diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index fa5766599a918879d6878e76b0a088d3801cb863..a790ab073c264587bf7b727142eb3d6e5deeefec 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -64,9 +64,16 @@ pre vars:
reports:
dotenv: variables.env
script:
- # Create the TF_VAR_env variable
- - echo "TF_VAR_env=$(echo $CI_COMMIT_REF_SLUG | cut -c 1-7)-$(echo $CI_COMMIT_SHA | cut -c 1-7)" >> variables.env
- - cat variables.env
+ # Create the TF_VAR_env variable
+ - echo "TF_VAR_env=$(echo $CI_COMMIT_REF_SLUG | cut -c 1-7)-$(echo $CI_COMMIT_SHA | cut -c 1-7)" >> variables.env
+ - cat variables.env
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
+
#-----------------------------------------------------------------------------------------------------------------------
@@ -136,6 +143,12 @@ clean install:
when: always
allow_failure:
exit_codes: 123
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
upgrade:
stage: smoke tests
@@ -176,6 +189,12 @@ upgrade:
when: always
allow_failure:
exit_codes: 123
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
#-----------------------------------------------------------------------------------------------------------------------
# Rules for execution of AWS based K3S cluster deployment: Infrastructure jobs
@@ -282,7 +301,6 @@ aws/rke2/bigbang up:
- cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
# Deploy a default storage class for aws
- kubectl apply -f ${CI_PROJECT_DIR}/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
-
script:
- *deploy_bigbang
environment:
@@ -352,6 +370,12 @@ aws/rke2/bigbang down:
- sleep 180
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
# Destroy RKE2 cluster on AWS
aws/rke2/cluster down:
@@ -391,10 +415,11 @@ package:
# Set up auth
- mkdir -p /root/.docker
- |
- jq -n '{"auths": {"registry.dso.mil": {"auth": $bb_registry_auth}, "registry1.dso.mil": {"auth": $registry1_auth}, "registry.il2.dso.mil": {"auth": $il2_registry_auth} } }' \
+ jq -n '{"auths": {"registry.dso.mil": {"auth": $bb_registry_auth}, "registry1.dso.mil": {"auth": $registry1_auth}, "registry.il2.dso.mil": {"auth": $il2_registry_auth}, "docker.io": {"auth": $bb_docker_auth} } }' \
--arg bb_registry_auth ${BB_REGISTRY_AUTH} \
--arg registry1_auth ${REGISTRY1_AUTH} \
- --arg il2_registry_auth ${IL2_REGISTRY_AUTH} > /root/.docker/config.json
+ --arg il2_registry_auth ${IL2_REGISTRY_AUTH} \
+ --arg bb_docker_auth ${DOCKER_AUTH} > /root/.docker/config.json
script:
- echo -e "\e[0Ksection_start:`date +%s`:synker_pull[collapsed=true]\r\e[0K\e[33;1mSynker Pull\e[37m"
- cp ./scripts/package/synker.yaml ./synker.yaml
@@ -434,6 +459,12 @@ package:
aws s3 sync --quiet release/ s3://umbrella-bigbang-releases/umbrella/${CI_COMMIT_TAG}
fi
after_script: []
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
release:
stage: release
@@ -463,5 +494,11 @@ release:
--assets-link "{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}" \
--assets-link "{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}"
fi
+ retry:
+ max: 2
+ when:
+ - unknown_failure
+ - stuck_or_timeout_failure
+ - runner_system_failure
#-----------------------------------------------------------------------------------------------------------------------
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 270265bd343d34d677f3a22d5af788434dc03f6c..57fe8d73c108c3cffce199841f26fbdf43d6e3f7 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,10 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
+## [1.18.0]
+
+* [!1.18.0](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.18.0); List of merge requests in this release.
+
## [1.17.0]
* [!1.17.0](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.17.0); List of merge requests in this release.
diff --git a/CODEOWNERS b/CODEOWNERS
index 213fa0addee8e388cd3506af12c3725628517250..b4e58a19bf2796df9220ffcfc1a43665f6927041 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -79,9 +79,9 @@ chart/values.yaml @lynnstill @ryan.j.garcia @michaelmartin
chart/templates/monitoring @lynnstill @ryan.j.garcia @michaelmartin
^[Twistlock]
-chart/Chart.yaml @thomas.burton @ryan.j.garcia @runyontr @joshwolf
-chart/values.yaml @thomas.burton @ryan.j.garcia @runyontr @joshwolf
-chart/templates/twistlock @thomas.burton @ryan.j.garcia @runyontr @joshwolf
+chart/Chart.yaml @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
+chart/values.yaml @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
+chart/templates/twistlock @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
^[Sonarqube]
chart/Chart.yaml @kevin.wilder @lynnstill @brandencobb
diff --git a/README.md b/README.md
index f92e40ad224b15d642d7dec1aef59dd2059ea78f..211478dfa914193bce367030b1e4ed8b1395f6c1 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,6 @@
# bigbang
- 
+ 
Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
@@ -66,7 +66,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| istio.enabled | bool | `true` | Toggle deployment of Istio. |
| istio.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git"` | |
| istio.git.path | string | `"./chart"` | |
-| istio.git.tag | string | `"1.10.4-bb.3"` | |
+| istio.git.tag | string | `"1.11.2-bb.0"` | |
| istio.ingressGateways.public-ingressgateway.type | string | `"LoadBalancer"` | |
| istio.ingressGateways.public-ingressgateway.kubernetesResourceSpec | object | `{}` | |
| istio.gateways.public.ingressGateway | string | `"public-ingressgateway"` | |
@@ -79,14 +79,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| istiooperator.enabled | bool | `true` | Toggle deployment of Istio Operator. |
| istiooperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git"` | |
| istiooperator.git.path | string | `"./chart"` | |
-| istiooperator.git.tag | string | `"1.10.4-bb.1"` | |
+| istiooperator.git.tag | string | `"1.11.2-bb.0"` | |
| istiooperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Istio Operator Package |
| istiooperator.values | object | `{}` | Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git |
| istiooperator.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| jaeger.enabled | bool | `true` | Toggle deployment of Jaeger. |
| jaeger.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git"` | |
| jaeger.git.path | string | `"./chart"` | |
-| jaeger.git.tag | string | `"2.23.0-bb.2"` | |
