.gitlab-ci.yml

@@ -391,10 +391,11 @@ package:
     # Set up auth
     - mkdir -p /root/.docker
     - |
-      jq -n '{"auths": {"registry.dso.mil": {"auth": $bb_registry_auth}, "registry1.dso.mil": {"auth": $registry1_auth}, "registry.il2.dso.mil": {"auth": $il2_registry_auth} } }' \
+      jq -n '{"auths": {"registry.dso.mil": {"auth": $bb_registry_auth}, "registry1.dso.mil": {"auth": $registry1_auth}, "registry.il2.dso.mil": {"auth": $il2_registry_auth}, "docker.io": {"auth": $bb_docker_auth} } }' \
         --arg bb_registry_auth ${BB_REGISTRY_AUTH} \
         --arg registry1_auth ${REGISTRY1_AUTH} \
-        --arg il2_registry_auth ${IL2_REGISTRY_AUTH} > /root/.docker/config.json
+        --arg il2_registry_auth ${IL2_REGISTRY_AUTH} \
+        --arg bb_docker_auth ${DOCKER_AUTH} > /root/.docker/config.json
   script:
     - echo -e "\e[0Ksection_start:`date +%s`:synker_pull[collapsed=true]\r\e[0K\e[33;1mSynker Pull\e[37m"
     - cp ./scripts/package/synker.yaml ./synker.yaml

CHANGELOG.md

@@ -3,6 +3,10 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [1.18.0]
+
+* [!1.18.0](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.18.0); List of merge requests in this release.
+
 ## [1.17.0]
 
 * [!1.17.0](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=1.17.0); List of merge requests in this release.

README.md

 # bigbang
 
-![Version: 1.17.0](https://img.shields.io/badge/Version-1.17.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
+![Version: 1.18.0](https://img.shields.io/badge/Version-1.18.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square)
 
 Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
 
@@ -66,7 +66,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | istio.enabled | bool | `true` | Toggle deployment of Istio. |
 | istio.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git"` |  |
 | istio.git.path | string | `"./chart"` |  |
-| istio.git.tag | string | `"1.10.4-bb.3"` |  |
+| istio.git.tag | string | `"1.11.2-bb.0"` |  |
 | istio.ingressGateways.public-ingressgateway.type | string | `"LoadBalancer"` |  |
 | istio.ingressGateways.public-ingressgateway.kubernetesResourceSpec | object | `{}` |  |
 | istio.gateways.public.ingressGateway | string | `"public-ingressgateway"` |  |
@@ -79,14 +79,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | istiooperator.enabled | bool | `true` | Toggle deployment of Istio Operator. |
 | istiooperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git"` |  |
 | istiooperator.git.path | string | `"./chart"` |  |
-| istiooperator.git.tag | string | `"1.10.4-bb.1"` |  |
+| istiooperator.git.tag | string | `"1.11.2-bb.0"` |  |
 | istiooperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Istio Operator Package |
 | istiooperator.values | object | `{}` | Values to passthrough to the istio-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git |
 | istiooperator.postRenderers | list | `[]` | Post Renderers.  See docs/postrenders.md |
 | jaeger.enabled | bool | `true` | Toggle deployment of Jaeger. |
 | jaeger.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git"` |  |
 | jaeger.git.path | string | `"./chart"` |  |
-| jaeger.git.tag | string | `"2.23.0-bb.2"` |  |
+| jaeger.git.tag | string | `"2.23.0-bb.3"` |  |
 | jaeger.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Jaeger Package |
 | jaeger.ingress.gateway | string | `""` |  |
 | jaeger.sso.enabled | bool | `false` | Toggle SSO for Jaeger on and off |
@@ -97,7 +97,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | kiali.enabled | bool | `true` | Toggle deployment of Kiali. |
 | kiali.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git"` |  |
 | kiali.git.path | string | `"./chart"` |  |
-| kiali.git.tag | string | `"1.39.0-bb.2"` |  |
+| kiali.git.tag | string | `"1.39.0-bb.3"` |  |
 | kiali.flux | object | `{}` | Flux reconciliation overrides specifically for the Kiali Package |
 | kiali.ingress.gateway | string | `""` |  |
 | kiali.sso.enabled | bool | `false` | Toggle SSO for Kiali on and off |
@@ -115,7 +115,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | gatekeeper.enabled | bool | `true` | Toggle deployment of OPA Gatekeeper. |
 | gatekeeper.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git"` |  |
 | gatekeeper.git.path | string | `"./chart"` |  |
-| gatekeeper.git.tag | string | `"3.5.2-bb.1"` |  |
+| gatekeeper.git.tag | string | `"3.5.2-bb.2"` |  |
 | gatekeeper.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the OPA Gatekeeper Package |
 | gatekeeper.values | object | `{}` | Values to passthrough to the gatekeeper chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git |
 | gatekeeper.postRenderers | list | `[]` | Post Renderers.  See docs/postrenders.md |
@@ -135,7 +135,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | eckoperator.enabled | bool | `true` | Toggle deployment of ECK Operator. |
 | eckoperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git"` |  |
 | eckoperator.git.path | string | `"./chart"` |  |
-| eckoperator.git.tag | string | `"1.6.0-bb.2"` |  |
+| eckoperator.git.tag | string | `"1.6.0-bb.3"` |  |
 | eckoperator.flux | object | `{}` | Flux reconciliation overrides specifically for the ECK Operator Package |
 | eckoperator.values | object | `{}` | Values to passthrough to the eck-operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git |
 | fluentbit.enabled | bool | `true` | Toggle deployment of Fluent-Bit. |
@@ -148,7 +148,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | monitoring.enabled | bool | `true` | Toggle deployment of Monitoring (Prometheus, Grafana, and Alertmanager). |
 | monitoring.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git"` |  |
 | monitoring.git.path | string | `"./chart"` |  |
-| monitoring.git.tag | string | `"14.0.0-bb.10"` |  |
+| monitoring.git.tag | string | `"14.0.0-bb.11"` |  |
 | monitoring.flux | object | `{"install":{"crds":"CreateReplace"},"upgrade":{"crds":"CreateReplace"}}` | Flux reconciliation overrides specifically for the Monitoring Package |
 | monitoring.ingress.gateway | string | `""` |  |
 | monitoring.sso.enabled | bool | `false` | Toggle SSO for monitoring components on and off |
@@ -195,14 +195,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | addons.minioOperator.enabled | bool | `false` | Toggle deployment of minio operator and instance. |
 | addons.minioOperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git"` |  |
 | addons.minioOperator.git.path | string | `"./chart"` |  |
-| addons.minioOperator.git.tag | string | `"4.1.2-bb.3"` |  |
+| addons.minioOperator.git.tag | string | `"4.2.3-bb.2"` |  |
 | addons.minioOperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Minio Operator Package |
 | addons.minioOperator.values | object | `{}` | Values to passthrough to the minio operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git |
 | addons.minioOperator.postRenderers | list | `[]` | Post Renderers.  See docs/postrenders.md |
 | addons.minio.enabled | bool | `false` | Toggle deployment of minio. |
 | addons.minio.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git"` |  |
 | addons.minio.git.path | string | `"./chart"` |  |
-| addons.minio.git.tag | string | `"4.1.2-bb.6"` |  |
+| addons.minio.git.tag | string | `"4.2.3-bb.2"` |  |
 | addons.minio.flux | object | `{}` | Flux reconciliation overrides specifically for the Minio Package |
 | addons.minio.ingress.gateway | string | `""` |  |
 | addons.minio.accesskey | string | `""` | Default access key to use for minio. |
@@ -291,7 +291,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | addons.anchore.enabled | bool | `false` | Toggle deployment of Anchore. |
 | addons.anchore.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git"` |  |
 | addons.anchore.git.path | string | `"./chart"` |  |
-| addons.anchore.git.tag | string | `"1.13.0-bb.10"` |  |
+| addons.anchore.git.tag | string | `"1.14.7-bb.0"` |  |
 | addons.anchore.flux | object | `{"upgrade":{"disableWait":true}}` | Flux reconciliation overrides specifically for the Anchore Package |
 | addons.anchore.adminPassword | string | `""` | Initial admin password used to authenticate to Anchore. |
 | addons.anchore.enterprise | object | `{"enabled":false,"licenseYaml":"FULL LICENSE\n"}` | Anchore Enterprise functionality. |
@@ -316,14 +316,14 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | addons.mattermostoperator.enabled | bool | `false` |  |
 | addons.mattermostoperator.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git"` |  |
 | addons.mattermostoperator.git.path | string | `"./chart"` |  |
-| addons.mattermostoperator.git.tag | string | `"1.14.0-bb.4"` |  |
+| addons.mattermostoperator.git.tag | string | `"1.15.0-bb.0"` |  |
 | addons.mattermostoperator.flux | object | `{}` | Flux reconciliation overrides specifically for the Mattermost Operator Package |
 | addons.mattermostoperator.values | object | `{}` | Values to passthrough to the mattermost operator chart: https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator/-/blob/main/chart/values.yaml |
 | addons.mattermostoperator.postRenderers | list | `[]` | Post Renderers.  See docs/postrenders.md |
 | addons.mattermost.enabled | bool | `false` | Toggle deployment of Mattermost. |
 | addons.mattermost.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git"` |  |
 | addons.mattermost.git.path | string | `"./chart"` |  |
-| addons.mattermost.git.tag | string | `"0.2.0-bb.1"` |  |
+| addons.mattermost.git.tag | string | `"0.2.2-bb.0"` |  |
 | addons.mattermost.flux | object | `{}` | Flux reconciliation overrides specifically for the Mattermost Package |
 | addons.mattermost.enterprise | object | `{"enabled":false,"license":""}` | Mattermost Enterprise functionality. |
 | addons.mattermost.enterprise.enabled | bool | `false` | Toggle the Mattermost Enterprise.  This must be accompanied by a valid license unless you plan to start a trial post-install. |
@@ -360,7 +360,7 @@ To start using Big Bang, you will need to create your own Big Bang environment t
 | addons.keycloak.enabled | bool | `false` | Toggle deployment of Keycloak. if you enable Keycloak you should uncomment the istio passthrough configurations above istio.ingressGateways.passthrough-ingressgateway and istio.gateways.passthrough |
 | addons.keycloak.git.repo | string | `"https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git"` |  |
 | addons.keycloak.git.path | string | `"./chart"` |  |
-| addons.keycloak.git.tag | string | `"11.0.1-bb.6"` |  |
+| addons.keycloak.git.tag | string | `"11.0.1-bb.7"` |  |
 | addons.keycloak.database.host | string | `""` | Hostname of a pre-existing database to use for Keycloak. Entering connection info will disable the deployment of an internal database and will auto-create any required secrets. |
 | addons.keycloak.database.type | string | `"postgres"` | Pre-existing database type (e.g. postgres) to use for Keycloak. |
 | addons.keycloak.database.port | int | `5432` | Port of a pre-existing database to use for Keycloak. |

