�[0KRunning with gitlab-runner 14.4.0 (4b9e985a)�[0;m
�[0K on gitlab-runners-bigbang-gitlab-runner-privileged-gitlab-runf5qfd Y8LeNesr�[0;m
section_start:1637074030:resolve_secrets
�[0K�[0K�[36;1mResolving secrets�[0;m�[0;m
section_end:1637074030:resolve_secrets
�[0Ksection_start:1637074030:prepare_executor
�[0K�[0K�[36;1mPreparing the "kubernetes" executor�[0;m�[0;m
�[0KUsing Kubernetes namespace: gitlab-runners�[0;m
�[0KUsing Kubernetes executor with image registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates/bb-ci:2.0.1 ...�[0;m
�[0KUsing attach strategy to execute scripts...�[0;m
section_end:1637074030:prepare_executor
�[0Ksection_start:1637074030:prepare_script
�[0K�[0K�[36;1mPreparing environment�[0;m�[0;m
Waiting for pod gitlab-runners/runner-y8lenesr-project-2872-concurrent-09g9fw to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper svc-0]"
ContainersNotReady: "containers with unready status: [build helper svc-0]"
Running on runner-y8lenesr-project-2872-concurrent-09g9fw via gitlab-runners-bigbang-gitlab-runner-privileged-gitlab-runf5qfd...
section_end:1637074038:prepare_script
�[0Ksection_start:1637074038:get_sources
�[0K�[0K�[36;1mGetting source from Git repository�[0;m�[0;m
�[32;1mFetching changes with git depth set to 50...�[0;m
Initialized empty Git repository in /builds/Y8LeNesr/0/platform-one/big-bang/bigbang/.git/
�[32;1mCreated fresh repository.�[0;m
�[32;1mChecking out a2814a31 as master...�[0;m
�[32;1mSkipping Git submodules setup�[0;m
section_end:1637074039:get_sources
�[0Ksection_start:1637074039:step_script
�[0K�[0K�[36;1mExecuting "step_script" stage of the job script�[0;m�[0;m
�[32;1m$ echo -e "\e[0Ksection_start:`date +%s`:k3d_up[collapsed=true]\r\e[0K\e[33;1mK3D Cluster Create\e[37m"�[0;m
�[0Ksection_start:1637074039:k3d_up[collapsed=true]
�[0K�[33;1mK3D Cluster Create�[37m
�[32;1m$ git clone -b ${PIPELINE_REPO_BRANCH} ${PIPELINE_REPO} ${PIPELINE_REPO_DESTINATION}�[0;m
Cloning into '../pipeline-repo'...
�[32;1m$ source ${PIPELINE_REPO_DESTINATION}/library/templates.sh�[0;m
�[32;1m$ i=0; while [ "$i" -lt 12 ]; do docker info &>/dev/null && break; sleep 5; i=$(( i + 1 )) ; done�[0;m
�[32;1m$ docker network create ${CI_JOB_ID} --driver=bridge -o "com.docker.network.driver.mtu"="1450" --subnet=172.20.0.0/16�[0;m
eba3aba15bb510c9689ec5227ae2a08bd361d1768b42d8073046867fbdea04b0
�[32;1m$ chmod +x ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh; echo "Executing ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh..."; ./${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/k3d/deploy_k3d.sh�[0;m
Executing ../pipeline-repo/clusters/k3d/dependencies/k3d/deploy_k3d.sh...
+ k3d cluster create 8018870 --config ../pipeline-repo/clusters/k3d/dependencies/k3d/config.yaml --network 8018870
�[36mINFO�[0m[0000] Using config file ../pipeline-repo/clusters/k3d/dependencies/k3d/config.yaml (k3d.io/v1alpha3#simple)
�[36mINFO�[0m[0000] portmapping '80:80' targets the loadbalancer: defaulting to [servers:*:proxy agents:*:proxy]
�[36mINFO�[0m[0000] portmapping '443:443' targets the loadbalancer: defaulting to [servers:*:proxy agents:*:proxy]
�[36mINFO�[0m[0000] Prep: Network
�[36mINFO�[0m[0000] Re-using existing network '8018870' (eba3aba15bb510c9689ec5227ae2a08bd361d1768b42d8073046867fbdea04b0)
�[36mINFO�[0m[0000] Created volume 'k3d-8018870-images'
�[36mINFO�[0m[0000] Starting new tools node...
�[36mINFO�[0m[0001] Creating node 'k3d-8018870-server-0'
�[36mINFO�[0m[0001] Pulling image 'docker.io/rancher/k3d-tools:5.0.3'
�[36mINFO�[0m[0002] Pulling image 'docker.io/rancher/k3s:v1.21.5-k3s2'
�[36mINFO�[0m[0002] Starting Node 'k3d-8018870-tools'
�[36mINFO�[0m[0004] Creating LoadBalancer 'k3d-8018870-serverlb'
�[36mINFO�[0m[0006] Pulling image 'docker.io/rancher/k3d-proxy:5.0.3'
�[36mINFO�[0m[0008] Using the k3d-tools node to gather environment information
�[36mINFO�[0m[0008] HostIP: using network gateway...
�[36mINFO�[0m[0008] Starting cluster '8018870'
�[36mINFO�[0m[0008] Starting servers...
�[36mINFO�[0m[0008] Starting Node 'k3d-8018870-server-0'
�[36mINFO�[0m[0008] Deleted k3d-8018870-tools
�[36mINFO�[0m[0013] Starting agents...
�[36mINFO�[0m[0013] Starting helpers...
�[36mINFO�[0m[0013] Starting Node 'k3d-8018870-serverlb'
�[36mINFO�[0m[0019] Injecting '<nil> host.k3d.internal' into /etc/hosts of all nodes...
�[36mINFO�[0m[0019] Injecting records for host.k3d.internal and for 2 network members into CoreDNS configmap...
�[36mINFO�[0m[0021] Cluster '8018870' created successfully!
�[36mINFO�[0m[0021] You can now use it like this:
kubectl cluster-info
�[32;1m$ until kubectl get deployment coredns -n kube-system -o go-template='{{.status.availableReplicas}}' | grep -v -e '<no value>'; do sleep 1s; done�[0;m
1
�[32;1m$ chmod +x ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh; echo "Executing ${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh..."; ./${PIPELINE_REPO_DESTINATION}/clusters/k3d/dependencies/metallb/install_metallb.sh�[0;m
Executing ../pipeline-repo/clusters/k3d/dependencies/metallb/install_metallb.sh...
