Merge branch 'release-1.1' into 'master'

Release 1.1 See merge request platform-one/big-bang/bigbang!258

Merge branch 'release-1.1' into 'master'
c5cf9b24 · joshwolf · 7f2b6ffd · ac3ef18a · c5cf9b24 · c5cf9b24
Commit c5cf9b24 authored 4 years ago by joshwolf
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -187,10 +187,6 @@ upgrade:
 .infra fork:
  stage: network up
  rules:
-    # run infrastructure pipelines only on merges into release branches, and run regardless of failure
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^release*/'
-      allow_failure: false
-      when: manual
    # Run on scheduled jobs
    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master"'
      allow_failure: false
@@ -198,18 +194,12 @@ upgrade:
 # Abstract for jobs responsible for creating infrastructure
 .infra create:
  rules:
-    # run infrastructure pipelines only on merges into release branches
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^release*/'
    # Run on scheduled jobs
    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master"'

 # Abstract for jobs responsible for cleaning up infrastructure
 .infra cleanup:
  rules:
-    # run infrastructure pipelines only on merges into release branches, and run regardless of failure
-    - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME =~ /^release*/'
-      allow_failure: true
-      when: always
    # Run on scheduled jobs
    - if: '$CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "master"'
      allow_failure: true

--- a/.gitlab-ci/README.md.gotmpl
+++ b/.gitlab-ci/README.md.gotmpl
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.badgesSection" . }}
+
+{{ template "chart.description" . }}
+
+{{ template "chart.homepageLine" . }}
+
+Big Bang follows a [GitOps](#gitops) approach to configuration management, using [Flux v2](#flux-v2) to reconcile Git with the cluster.  Environments (e.g. dev, prod) and packages (e.g. istio) can be fully configured to suit the deployment needs.
+
+## Usage
+
+Big Bang is intended to be used for deploying and maintaining a DoD hardened and approved set of packages into a Kubernetes cluster.  Deployment and configuration of ingress/egress, load balancing, policy auditing, logging, monitoring, etc. are handled via Big Bang.   Additional packages (e.g. ArgoCD, GitLab) can also be enabled and customized to extend Big Bang's baseline.  Once deployed, the customer can use the Kubernetes cluster to add mission specific applications.
+
+Additional information can be found in [Big Bang Overview](./docs/1_overview.md).
+
+## Getting Started
+
+To start using Big Bang, you will need to create your own Big Bang environment tailored to your needs.  The [Big Bang customer template](https://repo1.dso.mil/platform-one/big-bang/customers/template/) is provided for you to copy into your own Git repository and begin modifications.  Follow the instructions in [Big Bang Getting Started](./docs/2_getting_started.md) to customize and deploy Big Bang.
+
+{{ template "chart.maintainersSection" . }}
+
+{{ template "chart.sourcesSection" . }}
+
+{{ template "chart.requirementsSection" . }}
+
+{{ template "chart.valuesSection" . }}
+
+## Contributing
+
+Please see the [contributing guide](./CONTRIBUTING.md) if you are interested in contributing to Big Bang.
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -4,6 +4,20 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),

 ---

+## [1.1.0]
+
+* [&2](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/2): Add support for Gitlab (with sso) 13.8.0
+* [&3](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/3): Add support for Gitlab Runners 13.2.2
+* [&7](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/7): Add support for SonarQube (with sso) 8.6
+* [&15](https://repo1.dso.mil/groups/platform-one/big-bang/-/epics/15): Add support for Anchore (with sso) 0.8.1
+* [#129](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/129): Updated FluentBit to 1.6.3
+* [#63](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/63): Fix bug with elasticsearch failing to start due to invalid file permissions
+* [#49](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/49): Add consistent labels to authservice deployment
+* [#32](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/32): Add support for PodAntiAffinity and NodeAffinity for elasticsearch deployments
+* [#6](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/6): Add support for new elasticsearch cluster node types
+* [#16](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/16): Fix bug with incorrect git credentials being created when specifying a private repository
+* [#66](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/66): Fix bug with EnvoyFilter being applied in the wrong non-global namespace
+* [#99](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/99): Fix bug that allowed for incorrect ImagePullSecrets to be created when providing incomplete credentials

 ## [1.0.8]


--- a/README.md
+++ b/README.md
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: bigbang
-version: 1.0.8
+version: 1.1.0
+description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
+
+type: application
+
+keywords:
+  - platform1
+  - bigbang
+
+home: https://p1.dso.mil/#/products/big-bang
+sources:
+  - https://repo1.dso.mil/platform-one/big-bang/bigbang
+
+maintainers:
+  - name: Tom Runyon
+    email: tom@runyon.dev
+  - name: Josh Wolf
+    email: josh@rancherfederal.com
+
+icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
--- a/chart/templates/NOTES.txt
+++ b/chart/templates/NOTES.txt
@@ -34,21 +34,21 @@ addons:
      accessSecret: mysecretkey
      bucketPrefix: prod

