�[0KRunning with gitlab-runner 14.9.1 (bd40e3da)�[0;m
�[0K on gitlab-runners-bb-ci-glr-priv-gitlab-runner-785c684565-cpszq 17F-qsYQ�[0;m
section_start:1657639314:resolve_secrets
�[0K�[0K�[36;1mResolving secrets�[0;m�[0;m
section_end:1657639314:resolve_secrets
�[0Ksection_start:1657639314:prepare_executor
�[0K�[0K�[36;1mPreparing the "kubernetes" executor�[0;m�[0;m
�[0KUsing Kubernetes namespace: gitlab-runners�[0;m
�[0KUsing Kubernetes executor with image registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/bb-ci:2.4.2 ...�[0;m
�[0KUsing attach strategy to execute scripts...�[0;m
section_end:1657639314:prepare_executor
�[0Ksection_start:1657639314:prepare_script
�[0K�[0K�[36;1mPreparing environment�[0;m�[0;m
Waiting for pod gitlab-runners/runner-17f-qsyq-project-2872-concurrent-02k2js to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper svc-0]"
ContainersNotReady: "containers with unready status: [build helper svc-0]"
Running on runner-17f-qsyq-project-2872-concurrent-02k2js via gitlab-runners-bb-ci-glr-priv-gitlab-runner-785c684565-cpszq...
section_end:1657639325:prepare_script
�[0Ksection_start:1657639325:get_sources
�[0K�[0K�[36;1mGetting source from Git repository�[0;m�[0;m
�[32;1mFetching changes with git depth set to 50...�[0;m
Initialized empty Git repository in /builds/platform-one/big-bang/bigbang/.git/
�[32;1mCreated fresh repository.�[0;m
�[32;1mChecking out 908609f2 as master...�[0;m
�[32;1mSkipping Git submodules setup�[0;m
section_end:1657639326:get_sources
�[0Ksection_start:1657639326:step_script
�[0K�[0K�[36;1mExecuting "step_script" stage of the job script�[0;m�[0;m
�[32;1m$ echo -e "\e[0Ksection_start:`date +%s`:k3d_up[collapsed=true]\r\e[0K\e[33;1mK3D Cluster Create\e[37m"�[0;m
�[0Ksection_start:1657639326:k3d_up[collapsed=true]
�[0K�[33;1mK3D Cluster Create�[37m
�[32;1m$ git clone -b ${PIPELINE_REPO_BRANCH} ${PIPELINE_REPO} ${PIPELINE_REPO_DESTINATION}�[0;m
Cloning into '../pipeline-repo'...
�[32;1m$ source ${PIPELINE_REPO_DESTINATION}/library/templates.sh�[0;m
�[32;1m$ package_auth_setup�[0;m
�[32;1m$ i=0; while [ "$i" -lt 12 ]; do docker info &>/dev/null && break; sleep 5; i=$(( i + 1 )) ; done�[0;m
�[32;1m$ docker network create ${CI_JOB_ID} --driver=bridge -o "com.docker.network.driver.mtu"="1450" --subnet=172.20.0.0/16 --gateway 172.20.0.1�[0;m
4b766933d9f5a88fffbe4a11382a3c6ac502064b4f516bd077b63d348f8e9571
�[32;1m$ chmod +x ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh; echo "Executing ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh..."; ./${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh�[0;m
Executing ../pipeline-repo/clusters/k3d/dependencies/k3d/deploy_k3d.sh...
Creating k3d cluster without default metric server
�[36mINFO�[0m[0000] Using config file ../pipeline-repo/clusters/k3d/dependencies/k3d/config-no-metrics.yaml (k3d.io/v1alpha4#simple)
�[36mINFO�[0m[0000] portmapping '80:80' targets the loadbalancer: defaulting to [servers:*:proxy agents:*:proxy]
�[36mINFO�[0m[0000] portmapping '443:443' targets the loadbalancer: defaulting to [servers:*:proxy agents:*:proxy]
�[36mINFO�[0m[0000] Prep: Network
�[36mINFO�[0m[0000] Re-using existing network '13212279' (4b766933d9f5a88fffbe4a11382a3c6ac502064b4f516bd077b63d348f8e9571)
�[36mINFO�[0m[0000] Created image volume k3d-13212279-images
�[36mINFO�[0m[0000] Starting new tools node...
�[36mINFO�[0m[0000] Pulling image 'ghcr.io/k3d-io/k3d-tools:5.4.1'
�[36mINFO�[0m[0001] Creating node 'k3d-13212279-server-0'
�[36mINFO�[0m[0001] Starting Node 'k3d-13212279-tools'
�[36mINFO�[0m[0002] Pulling image 'rancher/k3s:v1.23.4-k3s1'
�[36mINFO�[0m[0005] Creating LoadBalancer 'k3d-13212279-serverlb'
�[36mINFO�[0m[0006] Pulling image 'ghcr.io/k3d-io/k3d-proxy:5.4.1'
�[36mINFO�[0m[0008] Using the k3d-tools node to gather environment information
�[36mINFO�[0m[0008] HostIP: using network gateway 172.20.0.1 address
�[36mINFO�[0m[0008] Starting cluster '13212279'
�[36mINFO�[0m[0008] Starting servers...
�[36mINFO�[0m[0008] Starting Node 'k3d-13212279-server-0'
�[36mINFO�[0m[0013] All agents already running.
�[36mINFO�[0m[0013] Starting helpers...
�[36mINFO�[0m[0013] Starting Node 'k3d-13212279-serverlb'
�[36mINFO�[0m[0020] Injecting records for hostAliases (incl. host.k3d.internal) and for 2 network members into CoreDNS configmap...
�[36mINFO�[0m[0023] Cluster '13212279' created successfully!
�[36mINFO�[0m[0023] You can now use it like this:
kubectl cluster-info
�[32;1m$ until kubectl get deployment coredns -n kube-system -o go-template='{{.status.availableReplicas}}' | grep -v -e '<no value>'; do sleep 1s; done�[0;m
1
�[32;1m$ chmod +x ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh; echo "Executing ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh..."; ./${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh�[0;m
Executing ../pipeline-repo/clusters/k3d/dependencies/metallb/install_metallb.sh...
namespace/metallb-system created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/controller created
daemonset.apps/speaker created
deployment.apps/controller created
configmap/config created
Waiting for daemon set "speaker" rollout to finish: 0 of 1 updated pods are available...
daemon set "speaker" successfully rolled out
deployment "controller" successfully rolled out
�[32;1m$ get_all�[0;m
�[0Ksection_start:1657639379:all_resources[collapsed=true]
�[0K�[33;1mAll Cluster Resources�[37m
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/coredns-5789895cd-q6p6r 1/1 Running 0 24s
kube-system pod/local-path-provisioner-6c79684f77-lp7b7 1/1 Running 0 24s
metallb-system pod/controller-65744b4459-nlh7n 1/1 Running 0 16s
metallb-system pod/speaker-chxzk 1/1 Running 0 16s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 39s
kube-system service/kube-dns ClusterIP 172.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 36s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
metallb-system daemonset.apps/speaker 1 1 1 1 1 kubernetes.io/os=linux 16s
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/coredns 1/1 1 1 36s
kube-system deployment.apps/local-path-provisioner 1/1 1 1 36s
metallb-system deployment.apps/controller 1/1 1 1 16s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/coredns-5789895cd 1 1 1 25s
kube-system replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 25s
metallb-system replicaset.apps/controller-65744b4459 1 1 1 16s
�[0Ksection_end:1657639379:all_resources
�[0K
�[32;1m$ echo -e "\e[0Ksection_end:`date +%s`:k3d_up\r\e[0K"�[0;m
�[0Ksection_end:1657639379:k3d_up
�[0K
�[32;1m$ dependency_images�[0;m
�[0Ksection_start:1657639379:dep_images[collapsed=true]
�[0KGetting List of Dependency Images
docker.io/rancher/local-path-provisioner:v0.0.21
docker.io/rancher/mirrored-coredns-coredns:1.8.6
docker.io/rancher/mirrored-pause:3.6
registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-controller:v0.10.2
registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/metallb-speaker:v0.10.2
�[0Ksection_end:1657639380:dep_images
�[0K
�[32;1m$ deploy_bigbang�[0;m
�[0Ksection_start:1657639380:00_deploy_flux.sh[collapsed=true]
�[0K�[33;1m00_deploy_flux.sh�[37m
REGISTRY_URL: registry1.dso.mil
REGISTRY_USERNAME: robot-ironbank+bigbang-dev-22oct22
namespace/flux-system created
Creating secret private-registry in namespace flux-system
secret/private-registry created
Installing flux from kustomization
Warning: resource namespaces/flux-system is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/flux-system configured
customresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/buckets.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/gitrepositories.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmcharts.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmreleases.helm.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmrepositories.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/kustomizations.kustomize.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/providers.notification.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/receivers.notification.toolkit.fluxcd.io created
serviceaccount/helm-controller created
serviceaccount/kustomize-controller created
serviceaccount/notification-controller created
serviceaccount/source-controller created
clusterrole.rbac.authorization.k8s.io/crd-controller-flux-system created
clusterrolebinding.rbac.authorization.k8s.io/cluster-reconciler-flux-system created