base/gitrepository.yaml

@@ -11,4 +11,4 @@ spec:
   interval: 10m
   url: https://repo1.dso.mil/platform-one/big-bang/bigbang.git
   ref:
-    tag: 1.17.0
+    tag: 1.18.0

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 1.17.0
+version: 1.18.0
 description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
 
 type: application

chart/templates/argocd/namespace.yaml

@@ -6,6 +6,6 @@ metadata:
     app.kubernetes.io/name: argocd
     app.kubernetes.io/component: "core"
     {{- include "commonLabels" . | nindent 4}}
-    istio-injection: disabled
+    istio-injection: {{ dig "istio" "injection" "enabled" .Values.addons.argocd }}
   name: argocd
 {{- end }}

chart/templates/gatekeeper/values.yaml

@@ -75,6 +75,9 @@ violations:  # Try to keep this in alpha order to make it easier to find keys
         - mattermost/mattermost
   {{- end }}
 
+  imageDigest:
+    enabled: false
+
   namespacesHaveIstio:
     enabled: {{ .Values.istio.enabled }}
 

chart/templates/sonarqube/namespace.yaml

@@ -7,5 +7,5 @@ metadata:
     app.kubernetes.io/name: sonarqube
     app.kubernetes.io/component: "developer-tools"
     {{- include "commonLabels" . | nindent 4}}
-    istio-injection: disabled
+    istio-injection: {{ dig "istio" "injection" "enabled" .Values.addons.sonarqube }}
 {{- end }}

chart/values.yaml

@@ -314,7 +314,7 @@ logging:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git
     path: "./chart"
-    tag: "0.1.21-bb.0"
+    tag: "0.1.21-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
   flux:
@@ -354,7 +354,7 @@ eckoperator:
   git:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git
     path: "./chart"
-    tag: "1.6.0-bb.3"
+    tag: "1.7.1-bb.0"
 
   # -- Flux reconciliation overrides specifically for the ECK Operator Package
   flux: {}
@@ -476,7 +476,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
       path: "./chart"
-      tag: "3.6.8-bb.8"
+      tag: "3.6.8-bb.10"
 