-{{ if $.Values.addons.gitlab.objectstorage.endpoint }}
+{{ if $.Values.addons.gitlab.objectStorage.endpoint }}
 GITLAB: You have enabled Gitlab external object storage. 
 Here is the list of buckets that you must provision in your s3 service:
-{{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-lfs
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-artifacts
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-uploads
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-packages
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-mr-diffs
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-terraform-state
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-dependency-proxy
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-pseudo
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup
-{{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup-tmp
+{{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-lfs
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-artifacts
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-uploads
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-packages
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-mr-diffs
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-terraform-state
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-dependency-proxy
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-pseudo
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-backup
+{{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-backup-tmp
 {{- else }}
 gitlab-registry
 gitlab-lfs
@@ -72,7 +72,7 @@ PLATFORM ONE GITLAB WARNING:
  This option should only be used for development or CI pipelines.
 {{- end -}}

-{{ if $.Values.addons.gitlab.objectstorage.endpoint }}
+{{ if $.Values.addons.gitlab.objectStorage.endpoint }}
 {{ else }}
 PLATFORM ONE GITLAB WARNING: 
  You have enabled a MinIO internal service in the BigBang configuration.

--- a/chart/templates/gitlab/helmrelease.yaml
+++ b/chart/templates/gitlab/helmrelease.yaml
@@ -52,13 +52,13 @@ spec:
    postgresql:
      install: false
    {{- end }} 
-    {{- if .Values.addons.gitlab.objectstorage.endpoint }}
+    {{- if .Values.addons.gitlab.objectStorage.endpoint }}
    registry:      
      storage:
        secret: gitlab-object-storage
        key: registry
    {{- end }}
-    {{- if .Values.addons.gitlab.objectstorage.endpoint }}
+    {{- if .Values.addons.gitlab.objectStorage.endpoint }}
    gitlab:
      task-runner:        
        backups:
@@ -74,7 +74,7 @@ spec:
          name: {{ .Values.addons.gitlab.hostnames.gitlab }} 
        registry:
          name: {{ .Values.addons.gitlab.hostnames.registry }}
-      {{- if .Values.addons.gitlab.objectstorage.endpoint }}
+      {{- if .Values.addons.gitlab.objectStorage.endpoint }}
      minio:
        enabled: false
      {{- end }}
@@ -88,15 +88,15 @@ spec:
          secret: gitlab-database
          key: PGPASSWORD
      {{- end }}
-      {{- if .Values.addons.gitlab.objectstorage.endpoint }}
+      {{- if .Values.addons.gitlab.objectStorage.endpoint }}
      registry:
-        {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-        bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
+        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
        {{- else }}
        bucket: gitlab-registry
        {{- end }}
      {{- end }}
-      {{- if or .Values.addons.gitlab.sso.enabled .Values.addons.gitlab.objectstorage.endpoint }}
+      {{- if or .Values.addons.gitlab.sso.enabled .Values.addons.gitlab.objectStorage.endpoint }}
      appConfig:
      {{- end }}
        {{- if .Values.addons.gitlab.sso.enabled }}
@@ -119,10 +119,10 @@ spec:
              - secret: gitlab-sso-provider
                key: gitlab-sso.json
        {{- end }}
-        {{- if .Values.addons.gitlab.objectstorage.endpoint }}
+        {{- if .Values.addons.gitlab.objectStorage.endpoint }}
        lfs:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-lfs
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-lfs
          {{- else }}
          bucket: gitlab-lfs
          {{- end }}
@@ -130,8 +130,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        artifacts:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-artifacts
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-artifacts
          {{- else }}
          bucket: gitlab-artifacts
          {{- end }}
@@ -139,8 +139,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        uploads:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-uploads
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-uploads
          {{- else }}
          bucket: gitlab-uploads
          {{- end }}
@@ -148,8 +148,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        packages:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-packages
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-packages
          {{- else }}
          bucket: gitlab-packages
          {{- end }}
@@ -157,8 +157,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        externalDiffs:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-mr-diffs
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-mr-diffs
          {{- else }}
          bucket: gitlab-mr-diffs
          {{- end }}
@@ -166,8 +166,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        terraformState:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-terraform-state
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-terraform-state
          {{- else }}
          bucket: gitlab-terraform-state
          {{- end }}
@@ -175,8 +175,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        dependencyProxy:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-dependency-proxy
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-dependency-proxy
          {{- else }}
          bucket: gitlab-dependency-proxy
          {{- end }}
@@ -184,8 +184,8 @@ spec:
            secret: gitlab-object-storage
            key: rails
        pseudonymizer:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-pseudo
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-pseudo
          {{- else }}
          bucket: gitlab-pseudo
          {{- end }}
@@ -193,13 +193,13 @@ spec:
            secret: gitlab-object-storage
            key: rails
        backups:
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-backup
          {{- else }}
          bucket: gitlab-backup
          {{- end }}
-          {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-          tmpBucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-backup-tmp
+          {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+          tmpBucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-backup-tmp
          {{- else }}
          tmpBucket: gitlab-backup-tmp
          {{- end }}