+| jaeger.git.tag | string | `"2.23.0-bb.3"` | |
| jaeger.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Jaeger Package |
| jaeger.ingress.gateway | string | `""` | |
| jaeger.sso.enabled | bool | `false` | Toggle SSO for Jaeger on and off |
@@ -97,7 +97,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| kiali.enabled | bool | `true` | Toggle deployment of Kiali. |
| kiali.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git"` | |
| kiali.git.path | string | `"./chart"` | |
-| kiali.git.tag | string | `"1.39.0-bb.2"` | |
+| kiali.git.tag | string | `"1.39.0-bb.3"` | |
| kiali.flux | object | `{}` | Flux reconciliation overrides specifically for the Kiali Package |
| kiali.ingress.gateway | string | `""` | |
| kiali.sso.enabled | bool | `false` | Toggle SSO for Kiali on and off |
@@ -115,7 +115,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| gatekeeper.enabled | bool | `true` | Toggle deployment of OPA Gatekeeper. |
| gatekeeper.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git"` | |
| gatekeeper.git.path | string | `"./chart"` | |
-| gatekeeper.git.tag | string | `"3.5.2-bb.1"` | |
+| gatekeeper.git.tag | string | `"3.5.2-bb.2"` | |
| gatekeeper.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the OPA Gatekeeper Package |
| gatekeeper.values | object | `{}` | Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git |
| gatekeeper.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
@@ -135,7 +135,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| eckoperator.enabled | bool | `true` | Toggle deployment of ECK Operator. |
| eckoperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git"` | |
| eckoperator.git.path | string | `"./chart"` | |
-| eckoperator.git.tag | string | `"1.6.0-bb.2"` | |
+| eckoperator.git.tag | string | `"1.6.0-bb.3"` | |
| eckoperator.flux | object | `{}` | Flux reconciliation overrides specifically for the ECK Operator Package |
| eckoperator.values | object | `{}` | Values to passthrough to the eck-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git |
| fluentbit.enabled | bool | `true` | Toggle deployment of Fluent-Bit. |
@@ -148,7 +148,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| monitoring.enabled | bool | `true` | Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager). |
| monitoring.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git"` | |
| monitoring.git.path | string | `"./chart"` | |
-| monitoring.git.tag | string | `"14.0.0-bb.10"` | |
+| monitoring.git.tag | string | `"14.0.0-bb.11"` | |
| monitoring.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Monitoring Package |
| monitoring.ingress.gateway | string | `""` | |
| monitoring.sso.enabled | bool | `false` | Toggle SSO for monitoring components on and off |
@@ -195,14 +195,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.minioOperator.enabled | bool | `false` | Toggle deployment of minio operator and instance. |
| addons.minioOperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git"` | |
| addons.minioOperator.git.path | string | `"./chart"` | |
-| addons.minioOperator.git.tag | string | `"4.1.2-bb.3"` | |
+| addons.minioOperator.git.tag | string | `"4.2.3-bb.2"` | |
| addons.minioOperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Minio Operator Package |
| addons.minioOperator.values | object | `{}` | Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git |
| addons.minioOperator.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| addons.minio.enabled | bool | `false` | Toggle deployment of minio. |
| addons.minio.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git"` | |
| addons.minio.git.path | string | `"./chart"` | |
-| addons.minio.git.tag | string | `"4.1.2-bb.6"` | |
+| addons.minio.git.tag | string | `"4.2.3-bb.2"` | |
| addons.minio.flux | object | `{}` | Flux reconciliation overrides specifically for the Minio Package |
| addons.minio.ingress.gateway | string | `""` | |
| addons.minio.accesskey | string | `""` | Default access key to use for minio. |
@@ -291,7 +291,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.anchore.enabled | bool | `false` | Toggle deployment of Anchore. |
| addons.anchore.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git"` | |
| addons.anchore.git.path | string | `"./chart"` | |
-| addons.anchore.git.tag | string | `"1.13.0-bb.10"` | |
+| addons.anchore.git.tag | string | `"1.14.7-bb.0"` | |
| addons.anchore.flux | object | `{"upgrade":{"disableWait":true}}` | Flux reconciliation overrides specifically for the Anchore Package |
| addons.anchore.adminPassword | string | `""` | Initial admin password used to authenticate to Anchore. |
| addons.anchore.enterprise | object | `{"enabled":false,"licenseYaml":"FULL LICENSE\n"}` | Anchore Enterprise functionality. |
@@ -316,14 +316,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.mattermostoperator.enabled | bool | `false` | |
| addons.mattermostoperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git"` | |
| addons.mattermostoperator.git.path | string | `"./chart"` | |
-| addons.mattermostoperator.git.tag | string | `"1.14.0-bb.4"` | |
+| addons.mattermostoperator.git.tag | string | `"1.15.0-bb.0"` | |
| addons.mattermostoperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Mattermost Operator Package |
| addons.mattermostoperator.values | object | `{}` | Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml |
| addons.mattermostoperator.postRenderers | list | `[]` | Post Renderers. See docs/postrenders.md |
| addons.mattermost.enabled | bool | `false` | Toggle deployment of Mattermost. |
| addons.mattermost.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git"` | |
| addons.mattermost.git.path | string | `"./chart"` | |
-| addons.mattermost.git.tag | string | `"0.2.0-bb.1"` | |
+| addons.mattermost.git.tag | string | `"0.2.2-bb.0"` | |
| addons.mattermost.flux | object | `{}` | Flux reconciliation overrides specifically for the Mattermost Package |
| addons.mattermost.enterprise | object | `{"enabled":false,"license":""}` | Mattermost Enterprise functionality. |
| addons.mattermost.enterprise.enabled | bool | `false` | Toggle the Mattermost Enterprise. This must be accompanied by a valid license unless you plan to start a trial post-install. |
@@ -360,7 +360,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
