chart/values.yaml

@@ -829,7 +829,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
       path: "./chart"
-      tag: "1.14.7-bb.0"
+      tag: "1.14.7-bb.1"
 
     # -- Flux reconciliation overrides specifically for the Anchore Package
     flux:
@@ -1036,7 +1036,7 @@ addons:
     # -- Flux reconciliation overrides specifically for the Velero Package
     flux: {}
 
-    # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi 
+    # -- Plugin provider for Velero - requires at least one plugin installed. Current supported values: aws, azure, csi
     plugins: []
     # - aws
 
@@ -1059,7 +1059,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git
       path: "./chart"
-      tag: "11.0.1-bb.7"
+      tag: "11.0.1-bb.8"
 
     database:
       # -- Hostname of a pre-existing database to use for Keycloak.

docs/guides/deployment_scenarios/quickstart.md

@@ -264,37 +264,29 @@ Note: This guide follows the DevOps best practice of left-shifting feedback on m
 
     ```shell
     # [ubuntu@Ubuntu_VM:~]
-    # ECK implementation of ElasticSearch needs the following or will see OOM errors
+    # Needed for ECK to run correctly without OOM errors
     sudo sysctl -w vm.max_map_count=524288
+    # Alternatively can use: 
+    # echo 'vm.max_map_count=524288' | sudo tee -a /etc/sysctl.d/vm-max_map_count.conf
 
-    # SonarQube host OS pre-requisites
+    # Needed by Sonarqube
     sudo sysctl -w fs.file-max=131072
+    # Alternatively can use:  
+    # echo 'fs.file-max=131072' | sudo tee -a /etc/sysctl.d/fs-file-max.conf
+
+    # Also Needed by Sonarqube
     ulimit -n 131072
     ulimit -u 8192
 
-    # Needed for ECK to run correctly without OOM errors
-    echo 'vm.max_map_count=524288' > /etc/sysctl.d/vm-max_map_count.conf
-
-    # Needed by Sonarqube
-    echo 'fs.file-max=131072' > /etc/sysctl.d/fs-file-max.conf
-
     # Load updated configuration
-    sysctl --load
-
-    # Alternative form of above 3 commands:
-    # sudo sysctl -w vm.max_map_count=524288
-    # sudo sysctl -w fs.file-max=131072
-
-    # Needed by Sonarqube
-    ulimit -n 131072
-    ulimit -u 8192
+    sudo sysctl --load
 
-    # Preload kernel modules required by istio-init, required for SELinux enforcing instances using istio-init
-    modprobe xt_REDIRECT
-    modprobe xt_owner
-    modprobe xt_statistic
+    # Preload kernel modules, required by istio-init running on SELinux enforcing instances
+    sudo modprobe xt_REDIRECT
+    sudo modprobe xt_owner
+    sudo modprobe xt_statistic
 
-    # Persist modules after reboots
+    # Persist kernel modules settings after reboots
     printf "xt_REDIRECT\nxt_owner\nxt_statistic\n" | sudo tee -a /etc/modules
 
     # Kubernetes requires swap disabled
@@ -413,14 +405,14 @@ cd ~
 git clone https://repo1.dso.mil/platform-one/big-bang/bigbang.git
 cd ~/bigbang
 
-# Checkout version 1.15.0 of Big Bang
-# (Pinning to specific versions is a DevOps best practice)
-git checkout tags/1.15.0
+# Checkout version 1.17.0 of Big Bang
+# (Pinning to specific version to improve reproducibility)
+git checkout tags/1.17.0
 git status
 ```
 
 ```console
-HEAD detached at 1.15.0
+HEAD detached at 1.17.0
 ```
 
 > HEAD is git speak for current context within a tree of commits
@@ -555,7 +547,7 @@ EOF
 ```shell
 # [ubuntu@Ubuntu_VM:~]
 helm upgrade --install bigbang $HOME/bigbang/chart \
-  --values $HOME/bigbang/chart/ingress-certs.yaml \
+  --values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
   --values $HOME/ib_creds.yaml \
   --values $HOME/demo_values.yaml \
   --namespace=bigbang --create-namespace
@@ -569,8 +561,8 @@ Explanation of flags used in the imperative helm install command:
 `bigbang $HOME/bigbang/chart`
 : bigbang is the name of the helm release that you'd see if you run `helm list -n=bigbang`. `$HOME/bigbang/chart` is a reference to the helm chart being installed.
 