clusterrolebinding.rbac.authorization.k8s.io/crd-controller-flux-system created
service/notification-controller created
service/source-controller created
service/webhook-receiver created
Warning: would violate PodSecurity "restricted:latest": seccompProfile (pod or container "manager" must set securityContext.seccompProfile.type to "RuntimeDefault" or "Localhost")
deployment.apps/helm-controller created
deployment.apps/kustomize-controller created
deployment.apps/notification-controller created
deployment.apps/source-controller created
networkpolicy.networking.k8s.io/allow-egress created
networkpolicy.networking.k8s.io/allow-scraping created
networkpolicy.networking.k8s.io/allow-webhooks created
deployment.apps/helm-controller condition met
deployment.apps/source-controller condition met
deployment.apps/kustomize-controller condition met
deployment.apps/notification-controller condition met
�[0Ksection_end:1657639397:00_deploy_flux.sh
�[0K
�[0Ksection_start:1657639397:01_deploy_bigbang.sh[collapsed=true]
�[0K�[33;1m01_deploy_bigbang.sh�[37m
🌌 all-packages label enabled, or on default branch or tag, enabling all addons
Enabling kyverno
Enabling kyverno policies
Enabling tempo
Enabling promtail and loki
🚀 Installing BigBang with the following configurations:
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"nZUXZDUyyAEKY4dJyargboayGxJmmlrhcoBoik-7040\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"qAl-BtUwp2ZVl7wix_8-pucv-jTK1L9QGFVW02kPYlFi0frg-OL9XsSB1MsJIEFfnDIZ_psvvWYoZkVnzibgVlfAjOQXyIevOWLpSlUK3BpWFnAfO-0oyQWSsclyE8-xpzTifL75SvbSvDp3JXVBa4UdgV2qsNs7xu99wipQ7cro2lpne5EIHv6eKJMeG1eFQS2DJrI6ydNOLrzHFOA3pAhZRphId6dxYWaKzH_tcR34uQ2gg-IgmGakYLFhG_P2ZrMdPqouej_WFoc9Y9hlHx8NALfA6uYe4aDCbWCTL1V1sZJjzVR7WiTDh7fIogTu_2ukpCOnXX_SaLadoulxLw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=\"],\"x5t\":\"ihEvRimRNSdrnr_Fhnd4OElB3-E\",\"x5t#S256\":\"YNijWPCIhWA5xQTwyIfvlBN-UcMe46Um2ywE-ADiqjM\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
flux:
timeout: 20m
interval: 1m
rollback:
cleanupOnFail: false
networkPolicies:
enabled: true
controlPlaneCidr: 172.16.0.0/12
istio:
enabled: true
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQClaYFiPGoPBjqe\nQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hRbvaZ39EQdRqY\nbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/krYA5a9bKe6btg\nZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLLcWe2DDU7g/r1\nnSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8CIFdTIwzcr4N\nyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZVp2SxgbnlbuT\nU90DzqIDAgMBAAECggEAao25W/fA9maz0gj0HqGjq6VhhR22qfOhMz6JT6G2mVCc\nUVkEyeelKNTZSiQmVQu3C9YoIt1Lxoc5F6FaOwVLT6Mm/efOTfWFq8/rAOmE64Bt\nCeKhEX9pnsKa6ClX6uqRpwBcnvmRE89K9gDqlAuTOdCRpQR5/8QRpmQ3ojZz0qu5\nzUDFllcn/2DScmEA4C8wyg1+Jjln8x8J6fQ2ljn4hueY4/rr1bWMVl2IkcGNyUlV\nAhv2/vQS17PpZCfQuqAVwOvNIxN9FlUQe60V2AdbqnO+dvTEUfm2eo/HoJ9JU8O1\nISbdIC9MXjd9O1MNVqzOqOdsRU9ZlGd4GBdZ9Xsk2QKBgQDbLZeb4H7bIF+0Q+oc\nuYUhR9Xu+o7iP1xU9YlGXklH5HM36owLHyCs0PUaIldP/pyVHXyJLEtPhMrrexf9\nKkD5U7Vs489zk4JdOQ0BrVvCxxk02utYWdyc91IYWjFci7EI/vSYtciTT6G8ZRJt\nQvXGGjGsfPbpEA83MAQJI1/xJwKBgQDBM4wpj4vQVuel4A6LPUQX3hp182U5onhB\neQ7XMSVRiq7a60fmtDmgO0auiTPR5jjeS9oS2G3pVBE2Hudz83ihoO9xjNvqoZAs\n62JqRsEtaf6KTpZPf1wTHOQPxadLV5WKZRFmWTYnzl6NN19SzW5r6B7jjuhX1SFC\nTNFuZfDZxQKBgBaHCR4sZN2A5lVQ5a8uIlDZYVO+zRDUEllpI0LoTf/lqzIEGYDL\nIkCg+ZBGF1NRiCaLcVFoDBWQQIsTi9OplCQMRol6oMfwUWXjh0K03smWTTDxj171\nXYeEpBt8qbYpZXjXO6y2gnchqC4E9W/lgf1qk9B2x6oMzIOPm9qUmDfhAoGAZh4o\n547IB8bnifVzuoUXiMYMlmugBWaqyXCDN5rybrcu1OeniXmZO+gY5AgBK+DUDitp\niKx86+dTcZfEHrWB/WxjI1Ggq9PZsOR5kFL1qFtt/wyqxjo7IJ8UrIF8e4Y/tHbX\nS5G73i5mK54o9EtBIif+q6jNhh9RBQo1aHTZaUECgYBLuMf/HDK+CfZSxiUSibuv\nP5HEdh5Wyf3CcP+tnqdGlWTHTpJcyhwgXu9U4Jq/C4sCwKg+YNGdCC546VnQlk/+\nndcsIBupTiAuZ9XKgiIMnxmuhj0FZD6lJPalxTBgsHqPhAuWUTr33GUfIwsivBjq\nfPQoxgpxHY/EjpvxG6v48Q==\n-----END PRIVATE KEY-----\n" # Gets added via chart/ingress-certs.yaml
cert: "-----BEGIN CERTIFICATE-----\nMIIFIDCCBAigAwIBAgISBKnyb7wpgyFksuzmoqh4+0mUMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjA2MDMwODQ1MTlaFw0yMjA5MDEwODQ1MThaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl\naYFiPGoPBjqeQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hR\nbvaZ39EQdRqYbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/kr\nYA5a9bKe6btgZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLL\ncWe2DDU7g/r1nSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8\nCIFdTIwzcr4NyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZ\nVp2SxgbnlbuTU90DzqIDAgMBAAGjggJIMIICRDAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFFrhttFVH5I25/sHc9DOncAEu0M4MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwBByMqx3yJGShDGoToJ\nQodeTjGLGwPr60vHaPCQYpYG9gAAAYEo9HmtAAAEAwBIMEYCIQCwDCIEu1YzSeMr\n8f9MBIuPdzWWN7Xar1dWJgfj5XqqKAIhAP/Rl5D0jr9KNiSh8dSp6X+v+fbLB+Ga\njGzfCmcCZ9tyAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGB\nKPR5vgAABAMARjBEAiAmiZXFXtcrvRecGF3b/MpdtIYxjsC8fXjTpRfrPDWeZAIg\nGXALg3rQ27V4+dm9UKPTw2TgPWfYaW6Zynl2CP59WUIwDQYJKoZIhvcNAQELBQAD\nggEBACwKOUOL5MFS8b5nP2aUqmTmi+bW6Sr/j4blxTbmFmBHC4EBdEHvlL6dYnTa\n2fR7Vqrqoo99W0l8nPyRED05jVz9R1rmzIDUFhvXd+vCsC0JnJTNg8r4xwYeJsMQ\nZNy9QCkWH/SWuzP1dusjNo5rMAPG/UYLgh/kM+W4PAZ3Ek5rWuzrUMxV2PeZRnyX\nTBeNdYTcSvhRdp4sEZ6fWx1BCEZmao+JBXzyWy4r+YOiXcAWV+7mnHGUnr/wRgYM\n8/mDkpNE5Y6wTyHCV+np+86Zsq/C64ODmpi2sKCnTiW28xpKZI4I8b6l/WzkEaZy\n0eT3gb+zaRn8ZMjJxO6JfjOLpWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
jaeger:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_jaeger
values:
istio:
jaeger:
enabled: true
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kiali
values:
cr:
spec:
auth:
# if enabling the keycloak SSO integration test, set strategy to "openid"
#strategy: "openid"
strategy: "anonymous"
bbtests:
enabled: true
cypress:
envs:
cypress_url: 'https://kiali.bigbang.dev'
cypress_check_data: 'true'
# uncomment these next 3 lines if enabling the keycloak SSO integration test
#cypress_keycloak_test_enable: "true"
#cypress_keycloak_username: "cypress"
#cypress_keycloak_password: "tnr_w!G33ZyAt@C8"
clusterAuditor:
enabled: true
values:
resources:
requests:
cpu: 100m
memory: 256Mi
limits: {}
bbtests:
enabled: true
cypress:
envs:
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_allownodatas: '0'
cypress_url: 'https://grafana.bigbang.dev/d/YBgRZG6Mz/opa-violations?orgId=1'
gatekeeper:
enabled: true
values:
replicas: 1
controllerManager:
resources:
limits: {}
requests:
cpu: 100m
memory: 256Mi
violations:
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
allowedDockerRegistries:
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
# Allow argocd to deploy a test app in its cypress test
- argocd/guestbook-ui.*
allowedHostFilesystem:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- kiali/kiali-operator-cypress-test
- mattermost/mattermost-cypress-test
- keycloak/keycloak-cypress-test
- jaeger/jaeger-operator-cypress-test
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
- logging/loki-cypress-test
- twistlock/twistlock-cypress-test
- sonarqube/sonarqube-cypress-test
- logging/logging-cypress-test
- tempo/tempo-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
allowedIPs:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-external-ips-.?
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
bannedImageTags:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
hostNetworking:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
noSysctls:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/restrict-sysctls-.?
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
restrictedTaint:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/disallow-tolerations-.?
selinuxPolicy:
parameters:
excludedResources:
# Allow kyverno test vectors for Helm test
- default/c.?
- default/i.?
- default/disallow-selinux-options-.?
- default/restrict-selinux-type-.?
volumeTypes:
parameters:
excludedResources:
- nexus-repository-manager/nexus-repository-manager-cypress-test
- cluster-auditor/cluster-auditor-cypress-test
- gitlab/gitlab-cypress-test
- gitlab/gitlab-runner-cypress-test
- kiali/kiali-operator-cypress-test
- mattermost/mattermost-cypress-test
- keycloak/keycloak-cypress-test
- jaeger/jaeger-operator-cypress-test
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
- logging/loki-cypress-test
- twistlock/twistlock-cypress-test
- sonarqube/sonarqube-cypress-test
- logging/logging-cypress-test
- tempo/tempo-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
- default/restrict-volume-types-.?