| addons.keycloak.enabled | bool | `false` | Toggle deployment of Keycloak. if you enable Keycloak you should uncomment the istio passthrough configurations above istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough |
| addons.keycloak.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git"` | |
| addons.keycloak.git.path | string | `"./chart"` | |
-| addons.keycloak.git.tag | string | `"11.0.1-bb.6"` | |
+| addons.keycloak.git.tag | string | `"11.0.1-bb.7"` | |
| addons.keycloak.database.host | string | `""` | Hostname of a pre-existing database to use for Keycloak. Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. |
| addons.keycloak.database.type | string | `"postgres"` | Pre-existing database type (e.g. postgres) to use for Keycloak. |
| addons.keycloak.database.port | int | `5432` | Port of a pre-existing database to use for Keycloak. |
diff --git a/base/gitrepository.yaml b/base/gitrepository.yaml
index c2c36ed55df67a0625fbf8fbcef05cc19ae774ad..6b9faacab218132a6633c94fc7bf261f56b39497 100644
--- a/base/gitrepository.yaml
+++ b/base/gitrepository.yaml
@@ -11,4 +11,4 @@ spec:
interval: 10m
url: https://repo1.dso.mil/platform-one/big-bang/bigbang.git
ref:
- tag: 1.17.0
+ tag: 1.18.0
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index 344ef777ea0a332746a32df1c2d2c4336d6238a1..9045f374ab1d5555cb1912ed6bd55101530e71d7 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
name: bigbang
-version: 1.17.0
+version: 1.18.0
description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
type: application
diff --git a/chart/templates/argocd/namespace.yaml b/chart/templates/argocd/namespace.yaml
index f3fb69dffc232e6a0a7f07ae4fe9f57c87298896..5898d63d30285282d264c4ee77305c0c8ef9168d 100644
--- a/chart/templates/argocd/namespace.yaml
+++ b/chart/templates/argocd/namespace.yaml
@@ -6,6 +6,6 @@ metadata:
app.kubernetes.io/name: argocd
app.kubernetes.io/component: "core"
{{- include "commonLabels" . | nindent 4}}
- istio-injection: disabled
+ istio-injection: {{ dig "istio" "injection" "enabled" .Values.addons.argocd }}
name: argocd
{{- end }}
diff --git a/chart/templates/gatekeeper/values.yaml b/chart/templates/gatekeeper/values.yaml
index 85d784be6cfd943b3ffc65ababf286695f685827..a534a085fb32fbcb0120de58a98b74a412830eda 100644
--- a/chart/templates/gatekeeper/values.yaml
+++ b/chart/templates/gatekeeper/values.yaml
@@ -75,6 +75,9 @@ violations: # Try to keep this in alpha order to make it easier to find keys
- mattermost/mattermost
{{- end }}
+ imageDigest:
+ enabled: false
+
namespacesHaveIstio:
enabled: {{ .Values.istio.enabled }}
diff --git a/chart/templates/istio/controlplane/values.yaml b/chart/templates/istio/controlplane/values.yaml
index dd1c230437302e7726eda60cebe43de4261e309c..a1114e04dde11bed89df3468880e8507cec11194 100644
--- a/chart/templates/istio/controlplane/values.yaml
+++ b/chart/templates/istio/controlplane/values.yaml
@@ -16,7 +16,7 @@ imagePullSecrets:
openshift: {{ .Values.openshift }}
authservice:
- enabled: {{ .Values.addons.authservice.enabled }}
+ enabled: {{ or .Values.addons.authservice.enabled .Values.monitoring.sso.enabled .Values.jaeger.sso.enabled }}
monitoring:
enabled: {{ .Values.monitoring.enabled }}
@@ -47,6 +47,8 @@ gateways:
{{ $name | nindent 2 }}:
selector:
app: {{ $values.ingressGateway }}
+ autoHttpRedirect:
+ enabled: {{ dig "autoHttpRedirect" "enabled" "true" $values }}
servers:
- hosts:
{{ tpl ($values.hosts | default (list) | toYaml) $ | nindent 8 }}
diff --git a/chart/templates/jaeger/values.yaml b/chart/templates/jaeger/values.yaml
index 89614c0d32059dac388579a10a57e7b980f21cb4..22e283fadf56517498775251c8f962adc8e0a3af 100644
--- a/chart/templates/jaeger/values.yaml
+++ b/chart/templates/jaeger/values.yaml
@@ -21,6 +21,10 @@ monitoring:
enabled: {{ .Values.monitoring.enabled }}
elasticsearch:
enabled: {{ .Values.logging.enabled }}
+
+sso:
+ enabled: {{ .Values.jaeger.sso.enabled }}
+
{{- if .Values.jaeger.sso.enabled }}
jaeger:
spec:
@@ -42,4 +46,4 @@ networkPolicies:
{{- $gateway := default "public" .Values.jaeger.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
diff --git a/chart/templates/sonarqube/namespace.yaml b/chart/templates/sonarqube/namespace.yaml
index fee19a19c2dcd7cc51e2e84a30f838451529d578..2eab4589cb70f0d4e7fc421d208cf7fd2c0d1bb8 100644
--- a/chart/templates/sonarqube/namespace.yaml
+++ b/chart/templates/sonarqube/namespace.yaml
@@ -7,5 +7,5 @@ metadata:
app.kubernetes.io/name: sonarqube
app.kubernetes.io/component: "developer-tools"
{{- include "commonLabels" . | nindent 4}}
- istio-injection: disabled
+ istio-injection: {{ dig "istio" "injection" "enabled" .Values.addons.sonarqube }}
{{- end }}
diff --git a/chart/templates/sonarqube/values.yaml b/chart/templates/sonarqube/values.yaml
index a56faec4032fbaeb6137f5ce00085b186d6cb095..648b35bfd37e3dfb3aee6b62a45278e00979a36d 100644
--- a/chart/templates/sonarqube/values.yaml
+++ b/chart/templates/sonarqube/values.yaml
@@ -13,6 +13,7 @@ istio:
sonarqube:
gateways:
- istio-system/{{ default "public" .Values.addons.sonarqube.ingress.gateway }}
+ injection: {{ dig "istio" "injection" "enabled" .Values.addons.sonarqube }}
monitoring:
enabled: {{ .Values.monitoring.enabled }}
diff --git a/chart/values.yaml b/chart/values.yaml
index 3bc14d321003e041b7f2a6bdf569a2adeadd26ac..3cc07351e89800f6ecb986407a8adfdfde4c0b7f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -118,7 +118,7 @@ istio:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
path: "./chart"
- tag: "1.11.2-bb.0"
+ tag: "1.11.2-bb.1"
# Ingress gateways are created based on the key name. Adding more keys will add ingress gateways.
# Ingress gateways are setup in a Horizontal Pod Autoscaler with 1 to 5 replicas
@@ -148,6 +148,9 @@ istio:
ingressGateway: "public-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
+ # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+ autoHttpRedirect:
+ enabled: true
tls:
key: ""
cert: ""
@@ -155,6 +158,9 @@ istio:
# ingressGateway: "private-ingressgateway"
# hosts:
# - "*.{{ .Values.domain }}"
+ # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+ # autoHttpRedirect:
+ # enabled: true
# tls:
# key: ""
# cert: ""
@@ -162,6 +168,9 @@ istio:
# ingressGateway: "passthrough-ingressgateway"
# hosts:
# - "*.{{ .Values.domain }}"
+ # # -- Controls default HTTP/8080 server entry with HTTP to HTTPS Redirect.