+ kubectl create -f ../pipeline-repo/clusters/k3d/dependencies/metallb/metallb.yaml
namespace/metallb-system created
Warning: policy/v1beta1 PodSecurityPolicy is deprecated in v1.21+, unavailable in v1.25+
podsecuritypolicy.policy/controller created
podsecuritypolicy.policy/speaker created
serviceaccount/controller created
serviceaccount/speaker created
clusterrole.rbac.authorization.k8s.io/metallb-system:controller created
clusterrole.rbac.authorization.k8s.io/metallb-system:speaker created
role.rbac.authorization.k8s.io/config-watcher created
role.rbac.authorization.k8s.io/pod-lister created
role.rbac.authorization.k8s.io/controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:controller created
clusterrolebinding.rbac.authorization.k8s.io/metallb-system:speaker created
rolebinding.rbac.authorization.k8s.io/config-watcher created
rolebinding.rbac.authorization.k8s.io/pod-lister created
rolebinding.rbac.authorization.k8s.io/controller created
daemonset.apps/speaker created
deployment.apps/controller created
+ kubectl create -f ../pipeline-repo/clusters/k3d/dependencies/metallb/metallb-config.yaml
configmap/config created
�[32;1m$ get_all�[0;m
�[0Ksection_start:1637074075:all_resources[collapsed=true]
�[0K�[33;1mAll Cluster Resources�[37m
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/metrics-server-86cbb8457f-d29mr 1/1 Running 0 7s
kube-system pod/local-path-provisioner-5ff76fc89d-27j4c 1/1 Running 0 7s
kube-system pod/coredns-7448499f4d-v75ff 1/1 Running 0 7s
metallb-system pod/speaker-vrwbr 0/1 Pending 0 0s
metallb-system pod/controller-f6dcd56df-7jp54 0/1 ContainerCreating 0 0s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 22s
kube-system service/kube-dns ClusterIP 172.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 19s
kube-system service/metrics-server ClusterIP 172.20.0.70 <none> 443/TCP 17s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
metallb-system daemonset.apps/speaker 1 1 0 1 0 kubernetes.io/os=linux 0s
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/metrics-server 1/1 1 1 18s
kube-system deployment.apps/local-path-provisioner 1/1 1 1 19s
kube-system deployment.apps/coredns 1/1 1 1 19s
metallb-system deployment.apps/controller 0/1 1 0 0s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/metrics-server-86cbb8457f 1 1 1 7s
kube-system replicaset.apps/local-path-provisioner-5ff76fc89d 1 1 1 7s
kube-system replicaset.apps/coredns-7448499f4d 1 1 1 7s
metallb-system replicaset.apps/controller-f6dcd56df 1 1 0 0s
�[0Ksection_end:1637074075:all_resources
�[0K
�[32;1m$ echo -e "\e[0Ksection_end:`date +%s`:k3d_up\r\e[0K"�[0;m
�[0Ksection_end:1637074075:k3d_up
�[0K
�[32;1m$ deploy_bigbang�[0;m
�[0Ksection_start:1637074075:00_deploy_flux.sh[collapsed=true]
�[0K�[33;1m00_deploy_flux.sh�[37m
+ ./scripts/install_flux.sh --registry-username robot-ironbank+bigbang-dev-imagepullonly --registry-password [MASKED] --registry-email bigbang@bigbang.dev
REGISTRY_URL: registry1.dso.mil
REGISTRY_USERNAME: robot-ironbank+bigbang-dev-imagepullonly
namespace/flux-system created
Creating secret private-registry in namespace flux-system
secret/private-registry created
Installing flux from kustomization
Warning: resource namespaces/flux-system is missing the kubectl.kubernetes.io/last-applied-configuration annotation which is required by kubectl apply. kubectl apply should only be used on resources created declaratively by either kubectl create --save-config or kubectl apply. The missing annotation will be patched automatically.
namespace/flux-system configured
customresourcedefinition.apiextensions.k8s.io/alerts.notification.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/buckets.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/gitrepositories.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmcharts.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmreleases.helm.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/helmrepositories.source.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/kustomizations.kustomize.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/providers.notification.toolkit.fluxcd.io created
customresourcedefinition.apiextensions.k8s.io/receivers.notification.toolkit.fluxcd.io created
serviceaccount/helm-controller created
serviceaccount/kustomize-controller created
serviceaccount/notification-controller created
serviceaccount/source-controller created
clusterrole.rbac.authorization.k8s.io/crd-controller-flux-system created
clusterrolebinding.rbac.authorization.k8s.io/cluster-reconciler-flux-system created
clusterrolebinding.rbac.authorization.k8s.io/crd-controller-flux-system created
service/notification-controller created
service/source-controller created
service/webhook-receiver created
deployment.apps/helm-controller created
deployment.apps/kustomize-controller created
deployment.apps/notification-controller created
deployment.apps/source-controller created
networkpolicy.networking.k8s.io/allow-egress created
networkpolicy.networking.k8s.io/allow-scraping created
networkpolicy.networking.k8s.io/allow-webhooks created
deployment.apps/helm-controller condition met
deployment.apps/source-controller condition met
deployment.apps/kustomize-controller condition met
deployment.apps/notification-controller condition met
�[0Ksection_end:1637074085:00_deploy_flux.sh
�[0K
�[0Ksection_start:1637074085:01_deploy_bigbang.sh[collapsed=true]
�[0K�[33;1m01_deploy_bigbang.sh�[37m
+ [[ master == \m\a\s\t\e\r ]]
+ echo '🌌 all-packages label enabled, or on default branch or tag, enabling all addons'
🌌 all-packages label enabled, or on default branch or tag, enabling all addons
+ yq e '.addons.*.enabled = true' tests/test-values.yaml
+ mv tmpfile tests/test-values.yaml
+ [[ '' = *\l\o\k\i* ]]
+ [[ '' = *\p\r\o\m\t\a\i\l* ]]
+ [[ push == \s\c\h\e\d\u\l\e ]]
+ [[ '' = *\t\e\s\t\-\c\i\:\:\i\n\f\r\a* ]]
+ yq eval-all 'select(fileIndex == 0) * select(filename == "chart/ingress-certs.yaml")' tests/test-values.yaml chart/ingress-certs.yaml
+ mv tmpfile tests/test-values.yaml
+ echo '🚀 Installing BigBang with the following configurations:'