     # -- Flux reconciliation overrides specifically for the ArgoCD Package
     flux: {}
@@ -560,7 +560,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git
       path: "./chart"
-      tag: "4.2.3-bb.2"
+      tag: "4.2.3-bb.3"
 
     # -- Flux reconciliation overrides specifically for the Minio Package
     flux: {}
@@ -582,7 +582,7 @@ addons:
     postRenderers: []
 
   gitlab:
-    # -- Toggle deployment of Gitlab.
+    # -- Toggle deployment of Gitlab
     enabled: false
 
     hostnames:
@@ -593,7 +593,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git
       path: "./chart"
-      tag: "4.12.9-bb.6"
+      tag: "5.3.1-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Gitlab Package
     flux: {}
@@ -668,7 +668,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git
       path: "./chart"
-      tag: "0.29.0-bb.1"
+      tag: "0.32.0-bb.1"
 
     # -- Flux reconciliation overrides specifically for the Gitlab Runner Package
     flux: {}
@@ -744,7 +744,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git
       path: "./chart"
-      tag: "9.6.3-bb.2"
+      tag: "9.6.3-bb.5"
 
     # -- Flux reconciliation overrides specifically for the Sonarqube Package
     flux: {}
@@ -829,7 +829,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
       path: "./chart"
-      tag: "1.14.7-bb.0"
+      tag: "1.14.7-bb.1"
 
     # -- Flux reconciliation overrides specifically for the Anchore Package
     flux:
@@ -1031,12 +1031,12 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git
       path: "./chart"
-      tag: "2.23.6-bb.1"
+      tag: "2.23.6-bb.2"
 
     # -- Flux reconciliation overrides specifically for the Velero Package
     flux: {}
 
-    # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi 
+    # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
     plugins: []
     # - aws
 
@@ -1059,7 +1059,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
       path: "./chart"
-      tag: "11.0.1-bb.7"
+      tag: "11.0.1-bb.8"
 
     database:
       # -- Hostname of a pre-existing database to use for Keycloak.

docs/developer/development-environment.md

@@ -20,6 +20,9 @@ This page contains the manual steps to create your k3d dev environment. There is
 
 - [Helm](https://helm.sh/docs/intro/install/)
 - [kubectl](https://kubernetes.io/docs/tasks/tools/install-kubectl/)
+- [kustomize](https://kubectl.docs.kubernetes.io/installation/kustomize/)
+
+> For additional installtion details, see [Software Installation and Verification Commands to run from Bash](https://repo1.dso.mil/platform-one/onboarding/big-bang/engineering-cohort/-/blob/master/lab_guides/01-Preflight-Access-Checks/A-software-check.md)
 
 ## Manual Creation of a Development Environment
 

docs/developer/scripts/README.md

@@ -32,8 +32,12 @@ The instance will automatically terminate in the middle of the night at 08:00 UT
       ```
 
 1. Install jq
-      Follow jq installation instructions for your workstation operating system.
-      <https://stedolan.github.io/jq/download/>
+      Follow jq installation instructions for your workstation operating system.   
+      https://stedolan.github.io/jq/download/
+
+
+1. Mac users will need to install the GNU version of the sed command.   
+   https://medium.com/@bramblexu/install-gnu-sed-on-mac-os-and-set-it-as-default-7c17ef1b8f64
 
 # Usage
 
@@ -54,7 +58,7 @@ k3d-dev.sh -b -p -m -d -h
 
 #  Troubleshooting
 
-1. If you are on a Mac insure that you have GNU sed command installed. Otherwise you will see this error 
+1. If you are on a Mac insure that you have GNU sed command installed. Otherwise you will see this error and the kubeconfig will not be updated with the IP from the instance.
       ```
       copy kubeconfig
       config                         100% 3019    72.9KB/s   00:00    

docs/developer/scripts/k3d-dev.sh

@@ -151,9 +151,12 @@ InstanceType="${InstSize}"
 VolumeSize=120
 
 # Lookup the image name to find the latest version
-echo -n Retrieving latest image ID matching ${AMIName} ...
-ImageId=$(aws ec2 describe-images --output json --no-cli-pager --filters "Name=name,Values=${AMIName}" --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" --output text)
-echo done
+# echo -n Retrieving latest image ID matching ${AMIName} ...
+# ImageId=$(aws ec2 describe-images --output json --no-cli-pager --filters "Name=name,Values=${AMIName}" --query "reverse(sort_by(Images, &CreationDate))[:1].ImageId" --output text)
+#echo done
+# Hardcode the latest image instead of searching for it to avoid unexpected changes
+echo Using AMI image id ami-84556de5
+ImageId=ami-84556de5
 