+ # autoHttpRedirect:
+ # enabled: true
# tls:
# mode: "PASSTHROUGH"
@@ -197,7 +206,7 @@ jaeger:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
path: "./chart"
- tag: "2.23.0-bb.3"
+ tag: "2.23.0-bb.4"
# -- Flux reconciliation overrides specifically for the Jaeger Package
flux:
@@ -232,7 +241,7 @@ kiali:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
path: "./chart"
- tag: "1.39.0-bb.3"
+ tag: "1.40.1-bb.0"
# -- Flux reconciliation overrides specifically for the Kiali Package
flux: {}
@@ -314,7 +323,7 @@ logging:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
path: "./chart"
- tag: "0.1.21-bb.0"
+ tag: "0.1.21-bb.2"
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
@@ -354,7 +363,7 @@ eckoperator:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
path: "./chart"
- tag: "1.6.0-bb.3"
+ tag: "1.7.1-bb.0"
# -- Flux reconciliation overrides specifically for the ECK Operator Package
flux: {}
@@ -450,7 +459,7 @@ twistlock:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
path: "./chart"
- tag: "0.0.9-bb.0"
+ tag: "0.0.9-bb.1"
# -- Flux reconciliation overrides specifically for the Twistlock Package
flux: {}
@@ -476,7 +485,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
path: "./chart"
- tag: "3.6.8-bb.8"
+ tag: "3.6.8-bb.10"
# -- Flux reconciliation overrides specifically for the ArgoCD Package
flux: {}
@@ -560,7 +569,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
path: "./chart"
- tag: "4.2.3-bb.2"
+ tag: "4.2.3-bb.4"
# -- Flux reconciliation overrides specifically for the Minio Package
flux: {}
@@ -582,7 +591,7 @@ addons:
postRenderers: []
gitlab:
- # -- Toggle deployment of Gitlab.
+ # -- Toggle deployment of Gitlab
enabled: false
hostnames:
@@ -593,7 +602,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
path: "./chart"
- tag: "4.12.9-bb.6"
+ tag: "5.3.1-bb.2"
# -- Flux reconciliation overrides specifically for the Gitlab Package
flux: {}
@@ -663,12 +672,12 @@ addons:
postRenderers: []
gitlabRunner:
- # -- Toggle deployment of Gitlab Runner.
+ # -- Toggle deployment of Gitlab Runner
enabled: false
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
path: "./chart"
- tag: "0.29.0-bb.1"
+ tag: "0.33.1-bb.2"
# -- Flux reconciliation overrides specifically for the Gitlab Runner Package
flux: {}
@@ -685,7 +694,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git
path: "./chart"
- tag: "34.0.0-bb.0"
+ tag: "34.1.0-bb.0"
# -- Base64 encoded license file.
license_key: ""
@@ -744,7 +753,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
path: "./chart"
- tag: "9.6.3-bb.2"
+ tag: "9.6.3-bb.8"
# -- Flux reconciliation overrides specifically for the Sonarqube Package
flux: {}
@@ -829,7 +838,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
path: "./chart"
- tag: "1.14.7-bb.0"
+ tag: "1.14.7-bb.1"
# -- Flux reconciliation overrides specifically for the Anchore Package
flux:
@@ -1031,12 +1040,12 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
path: "./chart"
- tag: "2.23.6-bb.1"
+ tag: "2.23.6-bb.2"
# -- Flux reconciliation overrides specifically for the Velero Package
flux: {}
- # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
+ # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
plugins: []
# - aws
@@ -1059,7 +1068,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
path: "./chart"
- tag: "11.0.1-bb.7"
+ tag: "11.0.1-bb.8"
database:
# -- Hostname of a pre-existing database to use for Keycloak.
diff --git a/charter/BigBangPackages.md b/charter/BigBangPackages.md
index 854c1a2392bc82c086c17433e8fe9e0c97a108f4..ed9e502ef15e74f97683f36c7f3290c0833e8eae 100644
--- a/charter/BigBangPackages.md
+++ b/charter/BigBangPackages.md
@@ -25,7 +25,6 @@ graph TB
Thanos
end
ServiceMesh
- ArgoCD
ClusterAuditor --> LoggingECK
ClusterAuditor --> OPA(Policy Enforcement)
@@ -35,8 +34,6 @@ graph TB
Postgres
MinIO(S3 Compatible Storage)
Redis
- MySQL
- MongoDB
end
subgraph "Security"
@@ -54,8 +51,6 @@ graph TB
end
subgraph "Collaboration Tools"
- Jira --> Postgres
- Confluence --> Postgres
MatterMost --> MinIO
end
@@ -82,7 +77,6 @@ graph TB
Thanos
end
ServiceMesh
- ArgoCD
Twistlock
ClusterAuditor --> LoggingECK
@@ -90,27 +84,6 @@ graph TB
end
```
-### ArgoCD
-
-Product:
-
-* [ArgoCD](https://argoproj.github.io/argo-cd/)
-
-Repository:
-
-* [ArgoCD Repo](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd)
-
-Dependency: None
-
-Owners:
-
-* @joshwolf - Rancher Federal
-* @karchaf
-
-Understudy:
-
-* @kavitha
-
### Service Mesh
Current implementation of Service Mesh is provided by Istio. Service Mesh should be the first Package deployed to ensure other applications are operating with visibility and security.
@@ -127,15 +100,7 @@ Repository:
Dependency: None
Owners:
-
-* @runyontr - Runyon Solutions
-* @nick_tetrate - Tetrate
-
-Understudy:
-
-* Chris McGrath
-* @kavitha
-* @kenna81
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator/-/blob/main/CODEOWNERS)
### Auth Service
@@ -147,17 +112,12 @@ Product:
Repository:
-* [authservice](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/authservice)
+* [authservice](https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice)
Dependency: None
Owners:
-
-* @runyontr - Runyon Solutions
-* @nick_tetrate - Tetrate
-* @adam.toy - Rancher Federal
-
-Understudy:
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice/-/blob/main/CODEOWNERS)
### Logging
@@ -182,13 +142,9 @@ Dependencies:
* RWO StorageClass
Owners:
-
-* @kavitha
-* @ryan.j.garcia
-
-Understudy:
-
-* @evan.rush
+* [Elasticsearch-kibana CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana/-/blob/main/CODEOWNERS)
+* [Fluentbit CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit/-/blob/main/CODEOWNERS)
+* [Eck-operator CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator/-/blob/main/CODEOWNERS)
### Policy Enforcement
@@ -207,13 +163,7 @@ Dependencies: None
Owners:
-* @runyontr - Runyon Solutions
-* @karchaf - Cloud Fit Software
-
-Understudy
-
-* @agudem
-* @kavitha
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/blob/main/CODEOWNERS)
### Monitoring
@@ -233,8 +183,7 @@ Dependencies: None
Owners:
-* @lynnStill
-* @ryan.j.garcia
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring/-/blob/main/CODEOWNERS)
### Cluster Auditor
@@ -251,12 +200,7 @@ Dependencies:
Owners:
-* @runyontr - Runyon Solutions
-* @thomas.burton - iSenpai
-
-Understudy:
-
-* @kenna81
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor/-/blob/main/CODEOWNERS)
Repository:
@@ -278,8 +222,7 @@ Dependencies:
Owners:
-* @runyontr - Runyon Solutions
-* @thomas.burton - iSenpai
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock/-/blob/main/CODEOWNERS)
## Addons
@@ -319,14 +262,7 @@ Dependencies:
