CHANGELOG.md

@@ -3,6 +3,14 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [2.41.0]
+	
+- [!2.41.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.41.0); List of merge requests in this release.
+
+## [2.40.0]
+	
+- [!2.40.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.40.0); List of merge requests in this release.
+
 ## [2.39.1]
 	
 - [!2.39.1](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.39.0); List of merge requests in this release.

CODEOWNERS

@@ -2,4 +2,4 @@
 * @michaelmartin @chris.oconnell @andrewshoell @troymobley
 
 # Additional Documentation Maintainer
-docs/ @cbowmanclare @michaelmartin @chris.oconnell @andrewshoell @troymobley
+docs/ @michaelmartin @chris.oconnell @andrewshoell @troymobley

CONTRIBUTING.md

@@ -94,6 +94,8 @@ Follow instruction in [CI-Workflow](./docs/developer/ci-workflow.md) for specifi
 
 - Big Bang does not recommend using internal databases for production deployments. Please look into having external databases, each application will have guides to deploy production system.
 
+- For questions on CVEs and remediation, email Andrew Vu Big Bang Cyber Lead (andrew.vu.9@us.af.mil) or message on MatterMost IL4 (andrew.vu.9) for more information.
+
 # Community Contributions to DoD-Platform-One via Github
 
 ## How to Contribute

base/gitrepository.yaml

@@ -11,4 +11,4 @@ spec:
   interval: 10m
   url: https://repo1.dso.mil/big-bang/bigbang.git
   ref:
-    tag: 2.39.1
+    tag: 2.41.0

blog/.pages

 nav:
+  - Introducing Headlamp a UI for your k8s Cluster management: UI-for-your-K8s-Cluster.md
   - Cypress Testing In Depth: cypress-testing.md
   - BigBang.mil Domain & dev Certificate: dev-bigbang-mil-certificate.md
   - 2.0 New Features: 2-0-new-features.md

blog/UI-for-your-K8s-Cluster.md

+---
+revision_date: Last edited November 20, 2024
+tags:
+  - blog
+---
+We at BigBang are excited to share some great news! We're working on adding **Headlamp**, a modern, user-friendly Kubernetes management UI, as an installable add-on in BigBang. But you don’t have to wait—Headlamp is already available as a desktop client for macOS, Windows, and Linux. You can download it now at [headlamp.dev](https://headlamp.dev/#download-platforms).  
+
+## Benefits of Headlamp
+
+### 1. **Easy to Use**
+Headlamp provides a clean, intuitive interface that simplifies Kubernetes cluster management. It’s accessible for both beginners and experienced users, reducing the steep learning curve often associated with Kubernetes.
+
+### 2. **Lightweight and Fast**
+Designed to be lightweight, Headlamp ensures fast performance and minimal resource usage, making it a great tool for responsive cluster management.
+
+### 3. **Real-Time Insights**
+Get live updates on resource statuses, metrics, and logs. This ensures you always have the most accurate information to monitor cluster health and troubleshoot issues effectively.
+
+![Alt text](assets/images/UI-for-your-K8s-Cluster/pods_snapshot.png)
+
+### 4. **Customizable and Extensible**
+- **Plugin Support:** Add or modify functionality to tailor the UI to your needs such as the easily implemented Flux plugin.
+- **Open Source:** Adapt Headlamp for specific requirements or contribute to its development.  
+
+![Alt text](assets/images/UI-for-your-K8s-Cluster/flux_hr_snapshot.png)
+![Alt text](assets/images/UI-for-your-K8s-Cluster/Flux_actions.png)
+
+
+### 5. **Multi-Cluster Management**
+Easily manage multiple Kubernetes clusters from a single interface, streamlining operations across environments.
+
+### 6. **RBAC Visualization**
+Understand and manage Role-Based Access Control (RBAC) with clear visualizations, simplifying permission management.
+![Alt text](assets/images/UI-for-your-K8s-Cluster/rbac.png)
+
+### 7. **Native Kubernetes API Integration**
+Headlamp connects directly with Kubernetes APIs, ensuring accurate, real-time cluster management without relying on additional tools or agents.
+
+### 8. **Real-Time Visualization of resources**
+Headlamp is capable of mapping out your real-time resources such as Workloads(pods, deployments, etc), Storage(PVCs), Network (Services, Endpoints, Ingress), Security(Service Accounts, Roles, Role Bindings), Configuration(Config Maps, Secrets, etc) and can be grouped by Namespace, Instance, or node. 
+
+![Alt text](assets/images/UI-for-your-K8s-Cluster/visualization.png)
+
+
+---
+
+Start exploring Headlamp today to simplify and enhance your Kubernetes management experience!
+
+Progress of headlamp being implemented into Big Bang as an add-on can be found [here](https://repo1.dso.mil/big-bang/product/bbtoc/-/issues/144)
\ No newline at end of file

chart/Chart.yaml

 apiVersion: v2
 name: bigbang
-version: 2.39.1
+version: 2.41.0
 kubeVersion: '>=1.29.0-0'
 description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
 type: application

