kiali:
- client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
- jaeger:
- client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
+
+jaeger:
+ sso:
+ enabled: true
+ client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
+
logging:
sso:
enabled: true
diff --git a/chart/templates/authservice/authservice-helmrelease.yaml b/chart/templates/authservice/authservice-helmrelease.yaml
index d84d66aba68631686d33605203177e05b1a48955..931adf647d2d55d9b82c79b15cb712c4530d17e2 100644
--- a/chart/templates/authservice/authservice-helmrelease.yaml
+++ b/chart/templates/authservice/authservice-helmrelease.yaml
@@ -1,5 +1,4 @@
-
- {{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled ( or .Values.monitoring.sso.enabled .Values.istio.sso.enabled ) ) }}
+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
diff --git a/chart/templates/authservice/gitrepository.yaml b/chart/templates/authservice/gitrepository.yaml
index b44637e0459335e848734781495fb17fe327ced7..8a581a53d056514459087f9ac4dd610bccc399ed 100644
--- a/chart/templates/authservice/gitrepository.yaml
+++ b/chart/templates/authservice/gitrepository.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
diff --git a/chart/templates/authservice/namespace.yaml b/chart/templates/authservice/namespace.yaml
index 315914978104d995bad431b89a834215f3bc1ca0..93f851b91efd8cc3c29c30ed4842fafe3da321c5 100644
--- a/chart/templates/authservice/namespace.yaml
+++ b/chart/templates/authservice/namespace.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
apiVersion: v1
kind: Namespace
metadata:
diff --git a/chart/templates/authservice/values.yaml b/chart/templates/authservice/values.yaml
index 6c44448c76c5f04b7285bb4c2a3f1cae710591aa..1a73d1773bc3102d6ed1b2898569d3cbd4a57765 100644
--- a/chart/templates/authservice/values.yaml
+++ b/chart/templates/authservice/values.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled ( or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled ) }}
{{- include "values-secret" (dict "root" $ "package" .Values.addons.authservice "name" "authservice" "defaults" (include "bigbang.defaults.authservice" .)) }}
{{- end }}
@@ -32,22 +32,17 @@ chains:
{{ .Values.addons.authservice.chains | toYaml | nindent 2 }}
{{- end }}
- kiali:
- match:
- header: ":authority"
- prefix: "kiali"
- client_id: {{ .Values.istio.sso.kiali.client_id }}
- client_secret: "{{ .Values.istio.sso.kiali.client_secret }}"
- callback_uri: https://kiali.{{ .Values.hostname }}/login
-
+ {{- if .Values.jaeger.sso.enabled }}
jaeger:
match:
header: ":authority"
prefix: "tracing"
- client_id: "{{ .Values.istio.sso.jaeger.client_id }}"
- client_secret: "{{ .Values.istio.sso.jaeger.client_secret }}"
+ client_id: "{{ .Values.jaeger.sso.client_id }}"
+ client_secret: "{{ .Values.jaeger.sso.client_secret }}"
callback_uri: https://tracing.{{ .Values.hostname }}/login
+ {{- end }}
+ {{- if .Values.monitoring.sso.enabled }}
prometheus:
match:
header: ":authority"
@@ -63,5 +58,5 @@ chains:
client_id: {{ .Values.monitoring.sso.alertmanager.client_id }}
client_secret: "{{ .Values.monitoring.sso.alertmanager.client_secret }}"
callback_uri: https://alertmanager.{{ .Values.hostname }}/login/generic_oauth
-
+ {{- end }}
{{- end -}}
diff --git a/chart/templates/haproxy/gitrepository.yaml b/chart/templates/haproxy/gitrepository.yaml
index 43712c95438bf9ac79174b6b004651e5ef0af751..cd713d70f883e490d5f32f3441d59249a6f22723 100644
--- a/chart/templates/haproxy/gitrepository.yaml
+++ b/chart/templates/haproxy/gitrepository.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
apiVersion: source.toolkit.fluxcd.io/v1beta1
kind: GitRepository
metadata:
diff --git a/chart/templates/haproxy/haproxy-authservice.yaml b/chart/templates/haproxy/haproxy-authservice.yaml
index dd6d4ec6460f93c8caabaabc64a5f93356dd3c34..9be9e25d386ccecc668f38884ebcde09f6673dec 100644
--- a/chart/templates/haproxy/haproxy-authservice.yaml
+++ b/chart/templates/haproxy/haproxy-authservice.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
diff --git a/chart/templates/haproxy/values.yaml b/chart/templates/haproxy/values.yaml