--- a/chart/templates/gitlab/namespace.yaml
+++ b/chart/templates/gitlab/namespace.yaml
@@ -69,7 +69,7 @@ stringData:
 {{- end }}
 ---
 # create object storage secret
-{{- if .Values.addons.gitlab.objectstorage.endpoint }}
+{{- if .Values.addons.gitlab.objectStorage.endpoint }}
 apiVersion: v1
 kind: Secret
 metadata:
@@ -79,40 +79,40 @@ type: kubernetes.io/opaque
 stringData:
    rails: |-
      provider: AWS
-      region: {{ .Values.addons.gitlab.objectstorage.region }}
-      aws_access_key_id: {{ .Values.addons.gitlab.objectstorage.accessKey }}
-      aws_secret_access_key: {{ .Values.addons.gitlab.objectstorage.accessSecret }}
-      {{- if eq .Values.addons.gitlab.objectstorage.type "minio" }}
+      region: {{ .Values.addons.gitlab.objectStorage.region }}
+      aws_access_key_id: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      aws_secret_access_key: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
      aws_signature_version: 4
-      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectstorage.endpoint "${2}" }}
-      endpoint: "{{ .Values.addons.gitlab.objectstorage.endpoint }}"
+      host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+      endpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
      path_style: true
      {{- end }}
    registry: |-
      s3:
-        {{- if .Values.addons.gitlab.objectstorage.bucketPrefix }}
-        bucket: {{ .Values.addons.gitlab.objectstorage.bucketPrefix }}-gitlab-registry
+        {{- if .Values.addons.gitlab.objectStorage.bucketPrefix }}
+        bucket: {{ .Values.addons.gitlab.objectStorage.bucketPrefix }}-gitlab-registry
        {{- else }}
        bucket: gitlab-registry
        {{- end }}
-        accesskey: {{ .Values.addons.gitlab.objectstorage.accessKey }}
-        secretkey: {{ .Values.addons.gitlab.objectstorage.accessSecret }}
-        region: {{ .Values.addons.gitlab.objectstorage.region }}
-        {{- if eq .Values.addons.gitlab.objectstorage.type "s3" }}
+        accesskey: {{ .Values.addons.gitlab.objectStorage.accessKey }}
+        secretkey: {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+        region: {{ .Values.addons.gitlab.objectStorage.region }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "s3" }}
        v4auth: true
        {{- end }}
-        {{- if eq .Values.addons.gitlab.objectstorage.type "minio" }}
+        {{- if eq .Values.addons.gitlab.objectStorage.type "minio" }}
        aws_signature_version: 4
-        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectstorage.endpoint "${2}" }}
-        regionendpoint: "{{ .Values.addons.gitlab.objectstorage.endpoint }}"
+        host: {{ regexReplaceAll "http(s{0,1})://(.*):(\\d+)" .Values.addons.gitlab.objectStorage.endpoint "${2}" }}
+        regionendpoint: "{{ .Values.addons.gitlab.objectStorage.endpoint }}"
        path_style: true
        {{- end }}
    backups: |-
      [default]
-      access_key = {{ .Values.addons.gitlab.objectstorage.accessKey }}
-      secret_key = {{ .Values.addons.gitlab.objectstorage.accessSecret }}
-      bucket_location = {{ .Values.addons.gitlab.objectstorage.region }}
-      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectstorage.endpoint "" }}
+      access_key = {{ .Values.addons.gitlab.objectStorage.accessKey }}
+      secret_key = {{ .Values.addons.gitlab.objectStorage.accessSecret }}
+      bucket_location = {{ .Values.addons.gitlab.objectStorage.region }}
+      host_bucket = %(bucket)s.{{ regexReplaceAll "http(s*)://" .Values.addons.gitlab.objectStorage.endpoint "" }}
 {{- end }}