🚀 Installing BigBang with the following configurations:
+ cat tests/test-values.yaml
domain: bigbang.dev
sso:
# LetsEncrypt certificate authority
certificate_authority: |
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMTUwNjA0MTEwNDM4
WhcNMzUwNjA0MTEwNDM4WjBPMQswCQYDVQQGEwJVUzEpMCcGA1UEChMgSW50ZXJu
ZXQgU2VjdXJpdHkgUmVzZWFyY2ggR3JvdXAxFTATBgNVBAMTDElTUkcgUm9vdCBY
MTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAK3oJHP0FDfzm54rVygc
h77ct984kIxuPOZXoHj3dcKi/vVqbvYATyjb3miGbESTtrFj/RQSa78f0uoxmyF+
0TM8ukj13Xnfs7j/EvEhmkvBioZxaUpmZmyPfjxwv60pIgbz5MDmgK7iS4+3mX6U
A5/TR5d8mUgjU+g4rk8Kb4Mu0UlXjIB0ttov0DiNewNwIRt18jA8+o+u3dpjq+sW
T8KOEUt+zwvo/7V3LvSye0rgTBIlDHCNAymg4VMk7BPZ7hm/ELNKjD+Jo2FR3qyH
B5T0Y3HsLuJvW5iB4YlcNHlsdu87kGJ55tukmi8mxdAQ4Q7e2RCOFvu396j3x+UC
B5iPNgiV5+I3lg02dZ77DnKxHZu8A/lJBdiB3QW0KtZB6awBdpUKD9jf1b0SHzUv
KBds0pjBqAlkd25HN7rOrFleaJ1/ctaJxQZBKT5ZPt0m9STJEadao0xAH0ahmbWn
OlFuhjuefXKnEgV4We0+UXgVCwOPjdAvBbI+e0ocS3MFEvzG6uBQE3xDk3SzynTn
jh8BCNAw1FtxNrQHusEwMFxIt4I7mKZ9YIqioymCzLq9gwQbooMDQaHWBfEbwrbw
qHyGO0aoSCqI3Haadr8faqU9GY/rOPNk3sgrDQoo//fb4hVC1CLQJ13hef4Y53CI
rU7m2Ys6xt0nUW7/vGT1M0NPAgMBAAGjQjBAMA4GA1UdDwEB/wQEAwIBBjAPBgNV
HRMBAf8EBTADAQH/MB0GA1UdDgQWBBR5tFnme7bl5AFzgAiIyBpY9umbbjANBgkq
hkiG9w0BAQsFAAOCAgEAVR9YqbyyqFDQDLHYGmkgJykIrGF1XIpu+ILlaS/V9lZL
ubhzEFnTIZd+50xx+7LSYK05qAvqFyFWhfFQDlnrzuBZ6brJFe+GnY+EgPbk6ZGQ
3BebYhtF8GaV0nxvwuo77x/Py9auJ/GpsMiu/X1+mvoiBOv/2X/qkSsisRcOj/KK
NFtY2PwByVS5uCbMiogziUwthDyC3+6WVwW6LLv3xLfHTjuCvjHIInNzktHCgKQ5
ORAzI4JMPJ+GslWYHb4phowim57iaztXOoJwTdwJx4nLCgdNbOhdjsnvzqvHu7Ur
TkXWStAmzOVyyghqpZXjFaH3pO3JLF+l+/+sKAIuvtd7u+Nxe5AW0wdeRlN8NwdC
jNPElpzVmbUq4JUagEiuTDkHzsxHpFKVK7q4+63SM1N95R1NbdWhscdCb+ZAJzVc
oyi3B43njTOQ5yOf+1CceWxG1bQVs5ZufpsMljq4Ui0/1lvh+wjChP4kqKOJ2qxq
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-----END CERTIFICATE-----
# Must be updated for every new deployment of Keycloak. Example of where to get the jwks:
# https://login.dso.mil/auth/realms/baby-yoda/protocol/openid-connect/certs
# must be single quoted and double quotes must be escaped like this \"xxxx\"
jwks: '{\"keys\":[{\"kid\":\"4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4\",\"kty\":\"RSA\",\"alg\":\"RS256\",\"use\":\"sig\",\"n\":\"hiML1kjw-sw25BgaZI1AyfgcCRBPJKPE-wwttqa7NNxptr_5RCBGuJXqDyo3p1vjcbb8KjdKnXI7kWer8b2Pz_RP1m_QcPrKOxSluk7GZF8ARsc6FPGbzYgi8o8cBVSsaml6HZzpN3ZnH4DFZ27ifM-Ul_PyMxZ2aweohIaizXp-rgF7Rqpav5NXUwmcSyH8LP92NVIuFlD3HYTDGosVbfA_u_H25Z4XCGKW_vLDTNrl8PcA3HqIoD-vNavysdxAq_KNw7iLLc0KLsjFYSdJL_54H7QubsGR0AyIrLLurJbqAtvttGJK38k5XYWKIwYGtu6iiJwjSb7UtonVdPh8Vw\",\"e\":\"AQAB\",\"x5c\":[\"MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=\"],\"x5t\":\"mxFIwx7EdgxyC3Y6ODLx8yr8Bx8\",\"x5t#S256\":\"SdT7ScKVOnBW6qs_MuYdTGVtMGwYK_-nmQF9a_8lXco\"}]}'
oidc:
host: keycloak.bigbang.dev
realm: baby-yoda
flux:
timeout: 20m
interval: 1m
rollback:
cleanupOnFail: false
networkPolicies:
enabled: true
controlPlaneCidr: 172.16.0.0/12
istio:
enabled: true
ingressGateways:
passthrough-ingressgateway:
type: "LoadBalancer"
gateways:
passthrough:
ingressGateway: "passthrough-ingressgateway"
hosts:
- "*.{{ .Values.domain }}"
tls:
mode: "PASSTHROUGH"
public:
tls:
key: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbaLWaC86eG74Z\nD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpBtvV5x9F88gMz\nyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+mrUniVT8WNrRL\nC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+AfaGSHheKo5h\nxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqUB4dAge+imwAs\nZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKNB/8mi1pylWqN\nUjedV4A5AgMBAAECggEBAM56xORaljBO9WAKOotNK+1rNBO6jAYTWQeY95CeolSP\ny/PvobcZa6QICAL16o3DlSqQroTTmf7WllLnq4PWueA43+ETWSMaxAsqWE0laTTd\nqyfV/8lvhzTv5/+z/TIZnmoCDFT2Wm9iPdudpfXbKp+ghFnYFJVwmVITRbB91InX\n38LaEvLWFnJ3/DPYursaXerwwrm50d0PCdpa/ceqBCVHlpT3Zc0lT0rYpDVtc9BG\n3gjbvKwhVUQBDfD3FGEobxhbc5eEH6JEf0PUWKnsU5F0qRKjQnfM19XKbczP+9gY\n71BDL1sALSZxxJXW865+7GeXKCtxObkcCwYbf8UrS30CgYEA+HSH4ZpuHZ8IKIbs\nvFaAjsEMkRfZPao8b/g4/JCg4TuOpAdFZUTSPWmdUq3i/J8o9b+e8/bznn9HLHIT\nqyreSyiRUQRtcniSL1ZUHSzzW9QefYKzPghGYHXQLIBAWt50PDaMfPQ6Sj1NaEPH\nh3hq4YNYNMQP/QVmfFdiT4xVA6cCgYEA4hJgSc17hh/u84uYAKhg2zSlFG5LlYKc\nYb2aFQJhFz2QqGxMeOXyIVDFD6btGcOLtPt4RdsBuCLZZzFBDUlWL7rY9qlL+/+P\nERStyHE9gFBDa0KWfvQxHSXIuxN2mkokktiVfaTisi8SWEKRJYp+B8HCa5lSDBti\neXcGBK3hWR8CgYBJ+aBPmsR4i1ZJgsrP1M2YM4CDXt9uzdYK3JRTFtjf1vTEf+m4\nmkIiyORvrphr8ROn//La3sdwhKLzZ8/VYgEnzZ9eyPuxXpbgA0suGKkoyUJ+ykCG\nEr6pj8p4xYLjy2I+X1t7BNiqLBB1H+Ezw7XHCW1k4I+GHWqDUR1TZAwX9wKBgFhy\nKAm3wqPuymWuL4HSXlJkflFH9XpA5z22GBowHBwjkfzSofiKvfgayX4eKJTz1Cyy\nVZO+4yVPPQ8KThEMqBN0Xn3iLkAg87ATDwpkg1M4E6hbHNX+Y1ir96R5MOWcLELn\nSVUmtSpREDRHltHBJR2TyKSgD2F9NUGgN1KNVKSxAoGARyx7VceWlpdmnr+i26UH\nB4h6/rL/nY7M2oWgUaj7FeygcfemtO6cV+R1Bl876Q9Dx797hZ4ddGAgxmDFsv8J\nf6SSzTJBB6IGxt+1ZcxD4uFXUrOVFv00br/Re14bsXQcMwi9kEJF2idbR5E7O2qc\nqbLlPssjuZS5pDnRa05bEIQ=\n-----END PRIVATE KEY-----\n" # Gets added via chart/ingress-certs.yaml
cert: "-----BEGIN CERTIFICATE-----\nMIIFHzCCBAegAwIBAgISA9KlIFfDVyxZ1/qZXl4HMuIOMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTA5MjcxNDU1MDdaFw0yMTEyMjYxNDU1MDZaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb\naLWaC86eG74ZD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpB\ntvV5x9F88gMzyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+m\nrUniVT8WNrRLC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+\nAfaGSHheKo5hxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqU\nB4dAge+imwAsZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKN\nB/8mi1pylWqNUjedV4A5AgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFLUbMi65bMLlINPzTplLjtCHZfa0MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBElGUusO7Or8RAB9io\n/ijA2uaCvtjLMbU/0zOWtbaBqAAAAXwn948JAAAEAwBGMEQCIBkkdKr6WRtmZYO8\nkuchAYDxGPaCnU9FYU3BZBpsbJvLAiButEYn4AvTFiZMILymyuuqct/eFjIR9MEE\npNotyaD+bQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABfCf3\nkGUAAAQDAEcwRQIhAOOOX0qpI8xjqARUfU4ErGe8icHORlNHHzP/a6b3XE4ZAiBp\nfMNh3oihXS1e6EM9Xs8m+9nuCi7rqLNSkCNuwisK7zANBgkqhkiG9w0BAQsFAAOC\nAQEABMjkLKKxYyL4ZT6BPuOyqC4hnczDYUmZdCCysLu7psCjrZIAlSRxLIWXdWir\nogi/Vf+wdPKk38NDar0T9+rfAehuvQjQKCzIKVzr+MGauW0Wytwt63EgLIl2znvX\njWEIUwDQkqeFzPMbov8BK8hdLibBSz9nLrT0Zyw9mgRIzslemsi62+AjSNERTCTv\nqyhinnBHLd3dGLOAXexwXu7ic2ZwCgnSgcli+MWC30QOh6ePJJqgw6OpwvOC9DAV\nfkvGYFXlgYXnhQeLr0/4tzw3koclRWe/qgjAdAjB03yp1e53b+j9NoOfyobo1MFe\nnMqEgcgAiA2VuE62Q4HE0Rs5wA==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----\n" # Gets added via chart/ingress-certs.yaml