-`--values $HOME/bigbang/chart/ingress-certs.yaml`
-: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority.
+`--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml`
+: References demonstration HTTPS certificates embedded in the public repository. The *.bigbang.dev wildcard certificate is signed by Let's Encrypt, a free public internet Certificate Authority. Note the URL path to the copy of the cert on master branch is used instead of `$HOME/bigbang/chart/ingress-certs.yaml`, because the Let's Encrypt certs expire after 3 months, and if you deploy a tagged release of BigBang, like 1.15.0, the version of the cert stored in the tagged git commit / release of Big Bang could be expired. Referencing the master branches copy via URL ensures you receive the latest version of the cert, which won't be expired.
 
 `--namespace=bigbang --create-namespace`
 : Means it will install the bigbang helm chart in the bigbang namespace and create the namespace if it doesn't exist.
@@ -626,18 +618,18 @@ Explanation of flags used in the imperative helm install command:
 * `helm list -n=bigbang` should also show STATUS deployed
 
     ```console
-    NAME                         	NAMESPACE        	REVISION	UPDATED                                	STATUS  	CHART                            	APP VERSION
-    bigbang                      	bigbang          	1       	2021-08-31 16:50:39.336392871 +0000 UTC	deployed	bigbang-1.15.0
-    eck-operator-eck-operator    	eck-operator     	1       	2021-08-31 16:21:12.546012077 +0000 UTC	deployed	eck-operator-1.6.0-bb.2          	1.6.0
-    gatekeeper-system-gatekeeper 	gatekeeper-system	1       	2021-08-31 16:21:13.146595333 +0000 UTC	deployed	gatekeeper-3.5.1-bb.16           	v3.5.1
-    istio-operator-istio-operator	istio-operator   	1       	2021-08-31 16:21:12.726676226 +0000 UTC	deployed	istio-operator-1.9.7-bb.1
-    istio-system-istio           	istio-system     	1       	2021-08-31 16:44:07.776386128 +0000 UTC	deployed	istio-1.9.7-bb.0
-    jaeger-jaeger                	jaeger           	1       	2021-08-31 16:25:17.733322853 +0000 UTC	deployed	jaeger-operator-2.23.0-bb.1      	1.24.0
-    kiali-kiali                  	kiali            	1       	2021-08-31 16:25:14.314905637 +0000 UTC	deployed	kiali-operator-1.37.0-bb.3       	1.37.0
-    logging-cluster-auditor      	logging          	1       	2021-08-31 16:25:33.628134776 +0000 UTC	deployed	cluster-auditor-0.3.0-bb.6       	1.16.0
-    logging-ek                   	logging          	1       	2021-08-31 16:22:12.609559643 +0000 UTC	deployed	logging-0.1.20-bb.0              	7.13.4
-    logging-fluent-bit           	logging          	1       	2021-08-31 16:22:41.467862784 +0000 UTC	deployed	fluent-bit-0.16.1-bb.0           	1.8.1
-    monitoring-monitoring        	monitoring       	1       	2021-08-31 16:22:26.03075708 +0000 UTC 	deployed	kube-prometheus-stack-14.0.0-bb.8	0.46.0
+    NAME                         	NAMESPACE        	REVISION	UPDATED                                	STATUS  	CHART                             	APP VERSION
+    bigbang                      	bigbang          	1       	2021-10-07 19:16:13.990755769 +0000 UTC	deployed	bigbang-1.17.0
+    eck-operator-eck-operator    	eck-operator     	1       	2021-10-07 19:16:18.300583454 +0000 UTC	deployed	eck-operator-1.6.0-bb.2           	1.6.0
+    gatekeeper-system-gatekeeper 	gatekeeper-system	1       	2021-10-07 19:16:20.783813062 +0000 UTC	deployed	gatekeeper-3.5.2-bb.1             	v3.5.2
+    istio-operator-istio-operator	istio-operator   	1       	2021-10-07 19:16:20.564511742 +0000 UTC	deployed	istio-operator-1.10.4-bb.1
+    istio-system-istio           	istio-system     	1       	2021-10-07 19:17:18.267592579 +0000 UTC	deployed	istio-1.10.4-bb.3
+    jaeger-jaeger                	jaeger           	1       	2021-10-07 19:29:15.866513597 +0000 UTC	deployed	jaeger-operator-2.23.0-bb.2       	1.24.0
+    kiali-kiali                  	kiali            	1       	2021-10-07 19:29:14.362710144 +0000 UTC	deployed	kiali-operator-1.39.0-bb.2        	1.39.0
+    logging-cluster-auditor      	logging          	1       	2021-10-07 19:20:55.145508137 +0000 UTC	deployed	cluster-auditor-0.3.0-bb.7        	1.16.0
+    logging-ek                   	logging          	1       	2021-10-07 19:17:50.022767703 +0000 UTC	deployed	logging-0.1.21-bb.0               	7.13.4
+    logging-fluent-bit           	logging          	1       	2021-10-07 19:29:42.290601582 +0000 UTC	deployed	fluent-bit-0.16.6-bb.0            	1.8.6
+    monitoring-monitoring        	monitoring       	1       	2021-10-07 19:18:02.816162712 +0000 UTC	deployed	kube-prometheus-stack-14.0.0-bb.10	0.46.0
     ```
 
