UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • big-bang/bigbang
  • joshwolf/umbrella
  • 90-cos/iac/bigbang
  • cbrechbuhl/bigbang
  • runyontr/bigbang-core
  • snekcode/bigbang
  • michael.mendez/bigbang
  • daniel.dides/bigbang
  • ryan.j.garcia/rjgbigbang
  • nicole.dupree/bigbang
10 results
Show changes
Commits on Source (10)
Hide whitespace changes
Inline Side-by-side
CODEOWNERS
View file @ 34fa81b1
[Project Managers]
# protect individual files in the root directory such as the CODEOWNERS file
/* @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
# Recursive protection for directories
/.gitlab-ci/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/.gitlab/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/base/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/chart/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/charter/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/scripts/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/tests/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
/docs/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb @joshwolf
[Project Maintainers]
* @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb
[Docs Owners]
# Allow any one of the listed codeowners to approve merges to the documentation
# Does not allow the creator of the merge request to be the approver.
/docs/ @brandencobb @cmcgrath @echuang @evan.rush @jasonkrause @joshwolf @kenna81 @kevin.wilder @LynnStill @micah.nagel @michaelmartin @michaelmcleroy @rkernick @runyontr @ryan.j.garcia @shouseba @toladipupo @tsiddique1 @ronwebb @ryan.thompson.44 @gabe
/docs/ @brandencobb @cmcgrath @echuang @evan.rush @jasonkrause @kenna81 @kevin.wilder @LynnStill @micah.nagel @michaelmartin @michaelmcleroy @runyontr @ryan.j.garcia @toladipupo @ronwebb @ryan.thompson.44 @gabe @razzle @lucas.rodriguez
################################################
# The following entries are for optional approval.
# They are only included to document contacts and have no impact on approval requirements
################################################
^[Kustomize Base Owners]
base/ @michaelmcleroy @micah.nagel @ryan.j.garcia @brandencobb
^[CI Owners]
.gitlab-ci/ @toladipupo @brandencobb @evan.rush
tests/ @toladipupo @brandencobb @evan.rush
^[Hack Owners]
scripts/ @toladipupo @michaelmcleroy
^[Charter Owners]
charter/ @gabe @micah.nagel @michaelmcleroy @ryan.thompson.44 @runyontr @ryan.j.garcia @brandencobb
^[Istio, Istio Operator, and Authservice]
chart/Chart.yaml @joshwolf @michaelmcleroy @micah.nagel @runyontr @ryan.j.garcia @stas
chart/values.yaml @joshwolf @michaelmcleroy @micah.nagel @runyontr @ryan.j.garcia @stas
chart/templates/authservice @joshwolf @michaelmcleroy @micah.nagel @runyontr @ryan.j.garcia @stas
chart/templates/istio @joshwolf @michaelmcleroy @micah.nagel @runyontr @ryan.j.garcia @stas
^[HAProxy]
chart/Chart.yaml @blloyd @runyontr @ryan.j.garcia
chart/values.yaml @blloyd @runyontr @ryan.j.garcia
chart/templates/haproxy @blloyd @runyontr @ryan.j.garcia
^[Anchore]
chart/Chart.yaml @trkdashin @micah.nagel @jasonkrause