values:
kiali:
dashboard:
auth:
strategy: "anonymous"
jaeger:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-jaeger
values:
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://tracing.bigbang.dev"
kiali:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kiali
values:
cr:
spec:
auth:
strategy: "anonymous"
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'https://kiali.bigbang.dev'
clusterAuditor:
enabled: true
values:
resources:
requests:
cpu: 100m
memory: .5Gi
limits: {}
gatekeeper:
enabled: true
values:
replicas: 1
resources:
requests:
cpu: 100m
memory: 256Mi
limits: {}
violations:
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
allowedDockerRegistries:
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
hostNetworking:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
bbtests:
# TODO: Test will need to be refactored at BB level to properly run since we can't turn everything to deny
# https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/133
enabled: false
scripts:
image: registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1
additionalVolumeMounts:
- name: "{{ .Chart.Name }}-test-config"
mountPath: /yaml
- name: "{{ .Chart.Name }}-kube-cache"
mountPath: /.kube/cache
additionalVolumes:
- name: "{{ .Chart.Name }}-test-config"
configMap:
name: "{{ .Chart.Name }}-test-config"
- name: "{{ .Chart.Name }}-kube-cache"
emptyDir: {}
logging:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-kibana
license:
trial: false
values:
elasticsearch:
master:
count: 1
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
data:
count: 2
persistence:
size: 256Mi
resources:
requests:
cpu: .5
limits: {}
heap:
min: 1g
max: 1g
kibana:
count: 1
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_kibana_url: "https://kibana.bigbang.dev"
secretEnvs:
- name: cypress_elastic_password
valueFrom:
secretKeyRef:
name: "logging-ek-es-elastic-user"
key: elastic
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
elasticsearch_host: "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc.cluster.local:9200"
desired_version: "{{ .Values.elasticsearch.version }}"
secretEnvs:
- name: ELASTIC_PASSWORD
valueFrom:
secretKeyRef:
name: "logging-ek-es-elastic-user"
key: elastic
fluentbit:
enabled: true
values:
securityContext:
privileged: true
bbtests:
enabled: true
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
fluent_host: "http://{{ include \"fluent-bit.fullname\" . }}.{{ .Release.Namespace }}.svc.cluster.local:{{ .Values.service.port }}"
desired_version: "{{ .Values.image.tag }}"
monitoring:
enabled: true
sso:
enabled: false
prometheus:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-prometheus
alertmanager:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-alertmanager
grafana:
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-grafana
scopes: "Grafana"
values:
prometheus:
prometheusSpec:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
kube-state-metrics:
resources:
requests:
cpu: 10m
memory: 32Mi
limits: {}
prometheus-node-exporter:
resources:
requests:
cpu: 100m
memory: 30Mi
limits: {}
grafana:
testFramework:
enabled: false
dashboards:
default:
k8s-deployment:
gnetId: 741
revision: 1
datasource: Prometheus
downloadDashboards:
resources:
limits:
cpu: 20m
memory: 20Mi
requests:
cpu: 20m
memory: 20Mi
dashboardProviders:
dashboardproviders.yaml:
apiVersion: 1
providers:
- name: 'default'
orgId: 1
folder: ''
type: file
disableDeletion: false
editable: true
options:
path: /var/lib/grafana/dashboards
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_prometheus_url: 'https://prometheus.bigbang.dev'
cypress_grafana_url: 'https://grafana.bigbang.dev'
cypress_alertmanager_url: 'https://alertmanager.bigbang.dev'
twistlock:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-twistlock
values:
console:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: "https://twistlock.bigbang.dev"
scripts:
image: registry1.dso.mil/ironbank/stedolan/jq:1.6
envs:
twistlock_host: "https://twistlock.bigbang.dev"
desired_version: "{{ .Values.console.image.tag }}"
# Addons are toggled based on labels in CI
addons:
argocd:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-argocd
client_secret: anything-for-dev
provider_name: "P1 SSO"
groups: |
g, Impact Level 2 Authorized, role:admin
values:
controller:
resources:
requests:
cpu: 500m
memory: 2Gi
limits: {}
dex:
resources:
requests:
cpu: 10m
memory: 128Mi
limits: {}
redis-bb:
master:
persistence:
size: 256Mi
replica:
persistence:
size: 256Mi
redis:
resources:
requests:
cpu: 50m
memory: 64Mi
limits: {}
server:
resources:
requests:
cpu: 20m
memory: 128Mi
limits: {}
repoServer:
resources:
requests:
cpu: 50m
memory: 128Mi
limits: {}
configs:
secret:
argocdServerAdminPassword: '$2a$10$rUDZDckdDZ2TEwk9PDs3QuqjkL58qR1IHE1Kj4MwDx.7/m5dytZJm'
bbtests:
# TODO: Disabled pending resolution of some "timing?" issues
# https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd/-/issues/17
enabled: false
cypress:
artifacts: true
envs:
cypress_url: "https://argocd.bigbang.dev"
cypress_user: "admin"
cypress_password: "Password123"
authservice:
enabled: true
chains:
minimal:
callback_uri: "https://minimal.bigbang.dev"
values:
resources:
requests:
cpu: 100m
memory: 100Mi
limits: {}
redis:
master:
persistence:
size: 256Mi
replica:
persistence:
size: 256Mi
gitlab:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-gitlab
flux:
timeout: 20m
values:
global:
rails:
bootstrap:
enabled: false
gitlab-runner:
resources:
requests:
cpu: 10m
limits: {}
gitlab:
webservice:
minReplicas: 1
maxReplicas: 1
helmTests:
enabled: false
sidekiq:
minReplicas: 1
maxReplicas: 1
gitlab-shell:
minReplicas: 1
maxReplicas: 1
gitaly:
persistence:
size: 256Mi
resources:
## values raised to help pass CI after default values for gitaly are fixed then can revert to original request.
#requests:
# cpu: 50m
#limits: {}
requests:
cpu: 400m
memory: 600Mi
limits:
cpu: 400m
memory: 600Mi
shared-secrets:
resources:
requests:
cpu: 10m
limits: {}
migrations:
resources:
requests:
cpu: 10m
limits: {}
task-runner:
persistence:
size: 256Mi
resources:
requests:
cpu: 10m
limits: {}
registry:
hpa:
minReplicas: 1
maxReplicas: 1
postgresql:
persistence:
size: 256Mi
metrics:
resources:
requests:
cpu: 10m
limits: {}
minio:
persistence:
size: 256Mi
resources:
requests:
cpu: 50m
limits: {}
redis:
master:
persistence:
size: 256Mi
slave:
persistence:
size: 256Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: https://gitlab.bigbang.dev
cypress_gitlab_first_name: "test"
cypress_gitlab_last_name: "user"
cypress_gitlab_username: "testuser"
cypress_gitlab_password: "12345678"
cypress_gitlab_email: "testuser@example.com"
cypress_gitlab_project: "my-awesome-project"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
scripts:
image: "registry.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/bbtests:0.0.3"
envs:
GITLAB_USER: "testuser"
GITLAB_PASS: "12345678"
GITLAB_EMAIL: "testuser@example.com"
GITLAB_PROJECT: "my-awesome-project"
GITLAB_REPOSITORY: https://gitlab.bigbang.dev
GITLAB_ORIGIN: https://testuser:12345678@gitlab.bigbang.dev
GITLAB_REGISTRY: registry.bigbang.dev
gitlabRunner:
enabled: true
values:
resources:
requests:
memory: 64Mi
cpu: 50m
limits: {}
runners:
protected: false
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_baseUrl: "https://gitlab.bigbang.dev"
cypress_gitlab_first_name: "testrunner"
cypress_gitlab_last_name: "userrunner"
cypress_gitlab_email: "gitlab@bigbang.dev"
cypress_gitlab_username: "gitlabrunner_user"
cypress_gitlab_password: "gitlabrunner_pass"
cypress_gitlab_project: "runner-hello-world"
secretEnvs:
- name: cypress_adminpassword
valueFrom:
secretKeyRef:
name: gitlab-gitlab-initial-root-password
key: password
anchore:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-anchore
enterprise:
enabled: false
licenseYaml: |
"TBD"
values:
ensureDbJobs:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
sso:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
postgresql:
persistence:
size: 256Mi
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreAnalyzer:
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreApi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreCatalog:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchorePolicyEngine:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreSimpleQueue:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchore-feeds-db:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
metrics:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeeds:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseFeedsUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseRbac:
authResources:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
managerResources:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseReports:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseNotifications:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEntperpiseUi:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
anchoreEnterpriseEngineUpgradeJob:
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
bbtests:
enabled: true
scripts:
image: registry1.dso.mil/ironbank/anchore/cli/cli:0.9.1
envs:
ANCHORE_CLI_URL: "https://anchore-api.bigbang.dev/v1"
ANCHORE_CLI_USER: admin
secretEnvs:
- name: ANCHORE_CLI_PASS
valueFrom:
secretKeyRef:
name: "{{ template \"anchore-engine.fullname\" . }}-admin-pass"
key: ANCHORE_ADMIN_PASSWORD
sonarqube:
enabled: true
sso:
enabled: false
client_id: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube
provider_name: "P1 SSO"
certificate: MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=
login: login
name: name
email: email
values:
plugins:
install: []
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
persistence:
enabled: false
size: 5Gi
postgresql:
persistence:
size: 256Mi
resources:
requests:
cpu: 100m
memory: 200Mi
limits: {}
tests:
enabled: false
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://sonarqube.bigbang.dev"
cypress_url_setup: "https://sonarqube.bigbang.dev/setup"
cypress_user: "admin"
cypress_password: "new_admin_password"
account:
adminPassword: new_admin_password
currentAdminPassword: admin
curlContainerImage: registry1.dso.mil/ironbank/big-bang/base:8.4
minioOperator:
enabled: true
minio:
enabled: true
values:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
bbtests:
# There have been intermittent failures of the tests in the past. The issue is tracked in the below issue.
# https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio/-/issues/7
# This issue can be reopened if problems reappear.
enabled: true
cypress:
artifacts: true
envs:
cypress_url: 'http://minio.bigbang.dev/login'
secretEnvs:
- name: cypress_secretkey
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: secretkey
- name: cypress_accesskey
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: accesskey
scripts:
image: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2021-09-02T09-21-27Z
envs:
MINIO_PORT: '80'
MINIO_HOST: 'http://minio'
secretEnvs:
- name: SECRET_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: secretkey
- name: ACCESS_KEY
valueFrom:
secretKeyRef:
name: "{{ .Values.tenants.secrets.name }}"
key: accesskey
mattermostoperator:
enabled: true
mattermost:
enabled: true
sso:
enabled: false
client_id: "platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-mattermost"
client_secret: "no-secret"
elasticsearch:
enabled: true
values:
postgresql:
persistence:
size: 256Mi
replicaCount: 1
resources:
requests:
cpu: 100m
memory: 128Mi
limits: {}
minio:
tenants:
pools:
- servers: 1
volumesPerServer: 4
size: 256Mi
resources:
requests:
cpu: 250m
memory: 2Gi
limits:
cpu: 250m
memory: 2Gi
securityContext:
runAsUser: 1001
runAsGroup: 1001
fsGroup: 1001
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: https://chat.bigbang.dev
cypress_mm_email: "test@bigbang.dev"
cypress_mm_user: "bigbang"
cypress_mm_password: "Bigbang#123"
nexus:
enabled: true
# Nexus requires manual configuration in Keycloak client and cannot be tested with login.dso.mil
# you must test with your own dev deployment. Example: keycloak.bigbang.dev
# See more info in Nexus Package docs /docs/keycloak.md
# Nexus SSO is behind a paywall. You must have a valid license to enable SSO
# -- Base64 encoded license file.
# cat ~/Downloads/sonatype-license-YYYY-MM-ddTnnnnnnZ.lic | base64 -w 0 ; echo
#license_key: "enter-single-line-base64-encoded-string-here"
sso:
# -- https://support.sonatype.com/hc/en-us/articles/1500000976522-SAML-integration-for-Nexus-Repository-Manager-Pro-3-and-Nexus-IQ-Server-with-Keycloak#h_01EV7CWCYH3YKAPMAHG8XMQ599
enabled: false
idp_data:
entityId: "https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata"
# -- IdP Field Mappings
# -- NXRM username attribute
username: "username"
firstName: "firstName"
lastName: "lastName"
email: "email"
groups: "groups"
# -- IDP SAML Metadata XML as a single line string in single quotes
# -- this information is public and does not require a secret
# curl https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/saml/descriptor ; echo
idpMetadata: 'enter-single-quoted-single-line-string-here'
role:
# id is the name of the Keycloak group (case sensitive)
- id: "Nexus"
name: "Keycloak Nexus Group"
description: "unprivilaged users"
privileges: []
roles: []
- id: "Nexus-Admin"
name: "Keycloak Nexus Admin Group"
description: "keycloak users as admins"
privileges:
- "nx-all"
roles:
- "nx-admin"
# NexusNotes: |
# Login to Nexus Admin UI and then get the x509 certificate from this path
# https://nexus.bigbang.dev/service/rest/v1/security/saml/metadata
# copy and paste the nexus single line certificate into a text file and save it
# vi nexus-x509.txt
# -----BEGIN CERTIFICATE-----
# put-single-line-nexus-x509-certificate-here
# -----END CERTIFICATE-----
# make a valid pem file with proper wrapping at 64 characters per line
# fold -w 64 nexus-x509.txt > nexus.pem
# In Keycloak go to the nexus client and on the Keys tab import the nexus.pem file in two places
values:
persistence:
# Do NOT set this below 5Gi, nexus will fail to boot
storageSize: 5Gi
nexus:
# https://help.sonatype.com/repomanager3/installation/system-requirements#SystemRequirements-JVMDirectMemory
env:
- name: install4jAddVmParams
value: "-Xms500M -Xmx500M -XX:MaxDirectMemorySize=500M -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap"
resources:
requests:
cpu: 100m
memory: 1500Mi
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_nexus_url: "https://nexus.bigbang.dev"
cypress_nexus_user: "admin"
cypress_nexus_pass_new: "new_admin_password"
secretEnvs:
- name: cypress_nexus_pass
valueFrom:
secretKeyRef:
name: nexus-repository-manager-secret
key: admin.password
velero:
enabled: true
plugins:
- aws
values:
serviceAccount:
server:
name: velero
configuration:
# minio uses s3 provider
provider: aws
backupStorageLocation:
bucket: velero
config: &minio-config
region: velero
insecureSkipTLSVerify: "true"
s3ForcePathStyle: "true"
s3Url: &minio-address https://minio.bigbang.dev
volumeSnapshotLocation:
provider: aws
config:
region: velero
credentials:
useSecret: true
secretContents:
cloud: |
[default]
aws_access_key_id = minio
aws_secret_access_key = minio123
bbtests:
# TODO: Velero test is messy and times out running in BB CI
# https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero/-/issues/9
enabled: false
scripts:
image: registry1.dso.mil/ironbank/opensource/velero/velero:v1.6.0
additionalVolumes:
- name: transfer-kubectl
emptyDir: {}
- name: &yamlVolName yaml-configs
configMap:
name: "{{ .Chart.Name }}-backup-restore-files-config"
additionalVolumeMounts:
- name: transfer-kubectl
mountPath: /usr/local/bin/kubectl
subPath: kubectl
- name: *yamlVolName
mountPath: &yamlMountPath /yaml
envs:
MINIO_HOST: *minio-address
TEST_YAML_DIR: *yamlMountPath
MINIO_USER: minio
MINIO_PASS: minio123
secretEnvs:
- name: NAMESPACE
valueFrom:
fieldRef:
fieldPath: metadata.namespace
keycloak:
enabled: true
ingress:
gateway: "passthrough"