Owners:
-* @megamind
-* @kevin.wilder
-* @michaelmcleroy
-
-Understudy:
-
-* @agudem
-* @kenna81
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/-/blob/main/CODEOWNERS)
#### Anchore Enterprise
@@ -342,8 +278,7 @@ Dependencies:
Owners:
-* @thomas.burton - iSenpai
-* @james.peterson - Anchore
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise/-/blob/main/CODEOWNERS)
### Developer Tools
@@ -389,8 +324,7 @@ Dependencies:
Owners:
-* @ryan.j.garcia
-* @LynnStill
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/-/blob/main/CODEOWNERS)
#### GitLab Runners
@@ -410,12 +344,7 @@ Dependencies:
Owners:
-* @ryan.j.garcia
-* @LynnStill
-
-Understudies
-
-* @kevin.wilder
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/-/blob/main/CODEOWNERS)
#### Sonarqube
@@ -436,27 +365,7 @@ Dependencies:
Owners:
-* @kevin.wilder
-* @LynnStill
-
-#### Fortify
-
-Fortify provides code
-
-Product:
-
-*
-
-Repository:
-
-* [Fortify Repo](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/fortify)
-
-Dependencies:
-
-Owners:
-
-* @kevin.wilder
-* @LynnStill
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube/-/blob/main/CODEOWNERS)
#### Nexus
@@ -471,15 +380,13 @@ Product:
Repository:
-* [Nexus](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/nexus)
+* [Nexus](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus)
Dependencies:
Owners:
-* @kevin.wilder
-* @ariel.shnitzer
-* @grant.duncklee
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/blob/main/CODEOWNERS)
### Collaboration Tools
@@ -500,7 +407,7 @@ graph TB
```
-#### Confluence
+<!-- #### Confluence
Confluence provides a centralized workspace for collaborating on documentation
@@ -542,7 +449,7 @@ Dependencies:
Owners:
* @matt.kaiser
-* @branden.cobb
+* @branden.cobb -->
#### Mattermost
@@ -562,8 +469,7 @@ Dependencies:
Owners:
-* @ryan.j.garcia
-* @kevin.wilder
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost/-/blob/main/CODEOWNERS)
### Package Utilities
@@ -606,14 +512,15 @@ Product:
* [MinIO](https://min.io/)
-Repository: TBD
+Repository:
+
+* [Minio Package](https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/)
Dependencies: None
Owners:
-* @kevin.wilder - Dark Wolf Solutions
-* @branden.cobb
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/blob/main/CODEOWNERS)
#### MySQL
@@ -657,13 +564,28 @@ Repository:
Owners:
-* @runyontr - Runyon Solutions
-* @still - Parsons
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/redis/-/blob/main/CODEOWNERS)
### Cluster Utilities
Packages that provider cluster level utility, such as RWX storage or generic backup capabilities.
+#### ArgoCD
+
+Product:
+
+* [ArgoCD](https://argoproj.github.io/argo-cd/)
+
+Repository:
+
+* [ArgoCD Repo](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd)
+
+Dependency: None
+
+Owners:
+
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd/-/blob/main/CODEOWNERS)
+
#### Velero
Velero is an open source tool to safely backup and restore, perform disaster recovery, and migrate Kubernetes cluster resources and persistent volumes
@@ -676,13 +598,16 @@ Repository:
Owners:
-* @tunde - Oteemo
-* @adam.toy - Rancher Federal
+* [CODEOWNERS](https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/blob/main/CODEOWNERS)
+
+
+### BB Technical Oversight Committee (BB TOC)
-### Sandbox
+[Process](https://repo1.dso.mil/platform-one/bbtoc/-/tree/master/process)
-The [Sandbox](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox) is an area for packages that are currently being or will be worked that do not yet meet the requirements of a supported package. Due to the fluidity of sandbox apps, they are not tracked in the charter.
+#### BB TOC Repos
+[Graduated](https://repo1.dso.mil/platform-one/big-bang/apps/graduated)
-Note, this is _not_ a place where packages go to die. If a package is abandoned for whatever reason it will be archived.
+[Incubating](https://repo1.dso.mil/platform-one/big-bang/apps/incubating)
-To graduate from a sandbox package, it must meet the requirements outlined in this charter.
+[Sandbox](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox)
\ No newline at end of file
diff --git a/charter/NewPackageRequests.md b/charter/NewPackageRequests.md
index d333039324ad3cfe8e25a84962718adbd355fb2b..06354cc899fc0aec34bf9727780170f0deff5fac 100644
--- a/charter/NewPackageRequests.md
+++ b/charter/NewPackageRequests.md
@@ -2,9 +2,7 @@
This is the process for adding a new package into Big Bang
-## Out-of-Tree / 3rd Party Packages
-
-### Submit New Big Bang Package Proposal to the BB Technical Oversite Committee
+## Submit New Big Bang Package Proposal to the BB Technical Oversite Committee
[BB TOC New Package Proposal](https://repo1.dso.mil/platform-one/p1toc/-/issues/new?issue%5Bassignee_id%5D=&issue%5Bmilestone_id%5D=)
@@ -12,8 +10,4 @@ A shepherd will be assigned to the project to create a repo in the [BB sandbox](
### Process
-Out-of-Tree packages packages will follow the [BBTOC process](https://repo1.dso.mil/platform-one/bbtoc/-/tree/master/process) from Sandbox -> Incubating -> Graduated
-
-## In-Tree / Big Bang Maintained Package Process
-
-In order for a package to become an "In-Tree" package (supported by Platform One), it must meet all of the requirements of a BB TOC graduated package and have an [issue](https://repo1.dso.mil/groups/platform-one/big-bang/apps/third-party/-/issues) opened to 'Recommend Package for "In-Tree" Support'. The issue will be processed through the Platform One Jedi Order and Rebel Alliance councils for a governement decision to be added as officially supported / "in-tree" add-on.
+New packages packages will follow the [BBTOC process](https://repo1.dso.mil/platform-one/bbtoc/-/tree/master/process) from Sandbox -> Incubating -> Graduated
diff --git a/charter/PackageRequirements.md b/charter/PackageRequirements.md
index d65b22de1c556964f88a0a68c3c9d9e458d18ba5..fb29c726803d82c1419217b3463dc0ba937f5436 100644
--- a/charter/PackageRequirements.md
+++ b/charter/PackageRequirements.md
@@ -24,17 +24,9 @@ Each package will work with any cluster under the following criteria.
## PR-X. Iron Bank Images
-Every Big Bang Package shall be configured to use Iron Bank images. The images used from Iron Bank __must__ be _fully_ approved and _functional_ to be in compliance with the Big Bang baseline security posture.
+Big Bang Package shall be configured to use Iron Bank images. The images used from Iron Bank __must__ be _fully_ approved and _functional_ to be in compliance with the Big Bang baseline security posture.
-Once this prerequisite is met, a package is eligible for inclusion within BigBang in accordance with [New Package Requests](NewPackageRequests.md).