bbtests:
enabled: true
kyverno:
enabled: true
values:
replicaCount: 1
bbtests:
enabled: true
kyvernopolicies:
enabled: true
values:
bbtests:
enabled: true
exclude:
any:
# Allows k3d load balancer to bypass policies.
- resources:
namespaces:
- istio-system
names:
- svclb-*
# Exclude gatekeeper test resources so Helm tests will work
- resources:
namespaces:
- default
names:
- bad-test*
- good-test*
# Parameters are copied from kyverno policies for test vectors
# Exclusions are for allowing other helm tests to function
policies:
clone-configs:
parameters:
clone:
- name: clone-configs-1
kind: ConfigMap
namespace: "{{ .Release.Namespace }}"
- name: clone-configs-2
kind: Secret
namespace: "{{ .Release.Namespace }}"
disallow-annotations:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-labels:
parameters:
disallow:
- 'kyverno-policies-bbtest/test: disallowed'
- kyverno-policies-bbtest/disallowed
disallow-tolerations:
parameters:
disallow:
- effect: NoSchedule
key: notallowed
value: 'false'
- effect: '*NoSchedule'
key: disa??owed
value: 'true'
require-annotations:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
require-image-signature:
parameters:
require:
- image: ghcr.io/kyverno/test-verify-image:*
key: |-
-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE8nXRh950IZbRj8Ra/N9sbqOPZrfM
5/KAQN0/KjHcorm/J5yctVd7iEcnessRQjU917hmKO6JWVGHpDguIyakZA==
-----END PUBLIC KEY-----
require-labels:
parameters:
require:
- 'kyverno-policies-bbtest/test: required'
- kyverno-policies-bbtest/required
restrict-external-ips:
parameters:
allow:
- 192.168.0.1
restrict-external-names:
enabled: true
parameters:
allow:
- allowed
restrict-host-path-mount:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- cluster-auditor
- mattermost
- nexus-repository-manager
- keycloak
- jaeger
- monitoring
- vault
- logging
- twistlock
- sonarqube
- logging
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-path-mount-pv:
parameters:
allow:
- /tmp/allowed
- /var/lib/rancher/k3s/storage/pvc-*
restrict-host-path-write:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- cluster-auditor
- mattermost
- nexus-repository-manager
- keycloak
- jaeger
- monitoring
- vault
- logging
- twistlock
- sonarqube
- logging
names:
- "*-cypress-test*"
parameters:
allow:
- /tmp/allowed
restrict-host-ports:
parameters:
allow:
- '63999'
- '>= 64000 & < 65000'
- '> 65000'
restrict-image-registries:
exclude:
any:
# ArgoCD deploys a test app as part of its Cypress test
- resources:
namespaces:
- argocd
names:
- guestbook-ui*
restrict-volume-types:
exclude:
any:
- resources:
namespaces:
- gitlab
- kiali
- cluster-auditor
- mattermost
- nexus-repository-manager
- keycloak
- jaeger
- monitoring
- vault
- logging
- twistlock
- sonarqube
- logging
names:
- "*-cypress-test*"
update-image-pull-policy:
parameters:
update:
- to: Always
update-image-registry:
parameters:
update:
- from: replace.image.registry
to: registry1.dso.mil
require-drop-all-capabilities:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
require-non-root-group:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
require-non-root-user:
exclude:
any:
# Gitlab Minio sub-chart does not have configurable securityContext values from upstream. Minio installation
# is only recommended for Dev/CI environments.
- resources:
namespaces:
- gitlab
names:
- gitlab-minio-*
logging:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_kibana
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_expect_logs: "true"
cypress_kibana_url: "https://kibana.bigbang.dev"
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
config:
inputs: |
[INPUT]
Name tail
Path /var/log/containers/*flux-system*.log
Parser containerd
Tag kube.*
Mem_Buf_Limit 50MB
Skip_Long_Lines On
storage.type filesystem
loki:
enabled: true
strategy: scalable
values:
global:
createGlobalConfig: true
existingSecretForConfig: "loki-config"
loki-simple-scalable:
write:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
read:
replicas: 1
persistence:
size: 2Gi
resources:
limits:
cpu: 200m
memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
bbtests:
enabled: true
cypress:
envs:
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
envs:
LOKI_URL: 'http://logging-loki-write.logging.svc:3100'
tempo:
enabled: true
values:
istio:
tempoQuery:
hosts:
- "tempo.{{ .Values.domain }}"
tempo:
resources:
limits: null
requests:
cpu: 200m
memory: 128Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://tempo.bigbang.dev'
cypress_tempo_datasource: 'http://tempo-tempo.tempo.svc:3100'
cypress_check_datasource: 'true'
cypress_grafana_url: 'https://grafana.bigbang.dev'
scripts:
enabled: false
envs:
TEMPO_METRICS_URL: 'http://tempo-tempo.tempo.svc:3100'
persistence:
enabled: true
# storageClassName: local-path
accessModes:
- ReadWriteOnce
size: 5Gi
tempoQuery:
resources:
limits: null
requests:
cpu: 200m
memory: 128Mi
monitoring:
enabled: true
sso:
enabled: false
prometheus:
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_prometheus
alertmanager:
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_alertmanager
grafana:
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_grafana
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
resources:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
image: registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/cypress/kubectl:8.3.1
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
cypress_check_istio_dashboards: 'true'
twistlock:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-saml
values:
console:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
envs:
twistlock_host: "https://twistlock.bigbang.dev"
# Addons are toggled based on labels in CI
addons:
argocd:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
limits: {}
redis-bb:
master:
persistence:
size: 512Mi
replica:
persistence:
size: 512Mi
redis:
resources:
requests:
cpu: 50m
memory: 256Mi
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://argocd.bigbang.dev"
authservice:
enabled: true
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
redis:
enabled: true
redis-bb:
master:
persistence:
size: 256Mi
replica:
replicaCount: 0
persistence:
size: 256Mi
gitlab:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab
flux:
timeout: 30m
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
helmTests:
enabled: false
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
persistence:
size: 256Mi
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
toolbox:
persistence:
size: 256Mi
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
persistence:
size: 256Mi
metrics:
resources:
requests:
cpu: 10m
limits: {}
minio:
persistence:
size: 256Mi
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
scripts:
envs:
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
gitlabRunner:
enabled: true
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
runners:
protected: false
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
anchore:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
postgresql:
persistence:
size: 256Mi
resources:
requests:
cpu: 200m
memory: 1024Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreAnalyzer:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseRbac:
authResources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
managerResources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseNotifications:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEntperpiseUi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-ui-redis:
enabled: true
replica:
replicaCount: 0
bbtests:
enabled: true
scripts:
envs:
ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"
sonarqube:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_saml-sonarqube
provider_name: "P1 SSO"
certificate: MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=
login: login
name: name
email: email
values:
plugins:
install: []
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
persistence:
enabled: false
size: 5Gi
postgresql:
persistence:
size: 256Mi
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
tests:
enabled: false
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://sonarqube.bigbang.dev"
cypress_url_setup: "https://sonarqube.bigbang.dev/setup"
account:
adminPassword: new_admin_password
currentAdminPassword: admin
curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:2.0.0
minioOperator:
enabled: true
minio:
enabled: true
values:
tenants:
pools:
- servers: 2
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
runAsNonRoot: true
bbtests:
# There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
# This issue can be reopened if problems reappear.
enabled: true
cypress:
envs:
cypress_url: 'https://minio.bigbang.dev/login'
scripts:
envs:
MINIO_PORT: ''
MINIO_HOST: 'https://minio-api.bigbang.dev'
mattermostoperator:
enabled: true
mattermost:
enabled: true
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_mattermost
client_secret: "no-secret"
elasticsearch:
enabled: true
values:
postgresql:
persistence:
size: 256Mi
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits: {}
minio:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
bbtests:
enabled: true
cypress:
envs:
cypress_url: https://chat.bigbang.dev
nexus:
enabled: true
# Nexus requires manual configuration in Keycloak client and cannot be tested with login.dso.mil
# you must test with your own dev deployment. Example: keycloak.bigbang.dev
# See more info in Nexus Package docs /docs/keycloak.md
# Nexus SSO is behind a paywall. You must have a valid license to enable SSO
# -- Base64 encoded license file.
# cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
#license_key: "enter-single-line-base64-encoded-string-here"
sso:
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
idp_data:
entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
# -- IdP Field Mappings
# -- NXRM username attribute
username: "username"
firstName: "firstName"
lastName: "lastName"
email: "email"
groups: "groups"
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
# curl https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/descriptor ; echo
idpMetadata: 'enter-single-quoted-single-line-string-here'
role:
# id is the name of the Keycloak group (case sensitive)
- id: "Nexus"
name: "Keycloak Nexus Group"
description: "unprivilaged users"
privileges: []
roles: []
- id: "Nexus-Admin"
name: "Keycloak Nexus Admin Group"
description: "keycloak users as admins"
privileges:
- "nx-all"
roles:
- "nx-admin"
# NexusNotes: |
# Login to Nexus Admin UI and then get the x509 certificate from this path
# https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
# copy and paste the nexus single line certificate into a text file and save it
# vi nexus-x509.txt
# -----BEGIN CERTIFICATE-----
# put-single-line-nexus-x509-certificate-here
# -----END CERTIFICATE-----
# make a valid pem file with proper wrapping at 64 characters per line
# fold -w 64 nexus-x509.txt > nexus.pem
# In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
values:
persistence:
# Do NOT set this below 5Gi, nexus will fail to boot
storageSize: 5Gi
nexus:
# https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
env:
- name: install4jAddVmParams
value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
resources:
requests:
cpu: 100m
memory: 1500Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_nexus_url: "https://nexus.bigbang.dev"
cypress_nexus_user: "admin"
cypress_nexus_pass_new: "new_admin_password"
secretEnvs:
- name: cypress_nexus_pass
valueFrom:
secretKeyRef:
name: nexus-repository-manager-secret
key: admin.password
velero:
enabled: true
plugins:
- aws
values:
serviceAccount:
server:
name: velero
configuration:
provider: aws
backupStorageLocation:
bucket: velero
config:
region: velero
s3ForcePathStyle: "true"
s3Url: https://minio-api.bigbang.dev
volumeSnapshotLocation:
provider: aws
config:
region: velero
credentials:
useSecret: true
secretContents:
cloud: |
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
cleanUpCRDs: true
bbtests:
enabled: true
scripts:
envs:
MINIO_HOST: https://minio-api.bigbang.dev
keycloak:
enabled: true
ingress:
gateway: "passthrough"
key: "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQClaYFiPGoPBjqe\nQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hRbvaZ39EQdRqY\nbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/krYA5a9bKe6btg\nZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLLcWe2DDU7g/r1\nnSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8CIFdTIwzcr4N\nyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZVp2SxgbnlbuT\nU90DzqIDAgMBAAECggEAao25W/fA9maz0gj0HqGjq6VhhR22qfOhMz6JT6G2mVCc\nUVkEyeelKNTZSiQmVQu3C9YoIt1Lxoc5F6FaOwVLT6Mm/efOTfWFq8/rAOmE64Bt\nCeKhEX9pnsKa6ClX6uqRpwBcnvmRE89K9gDqlAuTOdCRpQR5/8QRpmQ3ojZz0qu5\nzUDFllcn/2DScmEA4C8wyg1+Jjln8x8J6fQ2ljn4hueY4/rr1bWMVl2IkcGNyUlV\nAhv2/vQS17PpZCfQuqAVwOvNIxN9FlUQe60V2AdbqnO+dvTEUfm2eo/HoJ9JU8O1\nISbdIC9MXjd9O1MNVqzOqOdsRU9ZlGd4GBdZ9Xsk2QKBgQDbLZeb4H7bIF+0Q+oc\nuYUhR9Xu+o7iP1xU9YlGXklH5HM36owLHyCs0PUaIldP/pyVHXyJLEtPhMrrexf9\nKkD5U7Vs489zk4JdOQ0BrVvCxxk02utYWdyc91IYWjFci7EI/vSYtciTT6G8ZRJt\nQvXGGjGsfPbpEA83MAQJI1/xJwKBgQDBM4wpj4vQVuel4A6LPUQX3hp182U5onhB\neQ7XMSVRiq7a60fmtDmgO0auiTPR5jjeS9oS2G3pVBE2Hudz83ihoO9xjNvqoZAs\n62JqRsEtaf6KTpZPf1wTHOQPxadLV5WKZRFmWTYnzl6NN19SzW5r6B7jjuhX1SFC\nTNFuZfDZxQKBgBaHCR4sZN2A5lVQ5a8uIlDZYVO+zRDUEllpI0LoTf/lqzIEGYDL\nIkCg+ZBGF1NRiCaLcVFoDBWQQIsTi9OplCQMRol6oMfwUWXjh0K03smWTTDxj171\nXYeEpBt8qbYpZXjXO6y2gnchqC4E9W/lgf1qk9B2x6oMzIOPm9qUmDfhAoGAZh4o\n547IB8bnifVzuoUXiMYMlmugBWaqyXCDN5rybrcu1OeniXmZO+gY5AgBK+DUDitp\niKx86+dTcZfEHrWB/WxjI1Ggq9PZsOR5kFL1qFtt/wyqxjo7IJ8UrIF8e4Y/tHbX\nS5G73i5mK54o9EtBIif+q6jNhh9RBQo1aHTZaUECgYBLuMf/HDK+CfZSxiUSibuv\nP5HEdh5Wyf3CcP+tnqdGlWTHTpJcyhwgXu9U4Jq/C4sCwKg+YNGdCC546VnQlk/+\nndcsIBupTiAuZ9XKgiIMnxmuhj0FZD6lJPalxTBgsHqPhAuWUTr33GUfIwsivBjq\nfPQoxgpxHY/EjpvxG6v48Q==\n-----END PRIVATE KEY-----\n" # Gets added via chart/ingress-certs.yaml
cert: "-----BEGIN CERTIFICATE-----\nMIIFIDCCBAigAwIBAgISBKnyb7wpgyFksuzmoqh4+0mUMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjA2MDMwODQ1MTlaFw0yMjA5MDEwODQ1MThaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl\naYFiPGoPBjqeQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hR\nbvaZ39EQdRqYbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/kr\nYA5a9bKe6btgZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLL\ncWe2DDU7g/r1nSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8\nCIFdTIwzcr4NyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZ\nVp2SxgbnlbuTU90DzqIDAgMBAAGjggJIMIICRDAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFFrhttFVH5I25/sHc9DOncAEu0M4MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwBByMqx3yJGShDGoToJ\nQodeTjGLGwPr60vHaPCQYpYG9gAAAYEo9HmtAAAEAwBIMEYCIQCwDCIEu1YzSeMr\n8f9MBIuPdzWWN7Xar1dWJgfj5XqqKAIhAP/Rl5D0jr9KNiSh8dSp6X+v+fbLB+Ga\njGzfCmcCZ9tyAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGB\nKPR5vgAABAMARjBEAiAmiZXFXtcrvRecGF3b/MpdtIYxjsC8fXjTpRfrPDWeZAIg\nGXALg3rQ27V4+dm9UKPTw2TgPWfYaW6Zynl2CP59WUIwDQYJKoZIhvcNAQELBQAD\nggEBACwKOUOL5MFS8b5nP2aUqmTmi+bW6Sr/j4blxTbmFmBHC4EBdEHvlL6dYnTa\n2fR7Vqrqoo99W0l8nPyRED05jVz9R1rmzIDUFhvXd+vCsC0JnJTNg8r4xwYeJsMQ\nZNy9QCkWH/SWuzP1dusjNo5rMAPG/UYLgh/kM+W4PAZ3Ek5rWuzrUMxV2PeZRnyX\nTBeNdYTcSvhRdp4sEZ6fWx1BCEZmao+JBXzyWy4r+YOiXcAWV+7mnHGUnr/wRgYM\n8/mDkpNE5Y6wTyHCV+np+86Zsq/C64ODmpi2sKCnTiW28xpKZI4I8b6l/WzkEaZy\n0eT3gb+zaRn8ZMjJxO6JfjOLpWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n" # Gets added via chart/ingress-certs.yaml
values:
replicas: 1
resources:
requests:
cpu: 10m
memory: 16Mi
limits: {}
# Disabling helm tests for keycloak until they are working on rke2
bbtests:
enabled: true
cypress:
envs:
cypress_url: "https://keycloak.bigbang.dev"
secrets:
env:
stringData:
CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
X509_CA_BUNDLE: /etc/x509/https/cas.pem
certauthority:
stringData:
cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
customreg:
stringData:
customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
realm:
stringData:
realm.json: '{{ .Files.Get "resources/dev/baby-yoda-ci.json" }}'
extraVolumes: |-
- name: certauthority
secret:
secretName: {{ include "keycloak.fullname" . }}-certauthority
- name: customreg
secret:
secretName: {{ include "keycloak.fullname" . }}-customreg
- name: realm
secret:
secretName: {{ include "keycloak.fullname" . }}-realm
extraVolumeMounts: |-
- name: certauthority
mountPath: /etc/x509/https/cas.pem
subPath: cas.pem
readOnly: true
- name: customreg
mountPath: /opt/jboss/keycloak/customreg.yaml
subPath: customreg.yaml
readOnly: true
- name: realm
mountPath: /opt/jboss/keycloak/realm.json
subPath: realm.json
readOnly: true
vault:
enabled: true
ingress:
gateway: "passthrough"
key: "-----BEGIN PRIVATE KEY-----\nMIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQClaYFiPGoPBjqe\nQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hRbvaZ39EQdRqY\nbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/krYA5a9bKe6btg\nZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLLcWe2DDU7g/r1\nnSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8CIFdTIwzcr4N\nyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZVp2SxgbnlbuT\nU90DzqIDAgMBAAECggEAao25W/fA9maz0gj0HqGjq6VhhR22qfOhMz6JT6G2mVCc\nUVkEyeelKNTZSiQmVQu3C9YoIt1Lxoc5F6FaOwVLT6Mm/efOTfWFq8/rAOmE64Bt\nCeKhEX9pnsKa6ClX6uqRpwBcnvmRE89K9gDqlAuTOdCRpQR5/8QRpmQ3ojZz0qu5\nzUDFllcn/2DScmEA4C8wyg1+Jjln8x8J6fQ2ljn4hueY4/rr1bWMVl2IkcGNyUlV\nAhv2/vQS17PpZCfQuqAVwOvNIxN9FlUQe60V2AdbqnO+dvTEUfm2eo/HoJ9JU8O1\nISbdIC9MXjd9O1MNVqzOqOdsRU9ZlGd4GBdZ9Xsk2QKBgQDbLZeb4H7bIF+0Q+oc\nuYUhR9Xu+o7iP1xU9YlGXklH5HM36owLHyCs0PUaIldP/pyVHXyJLEtPhMrrexf9\nKkD5U7Vs489zk4JdOQ0BrVvCxxk02utYWdyc91IYWjFci7EI/vSYtciTT6G8ZRJt\nQvXGGjGsfPbpEA83MAQJI1/xJwKBgQDBM4wpj4vQVuel4A6LPUQX3hp182U5onhB\neQ7XMSVRiq7a60fmtDmgO0auiTPR5jjeS9oS2G3pVBE2Hudz83ihoO9xjNvqoZAs\n62JqRsEtaf6KTpZPf1wTHOQPxadLV5WKZRFmWTYnzl6NN19SzW5r6B7jjuhX1SFC\nTNFuZfDZxQKBgBaHCR4sZN2A5lVQ5a8uIlDZYVO+zRDUEllpI0LoTf/lqzIEGYDL\nIkCg+ZBGF1NRiCaLcVFoDBWQQIsTi9OplCQMRol6oMfwUWXjh0K03smWTTDxj171\nXYeEpBt8qbYpZXjXO6y2gnchqC4E9W/lgf1qk9B2x6oMzIOPm9qUmDfhAoGAZh4o\n547IB8bnifVzuoUXiMYMlmugBWaqyXCDN5rybrcu1OeniXmZO+gY5AgBK+DUDitp\niKx86+dTcZfEHrWB/WxjI1Ggq9PZsOR5kFL1qFtt/wyqxjo7IJ8UrIF8e4Y/tHbX\nS5G73i5mK54o9EtBIif+q6jNhh9RBQo1aHTZaUECgYBLuMf/HDK+CfZSxiUSibuv\nP5HEdh5Wyf3CcP+tnqdGlWTHTpJcyhwgXu9U4Jq/C4sCwKg+YNGdCC546VnQlk/+\nndcsIBupTiAuZ9XKgiIMnxmuhj0FZD6lJPalxTBgsHqPhAuWUTr33GUfIwsivBjq\nfPQoxgpxHY/EjpvxG6v48Q==\n-----END PRIVATE KEY-----\n" # Gets added via chart/ingress-certs.yaml
cert: "-----BEGIN CERTIFICATE-----\nMIIFIDCCBAigAwIBAgISBKnyb7wpgyFksuzmoqh4+0mUMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMjA2MDMwODQ1MTlaFw0yMjA5MDEwODQ1MThaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCl\naYFiPGoPBjqeQrQ0Zx/o9qmfZbVmV6SAPOjFKwl1udm5b7Q+PhnSsMaZVzhVu1hR\nbvaZ39EQdRqYbNJxsgUo888uCTTPJFzucUdb6fBAjWniP5qi8KvQ2THtxf4+N/kr\nYA5a9bKe6btgZa7iA9DbALr/DHetwv5Y65tzbVB06mtVnZ/fV9jhvE/L9NfssjLL\ncWe2DDU7g/r1nSuEGI0OknqfX3Sx0leloBe3AtZUn2YgzTt0zyj4buP5dpKcGIH8\nCIFdTIwzcr4NyjzpE/Sr/hJWxNVThkvkieaD7jsbj6Od6+xW7wp3b9RsyjC3uEFZ\nVp2SxgbnlbuTU90DzqIDAgMBAAGjggJIMIICRDAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFFrhttFVH5I25/sHc9DOncAEu0M4MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEEBgorBgEEAdZ5AgQCBIH1BIHyAPAAdwBByMqx3yJGShDGoToJ\nQodeTjGLGwPr60vHaPCQYpYG9gAAAYEo9HmtAAAEAwBIMEYCIQCwDCIEu1YzSeMr\n8f9MBIuPdzWWN7Xar1dWJgfj5XqqKAIhAP/Rl5D0jr9KNiSh8dSp6X+v+fbLB+Ga\njGzfCmcCZ9tyAHUARqVV63X6kSAwtaKJafTzfREsQXS+/Um4havy/HD+bUcAAAGB\nKPR5vgAABAMARjBEAiAmiZXFXtcrvRecGF3b/MpdtIYxjsC8fXjTpRfrPDWeZAIg\nGXALg3rQ27V4+dm9UKPTw2TgPWfYaW6Zynl2CP59WUIwDQYJKoZIhvcNAQELBQAD\nggEBACwKOUOL5MFS8b5nP2aUqmTmi+bW6Sr/j4blxTbmFmBHC4EBdEHvlL6dYnTa\n2fR7Vqrqoo99W0l8nPyRED05jVz9R1rmzIDUFhvXd+vCsC0JnJTNg8r4xwYeJsMQ\nZNy9QCkWH/SWuzP1dusjNo5rMAPG/UYLgh/kM+W4PAZ3Ek5rWuzrUMxV2PeZRnyX\nTBeNdYTcSvhRdp4sEZ6fWx1BCEZmao+JBXzyWy4r+YOiXcAWV+7mnHGUnr/wRgYM\n8/mDkpNE5Y6wTyHCV+np+86Zsq/C64ODmpi2sKCnTiW28xpKZI4I8b6l/WzkEaZy\n0eT3gb+zaRn8ZMjJxO6JfjOLpWo=\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n" # Gets added via chart/ingress-certs.yaml
sso:
enabled: false
client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_vault
values:
autoInit:
enabled: true
global:
tlsDisable: false
injector:
extraEnvironmentVars:
VAULT_API_ADDR: https://vault.bigbang.dev
certs:
secretName: vault-tls
affinity: |
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 100
podAffinityTerm:
labelSelector:
matchLabels:
app.kubernetes.io/name: {{ template "vault.name" . }}-agent-injector
app.kubernetes.io/instance: "{{ .Release.Name }}"
component: webhook
topologyKey: kubernetes.io/hostname
server:
extraEnvironmentVars:
VAULT_API_ADDR: https://vault.bigbang.dev #istio GW
VAULT_SKIP_VERIFY: "true"
VAULT_LOG_FORMAT: "json"
dataStorage:
enabled: true
size: 256Mi
auditStorage:
size: 256Mi
ha:
enabled: true
replicas: 1
raft:
enabled: true
config: |
ui = true
listener "tcp" {
tls_disable = false
address = "[::]:8200"
cluster_address = "[::]:8201"
tls_cert_file = "/vault/tls/tls.crt"
tls_key_file = "/vault/tls/tls.key"
telemetry {
unauthenticated_metrics_access = true
}
}
storage "raft" {
path = "/vault/data"
retry_join {
leader_api_addr = "https://vault-vault-0.vault-vault-internal:8200"
leader_client_cert_file = "/vault/tls/tls.crt"
leader_client_key_file = "/vault/tls/tls.key"
leader_tls_servername = "vault.bigbang.dev"
}
}
seal "awskms" {
region = "us-gov-west-1"
kms_key_id = "17c01cdf-2bf9-4f58-9a54-c1c4e4b145be"
endpoint = "https://kms.us-gov-west-1.amazonaws.com"
}
telemetry {
prometheus_retention_time = "24h"
disable_hostname = true
}
service_registration "kubernetes" {}
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_vault_url: "https://vault.bigbang.dev"
metricsServer:
enabled: true
values:
replicas: 1
promtail:
enabled: true
Release "bigbang" does not exist. Installing it now.