 # Create the launch spec
 echo -n Creating launch_spec.json ...

docs/guides/deployment_scenarios/quickstart.md

@@ -264,37 +264,29 @@ Note: This guide follows the DevOps best practice of left-shifting feedback on m
 
     ```shell
     # [ubuntu@Ubuntu_VM:~]
-    # ECK implementation of ElasticSearch needs the following or will see OOM errors
+    # Needed for ECK to run correctly without OOM errors
     sudo sysctl -w vm.max_map_count=524288
+    # Alternatively can use: 
+    # echo 'vm.max_map_count=524288' | sudo tee -a /etc/sysctl.d/vm-max_map_count.conf
 
-    # SonarQube host OS pre-requisites
+    # Needed by Sonarqube
     sudo sysctl -w fs.file-max=131072
+    # Alternatively can use:  
+    # echo 'fs.file-max=131072' | sudo tee -a /etc/sysctl.d/fs-file-max.conf
+
+    # Also Needed by Sonarqube
     ulimit -n 131072
     ulimit -u 8192
 
-    # Needed for ECK to run correctly without OOM errors
-    echo 'vm.max_map_count=524288' > /etc/sysctl.d/vm-max_map_count.conf
-
-    # Needed by Sonarqube
-    echo 'fs.file-max=131072' > /etc/sysctl.d/fs-file-max.conf
-
     # Load updated configuration
-    sysctl --load
-
-    # Alternative form of above 3 commands:
-    # sudo sysctl -w vm.max_map_count=524288
-    # sudo sysctl -w fs.file-max=131072
-
-    # Needed by Sonarqube
-    ulimit -n 131072
-    ulimit -u 8192
+    sudo sysctl --load
 
-    # Preload kernel modules required by istio-init, required for SELinux enforcing instances using istio-init
-    modprobe xt_REDIRECT
-    modprobe xt_owner
-    modprobe xt_statistic
+    # Preload kernel modules, required by istio-init running on SELinux enforcing instances
+    sudo modprobe xt_REDIRECT
+    sudo modprobe xt_owner
+    sudo modprobe xt_statistic
 
-    # Persist modules after reboots
+    # Persist kernel modules settings after reboots
     printf "xt_REDIRECT\nxt_owner\nxt_statistic\n" | sudo tee -a /etc/modules
 
     # Kubernetes requires swap disabled
@@ -413,14 +405,14 @@ cd ~
 git clone https://repo1.dso.mil/platform-one/big-bang/bigbang.git
 cd ~/bigbang
 
-# Checkout version 1.15.0 of Big Bang
-# (Pinning to specific versions is a DevOps best practice)
-git checkout tags/1.15.0
+# Checkout version 1.17.0 of Big Bang
+# (Pinning to specific version to improve reproducibility)
+git checkout tags/1.17.0
 git status
 ```
 
 ```console
-HEAD detached at 1.15.0
+HEAD detached at 1.17.0
 ```
 
 > HEAD is git speak for current context within a tree of commits
@@ -555,7 +547,7 @@ EOF
 ```shell
 # [ubuntu@Ubuntu_VM:~]
 helm upgrade --install bigbang $HOME/bigbang/chart \
-  --values $HOME/bigbang/chart/ingress-certs.yaml \
+  --values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
   --values $HOME/ib_creds.yaml \
   --values $HOME/demo_values.yaml \
   --namespace=bigbang --create-namespace
@@ -569,8 +561,8 @@ Explanation of flags used in the imperative helm install command:
 `bigbang $HOME/bigbang/chart`
 : bigbang is the name of the helm release that you'd see if you run `helm list -n=bigbang`. `$HOME/bigbang/chart` is a reference to the helm chart being installed.
 
-`--values $HOME/bigbang/chart/ingress-certs.yaml`
-: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority.
+`--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml`
+: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority. Note the URL path to the copy of the cert on master branch is used instead of `$HOME/bigbang/chart/ingress-certs.yaml`, because the Let's Encrypt certs expire after 3 months, and if you deploy a tagged release of BigBang, like 1.15.0, the version of the cert stored in the tagged git commit / release of Big Bang could be expired. Referencing the master branches copy via URL ensures you receive the latest version of the cert, which won't be expired.
 