chart/values.yaml @trkdashin @micah.nagel @jasonkrause
chart/templates/anchore @trkdashin @micah.nagel @jasonkrause
^[ArgoCD]
chart/Chart.yaml @matthew.kaiser @brandencobb @evan.rush
chart/values.yaml @matthew.kaiser @brandencobb @evan.rush
chart/templates/argocd @matthew.kaiser @brandencobb @evan.rush
^[Cluster Auditor] @echuang @toladipupo @michaelmcleroy
chart/Chart.yaml @echuang @toladipupo @michaelmcleroy
chart/values.yaml @echuang @toladipupo @michaelmcleroy
chart/templates/clusterauditor @echuang @toladipupo @michaelmcleroy
^[Gatekeeper]
chart/Chart.yaml @echuang @toladipupo @michaelmcleroy
chart/values.yaml @echuang @toladipupo @michaelmcleroy
chart/templates/gatekeeper @echuang @toladipupo @michaelmcleroy
^[Jaeger]
chart/Chart.yaml @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
chart/values.yaml @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
chart/templates/jaegar @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
^[Monitoring]
chart/Chart.yaml @lynnstill @ryan.j.garcia @michaelmartin
chart/values.yaml @lynnstill @ryan.j.garcia @michaelmartin
chart/templates/monitoring @lynnstill @ryan.j.garcia @michaelmartin
^[Twistlock]
chart/Chart.yaml @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
chart/values.yaml @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
chart/templates/twistlock @thomas.burton @ryan.j.garcia @runyontr @micah.nagel
^[Sonarqube]
chart/Chart.yaml @kevin.wilder @lynnstill @brandencobb
chart/values.yaml @kevin.wilder @lynnstill @brandencobb
chart/templates/sonarqube @kevin.wilder @lynnstill @brandencobb
^[Gitlab and Gitlab Runners]
chart/Chart.yaml @lynnstill @ryan.j.garcia @kevin.wilder
chart/values.yaml @lynnstill @ryan.j.garcia @kevin.wilder
chart/templates/gitlab @lynnstill @ryan.j.garcia @kevin.wilder
^[KeyCloak]
chart/Chart.yaml @kevin.wilder @michaelmcleroy @zacw
chart/values.yaml @kevin.wilder @michaelmcleroy @zacw
chart/templates/keycloak @kevin.wilder @michaelmcleroy @zacw
^[Kiali]
chart/Chart.yaml @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
chart/values.yaml @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
chart/templates/kiali @runyontr @joshwolf @michaelmcleroy @micah.nagel @ryan.j.garcia
^[Mattermost (and operator)]
chart/Chart.yaml @micah.nagel @brandencobb @jasonkrause
chart/values.yaml @micah.nagel @brandencobb @jasonkrause
chart/templates/mattermost @micah.nagel @brandencobb @jasonkrause
^[Minio (and operator)]
chart/Chart.yaml @LynnStill @kevin.wilder @brandencobb
chart/values.yaml @LynnStill @kevin.wilder @brandencobb
chart/templates/minio @LynnStill @kevin.wilder @brandencobb
^[Nexus]
chart/Chart.yaml @kevin.wilder @ariel.shnitzer @grant.duncklee
chart/values.yaml @kevin.wilder @ariel.shnitzer @grant.duncklee
chart/templates/nexus @kevin.wilder @ariel.shnitzer @grant.duncklee
^[Velero]
chart/Chart.yaml @tunde @adam.toy @micah.nagel @toladipupo
chart/values.yaml @tunde @adam.toy @micah.nagel @toladipupo
chart/templates/velero @tunde @adam.toy @micah.nagel @toladipupo
^[fluentbit]
chart/Chart.yaml @ryan.j.garcia @echuang
chart/values.yaml @ryan.j.garcia @echuang