NAME: bigbang
LAST DEPLOYED: Tue Jul 12 15:23:17 2022
NAMESPACE: bigbang
STATUS: deployed
REVISION: 1
TEST SUITE: None
NOTES:
Thank you for supporting PlatformOne!
Gitlab is enabled.
Please follow the Gitlab online documentation for proper configuration.
This BigBang chart provides convenient enhancements to the Gitlab Package helm chart.
If you enable these features certain settings will be defaulted for you and any required secrets will be automatically created.
You should point to your cloud provider's RDS and object storage.
Gitlab will not provision storage for you. You will need to provision the database and the S3 buckets.
Here is an example of how to configure your deployment.
addons:
gitlab:
enabled: true
hostnames:
gitlab: gitlab.example.mil
registry: registry.example.mil
sso:
enabled: true
label: "Platform One SSO"
client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab"
client_secret: ""
database:
host: postgres.example.mil
port: 5432
username: gitlab
database: gitlab
password: mysecretpassword
objectstorage:
type: s3
endpoint: https://s3.us-gov-west-1.amazonaws.com
region: us-gov-west-1
accessKey: myaccesskey
accessSecret: mysecretkey
bucketPrefix: prod
PLATFORM ONE GITLAB WARNING:
You have enabled an internal postgres database in the BigBang configuration.
PlatformOne does not support this option for production deployments because your persistent data can be permanently lost.
This option should only be used for development or CI pipelines.
PLATFORM ONE GITLAB WARNING:
You have enabled a MinIO internal service in the BigBang configuration.
PlatformOne does not support this option for production deployments because your persistent data can be permanently lost.
This option should only be used for development or CI pipelines.
Anchore is enabled.
PLATFORM ONE ANCHORE WARNING:
You have enabled an internal postgres database (main-db) in the values configuration.
PlatformOne does not support this option for production deployments.
This option should only be used for development or CI pipelines.
PLATFORM ONE LOGGING WARNING:
You have enabled both promtail/loki and efk logging. This is permitted during beta testing of promtail/loki.
After the beta period, only one logging stack will be supported at one time, with the PLG stack becoming the default supported stack.
PLATFORM ONE TRACING WARNING:
You have enabled both Jaeger and Tempo Tracing Engines. This is permitted during beta testing of Tempo.
After the beta period, only one Tracing engine will be supported at one time, with Tempo becoming the default supported engine over a direct Jaeger installation. Tempo will deploy with Tempo-Query, a Jaeger frontend with Tempo as the backend.
Mattermost is enabled.
PLATFORM ONE MATTERMOST WARNING:
You have enabled an internal postgres database in the values configuration.
PlatformOne does not support this option for production deployments.
This option should only be used for development or CI pipelines.
PLATFORM ONE MATTERMOST WARNING:
You have enabled an internal Minio instance in the values configuration.
PlatformOne does not support this option for production deployments.
This option should only be used for development or CI pipelines.
�[0Ksection_end:1657639399:01_deploy_bigbang.sh
�[0K
�[0Ksection_start:1657639399:02_patch_coredns_vault.sh[collapsed=true]
�[0K�[33;1m02_patch_coredns_vault.sh�[37m
Waiting for istio to complete...
helmrelease.helm.toolkit.fluxcd.io/istio condition met
NAME READY UP-TO-DATE AVAILABLE AGE
passthrough-ingressgateway 1/1 1 1 7s
deployment "passthrough-ingressgateway" successfully rolled out
Setting up CoreDNS for Vault...
Starting coredns configmap patch for k3d cluster
data:
NodeHosts: |-
172.20.0.1 host.k3d.internal
172.20.0.2 k3d-13212279-server-0
172.20.0.3 k3d-13212279-serverlb
172.20.1.240 vault.bigbang.dev
configmap/coredns patched
Warning: spec.template.spec.nodeSelector[beta.kubernetes.io/os]: deprecated since v1.14; use "kubernetes.io/os" instead
deployment.apps/coredns restarted
Waiting for deployment spec update to be observed...
Waiting for deployment "coredns" rollout to finish: 0 out of 1 new replicas have been updated...
Waiting for deployment "coredns" rollout to finish: 1 old replicas are pending termination...
Waiting for deployment "coredns" rollout to finish: 0 of 1 updated replicas are available...
deployment "coredns" successfully rolled out
Verify coredns configmap NodeHosts after patch:
172.20.0.1 host.k3d.internal 172.20.0.2 k3d-13212279-server-0 172.20.0.3 k3d-13212279-serverlb 172.20.1.240 vault.bigbang.dev
Finished patching k3d coredns for Vault.
�[0Ksection_end:1657639870:02_patch_coredns_vault.sh
�[0K
�[0Ksection_start:1657639870:03_wait_for_helmreleases.sh[collapsed=true]
�[0K�[33;1m03_wait_for_helmreleases.sh�[37m
🌌 All helmreleases enabled: all-packages label enabled, or on default branch or tag.
⏳ Waiting on GitRepositories
gitrepository.source.toolkit.fluxcd.io/istio-operator condition met
gitrepository.source.toolkit.fluxcd.io/promtail condition met
gitrepository.source.toolkit.fluxcd.io/tempo condition met
gitrepository.source.toolkit.fluxcd.io/istio-controlplane condition met
gitrepository.source.toolkit.fluxcd.io/twistlock condition met
gitrepository.source.toolkit.fluxcd.io/vault condition met
gitrepository.source.toolkit.fluxcd.io/gatekeeper condition met
gitrepository.source.toolkit.fluxcd.io/authservice condition met
gitrepository.source.toolkit.fluxcd.io/anchore condition met
gitrepository.source.toolkit.fluxcd.io/minio-operator condition met
gitrepository.source.toolkit.fluxcd.io/mattermost-operator condition met
gitrepository.source.toolkit.fluxcd.io/metrics-server condition met
gitrepository.source.toolkit.fluxcd.io/kiali condition met
gitrepository.source.toolkit.fluxcd.io/kyverno condition met
gitrepository.source.toolkit.fluxcd.io/velero condition met
gitrepository.source.toolkit.fluxcd.io/elasticsearch-kibana condition met
gitrepository.source.toolkit.fluxcd.io/monitoring condition met
gitrepository.source.toolkit.fluxcd.io/nexus-repository-manager condition met
gitrepository.source.toolkit.fluxcd.io/sonarqube condition met
gitrepository.source.toolkit.fluxcd.io/eck-operator condition met
gitrepository.source.toolkit.fluxcd.io/minio condition met
gitrepository.source.toolkit.fluxcd.io/mattermost condition met
gitrepository.source.toolkit.fluxcd.io/loki condition met
gitrepository.source.toolkit.fluxcd.io/gitlab-runner condition met
gitrepository.source.toolkit.fluxcd.io/keycloak condition met
gitrepository.source.toolkit.fluxcd.io/fluentbit condition met
gitrepository.source.toolkit.fluxcd.io/kyvernopolicies condition met
gitrepository.source.toolkit.fluxcd.io/gitlab condition met
gitrepository.source.toolkit.fluxcd.io/jaeger condition met
gitrepository.source.toolkit.fluxcd.io/argocd condition met
gitrepository.source.toolkit.fluxcd.io/cluster-auditor condition met
⏳ Checking if gatekeeper HR is enabled
gatekeeper HR is enabled, waiting...
⏳ Checking if istio-operator HR is enabled
istio-operator HR not enabled, skipping...
⏳ Checking if istio HR is enabled
istio HR is enabled, waiting...
⏳ Checking if monitoring HR is enabled
monitoring HR is enabled, waiting...
⏳ Checking if eck-operator HR is enabled
eck-operator HR not enabled, skipping...
⏳ Checking if ek HR is enabled
ek HR is enabled, waiting...
⏳ Checking if fluent-bit HR is enabled
fluent-bit HR is enabled, waiting...
