chart/templates/haproxy/gitrepository.yaml

-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
 apiVersion: source.toolkit.fluxcd.io/v1beta1
 kind: GitRepository
 metadata:

chart/templates/haproxy/haproxy-authservice.yaml

-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
 apiVersion: helm.toolkit.fluxcd.io/v2beta1
 kind: HelmRelease
 metadata:
@@ -18,7 +18,10 @@ spec:
         kind: GitRepository
         name: haproxy
         namespace: {{ .Release.Namespace }}
-
+  {{- if .Values.addons.haproxy.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.addons.haproxy.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-haproxy-sso-values
       kind: Secret

chart/templates/haproxy/values.yaml

-{{- if and .Values.istio.enabled .Values.addons.authservice.enabled }}
+{{- if and .Values.istio.enabled .Values.monitoring.sso.enabled }}
 {{- include "values-secret" (dict "root" $ "package" .Values.addons.haproxy "name" "haproxy-sso" "defaults" (include "bigbang.defaults.haproxy-sso" .)) }}
 {{- end }}
 
@@ -65,33 +65,12 @@ config: |
     unique-id-format %{+X}o\ 1-%[date,hex,bytes(8,8),lower]-%[capture.req.hdr(3)]
     http-request set-header X-Amzn-Trace-Id Root=%[unique-id,lower]
     bind :8080
-{{- if and .Values.istio.sso.enabled }}
-    acl host_kiali hdr(host) -i kiali.{{ .Values.hostname }}
-    acl host_tracing hdr(host) -i tracing.{{ .Values.hostname }}
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
     acl host_alertmanager hdr(host) -i alertmanager.{{ .Values.hostname }}
     acl host_prometheus hdr(host) -i prometheus.{{ .Values.hostname }}
-{{- end }}
 
     option forwardfor
-{{- if and .Values.istio.sso.enabled }}
-    use_backend kiali_main if host_kiali
-    use_backend tracing_main if host_tracing
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
     use_backend alertmanager_main if host_alertmanager
     use_backend prometheus_main if host_prometheus
-{{- end }} 
-{{- if and .Values.istio.sso.enabled }}
-  backend kiali_main
-    mode http
-    server kiali kiali.istio-system.svc.cluster.local:20001
-  backend tracing_main
-    mode http
-    server jaeger tracing.istio-system.svc.cluster.local:80
-{{- end }}
-{{- if and .Values.monitoring.enabled .Values.monitoring.sso.enabled }}
   backend alertmanager_main
     mode http
     option forwardfor
@@ -102,8 +81,6 @@ config: |
     option forwardfor
     http-request replace-header Host .* monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local
     server prometheus monitoring-monitoring-kube-prometheus.monitoring.svc.cluster.local:9090
-{{- end }}
-
 image:
   repository: registry1.dso.mil/ironbank/opensource/haproxy/haproxy22
 containerPorts:

chart/templates/istio/controlplane/istio-controlplane-helmrelease.yaml

@@ -35,7 +35,10 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
+  {{- if .Values.istio.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.istio.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-istio-values
       kind: Secret

chart/templates/istio/controlplane/values.yaml

@@ -4,23 +4,13 @@
 
 {{- define "bigbang.defaults.istio" -}}
 hostname: {{ .Values.hostname }}
-sso:
-  enabled: {{ .Values.istio.sso.enabled }}
+
+tracing:
+  enabled:  {{ .Values.jaeger.enabled }}
 
 imagePullSecrets:
   - private-registry
 
 openshift: {{ .Values.openshift }}
 
-{{- if .Values.istio.sso.enabled }}
-ingress:
-  kiali:
-    service: authservice-haproxy-sso
-    port: 8080
-    namespace: authservice
-  jaeger:
-    service: authservice-haproxy-sso
-    port: 8080
-    namespace: authservice
-{{- end }}
 {{- end -}}

chart/templates/istio/operator/istio-operator-helmrelease.yaml

@@ -35,7 +35,10 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
+  {{- if .Values.istiooperator.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.istiooperator.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-istio-operator-values
       kind: Secret

chart/templates/jaeger/gitrepository.yaml

+{{- if and (not .Values.offline) .Values.jaeger.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: jaeger
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: jaeger
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.jaeger.git.repo }}
+  ref:
+    {{- include "validRef" .Values.jaeger.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}

chart/templates/jaeger/imagepullsecret.yaml

+{{- if and .Values.jaeger.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: jaeger
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file

chart/templates/jaeger/jaeger-helmrelease.yaml

+{{- if .Values.jaeger.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: jaeger
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: jaeger
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: jaeger
+  chart:
+    spec:
+      chart: {{ .Values.jaeger.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: jaeger
+        namespace: {{ .Release.Namespace }}
+
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+
+  valuesFrom:
+    - name: {{ .Release.Name }}-jaeger-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-jaeger-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-jaeger-values
+      kind: Secret
+      valuesKey: "overlays"
+
+  {{ if or .Values.istio.enabled .Values.monitoring.enabled .Values.jaeger.sso.enabled .Values.logging.enabled }}
+  dependsOn:
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.jaeger.sso.enabled }}
+    - name: authservice
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.logging.enabled }}
+    - name: ek
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/jaeger/namespace.yaml