chart/templates/fluentbit @ryan.j.garcia @echuang
^[eck-operator]
chart/Chart.yaml @ryan.j.garcia @evan.rush @toladipupo
chart/values.yaml @ryan.j.garcia @evan.rush @toladipupo
chart/templates/eck-operator @ryan.j.garcia @evan.rush @toladipupo
^[elasticsearch-kibana]
chart/Chart.yaml @ryan.j.garcia @evan.rush @ronwebb
chart/values.yaml @ryan.j.garcia @evan.rush @ronwebb
chart/templates/elasticsearch-kibana @ryan.j.garcia @evan.rush @ronwebb
chart/ingress-certs.yaml
View file @ 34fa81b1
......@@ -248,3 +248,127 @@ addons:
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
vault:
ingress:
key: |
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDTogvrzocgDZcc
+F2+e4Vk46tuGr2tyAlVdMOiF2iRxhME5AIrPZaRURA2CudHXCpRpQvOkqMN8epN
cYKgaZltjBz8vGeCyTI4266jEICBrAMaFvpm7RVDjn6yywMhQS1aIeHUlPGYqOJO
iiA/h/QNdskupUdLk0rdmqUmaZM8JBS2nauFtqo0hEHx2qaCnmqgbSjH4JcHRAZy
siz78OTO+8zC5ZoeMs5NrF8QvydSKtmEqJkVcgovDWGQsiMtqi46HngCMRw24jB5
dKo3lSNlLmoBtC5X2gt528hgzy8fCseVGry3WGbTtR5qKHKI0cyPPBI1++UwyP8X
dObst2MjAgMBAAECggEADrz2P5G+b0kDAQ162c0YWRJR2fUayINpwv3CsgMXUS+O
G4UVcZV0auJOUrUnrhyJBe6Mh/JGUK5MNuB0zF8OREbBrggg3UbNrI//9XMsv9sO
zD5Vad2Q4YeG40SoDyTO17wMUhWdTZhVSkrsPABnypg/InR4Jpc3W39tiONJUaLB
LhgICRAk5MdvLYsGkjebOPKGx2sy4oHvTZ4HRr9z0h+jGIUpFhTc/ED/A+JoMg0f
pQEpgJahj5r1Gn8morAN8XJdeNQkpC75o8yFgdy3awYBuf9ZqhURhircMaxr3INs
cdpMtdEAy0wKexqEzQPuLrH9hX1y/8iXVe8SggcqwQKBgQDw/7u12dk1gFnueAO5
hEii3HaT6GsYaB7VH03mnTy050u0ZgtzxVZmPHN8cKgqT2HgKz83f+RfQEx1PC87
H96hFA/2dcufrP0BFU3k68kvnwM5KAWHfzJ1PmTQaIZ+h4Yo9isJ8wuoqPW8pqSP
CREJeSb07ZtcTCPs1fbC5Z9f2QKBgQDgzl98AR0Qz0uI0eQoJ/Hben91k7y2nfo8
yyCw5kqXeRtF5l+OfqtSsKJgqzpu9l76k3oRY0nJ/m4Xxnlrbawa3OWCCtjzqG4r
a+IKtySBI2ypyFiDw9wcOIbEHJizrjgOu0bVFoukkpTgk+TRzOS0lGParPM94t90
nDmvS+E5WwKBgEE2kk7FIlet4af75dYfi6A2VAf2DnTOR/mXvPa4eaLiK8QnENZF
AfosRXvY6Eh6rpuAWFzmSJ/VwFrA7G7tUsr3qNIiUfVlVBkk8K0PeKNgPfkLcWOW
8cp0FcenYS1/8rfG1SKeF/uNrOFdno3uACQ2GmqQmUfCer4tr9ZRWG0RAoGBANuB
p0p16+OWBbM6/wUWu9oK6pnr/8Bw0P67eNhChWMSJcdDAtsoZDEBuAucJhpjBqq1
heOkh1Bs1yLv8W8sT3iLaK5p2R1RwQE0/ipoWYSfCmNd9M/0VuBXcX/cTF5mJuZ7
htZahU/UsPn4bt1Mq6SHoFjNt1UeSgKa6Nh5xxkxAoGAX6uh2vUleUPeKNhYQigB
l9zlDpbtCpwfMds189HQufpVUsunP4183pE3PuGcO5NcUPsnFPJx/9CLbDeznAUT
ZSiedu5LBQD9enuns5qja1JCLTczx4h9J4VC5dta2LwJEKdl3JFV0TtRLZem4vkw
PMvLLr/bq/3meBHUPHFCbVI=
-----END PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
MIIFHzCCBAegAwIBAgISBJmTT+NKxDDIk28TBZXhUpGNMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMjAzMTUwODE1MDhaFw0yMjA2MTMwODE1MDdaMBgxFjAUBgNVBAMM
DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT
ogvrzocgDZcc+F2+e4Vk46tuGr2tyAlVdMOiF2iRxhME5AIrPZaRURA2CudHXCpR
pQvOkqMN8epNcYKgaZltjBz8vGeCyTI4266jEICBrAMaFvpm7RVDjn6yywMhQS1a
IeHUlPGYqOJOiiA/h/QNdskupUdLk0rdmqUmaZM8JBS2nauFtqo0hEHx2qaCnmqg
bSjH4JcHRAZysiz78OTO+8zC5ZoeMs5NrF8QvydSKtmEqJkVcgovDWGQsiMtqi46
HngCMRw24jB5dKo3lSNlLmoBtC5X2gt528hgzy8fCseVGry3WGbTtR5qKHKI0cyP
PBI1++UwyP8XdObst2MjAgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD
VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
BBYEFN/T49HKcfymGwkOFTz8OtpDJucYMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQApeb7wnjk5IfBWc59j