-
-### Out-of-Tree Packages
-
-[Out-of-Tree Packages](https://repo1.dso.mil/platform-one/big-bang/apps/third-party) are third party packages that adhere to all the BigBang package standards. These packages are predominantly community-maintained packages; however, some packages may be jointly maintained by BigBang and community as indicated by the codeowners.
-
-### In-Tree Packages
-
-[In-Tree Packages](https://repo1.dso.mil/platform-one/big-bang/apps) are Platform One developer-supported Big Bang Core & add-ons that adhere to all the BigBang package standards. These packages have been adopted as an official Big Bang offering for key customers. As such, they are supported, updated, and maintained by team members of BigBang and are labeled with the "BigBang Supported" badge on the repository's `README.md` page, which indicates active support. That being said, BigBang reserves the right to deprecate support for these packages.
+Please see [New Package Requests](NewPackageRequests.md) and the [BBTOC process](https://repo1.dso.mil/platform-one/bbtoc/-/tree/master/process) for additional pre-requisites.
## PR-X. Packages are Helm Charts
@@ -83,7 +75,7 @@ include:
file: '/templates/package-tests.yaml'
```
-## PR-X. Dependencies must be Big Bang Package
+## PR-X. Dependencies must be a Big Bang Package
If a Package has a dependency on another Package to function, the dependency shall also be a Big Bang Package
diff --git a/docs/developer/development-environment.md b/docs/developer/development-environment.md
index 701365de22d28392ea52a4dea3cc1f23c23b4d8b..683589d5eb7abd0704927cb60d2a5ef9acfb9761 100644
--- a/docs/developer/development-environment.md
+++ b/docs/developer/development-environment.md
@@ -20,6 +20,9 @@ This page contains the manual steps to create your k3d dev environment. There is
- [Helm](https://helm.sh/docs/intro/install/)
- [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+- [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/)
+
+> For additional installtion details, see [Software Installation and Verification Commands to run from Bash](https://repo1.dso.mil/platform-one/onboarding/big-bang/engineering-cohort/-/blob/master/lab_guides/01-Preflight-Access-Checks/A-software-check.md)
## Manual Creation of a Development Environment
@@ -98,7 +101,8 @@ logout
- Install K3D on the EC2 instance
```shell
-wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | bash
+# Note: The current version of K3D uses a broken version of K3s. The 2020-08 workaround is to install K3D 4.4.7
+wget -q -O - https://raw.githubusercontent.com/rancher/k3d/main/install.sh | TAG=v4.4.7 bash
# check version
k3d version
```
diff --git a/docs/developer/scripts/README.md b/docs/developer/scripts/README.md
index f899133ffa11b3549475c0f7a0c91eb2531c89d7..afd59630cd5159b47c60ce353e407f88f03a2a89 100644
--- a/docs/developer/scripts/README.md
+++ b/docs/developer/scripts/README.md
@@ -32,8 +32,12 @@ The instance will automatically terminate in the middle of the night at 08:00 UT
```
1. Install jq
- Follow jq installation instructions for your workstation operating system.
- <https://stedolan.github.io/jq/download/>
+ Follow jq installation instructions for your workstation operating system.
+ https://stedolan.github.io/jq/download/
+
+
+1. Mac users will need to install the GNU version of the sed command.
+ https://medium.com/@bramblexu/install-gnu-sed-on-mac-os-and-set-it-as-default-7c17ef1b8f64
# Usage
@@ -54,7 +58,7 @@ k3d-dev.sh -b -p -m -d -h
# Troubleshooting
-1. If you are on a Mac insure that you have GNU sed command installed. Otherwise you will see this error
+1. If you are on a Mac insure that you have GNU sed command installed. Otherwise you will see this error and the kubeconfig will not be updated with the IP from the instance.
```
copy kubeconfig
config 100% 3019 72.9KB/s 00:00
diff --git a/docs/developer/scripts/k3d-dev.sh b/docs/developer/scripts/k3d-dev.sh
index ffb80e35c5eb0cc4ef753313154a0f8ced82585e..328d39f3dac08dda2dd138bdbf0f41257d947723 100755
--- a/docs/developer/scripts/k3d-dev.sh
+++ b/docs/developer/scripts/k3d-dev.sh
@@ -151,9 +151,12 @@ InstanceType="${InstSize}"
VolumeSize=120
# Lookup the image name to find the latest version
-echo -n Retrieving latest image ID matching ${AMIName} ...
-ImageId=$(aws ec2 describe-images --output json --no-cli-pager --filters "Name=name,Values=${AMIName}" --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" --output text)
-echo done
+# echo -n Retrieving latest image ID matching ${AMIName} ...
+# ImageId=$(aws ec2 describe-images --output json --no-cli-pager --filters "Name=name,Values=${AMIName}" --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" --output text)
+#echo done
+# Hardcode the latest image instead of searching for it to avoid unexpected changes
+echo Using AMI image id ami-84556de5
+ImageId=ami-84556de5
# Create the launch spec
echo -n Creating launch_spec.json ...