+{{- if .Values.jaeger.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: jaeger
+  labels:
+    istio-injection: enabled
+    app.kubernetes.io/name: jaeger
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file

chart/templates/jaeger/values.yaml

+{{- if .Values.jaeger.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.jaeger "name" "jaeger" "defaults" (include "bigbang.defaults.jaeger" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.jaeger" -}}
+imagePullSecrets:
+  - name: private-registry
+hostname: {{ .Values.hostname }}
+istio:
+  enabled: {{ .Values.istio.enabled }}
+monitoring:
+  enabled: {{ .Values.monitoring.enabled }}
+elasticsearch:
+  enabled: {{ .Values.logging.enabled }}
+jaeger:
+  spec:
+    allInOne:
+      labels:
+        protect: keycloak
+    query:
+      labels:
+        protect: keycloak
+{{- end -}}
\ No newline at end of file

chart/templates/kiali/gitrepository.yaml

+{{- if and (not .Values.offline) .Values.kiali.enabled }}
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: kiali
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: kiali
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  interval: {{ .Values.flux.interval }}
+  url: {{ .Values.kiali.git.repo }}
+  ref:
+    {{- include "validRef" .Values.kiali.git | nindent 4 }}
+  {{ include "gitIgnore" . }}
+  {{- include "gitCreds" . | nindent 2 }}
+{{- end }}

chart/templates/kiali/helmrelease.yaml

+{{- if .Values.kiali.enabled }}
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: kiali
+  namespace: {{ .Release.Namespace }}
+  labels:
+    app.kubernetes.io/name: kiali
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+spec:
+  targetNamespace: kiali
+  chart:
+    spec:
+      chart: {{ .Values.kiali.git.path }}
+      interval: 5m
+      sourceRef:
+        kind: GitRepository
+        name: kiali
+        namespace: {{ .Release.Namespace }}
+  {{- with .Values.flux }}
+  interval: {{ .interval }}
+  test:
+    enable: false
+  install:
+    remediation:
+      retries: {{ .install.retries }}
+  upgrade:
+    remediation:
+      retries: {{ .upgrade.retries }}
+      remediateLastFailure: true
+    cleanupOnFail: true
+  rollback:
+    timeout: {{ .rollback.timeout }}
+    cleanupOnFail: {{ .rollback.cleanupOnFail }}
+  {{- end }}
+  {{- if .Values.kiali.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.kiali.postRenderers | nindent 4 }}
+  {{- end }}
+  valuesFrom:
+    - name: {{ .Release.Name }}-kiali-values
+      kind: Secret
+      valuesKey: "common"
+    - name: {{ .Release.Name }}-kiali-values
+      kind: Secret
+      valuesKey: "defaults"
+    - name: {{ .Release.Name }}-kiali-values
+      kind: Secret
+      valuesKey: "overlays"
+
+  {{ if or .Values.istio.enabled .Values.monitoring.enabled }}
+  dependsOn:
+  {{- if .Values.istio.enabled }}
+    - name: istio
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+  {{- end }}
+  {{- end }}
+{{- end }}

chart/templates/kiali/imagepullsecret.yaml

+{{- if and .Values.kiali.enabled ( include "imagePullSecret" . ) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: private-registry
+  namespace: kiali
+type: kubernetes.io/dockerconfigjson
+data:
+  .dockerconfigjson: {{ template "imagePullSecret" . }}
+{{- end }}
\ No newline at end of file

chart/templates/kiali/namespace.yaml

+{{- if .Values.kiali.enabled }}
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: kiali
+  labels:
+    istio-injection: enabled
+    app.kubernetes.io/name: kiali
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+{{- end }}
\ No newline at end of file

chart/templates/kiali/sso-client-secret.yaml

+{{- if and .Values.kiali.enabled .Values.kiali.sso.client_secret }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: kiali-openid
+  namespace: kiali
+type: kubernetes.io/opaque
+stringData:
+  oidc-secret: {{ .Values.kiali.sso.client_secret }}
+{{- end }}
\ No newline at end of file

chart/templates/kiali/values.yaml

+{{- if .Values.kiali.enabled }}
+{{- include "values-secret" (dict "root" $ "package" .Values.kiali "name" "kiali" "defaults" (include "bigbang.defaults.kiali" .)) }}
+{{- end }}
+
+{{- define "bigbang.defaults.kiali" -}}
+hostname: {{ .Values.hostname }}
+istio:
+  enabled: {{ .Values.istio.enabled }}
+monitoring:
+  enabled: {{ .Values.monitoring.enabled }}
+elasticsearch:
+  enabled: {{ .Values.logging.enabled }}
+cr:
+  spec:
+    server:
+      web_port: "443"
+    auth:
+      {{- if .Values.kiali.sso.enabled }}
+      strategy: openid
+      openid:
+        client_id: "{{ .Values.kiali.sso.client_id }}"
+        disable_rbac: true
+        issuer_uri: "https://{{ .Values.sso.oidc.host }}/auth/realms/{{ .Values.sso.oidc.realm }}"
+        scopes:
+        - openid
+        - email
+        username_claim: email
+      {{- else }}
+      strategy: token
+      {{- end }}
+    api:
+      namespaces:
+        # bigbang watches all!
+        exclude: []
+{{- end -}}

chart/templates/logging/eck-operator/eck-operator-helmrelease.yaml

@@ -35,7 +35,10 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
+  {{- if .Values.eckoperator.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.eckoperator.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-eck-operator-values
       kind: Secret

chart/templates/logging/elasticsearch-kibana/ek-helmrelease.yaml

@@ -35,7 +35,10 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
+  {{- if .Values.logging.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.logging.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-ek-values
       kind: Secret

chart/templates/logging/fluentbit/fluentbit-helmrelease.yaml

@@ -34,7 +34,10 @@ spec:
     timeout: {{ .rollback.timeout }}
     cleanupOnFail: {{ .rollback.cleanupOnFail }}
   {{- end }}
-
+  {{- if .Values.fluentbit.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.fluentbit.postRenderers | nindent 4 }}
+  {{- end }}
   valuesFrom:
     - name: {{ .Release.Name }}-fluentbit-values
       kind: Secret