 `--namespace=bigbang --create-namespace`
 : Means it will install the bigbang helm chart in the bigbang namespace and create the namespace if it doesn't exist.
@@ -626,18 +618,18 @@ Explanation of flags used in the imperative helm install command:
 * `helm list -n=bigbang` should also show STATUS deployed
 
     ```console
-    NAME                         	NAMESPACE        	REVISION	UPDATED                                	STATUS  	CHART                            	APP VERSION
-    bigbang                      	bigbang          	1       	2021-08-31 16:50:39.336392871 +0000 UTC	deployed	bigbang-1.15.0
-    eck-operator-eck-operator    	eck-operator     	1       	2021-08-31 16:21:12.546012077 +0000 UTC	deployed	eck-operator-1.6.0-bb.2          	1.6.0
-    gatekeeper-system-gatekeeper 	gatekeeper-system	1       	2021-08-31 16:21:13.146595333 +0000 UTC	deployed	gatekeeper-3.5.1-bb.16           	v3.5.1
-    istio-operator-istio-operator	istio-operator   	1       	2021-08-31 16:21:12.726676226 +0000 UTC	deployed	istio-operator-1.9.7-bb.1
-    istio-system-istio           	istio-system     	1       	2021-08-31 16:44:07.776386128 +0000 UTC	deployed	istio-1.9.7-bb.0
-    jaeger-jaeger                	jaeger           	1       	2021-08-31 16:25:17.733322853 +0000 UTC	deployed	jaeger-operator-2.23.0-bb.1      	1.24.0
-    kiali-kiali                  	kiali            	1       	2021-08-31 16:25:14.314905637 +0000 UTC	deployed	kiali-operator-1.37.0-bb.3       	1.37.0
-    logging-cluster-auditor      	logging          	1       	2021-08-31 16:25:33.628134776 +0000 UTC	deployed	cluster-auditor-0.3.0-bb.6       	1.16.0
-    logging-ek                   	logging          	1       	2021-08-31 16:22:12.609559643 +0000 UTC	deployed	logging-0.1.20-bb.0              	7.13.4
-    logging-fluent-bit           	logging          	1       	2021-08-31 16:22:41.467862784 +0000 UTC	deployed	fluent-bit-0.16.1-bb.0           	1.8.1
-    monitoring-monitoring        	monitoring       	1       	2021-08-31 16:22:26.03075708 +0000 UTC 	deployed	kube-prometheus-stack-14.0.0-bb.8	0.46.0
+    NAME                         	NAMESPACE        	REVISION	UPDATED                                	STATUS  	CHART                             	APP VERSION
+    bigbang                      	bigbang          	1       	2021-10-07 19:16:13.990755769 +0000 UTC	deployed	bigbang-1.17.0
+    eck-operator-eck-operator    	eck-operator     	1       	2021-10-07 19:16:18.300583454 +0000 UTC	deployed	eck-operator-1.6.0-bb.2           	1.6.0
+    gatekeeper-system-gatekeeper 	gatekeeper-system	1       	2021-10-07 19:16:20.783813062 +0000 UTC	deployed	gatekeeper-3.5.2-bb.1             	v3.5.2
+    istio-operator-istio-operator	istio-operator   	1       	2021-10-07 19:16:20.564511742 +0000 UTC	deployed	istio-operator-1.10.4-bb.1
+    istio-system-istio           	istio-system     	1       	2021-10-07 19:17:18.267592579 +0000 UTC	deployed	istio-1.10.4-bb.3
+    jaeger-jaeger                	jaeger           	1       	2021-10-07 19:29:15.866513597 +0000 UTC	deployed	jaeger-operator-2.23.0-bb.2       	1.24.0
+    kiali-kiali                  	kiali            	1       	2021-10-07 19:29:14.362710144 +0000 UTC	deployed	kiali-operator-1.39.0-bb.2        	1.39.0
+    logging-cluster-auditor      	logging          	1       	2021-10-07 19:20:55.145508137 +0000 UTC	deployed	cluster-auditor-0.3.0-bb.7        	1.16.0
+    logging-ek                   	logging          	1       	2021-10-07 19:17:50.022767703 +0000 UTC	deployed	logging-0.1.21-bb.0               	7.13.4
+    logging-fluent-bit           	logging          	1       	2021-10-07 19:29:42.290601582 +0000 UTC	deployed	fluent-bit-0.16.6-bb.0            	1.8.6
+    monitoring-monitoring        	monitoring       	1       	2021-10-07 19:18:02.816162712 +0000 UTC	deployed	kube-prometheus-stack-14.0.0-bb.10	0.46.0
     ```
 