index 66dfc0d219bb14030f849659224c95cad5091651..7bc611087d823d4681b6bf3592306b05fc0bd88d 100644
--- a/chart/templates/haproxy/values.yaml
+++ b/chart/templates/haproxy/values.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
{{- include "values-secret" (dict "root" $ "package" .Values.addons.haproxy "name" "haproxy-sso" "defaults" (include "bigbang.defaults.haproxy-sso" .)) }}
{{- end }}
@@ -65,33 +65,12 @@ config: |
unique-id-format %{+X}o\ 1-%[date,hex,bytes(8,8),lower]-%[capture.req.hdr(3)]
http-request set-header X-Amzn-Trace-Id Root=%[unique-id,lower]
bind :8080
-{{- if and .Values.istio.sso.enabled }}
- acl host_kiali hdr(host) -i kiali.{{ .Values.hostname }}
- acl host_tracing hdr(host) -i tracing.{{ .Values.hostname }}
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
acl host_alertmanager hdr(host) -i alertmanager.{{ .Values.hostname }}
acl host_prometheus hdr(host) -i prometheus.{{ .Values.hostname }}
-{{- end }}
option forwardfor
-{{- if and .Values.istio.sso.enabled }}
- use_backend kiali_main if host_kiali
- use_backend tracing_main if host_tracing
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
use_backend alertmanager_main if host_alertmanager
use_backend prometheus_main if host_prometheus
-{{- end }}
-{{- if and .Values.istio.sso.enabled }}
- backend kiali_main
- mode http
- server kiali kiali.istio-system.svc.cluster.local:20001
- backend tracing_main
- mode http
- server jaeger tracing.istio-system.svc.cluster.local:80
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
backend alertmanager_main
mode http
option forwardfor
@@ -102,8 +81,6 @@ config: |
option forwardfor
http-request replace-header Host .* monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local
server prometheus monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090
-{{- end }}
-
image:
repository: registry1.dso.mil/ironbank/opensource/haproxy/haproxy22
containerPorts:
diff --git a/chart/templates/istio/controlplane/values.yaml b/chart/templates/istio/controlplane/values.yaml
index 5f4594d5b0abad2e1e10a1f286542422259d24c0..a35424be161c9c3c8eed70de4972d2e22b988557 100644
--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -4,23 +4,13 @@
{{- define "bigbang.defaults.istio" -}}
hostname: {{ .Values.hostname }}
-sso:
- enabled: {{ .Values.istio.sso.enabled }}
+
+tracing:
+ enabled: {{ .Values.jaeger.enabled }}
imagePullSecrets:
- private-registry
openshift: {{ .Values.openshift }}
-{{- if .Values.istio.sso.enabled }}
-ingress:
- kiali:
- service: authservice-haproxy-sso
- port: 8080
- namespace: authservice
- jaeger:
- service: authservice-haproxy-sso
- port: 8080
- namespace: authservice
-{{- end }}
{{- end -}}
diff --git a/chart/templates/jaeger/gitrepository.yaml b/chart/templates/jaeger/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0fc8e2c6172a8632e9e4a08471f9c155e309e14e
--- /dev/null
+++ b/chart/templates/jaeger/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) .Values.jaeger.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: jaeger
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: jaeger
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.jaeger.git.repo }}
+ ref:
+ {{- include "validRef" .Values.jaeger.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/jaeger/imagepullsecret.yaml b/chart/templates/jaeger/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..b99489350cb7dc508f94169f21cb923dce2ec17a
--- /dev/null
+++ b/chart/templates/jaeger/imagepullsecret.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.jaeger.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: jaeger
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/jaeger/jaeger-helmrelease.yaml b/chart/templates/jaeger/jaeger-helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..33e9ff58b9b06c1fd11a5b3afae1fb5d76b41102
--- /dev/null
+++ b/chart/templates/jaeger/jaeger-helmrelease.yaml
@@ -0,0 +1,69 @@
+{{- if .Values.jaeger.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: jaeger
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: jaeger
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: jaeger
+ chart:
+ spec:
+ chart: {{ .Values.jaeger.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: jaeger