 ## Step 12: Edit your workstation's Hosts file to access the web pages hosted on the Big Bang Cluster
@@ -706,7 +698,7 @@ addons:
 EOF
 
 helm upgrade --install bigbang $HOME/bigbang/chart \
---values $HOME/bigbang/chart/ingress-certs.yaml \
+--values https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml \
 --values $HOME/ib_creds.yaml \
 --values $HOME/demo_values.yaml \
 --values $HOME/tinkering.yaml \

tests/ci/k3d/values.yaml

@@ -871,9 +871,59 @@ addons:
           memory: 16Mi
         limits: {}
       bbtests:
-        # TODO: Keycloak in CI not supported yet
-        enabled: false
+        enabled: true
         cypress:
           artifacts: true
           envs:
             cypress_url: "https://keycloak.bigbang.dev"
+            cypress_username: "admin"
+            cypress_password: "password"
+      # Custom dev secret configuration
+      secrets:
+        env:
+          stringData:
+            CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
+            KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
+            X509_CA_BUNDLE: /etc/x509/https/cas.pem
+        certauthority:
+          stringData:
+            cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
+        customreg:
+          stringData:
+            customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
+        realm:
+          stringData:
+            realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
+      extraVolumes: |-
+        - name: certauthority
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-certauthority
+        - name: customreg
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-customreg
+        - name: realm
+          secret:
+            secretName: {{ include "keycloak.fullname" . }}-realm
+      extraVolumeMounts: |-
+        - name: certauthority
+          mountPath: /etc/x509/https/cas.pem
+          subPath: cas.pem
+          readOnly: true
+        - name: customreg
+          mountPath: /opt/jboss/keycloak/customreg.yaml
+          subPath: customreg.yaml
+          readOnly: true
+        - name: realm
+          mountPath: /opt/jboss/keycloak/realm.json
+          subPath: realm.json
+          readOnly: true
+      
+      extraVolumeMountsBigBang:
+        - name: tlscert
+          mountPath: /etc/x509/https/tls.crt
+          subPath: tls.crt
+          readOnly: true
+        - name: tlskey
+          mountPath: /etc/x509/https/tls.key
+          subPath: tls.key
+          readOnly: true
\ No newline at end of file