UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

Disable keycloak helm test until working on rke2

Merged Disable keycloak helm test until working on rke2
BrandenCobb-master-patch-66080 into master
All threads resolved!
Merged Branden Cobb requested to merge BrandenCobb-master-patch-66080 into master
All threads resolved!
Compare
and
3 files
+ 62
62
Compare changes
  • Side-by-side
  • Inline
Files
3
tests/ci/k3d/values.yaml
+ 50
59
hostname: bigbang.dev
flux:
timeout: 20m
interval: 1m
rollback:
cleanupOnFail: false
@@ -182,62 +183,52 @@ gatekeeper:
cpu: 100m
memory: 256Mi
limits: {}
violations:
allowedCapabilities:
parameters:
excludedResources:
# Allows k3d load balancer containers to not drop capabilities
- istio-system/lb-port-.*
allowedDockerRegistries:
parameters:
excludedResources:
# Allows k3d load balancer containers to pull from public repos
- istio-system/lb-port-.*
allowedSecCompProfiles:
parameters:
excludedResources:
# Allows k3d load balancer containers to have an undefined defined seccomp
- istio-system/lb-port-.*
allowedUsers:
parameters:
excludedResources:
# Allows k3d load balancer containers to run as any user/group
- istio-system/lb-port-.*
containerRatio:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
hostNetworking:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount host ports
- istio-system/lb-port-.*
noBigContainers:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined limits/requests
- istio-system/lb-port-.*
noPrivilegedEscalation:
parameters:
excludedResources:
# Allows k3d load balancer containers to have undefined security context
- istio-system/lb-port-.*
readOnlyRoot:
parameters:
excludedResources:
# Allows k3d load balancer containers to mount filesystems read/write
- istio-system/lb-port-.*
requiredLabels:
parameters:
excludedResources:
# Allows k3d load balancer pods to not have required labels
- istio-system/svclb-.*
requiredProbes:
parameters:
excludedResources:
# Allows k3d load balancer containers to not have readiness/liveness probes
- istio-system/lb-port-.*
violations:
allowedDockerRegistries:
enabled: false
enforcementAction: deny
allowedFlexVolumes:
enabled: false
enforcementAction: deny
allowedHostFilesystem:
enabled: false
enforcementAction: deny
allowedIPs:
enabled: false
enforcementAction: deny
allowedProcMount:
enabled: false
enforcementAction: deny
bannedImageTags:
enabled: false
enforcementAction: deny
hostNetworking:
enabled: false
enforcementAction: deny
httpsOnly:
enabled: false
enforcementAction: deny
noHostNamespace:
enabled: false
enforcementAction: deny
noPrivilegedContainers:
enabled: false
enforcementAction: deny
noSysctls:
enabled: false
enforcementAction: deny
restrictedTaint:
enabled: false
enforcementAction: deny
selinuxPolicy:
enabled: false
enforcementAction: deny
uniqueIngressHost:
enabled: false
enforcementAction: deny
volumeTypes:
enabled: false
enforcementAction: deny
bbtests:
# TODO: Test will need to be refactored at BB level to properly run since we can't turn everything to deny
# https://repo1.dso.mil/platform-one/big-bang/apps/core/policy/-/issues/133
@@ -354,7 +345,7 @@ addons:
sso:
enabled: false
flux:
timeout: 20m
timeout: 30m
values:
global:
rails:
@@ -865,7 +856,7 @@ addons:
keycloak:
enabled: false
ingress:
gateway: "public"
gateway: "passthrough"
values:
replicas: 1
resources:
@@ -881,7 +872,6 @@ addons:
cypress_url: "https://keycloak.bigbang.dev"
cypress_username: "admin"
cypress_password: "password"
# Custom dev secret configuration
secrets:
env:
stringData:
@@ -930,3 +920,4 @@ addons:
mountPath: /etc/x509/https/tls.key
subPath: tls.key
readOnly: true

UNCLASSIFIED - NO CUI