key: "-----BEGIN PRIVATE KEY-----\nMIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDbaLWaC86eG74Z\nD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpBtvV5x9F88gMz\nyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+mrUniVT8WNrRL\nC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+AfaGSHheKo5h\nxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqUB4dAge+imwAs\nZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKNB/8mi1pylWqN\nUjedV4A5AgMBAAECggEBAM56xORaljBO9WAKOotNK+1rNBO6jAYTWQeY95CeolSP\ny/PvobcZa6QICAL16o3DlSqQroTTmf7WllLnq4PWueA43+ETWSMaxAsqWE0laTTd\nqyfV/8lvhzTv5/+z/TIZnmoCDFT2Wm9iPdudpfXbKp+ghFnYFJVwmVITRbB91InX\n38LaEvLWFnJ3/DPYursaXerwwrm50d0PCdpa/ceqBCVHlpT3Zc0lT0rYpDVtc9BG\n3gjbvKwhVUQBDfD3FGEobxhbc5eEH6JEf0PUWKnsU5F0qRKjQnfM19XKbczP+9gY\n71BDL1sALSZxxJXW865+7GeXKCtxObkcCwYbf8UrS30CgYEA+HSH4ZpuHZ8IKIbs\nvFaAjsEMkRfZPao8b/g4/JCg4TuOpAdFZUTSPWmdUq3i/J8o9b+e8/bznn9HLHIT\nqyreSyiRUQRtcniSL1ZUHSzzW9QefYKzPghGYHXQLIBAWt50PDaMfPQ6Sj1NaEPH\nh3hq4YNYNMQP/QVmfFdiT4xVA6cCgYEA4hJgSc17hh/u84uYAKhg2zSlFG5LlYKc\nYb2aFQJhFz2QqGxMeOXyIVDFD6btGcOLtPt4RdsBuCLZZzFBDUlWL7rY9qlL+/+P\nERStyHE9gFBDa0KWfvQxHSXIuxN2mkokktiVfaTisi8SWEKRJYp+B8HCa5lSDBti\neXcGBK3hWR8CgYBJ+aBPmsR4i1ZJgsrP1M2YM4CDXt9uzdYK3JRTFtjf1vTEf+m4\nmkIiyORvrphr8ROn//La3sdwhKLzZ8/VYgEnzZ9eyPuxXpbgA0suGKkoyUJ+ykCG\nEr6pj8p4xYLjy2I+X1t7BNiqLBB1H+Ezw7XHCW1k4I+GHWqDUR1TZAwX9wKBgFhy\nKAm3wqPuymWuL4HSXlJkflFH9XpA5z22GBowHBwjkfzSofiKvfgayX4eKJTz1Cyy\nVZO+4yVPPQ8KThEMqBN0Xn3iLkAg87ATDwpkg1M4E6hbHNX+Y1ir96R5MOWcLELn\nSVUmtSpREDRHltHBJR2TyKSgD2F9NUGgN1KNVKSxAoGARyx7VceWlpdmnr+i26UH\nB4h6/rL/nY7M2oWgUaj7FeygcfemtO6cV+R1Bl876Q9Dx797hZ4ddGAgxmDFsv8J\nf6SSzTJBB6IGxt+1ZcxD4uFXUrOVFv00br/Re14bsXQcMwi9kEJF2idbR5E7O2qc\nqbLlPssjuZS5pDnRa05bEIQ=\n-----END PRIVATE KEY-----\n" # Gets added via chart/ingress-certs.yaml
cert: "-----BEGIN CERTIFICATE-----\nMIIFHzCCBAegAwIBAgISA9KlIFfDVyxZ1/qZXl4HMuIOMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTA5MjcxNDU1MDdaFw0yMTEyMjYxNDU1MDZaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDb\naLWaC86eG74ZD5JxLJ0X4DpOTZgGeP3oY+oS5S1pE+nZq30LrC6YMQeBLSvJDWpB\ntvV5x9F88gMzyhU94HgrWH26LBUQIBti+ip6IbS0sAKc6bicw6NBtR2F4BnLGw+m\nrUniVT8WNrRLC1NkN5shexmTE6XAY9Ak6UpApHVmTiB8xz6hypr4JwqnqQfxDO0+\nAfaGSHheKo5hxTSgUYULhyA9UaImHU+S/SekwGLRLX1KfcTpnz1+TZiQqShG9vqU\nB4dAge+imwAsZTCnI9H3tmz6jWekXQYRUraJUwjEaqqLoSQT5VQmEl518ueeRKKN\nB/8mi1pylWqNUjedV4A5AgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFLUbMi65bMLlINPzTplLjtCHZfa0MB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQBElGUusO7Or8RAB9io\n/ijA2uaCvtjLMbU/0zOWtbaBqAAAAXwn948JAAAEAwBGMEQCIBkkdKr6WRtmZYO8\nkuchAYDxGPaCnU9FYU3BZBpsbJvLAiButEYn4AvTFiZMILymyuuqct/eFjIR9MEE\npNotyaD+bQB2AH0+8viP/4hVaCTCwMqeUol5K8UOeAl/LmqXaJl+IvDXAAABfCf3\nkGUAAAQDAEcwRQIhAOOOX0qpI8xjqARUfU4ErGe8icHORlNHHzP/a6b3XE4ZAiBp\nfMNh3oihXS1e6EM9Xs8m+9nuCi7rqLNSkCNuwisK7zANBgkqhkiG9w0BAQsFAAOC\nAQEABMjkLKKxYyL4ZT6BPuOyqC4hnczDYUmZdCCysLu7psCjrZIAlSRxLIWXdWir\nogi/Vf+wdPKk38NDar0T9+rfAehuvQjQKCzIKVzr+MGauW0Wytwt63EgLIl2znvX\njWEIUwDQkqeFzPMbov8BK8hdLibBSz9nLrT0Zyw9mgRIzslemsi62+AjSNERTCTv\nqyhinnBHLd3dGLOAXexwXu7ic2ZwCgnSgcli+MWC30QOh6ePJJqgw6OpwvOC9DAV\nfkvGYFXlgYXnhQeLr0/4tzw3koclRWe/qgjAdAjB03yp1e53b+j9NoOfyobo1MFe\nnMqEgcgAiA2VuE62Q4HE0Rs5wA==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----" # Gets added via chart/ingress-certs.yaml
values:
replicas: 1
resources:
requests:
cpu: 10m
memory: 16Mi
limits: {}
bbtests:
enabled: true
cypress:
artifacts: true
envs:
cypress_url: "https://keycloak.bigbang.dev"
cypress_username: "admin"
cypress_password: "password"
secrets:
env:
stringData:
CUSTOM_REGISTRATION_CONFIG: /opt/jboss/keycloak/customreg.yaml
KEYCLOAK_IMPORT: /opt/jboss/keycloak/realm.json
X509_CA_BUNDLE: /etc/x509/https/cas.pem
certauthority:
stringData:
cas.pem: '{{ .Files.Get "resources/dev/dod_cas.pem" }}'
customreg:
stringData:
customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}'
realm:
stringData:
realm.json: '{{ .Files.Get "resources/dev/baby-yoda.json" }}'
extraVolumes: |-
- name: certauthority
secret:
secretName: {{ include "keycloak.fullname" . }}-certauthority
- name: customreg
secret:
secretName: {{ include "keycloak.fullname" . }}-customreg
- name: realm
secret:
secretName: {{ include "keycloak.fullname" . }}-realm
extraVolumeMounts: |-
- name: certauthority
mountPath: /etc/x509/https/cas.pem
subPath: cas.pem
readOnly: true
- name: customreg
mountPath: /opt/jboss/keycloak/customreg.yaml
subPath: customreg.yaml
readOnly: true
- name: realm
mountPath: /opt/jboss/keycloak/realm.json
subPath: realm.json
readOnly: true
+ helm upgrade -i bigbang chart -n bigbang --create-namespace --set 'registryCredentials[0].username=robot-ironbank+bigbang-dev-imagepullonly' --set 'registryCredentials[0].password=[MASKED]' --set 'registryCredentials[0].registry=registry1.dso.mil' --set 'registryCredentials[1].username=[MASKED]' --set 'registryCredentials[1].password=[MASKED]' --set 'registryCredentials[1].registry=docker.io' -f tests/test-values.yaml
Release "bigbang" does not exist. Installing it now.