pXflvld9nGAK+PlNXSZcJV3HhAAAAX+M3BZDAAAEAwBGMEQCIAsLQZOU6ueANq2a
niam7DByhSTeKIpA04WtNSyQaoEFAiAnJGI1Qq7UVL2ziBJeSmqTXNmVr8btxNc7
T0MGQdJPyAB2AG9Tdqwx8DEZ2JkApFEV/3cVHBHZAsEAKQaNsgiaN9kTAAABf4zc
F38AAAQDAEcwRQIgYO4X4fqQ8FXKsaz2epETaqeyaU8GGvN9lalfCSZf52ACIQDl
u0lDRylGA4pZdFFBHQ66stYfxYPRflXZEFgyqvkEdDANBgkqhkiG9w0BAQsFAAOC
AQEAoliSWhVEs8W2VBCR5dLB8v82tRC8xDuYEMVUlcQBe5uMA+8iHYJb9z+Af6IB
59LF30e1qfZ8Mo8uBajxMlm7aH6065sTRIfIYrrikPYdSBP+KkE8KXdHygjWjvnd
eIQKP99HCQTy+WIFddNAp6c3cJUCMEdmbLVbM+cqK9XTAeCWfH54IrCOTK1FJluu
sAKAJtcaL3oqAaFDnrZRJ7E4d5XltDDhPRJ/Hh4wu0YfOdRdFuAo6noHtvy5M/So
hgGZkBFqgoXhLqNxT2RHqGuK1MxPRQSZQ82/PkClu+XtMYDbRDCZWY1up8pCtyvg
YMtfEJbrfBOmH+uA6dgwhJ8sBw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
nLRbwHOoq7hHwg==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
-----END CERTIFICATE-----
chart/templates/jaeger/values.yaml
View file @ 34fa81b1
......@@ -78,4 +78,11 @@ networkPolicies:
{{- $gateway := default "public" .Values.jaeger.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
webhookCertGen:
image:
pullPolicy: {{ .Values.imagePullPolicy }}
cleanupProxy:
image:
pullPolicy: {{ .Values.imagePullPolicy }}
{{- end -}}
chart/templates/vault/values.yaml
View file @ 34fa81b1
......@@ -36,6 +36,18 @@ server:
{{- end }}
image:
pullPolicy: {{ .Values.imagePullPolicy }}
{{- if and .Values.addons.vault.ingress.cert .Values.addons.vault.ingress.key }}
{{- if eq .Values.addons.vault.ingress.gateway "passthrough" }}
volumes:
- name: tls
secret:
secretName: vault-tls
volumeMounts:
- name: tls
mountPath: "/vault/tls"
readOnly: true
{{- end }}
{{- end }}
csi:
image:
......@@ -56,7 +68,12 @@ istio:
vault:
gateways:
- istio-system/{{ default "public" .Values.addons.vault.ingress.gateway }}
{{- if and .Values.addons.vault.ingress.cert .Values.addons.vault.ingress.key }}
tls:
cert: {{ .Values.addons.vault.ingress.cert | quote }}
key: {{ .Values.addons.vault.ingress.key | quote }}
{{- end }}
minio:
{{- if .Values.istio.enabled }}
annotations:
......
chart/values.yaml
View file @ 34fa81b1
......@@ -296,7 +296,7 @@ kiali:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git
path: "./chart"
tag: "1.47.0-bb.4"
tag: "1.47.0-bb.5"
# -- Flux reconciliation overrides specifically for the Kiali Package
flux: {}
......@@ -1262,7 +1262,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
path: "./chart"
tag: "17.0.1-bb.4"
tag: "18.0.0-bb.1"
database:
# -- Hostname of a pre-existing database to use for Keycloak.
......@@ -1308,7 +1308,7 @@ addons:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
path: "./chart"
tag: "0.19.0-bb.6"
tag: "0.19.0-bb.7"
# -- Flux reconciliation overrides specifically for the Vault Package
flux: {}
......@@ -1316,6 +1316,10 @@ addons:
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
gateway: ""
# -- Certificate/Key pair to use as the certificate for exposing Vault
# Setting the ingress cert here will automatically create the volume and volumemounts in the Vault package chart
key: ""
cert: ""
# -- Values to passthrough to the vault chart: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git
values: {}
......