 {{- end }}
\ No newline at end of file
--- a/chart/templates/sonarqube/namespace.yaml
+++ b/chart/templates/sonarqube/namespace.yaml
@@ -16,7 +16,7 @@ data:
 {{- end }}
 ---
 # create database secret
-{{- if .Values.addons.sonarqube.database.enabled }}
+{{- if and .Values.addons.sonarqube.database.host .Values.addons.sonarqube.database.username .Values.addons.sonarqube.database.password .Values.addons.sonarqube.database.database .Values.addons.sonarqube.database.port }}
 apiVersion: v1
 kind: Secret
 metadata:

--- a/chart/templates/sonarqube/sonarqube-helmrelease.yaml
+++ b/chart/templates/sonarqube/sonarqube-helmrelease.yaml
@@ -54,35 +54,43 @@ spec:
    image:
      pullSecret: private-registry
    {{- end }}
+
    # SAML SSO config
    {{- if .Values.addons.sonarqube.sso.enabled }}
    sonarProperties:
      sonar.auth.saml.enabled: {{ .Values.addons.sonarqube.sso.enabled }}
      sonar.core.serverBaseURL: https://sonarqube.{{ .Values.hostname }}
      sonar.auth.saml.applicationId: {{ .Values.addons.sonarqube.sso.client_id }}
-      sonar.auth.saml.providerName: {{ .Values.addons.sonarqube.sso.providerName }}
+      sonar.auth.saml.providerName: {{ .Values.addons.sonarqube.sso.label }}
      sonar.auth.saml.providerId: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}
      sonar.auth.saml.loginUrl: https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}/protocol/saml
      sonar.auth.saml.certificate.secured: {{ .Values.addons.sonarqube.sso.certificate }}
-      sonar.auth.saml.user.login: {{ .Values.addons.sonarqube.sso.login }}
-      sonar.auth.saml.user.name: {{ .Values.addons.sonarqube.sso.name }}
-      sonar.auth.saml.user.email: {{ .Values.addons.sonarqube.sso.email }}
+      sonar.auth.saml.user.login: {{ .Values.addons.sonarqube.sso.login | default "login" }}
+      sonar.auth.saml.user.name: {{ .Values.addons.sonarqube.sso.name | default "name" }}
+      sonar.auth.saml.user.email: {{ .Values.addons.sonarqube.sso.email | default "email" }}
      {{- if .Values.addons.sonarqube.sso.group }}
      sonar.auth.saml.user.group: {{ .Values.addons.sonarqube.sso.group }}
      {{- end }}
    {{- end }}
+
    # External Postgres config
-    {{- if .Values.addons.sonarqube.database.enabled }}
+    {{- with .Values.addons.sonarqube.database }}
    postgresql:
-      # Set to false for external postgres server
-      enabled: {{ not .Values.addons.sonarqube.database.enabled  }}
-      postgresqlServer: {{ .Values.addons.sonarqube.database.server }}
-      postgresqlDatabase: {{ .Values.addons.sonarqube.database.database }}
-      postgresqlUsername: {{ .Values.addons.sonarqube.database.user }}
+      {{- if and .host .username .password .database .port }}
+      # Use external database
+      enabled: false
+      postgresqlServer: {{ .host }}
+      postgresqlDatabase: {{ .database }}
+      postgresqlUsername: {{ .username }}
      existingSecret: sonarqube-db-secret
      service:
-        port: {{ .Values.addons.sonarqube.database.port }}
+        port: {{ .port }}
+      {{- else }}
+      # Use internal database, defaults are fine
+      enabled: true
+      {{- end }}
    {{- end }}
+
  {{- if or .Values.gatekeeper.enabled .Values.istio.enabled .Values.monitoring.enabled }}
  dependsOn:
  {{- if .Values.gatekeeper.enabled }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -30,3 +30,17 @@ source:
  authFile: /root/.docker/config.json
  images:
    - registry.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/defender:20.04.163
+
+    # Images used by pipeline-templates
+    # NOTE: These are __not__ fully inclusive yet, see this issue for updates: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/145
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/sonar-scanner-dotnet31:4.10
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/sonar-scanner:4.5.0.2216
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/git-kustomize203-skopeo12:8.2.276.test
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/kaniko-project-executor:debug-v1.3.0
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/skopeo-bash-git-lfs-kustomize:1.0
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/anchore:0.8.2
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/test:gcc
+    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dependency-check611-sonar-scanner45-dotnet-31:021921
+
+      # Don't include until fortify is supported
+#    - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dotnet-fortify:20.2.0
\ No newline at end of file