Error: template: bigbang/templates/authservice/values.yaml:2:113: executing "bigbang/templates/authservice/values.yaml" at <include "bigbang.defaults.authservice" .>: error calling include: template: bigbang/templates/authservice/values.yaml:17:44: executing "bigbang.defaults.authservice" at <.Values.addons.haproxy.ingress.gateway>: nil pointer evaluating interface {}.gateway
++ echo $'\342\235\214' exit at ././../pipeline-repo/scripts/deploy/01_deploy_bigbang.sh:44, command was: helm upgrade -i bigbang chart -n bigbang --create-namespace --set 'registryCredentials[0].username="${REGISTRY1_USER}"' --set 'registryCredentials[0].password="${REGISTRY1_PASSWORD}"' --set 'registryCredentials[0].registry=registry1.dso.mil' --set 'registryCredentials[1].username="${DOCKER_USER}"' --set 'registryCredentials[1].password="${DOCKER_PASSWORD}"' --set 'registryCredentials[1].registry=docker.io' -f '${CI_VALUES_FILE}'
❌ exit at ././../pipeline-repo/scripts/deploy/01_deploy_bigbang.sh:44, command was: helm upgrade -i bigbang chart -n bigbang --create-namespace --set registryCredentials[0].username="${REGISTRY1_USER}" --set registryCredentials[0].password="${REGISTRY1_PASSWORD}" --set registryCredentials[0].registry=registry1.dso.mil --set registryCredentials[1].username="${DOCKER_USER}" --set registryCredentials[1].password="${DOCKER_PASSWORD}" --set registryCredentials[1].registry=docker.io -f ${CI_VALUES_FILE}
section_end:1637074085:step_script
�[0Ksection_start:1637074085:after_script
�[0K�[0K�[36;1mRunning after_script�[0;m�[0;m
�[32;1mRunning after script...�[0;m
�[32;1m$ source ${PIPELINE_REPO_DESTINATION}/library/templates.sh�[0;m
�[32;1m$ get_all�[0;m
�[0Ksection_start:1637074085:all_resources[collapsed=true]
�[0K�[33;1mAll Cluster Resources�[37m
NAMESPACE NAME READY STATUS RESTARTS AGE
kube-system pod/metrics-server-86cbb8457f-d29mr 1/1 Running 0 18s
kube-system pod/local-path-provisioner-5ff76fc89d-27j4c 1/1 Running 0 18s
kube-system pod/coredns-7448499f4d-v75ff 1/1 Running 0 18s
metallb-system pod/speaker-vrwbr 0/1 CreateContainerConfigError 0 11s
metallb-system pod/controller-f6dcd56df-7jp54 1/1 Running 0 11s
flux-system pod/kustomize-controller-76dffcf86f-tzpvl 1/1 Running 0 9s
flux-system pod/helm-controller-7c4c655d47-rhrct 1/1 Running 0 9s
flux-system pod/source-controller-7985fc4b67-p4zq7 1/1 Running 0 9s
flux-system pod/notification-controller-8488796fd4-cc6sz 1/1 Running 0 9s
NAMESPACE NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
default service/kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 33s
kube-system service/kube-dns ClusterIP 172.20.0.10 <none> 53/UDP,53/TCP,9153/TCP 30s
kube-system service/metrics-server ClusterIP 172.20.0.70 <none> 443/TCP 28s
flux-system service/notification-controller ClusterIP 172.20.0.110 <none> 80/TCP 9s
flux-system service/source-controller ClusterIP 172.20.0.137 <none> 80/TCP 9s
flux-system service/webhook-receiver ClusterIP 172.20.0.237 <none> 80/TCP 9s
NAMESPACE NAME DESIRED CURRENT READY UP-TO-DATE AVAILABLE NODE SELECTOR AGE
metallb-system daemonset.apps/speaker 1 1 0 1 0 kubernetes.io/os=linux 11s
NAMESPACE NAME READY UP-TO-DATE AVAILABLE AGE
kube-system deployment.apps/metrics-server 1/1 1 1 29s
kube-system deployment.apps/local-path-provisioner 1/1 1 1 30s
kube-system deployment.apps/coredns 1/1 1 1 30s
metallb-system deployment.apps/controller 1/1 1 1 11s
flux-system deployment.apps/kustomize-controller 1/1 1 1 9s
flux-system deployment.apps/helm-controller 1/1 1 1 9s
flux-system deployment.apps/source-controller 1/1 1 1 9s
flux-system deployment.apps/notification-controller 1/1 1 1 9s
NAMESPACE NAME DESIRED CURRENT READY AGE
kube-system replicaset.apps/metrics-server-86cbb8457f 1 1 1 18s
kube-system replicaset.apps/local-path-provisioner-5ff76fc89d 1 1 1 18s
kube-system replicaset.apps/coredns-7448499f4d 1 1 1 18s
metallb-system replicaset.apps/controller-f6dcd56df 1 1 1 11s
flux-system replicaset.apps/kustomize-controller-76dffcf86f 1 1 1 9s
flux-system replicaset.apps/helm-controller-7c4c655d47 1 1 1 9s
flux-system replicaset.apps/source-controller-7985fc4b67 1 1 1 9s
flux-system replicaset.apps/notification-controller-8488796fd4 1 1 1 9s
�[0Ksection_end:1637074086:all_resources
�[0K
�[32;1m$ get_events�[0;m
�[0Ksection_start:1637074086:show_event_log[collapsed=true]
�[0K�[33;1mCluster Event Log�[37m
�[31mNOTICE: Cluster events can be found in artifact events.txt�[0m
�[0Ksection_end:1637074086:show_event_log
�[0K
�[32;1m$ bigbang_pipeline�[0;m
�[0Ksection_start:1637074086:git_repos[collapsed=true]
�[0K�[33;1mGitrepos�[37m
No resources found
�[0Ksection_end:1637074086:git_repos
�[0K
�[0Ksection_start:1637074086:hr[collapsed=true]
�[0K�[33;1mHelmreleases�[37m
No resources found
�[0Ksection_end:1637074086:hr
�[0K
�[0Ksection_start:1637074086:opa_vio[collapsed=true]
�[0K�[33;1mOPA Violations�[37m
error: the server doesn't have a resource type "constraint"
�[0Ksection_end:1637074086:opa_vio
�[0K
�[32;1m$ get_debug�[0;m
Debug not enabled, skipping
�[32;1m$ k3d cluster delete ${CI_JOB_ID}�[0;m
�[36mINFO�[0m[0000] Deleting cluster '8018870'
�[36mINFO�[0m[0000] Deleted k3d-8018870-serverlb
�[36mINFO�[0m[0001] Deleted k3d-8018870-server-0
�[36mINFO�[0m[0001] Deleting image volume 'k3d-8018870-images'
�[36mINFO�[0m[0001] Removing cluster details from default kubeconfig...
�[36mINFO�[0m[0001] Removing standalone kubeconfig file (if there is one)...
�[36mINFO�[0m[0001] Successfully deleted cluster 8018870!
�[32;1m$ docker network rm ${CI_JOB_ID}�[0;m
8018870
section_end:1637074088:after_script
�[0Ksection_start:1637074088:upload_artifacts_on_failure
�[0K�[0K�[36;1mUploading artifacts for failed job�[0;m�[0;m
�[32;1mUploading artifacts...�[0;m
events.txt: found 1 matching files and directories�[0;m
�[0;33mWARNING: images.txt: no matching files �[0;m
�[0;33mWARNING: test-artifacts/: no matching files �[0;m
Uploading artifacts as "archive" to coordinator... ok�[0;m id�[0;m=8018870 responseStatus�[0;m=201 Created token�[0;m=q_84usr_
section_end:1637074089:upload_artifacts_on_failure
�[0Ksection_start:1637074089:cleanup_file_variables
�[0K�[0K�[36;1mCleaning up project directory and file based variables�[0;m�[0;m
section_end:1637074089:cleanup_file_variables
�[0K�[31;1mERROR: Job failed: command terminated with exit code 1
�[0;m