Merge branch 'master' into mattermost-instance

cdfa2e8f · Micah Nagel · dc296ca9 · 033af4ff · cdfa2e8f · cdfa2e8f
Commit cdfa2e8f authored 4 years ago by Micah Nagel
--- a/chart/templates/istio/controlplane/istio-controlplane-helmrelease.yaml
+++ b/chart/templates/istio/controlplane/istio-controlplane-helmrelease.yaml
@@ -47,6 +47,7 @@ spec:

    imagePullSecrets:
      - private-registry
+    openshift: {{ .Values.openshift }}

 {{- if .Values.istio.sso.enabled }}
    ingress:

--- a/chart/templates/istio/controlplane/namespace.yaml
+++ b/chart/templates/istio/controlplane/namespace.yaml
@@ -21,6 +21,17 @@ metadata:
 type: kubernetes.io/dockerconfigjson
 data:
  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- if .Values.openshift }}
+---
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: kube-system
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
 {{- end }}
 ---
 {{- if and .Values.istio.ingress.key .Values.istio.ingress.cert }}

--- a/chart/templates/logging/fluentbit/fluentbit-helmrelease.yaml
+++ b/chart/templates/logging/fluentbit/fluentbit-helmrelease.yaml
@@ -48,6 +48,11 @@ spec:

    imagePullSecrets:
      - name: private-registry
+    {{- if .Values.openshift }}
+    podSecurityContext:
+      seLinuxOptions:
+        type: "spc_t"
+    {{- end }}

  {{/* ECK and Logging _always_ depend on .Values.logging being enabled, so can assume they exist here */}}
  dependsOn:

--- a/chart/templates/monitoring/monitoring-helmrelease.yaml
+++ b/chart/templates/monitoring/monitoring-helmrelease.yaml
@@ -90,6 +90,11 @@ spec:
      serviceAccount:
        imagePullSecrets:
        - name: private-registry
+      {{- if .Values.openshift }}
+      service: 
+        targetPort: 9102
+        port: 9102
+      {{- end }}
    kube-state-metrics:
      imagePullSecrets:
      - name: private-registry

--- a/chart/templates/twistlock/twistlock-helmrelease.yaml
+++ b/chart/templates/twistlock/twistlock-helmrelease.yaml
@@ -42,11 +42,12 @@ spec:
    valuesKey: "twistlock.yaml"

  values:
-    console:
-      hostname: {{ .Values.hostname }}
+    hostname: {{ .Values.hostname }}
    prometheus:
      servicemonitor:
        enabled: {{ .Values.monitoring.enabled }}
+    imagePullSecrets:
+    - name: private-registry
    istio:
      enabled: {{ .Values.istio.enabled }}
  # TODO: DRY this up
@@ -65,4 +66,4 @@ spec:
      namespace: {{ .Release.Namespace }}
    {{- end }}
  {{- end }}
-{{- end }}
\ No newline at end of file
+{{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -24,6 +24,9 @@ registryCredentials:
 #    password: ""
 #    email: ""

+# Openshift Container Platform Feature Toggle
+openshift: false
+
 # -- Git credential settings for accessing private repositories
 # Order of precedence is:
 #   1. existingSecret
@@ -85,7 +88,7 @@ istio:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
    path: "./chart"
-    tag: "1.7.3-bb.7"
+    tag: "1.7.3-bb.8"

  # -- Certificate/Key pair to use as the default certificate for exposing BigBang created applications.
  # If nothing is provided, applications will expect a valid tls secret to exist in the `istio-system` namespace called `wildcard-cert`.
@@ -258,7 +261,7 @@ twistlock:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
    path: "./chart"
-    tag: "0.0.2-bb.1"
+    tag: "0.0.3-bb.0"

  # -- Values to passthrough to the twistlock chart: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
  values: {}
@@ -297,7 +300,7 @@ addons:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
      path: "./chart"
-      tag: "2.9.5-bb.4"
+      tag: "2.14.7-bb.0"
    sso:
      # -- Toggle SSO for ArgoCD on and off
      enabled: false

--- a/docs/c_development.md
+++ b/docs/c_development.md
@@ -370,10 +370,10 @@ kubectl apply -f tests/ci/shared-secrets.yaml

 ```bash
 # Helm install BigBang
-helm upgrade -i bigbang chart -n bigbang --create-namespace --set registryCredentials.username='<your user>' --set registryCredentials.password=<your cli key> -f my-values.yaml
+helm upgrade -i bigbang chart -n bigbang --create-namespace --set registryCredentials.username='<your user>' --set registryCredentials.password=<your cli key> -f my-values.yaml -f chart/ingress-certs.yaml
 ```

- You can now modify your local `/etc/hosts` file to allow for local name resolution. On Windows, this file is located at `$env:windir\System32\drivers\etc\hosts`
+- You can now modify your local `/etc/hosts` file to allow for local name resolution. On Windows, this file is located at `$env:windir\System32\drivers\etc\hosts`. Add additional hostnames as you enable different UIs, replacing <X.X.X.X> with your Amazon EC2 instance IP (all host entries will point to the same IP and Istio will route based on the hostname).

 ```HOSTS
 <X.X.X.X>     kibana.bigbang.dev

--- a/scripts/lint_changelog.sh
+++ b/scripts/lint_changelog.sh
@@ -2,9 +2,10 @@

 # diff the file silently, while still printing errors
 git diff --exit-code origin/${CI_DEFAULT_BRANCH}:${CHANGELOG_FILE} ${CHANGELOG_FILE} >/dev/null
+differr=$?

 # exit code of 0 indicates non changed file
-if [ $? -eq 0 ]; then
+if [ $differr -eq 0 ]; then
  echo "No changes were detected in ${CHANGELOG_FILE}, please update this file"
  exit 1
 fi
@@ -12,7 +13,7 @@ fi
 # exit code other than 0 and 1 is an error
 # IE - different file names between branches
 # check for this and fail accordingly
-if [ $? -ne 1 ]; then
+if [ $differr -ne 1 ]; then
  echo "Error: An unknown error has occurred while linting ${CHANGELOG_FILE}"
  exit 1
 fi