⏳ Checking if twistlock HR is enabled
twistlock HR is enabled, waiting...
⏳ Checking if cluster-auditor HR is enabled
cluster-auditor HR is enabled, waiting...
⏳ Checking if jaeger HR is enabled
jaeger HR is enabled, waiting...
⏳ Checking if kiali HR is enabled
kiali HR is enabled, waiting...
⏳ Checking if argocd HR is enabled
argocd HR is enabled, waiting...
⏳ Checking if authservice HR is enabled
authservice HR is enabled, waiting...
⏳ Checking if gitlab HR is enabled
gitlab HR is enabled, waiting...
⏳ Checking if gitlab-runner HR is enabled
gitlab-runner HR is enabled, waiting...
⏳ Checking if keycloak HR is enabled
keycloak HR is enabled, waiting...
⏳ Checking if anchore HR is enabled
anchore HR is enabled, waiting...
⏳ Checking if sonarqube HR is enabled
sonarqube HR is enabled, waiting...
⏳ Checking if minio-operator HR is enabled
minio-operator HR is enabled, waiting...
⏳ Checking if minio HR is enabled
minio HR is enabled, waiting...
⏳ Checking if mattermost-operator HR is enabled
mattermost-operator HR is enabled, waiting...
⏳ Checking if mattermost HR is enabled
mattermost HR is enabled, waiting...
⏳ Checking if nexus-repository-manager HR is enabled
nexus-repository-manager HR is enabled, waiting...
⏳ Checking if velero HR is enabled
velero HR is enabled, waiting...
⏳ Checking if vault HR is enabled
vault HR is enabled, waiting...
⏳ Checking if loki HR is enabled
loki HR is enabled, waiting...
⏳ Checking if promtail HR is enabled
promtail HR is enabled, waiting...
⏳ Checking if kyverno HR is enabled
kyverno HR is enabled, waiting...
⏳ Checking if kyvernopolicies HR is enabled
kyvernopolicies HR is enabled, waiting...
⏳ Checking if tempo HR is enabled
tempo HR is enabled, waiting...
⏳ Checking if metrics-server HR is enabled
metrics-server HR is enabled, waiting...
⏳ Waiting on helm releases...
❌ Found failed Helm Release(s). Exiting now.
❌ HR monitoring status is UninstallFailed
Name: monitoring
Namespace: bigbang
Labels: app.kubernetes.io/component=core
app.kubernetes.io/instance=bigbang
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=monitoring
app.kubernetes.io/part-of=bigbang
app.kubernetes.io/version=1.37.0
Annotations: meta.helm.sh/release-name: bigbang
meta.helm.sh/release-namespace: bigbang
API Version: helm.toolkit.fluxcd.io/v2beta1
Kind: HelmRelease
Metadata:
Creation Timestamp: 2022-07-12T15:23:19Z
Finalizers:
finalizers.fluxcd.io
Generation: 1
Managed Fields:
API Version: helm.toolkit.fluxcd.io/v2beta1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:annotations:
.:
f:meta.helm.sh/release-name:
f:meta.helm.sh/release-namespace:
f:labels:
.:
f:app.kubernetes.io/component:
f:app.kubernetes.io/instance:
f:app.kubernetes.io/managed-by:
f:app.kubernetes.io/name:
f:app.kubernetes.io/part-of:
f:app.kubernetes.io/version:
f:spec:
.:
f:chart:
.:
f:spec:
.:
f:chart:
f:interval:
f:reconcileStrategy:
f:sourceRef:
.:
f:kind:
f:name:
f:namespace:
f:version:
f:dependsOn:
f:install:
.:
f:crds:
f:remediation:
.:
f:retries:
f:interval:
f:rollback:
.:
f:cleanupOnFail:
f:timeout:
f:targetNamespace:
f:test:
.:
f:enable:
f:timeout:
f:upgrade:
.:
f:cleanupOnFail:
f:crds:
f:remediation:
.:
f:remediateLastFailure:
f:retries:
f:valuesFrom:
Manager: helm
Operation: Update
Time: 2022-07-12T15:23:19Z
API Version: helm.toolkit.fluxcd.io/v2beta1
Fields Type: FieldsV1
fieldsV1:
f:metadata:
f:finalizers:
.:
v:"finalizers.fluxcd.io":
Manager: helm-controller
Operation: Update
Time: 2022-07-12T15:23:19Z
API Version: helm.toolkit.fluxcd.io/v2beta1
Fields Type: FieldsV1
fieldsV1:
f:status:
f:conditions:
f:failures:
f:helmChart:
f:installFailures:
f:lastAttemptedRevision:
f:lastAttemptedValuesChecksum:
f:observedGeneration:
Manager: helm-controller
Operation: Update
Subresource: status
Time: 2022-07-12T15:32:32Z
Resource Version: 7641
UID: 161e5ea7-fc23-4ca6-95d3-4be7cc246745
Spec:
Chart:
Spec:
Chart: ./chart
Interval: 5m
Reconcile Strategy: ChartVersion
Source Ref:
Kind: GitRepository
Name: monitoring
Namespace: bigbang
Version: *
Depends On:
Name: istio
Namespace: bigbang
Name: gatekeeper
Namespace: bigbang
Name: kyvernopolicies
Namespace: bigbang
Name: vault
Namespace: bigbang
Install:
Crds: CreateReplace
Remediation:
Retries: -1
Interval: 1m
Rollback:
Cleanup On Fail: false
Timeout: 10m
Target Namespace: monitoring
Test:
Enable: false
Timeout: 20m
Upgrade:
Cleanup On Fail: true
Crds: CreateReplace
Remediation:
Remediate Last Failure: true
Retries: 3
Values From:
Kind: Secret
Name: bigbang-monitoring-values
Values Key: common
Kind: Secret
Name: bigbang-monitoring-values
Values Key: defaults
Kind: Secret
Name: bigbang-monitoring-values
Values Key: overlays
Status:
Conditions:
Last Transition Time: 2022-07-12T15:32:32Z
Message: Helm uninstall failed: uninstall: Release not loaded: monitoring-monitoring: release: not found
Last Helm logs:
Reason: UninstallFailed
Status: False
Type: Ready
Last Transition Time: 2022-07-12T15:32:32Z
Message: Helm install failed: create: failed to create: Secret "sh.helm.release.v1.monitoring-monitoring.v1" is invalid: data: Too long: must have at most 1048576 bytes
Last Helm logs:
Created a new CustomResourceDefinition called "prometheusrules.monitoring.coreos.com" in
Replaced "servicemonitors.monitoring.coreos.com" with kind for kind CustomResourceDefinition
Created a new CustomResourceDefinition called "thanosrulers.monitoring.coreos.com" in
Clearing discovery cache
beginning wait for 8 resources with timeout of 1m0s
Reason: InstallFailed
Status: False
Type: Released
Last Transition Time: 2022-07-12T15:32:32Z
Message: Helm uninstall failed: uninstall: Release not loaded: monitoring-monitoring: release: not found
Last Helm logs:
Reason: UninstallFailed
Status: False
Type: Remediated
Failures: 3
Helm Chart: bigbang/bigbang-monitoring
Install Failures: 1
Last Attempted Revision: 36.2.1-bb.0
Last Attempted Values Checksum: 1fac6cb6358ebd8bc985e1c9519ae0aaf4d97a60
Observed Generation: 1
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal info 9m16s helm-controller HelmChart 'bigbang/bigbang-monitoring' is not ready
Normal info 102s (x16 over 9m12s) helm-controller dependencies do not meet ready condition (dependency 'bigbang/istio' is not ready), retrying in 30s
Normal info 42s (x2 over 72s) helm-controller dependencies do not meet ready condition (dependency 'bigbang/vault' is not ready), retrying in 30s
Normal info 12s helm-controller Helm install has started
Warning error 3s helm-controller Helm install failed: create: failed to create: Secret "sh.helm.release.v1.monitoring-monitoring.v1" is invalid: data: Too long: must have at most 1048576 bytes
Last Helm logs:
Created a new CustomResourceDefinition called "prometheusrules.monitoring.coreos.com" in
Replaced "servicemonitors.monitoring.coreos.com" with kind for kind CustomResourceDefinition
Created a new CustomResourceDefinition called "thanosrulers.monitoring.coreos.com" in
Clearing discovery cache
beginning wait for 8 resources with timeout of 1m0s
Warning error 3s helm-controller Helm uninstall failed: uninstall: Release not loaded: monitoring-monitoring: release: not found
Last Helm logs:
Warning error 3s helm-controller reconciliation failed: Helm uninstall failed: uninstall: Release not loaded: monitoring-monitoring: release: not found
Warning error 1s (x2 over 3s) helm-controller reconciliation failed: previous release attempt remediation failed
section_end:1657639955:step_script
�[0Ksection_start:1657639955:after_script
�[0K�[0K�[36;1mRunning after_script�[0;m�[0;m
�[32;1mRunning after script...�[0;m
�[32;1m$ source ${PIPELINE_REPO_DESTINATION}/library/templates.sh�[0;m
�[32;1m$ get_ns�[0;m
�[0Ksection_start:1657639955:namespaces[collapsed=true]
�[0K�[33;1mNamespaces�[37m
NAME STATUS AGE LABELS
default Active 10m kubernetes.io/metadata.name=default
kube-system Active 10m kubernetes.io/metadata.name=kube-system
kube-public Active 10m kubernetes.io/metadata.name=kube-public
kube-node-lease Active 10m kubernetes.io/metadata.name=kube-node-lease
metallb-system Active 9m52s app=metallb,kubernetes.io/metadata.name=metallb-system
flux-system Active 9m35s app.kubernetes.io/instance=flux-system,app.kubernetes.io/part-of=flux,app.kubernetes.io/version=v0.31.2,kubernetes.io/metadata.name=flux-system,pod-security.kubernetes.io/warn-version=latest,pod-security.kubernetes.io/warn=restricted
bigbang Active 9m17s kubernetes.io/metadata.name=bigbang,name=bigbang
velero Active 9m17s app.kubernetes.io/component=cluster-utilities,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=velero,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=velero
eck-operator Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=eck-operator,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=eck-operator
istio-system Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=istio-controlplane,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=disabled,kubernetes.io/metadata.name=istio-system
kiali Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=kiali,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=kiali
monitoring Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=monitoring,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=monitoring
logging Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=logging,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=logging
vault Active 9m17s app.kubernetes.io/component=security-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=vault,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=vault
istio-operator Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=istio-operator,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=disabled,istio-operator-managed=Reconcile,kubernetes.io/metadata.name=istio-operator
anchore Active 9m17s app.kubernetes.io/component=security,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=anchore,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=anchore
minio Active 9m17s app.kubernetes.io/component=application-utilities,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=minio,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=minio
minio-operator Active 9m17s app.kubernetes.io/component=application-utilities,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=minioOperator,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=minio-operator