+ namespace: {{ .Release.Namespace }}
+
+ {{- with .Values.flux }}
+ interval: {{ .interval }}
+ test:
+ enable: false
+ install:
+ remediation:
+ retries: {{ .install.retries }}
+ upgrade:
+ remediation:
+ retries: {{ .upgrade.retries }}
+ remediateLastFailure: true
+ cleanupOnFail: true
+ rollback:
+ timeout: {{ .rollback.timeout }}
+ cleanupOnFail: {{ .rollback.cleanupOnFail }}
+ {{- end }}
+
+ valuesFrom:
+ - name: {{ .Release.Name }}-jaeger-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-jaeger-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-jaeger-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{ if or .Values.istio.enabled .Values.monitoring.enabled .Values.jaeger.sso.enabled .Values.logging.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.jaeger.sso.enabled }}
+ - name: authservice
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.logging.enabled }}
+ - name: ek
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/jaeger/namespace.yaml b/chart/templates/jaeger/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..e4f1164ff4e2fbf1aa3b18dfe03ae3e6cfae01cf
--- /dev/null
+++ b/chart/templates/jaeger/namespace.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.jaeger.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: jaeger
+ labels:
+ istio-injection: enabled
+ app.kubernetes.io/name: jaeger
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/jaeger/values.yaml b/chart/templates/jaeger/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..0e6e14c4edc53a99492a5609c49158565dd50ce3
--- /dev/null
+++ b/chart/templates/jaeger/values.yaml
@@ -0,0 +1,23 @@
+{{- if .Values.jaeger.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.jaeger "name" "jaeger" "defaults" (include "bigbang.defaults.jaeger" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.jaeger" -}}
+imagePullSecrets:
+ - name: private-registry
+hostname: {{ .Values.hostname }}
+istio:
+ enabled: {{ .Values.istio.enabled }}
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+elasticsearch:
+ enabled: {{ .Values.logging.enabled }}
+jaeger:
+ spec:
+ allInOne:
+ labels:
+ protect: keycloak
+ query:
+ labels:
+ protect: keycloak
+{{- end -}}
\ No newline at end of file
diff --git a/chart/templates/kiali/gitrepository.yaml b/chart/templates/kiali/gitrepository.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..5896da96ab48b2b3d6a802d84d6905a56b289b1f
--- /dev/null
+++ b/chart/templates/kiali/gitrepository.yaml
@@ -0,0 +1,18 @@
+{{- if and (not .Values.offline) .Values.kiali.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+ name: kiali
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ interval: {{ .Values.flux.interval }}
+ url: {{ .Values.kiali.git.repo }}
+ ref:
+ {{- include "validRef" .Values.kiali.git | nindent 4 }}
+ {{ include "gitIgnore" . }}
+ {{- include "gitCreds" . | nindent 2 }}
+{{- end }}
diff --git a/chart/templates/kiali/helmrelease.yaml b/chart/templates/kiali/helmrelease.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..71d766f8a49d2870fdd6c5ff182f9ec39fdc6c98
--- /dev/null
+++ b/chart/templates/kiali/helmrelease.yaml
@@ -0,0 +1,60 @@
+{{- if .Values.kiali.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+ name: kiali
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+spec:
+ targetNamespace: kiali
+ chart:
+ spec:
+ chart: {{ .Values.kiali.git.path }}
+ interval: 5m
+ sourceRef:
+ kind: GitRepository
+ name: kiali
+ namespace: {{ .Release.Namespace }}
+ {{- with .Values.flux }}
+ interval: {{ .interval }}
+ test:
+ enable: false
+ install:
+ remediation:
+ retries: {{ .install.retries }}
+ upgrade:
+ remediation:
+ retries: {{ .upgrade.retries }}
+ remediateLastFailure: true
+ cleanupOnFail: true
+ rollback:
+ timeout: {{ .rollback.timeout }}
+ cleanupOnFail: {{ .rollback.cleanupOnFail }}
+ {{- end }}
+
+ valuesFrom:
+ - name: {{ .Release.Name }}-kiali-values
+ kind: Secret
+ valuesKey: "common"
+ - name: {{ .Release.Name }}-kiali-values
+ kind: Secret
+ valuesKey: "defaults"
+ - name: {{ .Release.Name }}-kiali-values
+ kind: Secret
+ valuesKey: "overlays"
+
+ {{ if or .Values.istio.enabled .Values.monitoring.enabled }}