diff --git a/docs/guides/deployment_scenarios/quickstart.md b/docs/guides/deployment_scenarios/quickstart.md
index 7d583d4a0f480df41a237af46f3d486a6dad05c4..f8369f9eae8149cfd9df00a112791cca683d03f8 100644
--- a/docs/guides/deployment_scenarios/quickstart.md
+++ b/docs/guides/deployment_scenarios/quickstart.md
@@ -264,37 +264,29 @@ Note: This guide follows the DevOps best practice of left-shifting feedback on m
```shell
# [ubuntu@Ubuntu_VM:~]
- # ECK implementation of ElasticSearch needs the following or will see OOM errors
+ # Needed for ECK to run correctly without OOM errors
sudo sysctl -w vm.max_map_count=524288
+ # Alternatively can use:
+ # echo 'vm.max_map_count=524288' | sudo tee -a /etc/sysctl.d/vm-max_map_count.conf
- # SonarQube host OS pre-requisites
+ # Needed by Sonarqube
sudo sysctl -w fs.file-max=131072
+ # Alternatively can use:
+ # echo 'fs.file-max=131072' | sudo tee -a /etc/sysctl.d/fs-file-max.conf
+
+ # Also Needed by Sonarqube
ulimit -n 131072
ulimit -u 8192
- # Needed for ECK to run correctly without OOM errors
- echo 'vm.max_map_count=524288' > /etc/sysctl.d/vm-max_map_count.conf
-
- # Needed by Sonarqube
- echo 'fs.file-max=131072' > /etc/sysctl.d/fs-file-max.conf
-
# Load updated configuration
- sysctl --load
-
- # Alternative form of above 3 commands:
- # sudo sysctl -w vm.max_map_count=524288
- # sudo sysctl -w fs.file-max=131072
-
- # Needed by Sonarqube
- ulimit -n 131072
- ulimit -u 8192
+ sudo sysctl --load
- # Preload kernel modules required by istio-init, required for SELinux enforcing instances using istio-init
- modprobe xt_REDIRECT
- modprobe xt_owner
- modprobe xt_statistic
+ # Preload kernel modules, required by istio-init running on SELinux enforcing instances
+ sudo modprobe xt_REDIRECT
+ sudo modprobe xt_owner
+ sudo modprobe xt_statistic
- # Persist modules after reboots
+ # Persist kernel modules settings after reboots
printf "xt_REDIRECT\nxt_owner\nxt_statistic\n" | sudo tee -a /etc/modules
# Kubernetes requires swap disabled
@@ -413,14 +405,14 @@ cd ~
git clone https://repo1.dso.mil/platform-one/big-bang/bigbang.git
cd ~/bigbang
-# Checkout version 1.15.0 of Big Bang
-# (Pinning to specific versions is a DevOps best practice)
-git checkout tags/1.15.0
+# Checkout version 1.17.0 of Big Bang
+# (Pinning to specific version to improve reproducibility)
+git checkout tags/1.17.0
git status
```
```console
-HEAD detached at 1.15.0
+HEAD detached at 1.17.0
```
> HEAD is git speak for current context within a tree of commits
@@ -555,7 +547,7 @@ EOF
```shell
# [ubuntu@Ubuntu_VM:~]
helm upgrade --install bigbang $HOME/bigbang/chart \
- --values $HOME/bigbang/chart/ingress-certs.yaml \
+ --values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
--values $HOME/ib_creds.yaml \
--values $HOME/demo_values.yaml \
--namespace=bigbang --create-namespace
@@ -569,8 +561,8 @@ Explanation of flags used in the imperative helm install command:
`bigbang $HOME/bigbang/chart`
: bigbang is the name of the helm release that you'd see if you run `helm list -n=bigbang`. `$HOME/bigbang/chart` is a reference to the helm chart being installed.
-`--values $HOME/bigbang/chart/ingress-certs.yaml`
-: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority.
+`--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml`
+: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority. Note the URL path to the copy of the cert on master branch is used instead of `$HOME/bigbang/chart/ingress-certs.yaml`, because the Let's Encrypt certs expire after 3 months, and if you deploy a tagged release of BigBang, like 1.15.0, the version of the cert stored in the tagged git commit / release of Big Bang could be expired. Referencing the master branches copy via URL ensures you receive the latest version of the cert, which won't be expired.
`--namespace=bigbang --create-namespace`
: Means it will install the bigbang helm chart in the bigbang namespace and create the namespace if it doesn't exist.
@@ -626,18 +618,18 @@ Explanation of flags used in the imperative helm install command:
* `helm list -n=bigbang` should also show STATUS deployed
```console
- NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
- bigbang bigbang 1 2021-08-31 16:50:39.336392871 +0000 UTC deployed bigbang-1.15.0
- eck-operator-eck-operator eck-operator 1 2021-08-31 16:21:12.546012077 +0000 UTC deployed eck-operator-1.6.0-bb.2 1.6.0
- gatekeeper-system-gatekeeper gatekeeper-system 1 2021-08-31 16:21:13.146595333 +0000 UTC deployed gatekeeper-3.5.1-bb.16 v3.5.1
- istio-operator-istio-operator istio-operator 1 2021-08-31 16:21:12.726676226 +0000 UTC deployed istio-operator-1.9.7-bb.1
- istio-system-istio istio-system 1 2021-08-31 16:44:07.776386128 +0000 UTC deployed istio-1.9.7-bb.0
- jaeger-jaeger jaeger 1 2021-08-31 16:25:17.733322853 +0000 UTC deployed jaeger-operator-2.23.0-bb.1 1.24.0
- kiali-kiali kiali 1 2021-08-31 16:25:14.314905637 +0000 UTC deployed kiali-operator-1.37.0-bb.3 1.37.0
- logging-cluster-auditor logging 1 2021-08-31 16:25:33.628134776 +0000 UTC deployed cluster-auditor-0.3.0-bb.6 1.16.0
- logging-ek logging 1 2021-08-31 16:22:12.609559643 +0000 UTC deployed logging-0.1.20-bb.0 7.13.4
- logging-fluent-bit logging 1 2021-08-31 16:22:41.467862784 +0000 UTC deployed fluent-bit-0.16.1-bb.0 1.8.1
- monitoring-monitoring monitoring 1 2021-08-31 16:22:26.03075708 +0000 UTC deployed kube-prometheus-stack-14.0.0-bb.8 0.46.0
+ NAME NAMESPACE REVISION UPDATED STATUS CHART APP VERSION
+ bigbang bigbang 1 2021-10-07 19:16:13.990755769 +0000 UTC deployed bigbang-1.17.0
+ eck-operator-eck-operator eck-operator 1 2021-10-07 19:16:18.300583454 +0000 UTC deployed eck-operator-1.6.0-bb.2 1.6.0
+ gatekeeper-system-gatekeeper gatekeeper-system 1 2021-10-07 19:16:20.783813062 +0000 UTC deployed gatekeeper-3.5.2-bb.1 v3.5.2
+ istio-operator-istio-operator istio-operator 1 2021-10-07 19:16:20.564511742 +0000 UTC deployed istio-operator-1.10.4-bb.1
+ istio-system-istio istio-system 1 2021-10-07 19:17:18.267592579 +0000 UTC deployed istio-1.10.4-bb.3
+ jaeger-jaeger jaeger 1 2021-10-07 19:29:15.866513597 +0000 UTC deployed jaeger-operator-2.23.0-bb.2 1.24.0
+ kiali-kiali kiali 1 2021-10-07 19:29:14.362710144 +0000 UTC deployed kiali-operator-1.39.0-bb.2 1.39.0
+ logging-cluster-auditor logging 1 2021-10-07 19:20:55.145508137 +0000 UTC deployed cluster-auditor-0.3.0-bb.7 1.16.0
+ logging-ek logging 1 2021-10-07 19:17:50.022767703 +0000 UTC deployed logging-0.1.21-bb.0 7.13.4
+ logging-fluent-bit logging 1 2021-10-07 19:29:42.290601582 +0000 UTC deployed fluent-bit-0.16.6-bb.0 1.8.6
+ monitoring-monitoring monitoring 1 2021-10-07 19:18:02.816162712 +0000 UTC deployed kube-prometheus-stack-14.0.0-bb.10 0.46.0