gitlab Active 9m17s app.kubernetes.io/component=developer-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=gitlab,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=gitlab
sonarqube Active 9m17s app.kubernetes.io/component=developer-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=sonarqube,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=sonarqube
mattermost-operator Active 9m17s app.kubernetes.io/component=collaboration-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=mattermost-operator,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=mattermost-operator
metrics-server Active 9m17s app.kubernetes.io/component=cluster-utilities,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=metrics-server,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=metrics-server
gatekeeper-system Active 9m17s admission.gatekeeper.sh/ignore=no-self-managing,app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=gatekeeper,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,control-plane=controller-manager,gatekeeper.sh/system=yes,istio-injection=disabled,kubernetes.io/metadata.name=gatekeeper-system
nexus-repository-manager Active 9m17s app.kubernetes.io/component=developer-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=nexus-repository-manager,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=nexus-repository-manager
cluster-auditor Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=cluster-auditor,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=cluster-auditor,meta.helm.sh/release-name=bigbang,meta.helm.sh/release-namespace=bigbang
authservice Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=authservice,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=authservice
jaeger Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=jaeger,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=jaeger
keycloak Active 9m17s app.kubernetes.io/component=security-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=keycloak,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=keycloak
mattermost Active 9m17s app.kubernetes.io/component=collaboration-tools,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=mattermost,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,app=bigbang-mattermost,istio-injection=disabled,kubernetes.io/metadata.name=mattermost
tempo Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=tempo,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=tempo
twistlock Active 9m17s app.kubernetes.io/component=security,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=twistlock,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=twistlock
kyverno Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=kyverno,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=disabled,kubernetes.io/metadata.name=kyverno
argocd Active 9m17s app.kubernetes.io/component=core,app.kubernetes.io/instance=bigbang,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=argocd,app.kubernetes.io/part-of=bigbang,app.kubernetes.io/version=1.37.0,istio-injection=enabled,kubernetes.io/metadata.name=argocd
�[0Ksection_end:1657639955:namespaces
�[0K
�[32;1m$ get_all�[0;m
�[0Ksection_start:1657639955:all_resources[collapsed=true]
�[0K�[33;1mAll Cluster Resources�[37m
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/local-path-provisioner-6c79684f77-lp7b7 1/1 Running 0 10m
metallb-system pod/controller-65744b4459-nlh7n 1/1 Running 0 9m52s
metallb-system pod/speaker-chxzk 1/1 Running 0 9m52s
flux-system pod/source-controller-6cbd6d5cf9-gfc2p 1/1 Running 0 9m34s
flux-system pod/notification-controller-567bfc6b68-5bl79 1/1 Running 0 9m34s
flux-system pod/helm-controller-6895b6dbfb-lsgb4 1/1 Running 0 9m34s
flux-system pod/kustomize-controller-646bd9c664-sx9kj 1/1 Running 0 9m34s
gatekeeper-system pod/gatekeeper-audit-59d6469997-kmhrg 1/1 Running 0 9m5s
gatekeeper-system pod/gatekeeper-controller-manager-78746966b4-c6d7d 1/1 Running 0 9m5s
kyverno pod/kyverno-kyverno-7d8b9d497b-4mcq8 1/1 Running 0 4m9s
istio-operator pod/istio-operator-5d5d765b6c-kn6b8 1/1 Running 0 2m11s
istio-system pod/istiod-7d96665866-m8ql6 1/1 Running 0 101s
istio-system pod/passthrough-ingressgateway-5bdf4d6d66-jr8xq 1/1 Running 0 94s
istio-system pod/public-ingressgateway-788fcd8bdb-dpvxj 1/1 Running 0 94s
kube-system pod/coredns-74f946bcb-cw96k 1/1 Running 0 86s
vault pod/vault-vault-agent-injector-7bd8d7ffc6-cqkvt 2/2 Running 0 73s
velero pod/velero-velero-555f987c7d-2dlnf 2/2 Running 0 70s
minio-operator pod/minio-operator-856486dbf7-2rpt2 2/2 Running 0 70s
vault pod/vault-vault-0 2/2 Running 0 73s
vault pod/vault-vault-job-init-flxd8 0/1 Completed 0 73s
eck-operator pod/elastic-operator-0 2/2 Running 1 (22s ago) 70s
logging pod/logging-ek-kb-6bd69c6ddb-8d5qg 0/2 Init:0/2 0 12s
logging pod/logging-ek-es-data-1 0/2 Pending 0 11s
logging pod/logging-ek-es-master-0 0/2 Init:0/3 0 15s
logging pod/logging-ek-es-data-0 0/2 Init:0/3 0 13s
kube-system pod/helper-pod-create-pvc-69982c7f-dcaa-4ddf-814f-704c031fc68b 1/1 Running 0 10s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 10m
kube-system service/kube-dns ClusterIP 172.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 10m
flux-system service/notification-controller ClusterIP 172.20.0.92 <none> 80/TCP 9m34s
flux-system service/source-controller ClusterIP 172.20.0.67 <none> 80/TCP 9m34s
flux-system service/webhook-receiver ClusterIP 172.20.0.109 <none> 80/TCP 9m34s
gatekeeper-system service/gatekeeper-webhook-service ClusterIP 172.20.0.104 <none> 443/TCP 9m5s
kyverno service/kyverno-kyverno-svc-metrics ClusterIP 172.20.0.126 <none> 8000/TCP 4m9s
kyverno service/kyverno-kyverno-svc ClusterIP 172.20.0.246 <none> 443/TCP 4m9s
istio-operator service/istio-operator ClusterIP 172.20.0.135 <none> 8383/TCP 2m12s
istio-system service/istiod ClusterIP 172.20.0.115 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 101s
istio-system service/passthrough-ingressgateway LoadBalancer 172.20.0.113 172.20.1.240 15021:30984/TCP,80:30428/TCP,443:32125/TCP 93s
istio-system service/public-ingressgateway LoadBalancer 172.20.0.216 172.20.1.241 15021:31435/TCP,80:30523/TCP,443:31759/TCP 93s
vault service/vault-vault-internal ClusterIP None <none> 8200/TCP,8201/TCP 73s
vault service/vault-vault-active ClusterIP 172.20.0.149 <none> 8200/TCP,8201/TCP 73s
vault service/vault-vault ClusterIP 172.20.0.226 <none> 8200/TCP,8201/TCP 73s
vault service/vault-vault-standby ClusterIP 172.20.0.64 <none> 8200/TCP,8201/TCP 73s
vault service/vault-vault-agent-injector-svc ClusterIP 172.20.0.175 <none> 443/TCP 73s
vault service/vault-vault-ui ClusterIP 172.20.0.116 <none> 8200/TCP 73s
minio-operator service/operator ClusterIP 172.20.0.205 <none> 4222/TCP 73s
velero service/velero-velero ClusterIP 172.20.0.21 <none> 8085/TCP 72s
eck-operator service/elastic-operator-webhook ClusterIP 172.20.0.23 <none> 443/TCP 71s
logging service/logging-ek-es-transport ClusterIP None <none> 9300/TCP 19s
logging service/logging-ek-es-http ClusterIP 172.20.0.187 <none> 9200/TCP 19s
logging service/logging-ek-es-internal-http ClusterIP 172.20.0.163 <none> 9200/TCP 19s
logging service/logging-ek-kb-http ClusterIP 172.20.0.164 <none> 5601/TCP 19s
logging service/logging-ek-es-master ClusterIP None <none> 9200/TCP 18s
logging service/logging-ek-es-data ClusterIP None <none> 9200/TCP 16s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
metallb-system daemonset.apps/speaker 1 1 1 1 1 kubernetes.io/os=linux 9m52s
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/local-path-provisioner 1/1 1 1 10m
metallb-system deployment.apps/controller 1/1 1 1 9m52s
flux-system deployment.apps/source-controller 1/1 1 1 9m34s
flux-system deployment.apps/notification-controller 1/1 1 1 9m34s
flux-system deployment.apps/helm-controller 1/1 1 1 9m34s
flux-system deployment.apps/kustomize-controller 1/1 1 1 9m34s
gatekeeper-system deployment.apps/gatekeeper-audit 1/1 1 1 9m5s
gatekeeper-system deployment.apps/gatekeeper-controller-manager 1/1 1 1 9m5s
istio-operator deployment.apps/istio-operator 1/1 1 1 2m12s
istio-system deployment.apps/istiod 1/1 1 1 101s
istio-system deployment.apps/passthrough-ingressgateway 1/1 1 1 94s
istio-system deployment.apps/public-ingressgateway 1/1 1 1 94s
kube-system deployment.apps/coredns 1/1 1 1 10m
vault deployment.apps/vault-vault-agent-injector 1/1 1 1 73s
velero deployment.apps/velero-velero 1/1 1 1 72s
minio-operator deployment.apps/minio-operator 1/1 1 1 73s
kyverno deployment.apps/kyverno-kyverno 1/1 1 1 4m9s
logging deployment.apps/logging-ek-kb 0/1 1 0 12s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/local-path-provisioner-6c79684f77 1 1 1 10m
metallb-system replicaset.apps/controller-65744b4459 1 1 1 9m52s
flux-system replicaset.apps/source-controller-6cbd6d5cf9 1 1 1 9m34s
flux-system replicaset.apps/notification-controller-567bfc6b68 1 1 1 9m34s
flux-system replicaset.apps/helm-controller-6895b6dbfb 1 1 1 9m34s
flux-system replicaset.apps/kustomize-controller-646bd9c664 1 1 1 9m34s
gatekeeper-system replicaset.apps/gatekeeper-audit-59d6469997 1 1 1 9m5s
gatekeeper-system replicaset.apps/gatekeeper-controller-manager-78746966b4 1 1 1 9m5s
istio-operator replicaset.apps/istio-operator-5d5d765b6c 1 1 1 2m11s
istio-system replicaset.apps/istiod-7d96665866 1 1 1 101s
istio-system replicaset.apps/passthrough-ingressgateway-5bdf4d6d66 1 1 1 94s
istio-system replicaset.apps/public-ingressgateway-788fcd8bdb 1 1 1 94s
kube-system replicaset.apps/coredns-5789895cd 0 0 0 10m
kube-system replicaset.apps/coredns-74f946bcb 1 1 1 86s
vault replicaset.apps/vault-vault-agent-injector-7bd8d7ffc6 1 1 1 73s
velero replicaset.apps/velero-velero-555f987c7d 1 1 1 72s
minio-operator replicaset.apps/minio-operator-856486dbf7 1 1 1 73s
kyverno replicaset.apps/kyverno-kyverno-7d8b9d497b 1 1 1 4m9s
logging replicaset.apps/logging-ek-kb-6bd69c6ddb 1 1 0 12s
NAMESPACE NAME READY AGE
vault statefulset.apps/vault-vault 1/1 73s
eck-operator statefulset.apps/elastic-operator 1/1 71s
logging statefulset.apps/logging-ek-es-master 0/1 17s
logging statefulset.apps/logging-ek-es-data 0/2 14s
NAMESPACE NAME REFERENCE TARGETS MINPODS MAXPODS REPLICAS AGE
istio-system horizontalpodautoscaler.autoscaling/istiod Deployment/istiod <unknown>/60% 1 3 1 101s
istio-system horizontalpodautoscaler.autoscaling/passthrough-ingressgateway Deployment/passthrough-ingressgateway <unknown>/80% 1 5 1 93s