docs/production.md
View file @ 34fa81b1
......@@ -169,3 +169,137 @@ At a minimum an operational deployment of Gitlab should export and save the gitl
kubectl get secret/gitlab-rails-secret -n gitlab -o yaml > cya.yaml
```
## Vault
This section provides suggested settings for Vault operational/production environments. Vault is a large complicated application and has many options that cannot adequately be covered here. Vault has significant security risks if not properly configured and administrated. Please consult the upstream [Vault documentation](https://learn.hashicorp.com/tutorials/vault/kubernetes-raft-deployment-guide?in=vault/kubernetes#configure-vault-helm-chart) as the ultimate authority. The following is an example operational/production config using a passthrough istio ingress gateway, high availability, auto-unseal, and raft for distributed filesystem persistence. Consult the BigBang Vault Package helm repo [/docs/production-ha.md](https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault/-/blob/main/docs/production-ha.md) for more information.
```yaml
istio:
enabled: true
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
# nodePortBase: 30200
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
addons:
vault:
enabled: true
ingress:
gateway: "passthrough"
# provide the Vault TLS cert and key. BigBang will create the secret and volumemount for you
# Leave blank to create your own secret and provide values for your own volume and volumemount
key: |
-----BEGIN PRIVATE KEY-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END PRIVATE KEY-----
cert: |
-----BEGIN CERTIFICATE-----
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-----END CERTIFICATE-----
values:
# disable autoInit. It should not be used for operations.
autoInit:
enabled: false
global:
# this is a double negative. Put "false" to enable TLS for passthrough ingress
tlsDisable: false
injector:
extraEnvironmentVars:
AGENT_INJECT_VAULT_ADDR: "https://vault.bigbang.dev"
server:
# Increase default resources
resources:
requests:
memory: 8Gi
cpu: 2000m
limits:
memory: 8Gi
cpu: 2000m
# disable the Vault provided ingress so that Istio ingress can be used.
ingress:
enabled: false
# Extra environment variable to support high availability
extraEnvironmentVars:
# the istio gateway domain
VAULT_API_ADDR: https://vault.bigbang.dev
VAULT_ADDR: https://127.0.0.1:8200
VAULT_SKIP_VERIFY: "true"
VAULT_LOG_FORMAT: "json"
VAULT_LICENSE: "your-license-key-goes-here"
ha:
# enable high availability.
enabled: true
replicas: 3
# raft is the license free most simple solution for a distributed filesystem
raft:
enabled: true
setNodeId: true
# these values should be encrypted to prevent the kms_key_id from being revealed
config: |
ui = true
listener "tcp" {
tls_disable = 0
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/tls/tls.crt"
tls_key_file = "/vault/tls/tls.key"
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-vault-0.vault-vault-internal:8200"
leader_client_cert_file = "/vault/tls/tls.crt"
leader_client_key_file = "/vault/tls/tls.key"
leader_tls_servername = "vault.bigbang.dev"
}
retry_join {
leader_api_addr = "https://vault-vault-1.vault-vault-internal:8200"
leader_client_cert_file = "/vault/tls/tls.crt"
leader_client_key_file = "/vault/tls/tls.key"
leader_tls_servername = "vault.bigbang.dev"
}
retry_join {
leader_api_addr = "https://vault-vault-2.vault-vault-internal:8200"
leader_client_cert_file = "/vault/tls/tls.crt"
leader_client_key_file = "/vault/tls/tls.key"
leader_tls_servername = "vault.bigbang.dev"
}
}
seal "awskms" {
region = "us-gov-west-1"
kms_key_id = "your-kms-key-goes-here"
endpoint = "https://kms.us-gov-west-1.amazonaws.com"
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
unauthenticated_metrics_access = true
}
service_registration "kubernetes" {}
```
\ No newline at end of file

UNCLASSIFIED - NO CUI