+ dependsOn:
+ {{- if .Values.istio.enabled }}
+ - name: istio
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- if .Values.monitoring.enabled }}
+ - name: monitoring
+ namespace: {{ .Release.Namespace }}
+ {{- end }}
+ {{- end }}
+{{- end }}
diff --git a/chart/templates/kiali/imagepullsecret.yaml b/chart/templates/kiali/imagepullsecret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..48bcdc80a23355ebfe87b9358d0a8bf6239ee7c7
--- /dev/null
+++ b/chart/templates/kiali/imagepullsecret.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.kiali.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: private-registry
+ namespace: kiali
+type: kubernetes.io/dockerconfigjson
+data:
+ .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kiali/namespace.yaml b/chart/templates/kiali/namespace.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d8a9c3a86bb36709b88874008269c3657c9ec987
--- /dev/null
+++ b/chart/templates/kiali/namespace.yaml
@@ -0,0 +1,11 @@
+{{- if .Values.kiali.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+ name: kiali
+ labels:
+ istio-injection: enabled
+ app.kubernetes.io/name: kiali
+ app.kubernetes.io/component: "core"
+ {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kiali/sso-client-secret.yaml b/chart/templates/kiali/sso-client-secret.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..d7af76d7cf570de3a41a00d7142ddfbc7024ae17
--- /dev/null
+++ b/chart/templates/kiali/sso-client-secret.yaml
@@ -0,0 +1,10 @@
+{{- if and .Values.kiali.enabled .Values.kiali.sso.client_secret }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: kiali-openid
+ namespace: kiali
+type: kubernetes.io/opaque
+stringData:
+ oidc-secret: {{ .Values.kiali.sso.client_secret }}
+{{- end }}
\ No newline at end of file
diff --git a/chart/templates/kiali/values.yaml b/chart/templates/kiali/values.yaml
new file mode 100644
index 0000000000000000000000000000000000000000..ff4d493ae973d5a8d60a6f913483174f515f190a
--- /dev/null
+++ b/chart/templates/kiali/values.yaml
@@ -0,0 +1,35 @@
+{{- if .Values.kiali.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.kiali "name" "kiali" "defaults" (include "bigbang.defaults.kiali" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.kiali" -}}
+hostname: {{ .Values.hostname }}
+istio:
+ enabled: {{ .Values.istio.enabled }}
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
+elasticsearch:
+ enabled: {{ .Values.logging.enabled }}
+cr:
+ spec:
+ server:
+ web_port: "443"
+ auth:
+ {{- if .Values.kiali.sso.enabled }}
+ strategy: openid
+ openid:
+ client_id: "{{ .Values.kiali.sso.client_id }}"
+ disable_rbac: true
+ issuer_uri: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}"
+ scopes:
+ - openid
+ - email
+ username_claim: email
+ {{- else }}
+ strategy: token
+ {{- end }}
+ api:
+ namespaces:
+ # bigbang watches all!
+ exclude: []
+{{- end -}}
diff --git a/chart/values.yaml b/chart/values.yaml
index eed105137e38c2283b5c269daf41f2719ea2e341..f450e58d16c865c923d722537c6d7269ea3d6f5f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -94,7 +94,7 @@ istio:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
path: "./chart"
- tag: "1.7.3-bb.9"
+ tag: "1.8.4-bb.0"
# -- Certificate/Key pair to use as the default certificate for exposing BigBang created applications.
# If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`.
@@ -102,22 +102,6 @@ istio:
key: ""
cert: ""
- sso:
- # -- Toggle SSO for kiali and jaeger on and off
- enabled: false
-
- kiali:
- # -- OIDC Client ID use for kiali
- client_id: ""
- # -- OIDC Client Secret to use for kiali
- client_secret: ""
-
- jaeger:
- # -- OIDC Client ID to use for jaeger
- client_id: ""
- # -- OIDC Client Secret to use for jaeger
- client_secret: ""
-
# -- Values to passthrough to the istio-controlplane chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
values: {}
@@ -127,10 +111,50 @@ istiooperator:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
path: "./chart"
- tag: "1.7.0-bb.1"
+ tag: "1.8.4-bb.1"
# -- Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git
values: {}
+
+jaeger:
+ # -- Toggle deployment of Jaeger.