istio-system horizontalpodautoscaler.autoscaling/public-ingressgateway Deployment/public-ingressgateway <unknown>/80% 1 5 1 93s
NAMESPACE NAME COMPLETIONS DURATION AGE
vault job.batch/vault-vault-job-init 1/1 39s 73s
�[0Ksection_end:1657639955:all_resources
�[0K
�[32;1m$ get_events�[0;m
�[0Ksection_start:1657639955:show_event_log[collapsed=true]
�[0K�[33;1mCluster Event Log�[37m
�[31mNOTICE: Cluster events can be found in artifact events.txt�[0m
�[0Ksection_end:1657639956:show_event_log
�[0K
�[32;1m$ bigbang_pipeline�[0;m
�[0Ksection_start:1657639956:git_repos[collapsed=true]
�[0K�[33;1mGitrepos�[37m
NAMESPACE NAME URL AGE READY STATUS
bigbang istio-operator https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git 9m17s True stored artifact for revision '1.13.5-bb.1/1f2ada9aa8440ac1be9cccf8c01d7e204f858336'
bigbang promtail https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/promtail.git 9m17s True stored artifact for revision '4.2.0-bb.2/bb32e3ba0847bfdf4e582d7be9c02064a9f5e0f0'
bigbang tempo https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/tempo.git 9m17s True stored artifact for revision '0.15.1-bb.6/037b07ba36e04ab41b4449696132397eb4f0e9d1'
bigbang istio-controlplane https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git 9m17s True stored artifact for revision '1.13.5-bb.1/68a36ca3bef50bf5ba5055e38b490b99acc0e867'
bigbang twistlock https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git 9m17s True stored artifact for revision '0.9.0-bb.3/8087f00904d69f24769543a9df9a69b685c81db1'
bigbang vault https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/vault.git 9m17s True stored artifact for revision '0.20.1-bb.4/5f02b796f47cfec4672165690ce4a290e8e8b153'
bigbang gatekeeper https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git 9m17s True stored artifact for revision '3.8.1-bb.0/efbaa542e963a9649794eec59a44bcf0b3937161'
bigbang authservice https://repo1.dso.mil/platform-one/big-bang/apps/core/authservice.git 9m17s True stored artifact for revision '0.5.1-bb.4/963047a79a312b51541112b7974c8ce1d3b33740'
bigbang anchore https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git 9m17s True stored artifact for revision '1.18.6-bb.5/9a95c9a5a5cb2b756ece2dc3818b5c036a85205d'
bigbang minio-operator https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git 9m17s True stored artifact for revision '4.4.16-bb.3/909112aebf3b07cf7f6a884bb6e3e8f4fc3479a2'
bigbang mattermost-operator https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git 9m17s True stored artifact for revision '1.18.1-bb.0/fc55bc1f8aeed58ab4e2d77d155895d1102fd6c7'
bigbang metrics-server https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/metrics-server.git 9m17s True stored artifact for revision '3.8.0-bb.2/7207444d7b9005089f13d97ea8816187cf95741e'
bigbang kiali https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git 9m17s True stored artifact for revision '1.51.0-bb.3/c7f1320624083ffe61f2230835edf43f26465d85'
bigbang kyverno https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git 9m17s True stored artifact for revision '2.2.0-bb.3/17661adb870b599033db4bae4c8fd994b32fb3af'
bigbang velero https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git 9m17s True stored artifact for revision '2.29.0-bb.4/3999ee78b56279f22f6e2f9cb3d80a7e8b4a4d0b'
bigbang elasticsearch-kibana https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git 9m17s True stored artifact for revision '0.8.0-bb.1/9a4fe9ec706fdf8137d922c195898018457c0c96'
bigbang monitoring https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git 9m17s True stored artifact for revision '36.2.1-bb.0/4d591b7fd705fb630c8c6b5dc5bdcbacba55b6d3'
bigbang nexus-repository-manager https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/nexus.git 9m17s True stored artifact for revision '38.0.0-bb.3/aeb20d1cc3157c37caef9e3e156aea88ab27a3f4'
bigbang sonarqube https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/sonarqube.git 9m17s True stored artifact for revision '1.0.29-bb.2/ec8097b04a8462e71a63295d59df57f73efb6705'
bigbang eck-operator https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git 9m17s True stored artifact for revision '2.2.0-bb.2/c7fb8a5be6955c2314bf820f97216c88f2abec03'
bigbang minio https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git 9m17s True stored artifact for revision '4.4.16-bb.0/f2fd1a994dff92cc6a7a70666ada064b9ac0dcc3'
bigbang mattermost https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost.git 9m17s True stored artifact for revision '7.0.1-bb.1/73791c4e35749fe3f33267d31df0319eb9325293'
bigbang loki https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/loki.git 9m17s True stored artifact for revision '3.0.5-bb.2/a2aeb1ac17d01d7f385db112c2364c8ea30f5630'
bigbang gitlab-runner https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner.git 9m17s True stored artifact for revision '0.41.0-bb.0/333207c04ac930c67f70f5918e89578e6d1bef7a'
bigbang keycloak https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git 9m17s True stored artifact for revision '18.1.1-bb.6/76a8979c8d355ff9d27267477b39a7754e458a1e'
bigbang fluentbit https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git 9m17s True stored artifact for revision '0.20.3-bb.0/f6687e92e49efb96d29eb3291d40add2a2fbfcc8'
bigbang kyvernopolicies https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies.git 9m17s True stored artifact for revision '1.0.0-bb.13/fd136e34706a623a905afb1dfa05b666f258efae'
bigbang gitlab https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab.git 9m17s True stored artifact for revision '6.0.1-bb.5/4ad57e2d90f5ced2d26208ecc57e5e528b8a1fd0'
bigbang jaeger https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git 9m17s True stored artifact for revision '2.32.2-bb.3/27ea558f88ac9a5ea0c3367fff1ce7aafdd98340'
bigbang argocd https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git 9m17s True stored artifact for revision '4.2.3-bb.3/63800d3cba5390b07def449f7a6ff2b473ef6445'
bigbang cluster-auditor https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git 9m17s True stored artifact for revision '1.4.0-bb.4/0eb3dd9619e8a821d0c56ba1ebfdc399388e1d7b'
�[0Ksection_end:1657639956:git_repos
�[0K
�[0Ksection_start:1657639956:hr[collapsed=true]
�[0K�[33;1mHelmreleases�[37m
NAMESPACE NAME AGE READY STATUS
bigbang gatekeeper 9m17s True Release reconciliation succeeded
bigbang kyverno 9m17s True Release reconciliation succeeded
bigbang kyvernopolicies 9m17s True Release reconciliation succeeded
bigbang istio-operator 9m17s True Release reconciliation succeeded
bigbang istio 9m17s True Release reconciliation succeeded
bigbang eck-operator 9m17s True Release reconciliation succeeded
bigbang minio-operator 9m17s True Release reconciliation succeeded
bigbang velero 9m17s True Release reconciliation succeeded
bigbang ek 9m17s True Release reconciliation succeeded
bigbang vault 9m17s True Release reconciliation succeeded
bigbang loki 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang mattermost 9m17s False dependency 'bigbang/mattermost-operator' is not ready
bigbang gitlab-runner 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang keycloak 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang fluent-bit 9m17s False dependency 'bigbang/loki' is not ready
bigbang gitlab 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang jaeger 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang argocd 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang cluster-auditor 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang promtail 9m17s False dependency 'bigbang/loki' is not ready
bigbang tempo 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang twistlock 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang authservice 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang anchore 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang mattermost-operator 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang metrics-server 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang kiali 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang nexus-repository-manager 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang sonarqube 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang minio 9m17s False dependency 'bigbang/monitoring' is not ready
bigbang monitoring 9m17s False Helm uninstall failed: uninstall: Release not loaded: monitoring-monitoring: release: not found...
�[0Ksection_end:1657639956:hr
�[0K
�[0Ksection_start:1657639956:opa_vio[collapsed=true]
�[0K�[33;1mOPA Violations�[37m
error: the server doesn't have a resource type "constraint"
�[0Ksection_end:1657639967:opa_vio
�[0K
�[32;1m$ get_debug�[0;m
Debug not enabled, skipping
�[32;1m$ k3d cluster delete ${CI_JOB_ID}�[0;m
�[36mINFO�[0m[0000] Deleting cluster '13212279'
�[36mINFO�[0m[0015] Deleting 2 attached volumes...
�[33mWARN�[0m[0015] Failed to delete volume 'k3d-13212279-images' of cluster '13212279': failed to find volume 'k3d-13212279-images': Error: No such volume: k3d-13212279-images -> Try to delete it manually
�[36mINFO�[0m[0015] Removing cluster details from default kubeconfig...
�[36mINFO�[0m[0015] Removing standalone kubeconfig file (if there is one)...
�[36mINFO�[0m[0015] Successfully deleted cluster 13212279!
�[32;1m$ docker network rm ${CI_JOB_ID}�[0;m
13212279
section_end:1657639983:after_script
�[0Ksection_start:1657639983:upload_artifacts_on_failure
�[0K�[0K�[36;1mUploading artifacts for failed job�[0;m�[0;m
�[32;1mUploading artifacts...�[0;m
events.txt: found 1 matching files and directories�[0;m
�[0;33mWARNING: get_cpumem.txt: no matching files �[0;m
�[0;33mWARNING: cluster_info_dump.txt: no matching files �[0;m
�[0;33mWARNING: images.txt: no matching files �[0;m
�[0;33mWARNING: pod_logs: no matching files �[0;m
�[0;33mWARNING: kubectl_describes: no matching files �[0;m
�[0;33mWARNING: test-artifacts/: no matching files �[0;m
Uploading artifacts as "archive" to coordinator... 201 Created�[0;m id�[0;m=13212279 responseStatus�[0;m=201 Created token�[0;m=MidwhuNx
section_end:1657639984:upload_artifacts_on_failure
�[0Ksection_start:1657639984:cleanup_file_variables
�[0K�[0K�[36;1mCleaning up project directory and file based variables�[0;m�[0;m
section_end:1657639985:cleanup_file_variables
�[0K�[31;1mERROR: Job failed: command terminated with exit code 1
�[0;m