```
## Step 12: Edit your workstation's Hosts file to access the web pages hosted on the Big Bang Cluster
@@ -706,7 +698,7 @@ addons:
EOF
helm upgrade --install bigbang $HOME/bigbang/chart \
---values $HOME/bigbang/chart/ingress-certs.yaml \
+--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
--values $HOME/ib_creds.yaml \
--values $HOME/demo_values.yaml \
--values $HOME/tinkering.yaml \
diff --git a/scripts/package/synker.yaml b/scripts/package/synker.yaml
index 8f6e4f879d0e3a7e5763431d5f704a6bf85e1d52..30dce23cd8124b21e52b7dec60c42f44af874cab 100644
--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -48,7 +48,7 @@ source:
# - registry.il2.dso.mil/platform-one/devops/pipeline-templates/pipeline-job/dependency-check616-sonar-scanner45-dotnet-31:052421
# gitlab-runner-helper image: This image does not get captured from the release deployment
# the gitlab-runner-helper image only gets pulled when a pipeline runs. So it must be listed here
- - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v13.12.0
+ - registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v14.3.1
# Explicitly add Keycloak image because Keycloak is not enabled in pipelines so the image does not get pulled
- registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib:14.0.0-1.0.4-1
# Don't include until fortify is supported
diff --git a/tests/ci/k3d/deploy_k3d.sh b/tests/ci/k3d/deploy_k3d.sh
index eb184a964fde09a8e943f913fddf3e5eb2452638..123880c6f13dfef3d8e3d4224b9d9a1d5628b948 100644
--- a/tests/ci/k3d/deploy_k3d.sh
+++ b/tests/ci/k3d/deploy_k3d.sh
@@ -2,6 +2,7 @@
set -ex
trap 'echo exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
+docker login -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
# if keycloak label or all packages label add deploy k3d without loadbalancer so metallb can be used
if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" || $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/disable-servicelb-config.yaml --network ${CI_JOB_ID}
diff --git a/tests/ci/k3d/values.yaml b/tests/ci/k3d/values.yaml
index 8695cdaa670bed10b25250d5c9fc62a0ecb3075a..ac262bda1f853f9cc6bb415c57d511c0e2d5aa56 100644
--- a/tests/ci/k3d/values.yaml
+++ b/tests/ci/k3d/values.yaml
@@ -37,9 +37,7 @@ logging:
kibana:
count: 1
bbtests:
- # TODO: Connection refused on the script test currently
- # https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana/-/issues/39
- enabled: false
+ enabled: true
cypress:
artifacts: true
envs:
@@ -690,9 +688,10 @@ addons:
fsGroup: 1001
bbtests:
- # TODO: Seems like a timing issue with BB CI
+ # There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
- enabled: false
+ # This issue can be reopened if problems reappear.
+ enabled: true
cypress:
artifacts: true
envs:
@@ -785,9 +784,7 @@ addons:
cpu: 100m
memory: 1500Mi
bbtests:
- # TODO: Disabled pending resolution of "timing?" issues
- # https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus/-/issues/9
- enabled: false
+ enabled: true
cypress:
artifacts: true
envs:
@@ -871,9 +868,59 @@ addons:
memory: 16Mi
limits: {}
bbtests:
- # TODO: Keycloak in CI not supported yet
- enabled: false
+ enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://keycloak.bigbang.dev"
+ cypress_username: "admin"
+ cypress_password: "password"
+ # Custom dev secret configuration
+ secrets:
+ env:
+ stringData:
+ CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
+ KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
+ X509_CA_BUNDLE: /etc/x509/https/cas.pem
+ certauthority:
+ stringData:
+ cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
+ customreg:
+ stringData:
+ customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
+ realm:
+ stringData:
+ realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
+ extraVolumes: |-
+ - name: certauthority
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-certauthority
+ - name: customreg
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-customreg
+ - name: realm
+ secret:
+ secretName: {{ include "keycloak.fullname" . }}-realm
+ extraVolumeMounts: |-
+ - name: certauthority
+ mountPath: /etc/x509/https/cas.pem
+ subPath: cas.pem
+ readOnly: true
+ - name: customreg
+ mountPath: /opt/jboss/keycloak/customreg.yaml
+ subPath: customreg.yaml
+ readOnly: true
+ - name: realm
+ mountPath: /opt/jboss/keycloak/realm.json
+ subPath: realm.json
+ readOnly: true
+
+ extraVolumeMountsBigBang:
+ - name: tlscert
+ mountPath: /etc/x509/https/tls.crt
+ subPath: tls.crt
+ readOnly: true
+ - name: tlskey
+ mountPath: /etc/x509/https/tls.key
+ subPath: tls.key
+ readOnly: true
diff --git a/tests/deploy/01_deploy_bigbang.sh b/tests/deploy/01_deploy_bigbang.sh
index 9ff17762c9ff29a8d6079b5e24cc0da634aff8f7..15949199039eace692a717355692a06111b01afe 100755
--- a/tests/deploy/01_deploy_bigbang.sh
+++ b/tests/deploy/01_deploy_bigbang.sh
@@ -6,7 +6,6 @@ trap 'echo exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
echo "all-packages label enabled, or on default branch or tag, enabling all addons"
yq e ".addons.*.enabled = "true"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
- yq e ".addons.nexus.enabled = "false"" $CI_VALUES_FILE > tmpfile && mv tmpfile $CI_VALUES_FILE
else
IFS=","
for package in $CI_MERGE_REQUEST_LABELS; do
@@ -38,6 +37,9 @@ helm upgrade -i bigbang chart -n bigbang --create-namespace \
--set registryCredentials[0].username='robot$bb-dev-imagepullonly' \
--set registryCredentials[0].password="${REGISTRY1_PASSWORD}" \
--set registryCredentials[0].registry=registry1.dso.mil \
+ --set registryCredentials[1].username="${DOCKER_USER}" \
+ --set registryCredentials[1].password="${DOCKER_PASSWORD}" \
+ --set registryCredentials[1].registry=docker.io \
-f ${CI_VALUES_FILE}
# apply secrets kustomization pointing to current branch or master if an upgrade job
diff --git a/tests/deploy/02_wait_for_helmreleases.sh b/tests/deploy/02_wait_for_helmreleases.sh
index 1c16c0a0df65de77e7772ae69d1f0143bacd59e9..5f2dfd9e547e69a4bcf5c8fd1fa421cb38487dba 100755
--- a/tests/deploy/02_wait_for_helmreleases.sh
+++ b/tests/deploy/02_wait_for_helmreleases.sh
@@ -163,7 +163,7 @@ function wait_crd(){
## Append all add-ons to hr list if "all-packages" or default branch/tag. Else, add specific ci labels to hr list.
HELMRELEASES=(${CORE_HELMRELEASES[@]})
if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
- HELMRELEASES+=(${ADD_ON_HELMRELEASES[@]/"nexus-repository-manager"})
+ HELMRELEASES+=(${ADD_ON_HELMRELEASES[@]})
echo "All helmreleases enabled: all-packages label enabled, or on default branch or tag."
elif [[ ! -z "$CI_MERGE_REQUEST_LABELS" ]]; then
IFS=","