+ enabled: true
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
+ path: "./chart"
+ tag: "2.19.1-bb.4"
+ sso:
+ # -- Toggle SSO for Jaeger on and off
+ enabled: false
+
+ # -- OIDC Client ID to use for Jaeger
+ client_id: ""
+
+ # -- OIDC Client Secret to use for Jaeger
+ client_secret: ""
+
+ # -- Values to pass through to Jaeger chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
+ values: {}
+
+kiali:
+ # -- Toggle deployment of Kiali.
+ enabled: true
+ git:
+ repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
+ path: "./chart"
+ tag: "1.32.0-bb.0"
+ sso:
+ # -- Toggle SSO for Kiali on and off
+ enabled: false
+
+ # -- OIDC Client ID to use for Kiali
+ client_id: ""
+
+ # -- OIDC Client Secret to use for Kiali
+ client_secret: ""
+
+ # -- Values to pass through to Kiali chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali
+ values: {}
# ----------------------------------------------------------------------------------------------------------------------
# ----------------------------------------------------------------------------------------------------------------------
diff --git a/charter/packages/jaeger/Architecture.md b/charter/packages/jaeger/Architecture.md
new file mode 100644
index 0000000000000000000000000000000000000000..de62a9e7c8d7f3a2cccc892f73305f7b5ed32282
--- /dev/null
+++ b/charter/packages/jaeger/Architecture.md
@@ -0,0 +1,110 @@
+# Jaeger
+
+## Overview
+
+[Jaeger](https://www.jaegertracing.io/) is an open source implementation of Zipkin that can be used to collect and visualize traces.
+
+## Big Bang Touchpoints
+
+```mermaid
+graph TB
+ subgraph "jaeger"
+ jaegerpods("Jaeger-AllInOne")
+ elasticcredentials --> jaegerpods("Jaeger-AllInOne")
+ end
+
+ subgraph "ingress"
+ ingressgateway --> jaegerpods("Jaeger-AllInOne")
+ end
+
+ subgraph "logging"
+ subgraph "elasticsearch"
+
+ credentials --> elasticcredentials
+ jaegerpods("Jaeger-AllInOne") --> logging-ek-es-http
+ logging-ek-es-http --> LoggingElastic(Elasticsearch Storage )
+ end
+ end
+
+ subgraph "workloads"
+ sidecar --> jaegerpods("Jaeger-AllInOne")
+ end
+```
+
+### Storage
+
+When Jaeger recieves traces, it needs a location to store them. The default configuration in the Helm Chart is to use in memory storage. This, of course, doesn't provide High Availability. To provide storage, the chart uses the deployed Elasticserach instance deployed in the logging namespace.
+
+### Istio Configuration
+
+Istio is configured with knowledge of the jaeger ingest service so istio sidecars attached to workloads can send trace data. This is done via the `meshconfig`:
+
+```yaml
+ meshConfig:
+ accessLogFile: /dev/stdout
+ defaultConfig:
+ tracing:
+ sampling: 100
+ zipkinAddress: jaeger-jaeger-operator-jaeger-collector.istio-system.svc:9411
+ enableTracing: false
+```
+
+## High Availability
+
+Jaeger is deployed with HorizonalPodAutoscalers for the collector and the queerying pods. Use the below yaml to update the `maxReplicas` on the HPA:
+
+```yaml
+jaeger:
+ values:
+ jaeger:
+ spec:
+ query:
+ maxReplicas: 5
+ collector:
+ maxReplicas: 5
+```
+
+
+## Single Sign on (SSO)
+
+Jaeger does not have built in SSO. In order to provide SSO, this deployment legerages [Authservice]().
+
+```mermaid
+flowchart LR
+
+A --> K[(Keycloak)]
+
+subgraph external
+K
+end
+
+subgraph auth["authservice namespace"]
+ A(authservice) --> K
+end
+
+
+
+ingress --> IP
+
+
+subgraph "jaeger namespace"
+ subgraph "jaeger pod"
+ J["jager"]
+ IP["istio proxy"] --> A
+ IP --> J
+ end
+end
+
+```
+
+## Licencing
+
+Jaeger has no licencing options nor requirements.
+
+## Storage
+
+For production workloads, Jaeger uses Elasticsearch to store and query for traces.
+
+## Dependencies
+
+Jaeger can be run without dependencies, but to ensure resilliency of data, it uses Elasticsearch for its span and trace database.