 ## Step 12: Edit your workstation's Hosts file to access the web pages hosted on the Big Bang Cluster
@@ -706,7 +698,7 @@ addons:
 EOF
 
 helm upgrade --install bigbang $HOME/bigbang/chart \
---values $HOME/bigbang/chart/ingress-certs.yaml \
+--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
 --values $HOME/ib_creds.yaml \
 --values $HOME/demo_values.yaml \
 --values $HOME/tinkering.yaml \

tests/ci/k3d/deploy_k3d.sh

@@ -2,6 +2,7 @@
 
 set -ex
 trap 'echo exit at ${0}:${LINENO}, command was: ${BASH_COMMAND} 1>&2' ERR
+docker login -u ${DOCKER_USER} -p ${DOCKER_PASSWORD}
 # if keycloak label or all packages label add deploy k3d without loadbalancer so metallb can be used
 if [[ "${CI_COMMIT_BRANCH}" == "${CI_DEFAULT_BRANCH}" ]] || [[ ! -z "$CI_COMMIT_TAG" ]] || [[ $CI_MERGE_REQUEST_LABELS =~ "keycloak" ||  $CI_MERGE_REQUEST_LABELS =~ "all-packages" ]]; then
   k3d cluster create ${CI_JOB_ID} --config tests/ci/k3d/disable-servicelb-config.yaml --network ${CI_JOB_ID}

tests/ci/k3d/values.yaml

@@ -690,9 +690,10 @@ addons:
             fsGroup: 1001
 
       bbtests:
-        # TODO: Seems like a timing issue with BB CI
+        # There have been intermittent failures of the tests in the past.   The issue is tracked in the below issue.
         # https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
-        enabled: false
+        # This issue can be reopened if problems reappear.
+        enabled: true
         cypress:
           artifacts: true
           envs:
@@ -871,9 +872,59 @@ addons:
           memory: 16Mi
         limits: {}
       bbtests:
-        # TODO: Keycloak in CI not supported yet
-        enabled: false
+        enabled: true
         cypress:
           artifacts: true
           envs:
             cypress_url: "https://keycloak.bigbang.dev"
+            cypress_username: "admin"
+            cypress_password: "password"
+      # Custom dev secret configuration
+      secrets:
+        env:
+          stringData:
+            CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
+            KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
+            X509_CA_BUNDLE: /etc/x509/https/cas.pem
+        certauthority:
+          stringData:
+            cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
+        customreg:
+          stringData:
+            customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
+        realm:
+          stringData:
+            realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
+      extraVolumes: |-
+        - name: certauthority
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-certauthority
+        - name: customreg
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-customreg
+        - name: realm
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-realm
+      extraVolumeMounts: |-
+        - name: certauthority
+          mountPath: /etc/x509/https/cas.pem
+          subPath: cas.pem
+          readOnly: true
+        - name: customreg
+          mountPath: /opt/jboss/keycloak/customreg.yaml
+          subPath: customreg.yaml
+          readOnly: true
+        - name: realm
+          mountPath: /opt/jboss/keycloak/realm.json
+          subPath: realm.json
+          readOnly: true
+      
+      extraVolumeMountsBigBang:
+        - name: tlscert
+          mountPath: /etc/x509/https/tls.crt
+          subPath: tls.crt
+          readOnly: true
+        - name: tlskey
+          mountPath: /etc/x509/https/tls.key
+          subPath: tls.key
+          readOnly: true

tests/deploy/01_deploy_bigbang.sh

@@ -38,6 +38,9 @@ helm upgrade -i bigbang chart -n bigbang --create-namespace \
   --set registryCredentials[0].username='robot$bb-dev-imagepullonly' \
   --set registryCredentials[0].password="${REGISTRY1_PASSWORD}" \
   --set registryCredentials[0].registry=registry1.dso.mil \
+  --set registryCredentials[1].username="${DOCKER_USER}" \
+  --set registryCredentials[1].password="${DOCKER_PASSWORD}" \
+  --set registryCredentials[1].registry=docker.io \
   -f ${CI_VALUES_FILE}
 
 # apply secrets kustomization pointing to current branch or master if an upgrade job