chart/ingress-certs.yaml

@@ -4,31 +4,31 @@ istio:
       tls:
         key: |
           -----BEGIN PRIVATE KEY-----
-          MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgHdAqwvsyPsX3pRca
-          mDuuzhjyj8NOPMR55qzCmEocqtqhRANCAAQR6VCFEQou/74lv/a2AG6DigR4LFx/
-          5fV/RVfaN6Xj5gGHldg8XIZsMmaUeOmmIXmi+o8lMgxCfhPqMRmmOsId
+          MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY8guQ+hcKpHSgrm2
+          A+GcFrrUtM8nb4L++naSjVQnogGhRANCAATKBRvdmdwoI2v36FYM8xpY7lI7r5KW
+          oj1lOKS6OwyAyGQyUYobCm/o7a2WJnhAkGFUFrrV1Z7N1lAGCmQJOOb8
           -----END PRIVATE KEY-----
         cert: |
           -----BEGIN CERTIFICATE-----
-          MIIDgzCCAwqgAwIBAgISBNVmX90qEhTcM13UnwfR4uIfMAoGCCqGSM49BAMDMDIx
+          MIIDgzCCAwmgAwIBAgISBFMkWa9lPkFhl087yAiMkoEpMAoGCCqGSM49BAMDMDIx
           CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
-          NTAeFw0yNDA5MDMxNTExMTJaFw0yNDEyMDIxNTExMTFaMBwxGjAYBgNVBAMMESou
-          ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEelQhREK
-          Lv++Jb/2tgBug4oEeCxcf+X1f0VX2jel4+YBh5XYPFyGbDJmlHjppiF5ovqPJTIM
-          Qn4T6jEZpjrCHaOCAhQwggIQMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
-          BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxNJIe5Op
-          BPkPtPFg0yT8PI0B4iAwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
+          NTAeFw0yNDExMTgyMTA0NDRaFw0yNTAyMTYyMTA0NDNaMBwxGjAYBgNVBAMMESou
+          ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEygUb3Znc
+          KCNr9+hWDPMaWO5SO6+SlqI9ZTikujsMgMhkMlGKGwpv6O2tliZ4QJBhVBa61dWe
+          zdZQBgpkCTjm/KOCAhMwggIPMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
+          BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUd+z9mMaM
+          YJEbjoKZOyob74JP7vwwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
           VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5v
           cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHAYDVR0RBBUw
-          E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgor
-          BgEEAdZ5AgQCBIH2BIHzAPEAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+Zn
-          TFo6dAAAAZG4pibmAAAEAwBIMEYCIQD/k5H1pMTHkOjQNKEta4q1GGgo+fLxdgDm
-          8xrPoVipRwIhANzLrmkFPD2Ui/NHeQO6SeqPluy/MCJlaStFkqLtPcuTAHYAGZgQ
-          cQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMoAAAGRuKYm1gAABAMARzBFAiAu
-          mU3lLoDe2ZdcLIWkt9l5wTJp1o42Li3EotstZCyUKQIhAJ3QKqzvw93dx3Zq4dzU
-          ROGqLSZXMmBVZNNAkQr0vh2tMAoGCCqGSM49BAMDA2cAMGQCMGIuOMsqPPLylcDH
-          OxRVdPzEmTKv5hBL26q0ABJ+BGCkh/5+LBJO+XaPyuIVK9qATgIwQCt9i6+hbPvL
-          sKBpVn8oiiXjENXKM/KFFRsAD/LWxvVuwJlS98A2DM/ZrTTCIpGD
+          E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor
+          BgEEAdZ5AgQCBIH1BIHyAPAAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5
+          UKRH5wAAAZNBTSWpAAAEAwBIMEYCIQDxh3t5GRZRc+RdSV2GXQ7MhPmxNuaOK2K8
+          +0G1nhV+oQIhANFeYVYgmPAjCdZeTPbvRX8DdcQXLrencMhjrO+NQcGFAHUAE0rf
+          GrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr4CIAAAGTQU0mZAAABAMARjBEAiBd
+          yXAGHYvhbQaFdrYzQ191u5DoRP5wiiP16/8fYRfRDgIgAJeJwqBTR1+CG/BaIFir
+          xJHo82Ulcmo+IBLoL+5oJX0wCgYIKoZIzj0EAwMDaAAwZQIxAM0kS16QX1Qc9VtP
+          DypEln3luAegjWimBEi/45BDBeeOr1ofEL13oyDlKdP/6f+sWQIwLyEYai56gHmN
+          sSfBmgkdEEdz0M5HowiKAIahom+kg+Mj+0vvJeV3fREqC1joWzRB
           -----END CERTIFICATE-----
           -----BEGIN CERTIFICATE-----
           MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
@@ -62,31 +62,31 @@ addons:
     ingress:
       key: |
         -----BEGIN PRIVATE KEY-----
-        MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgHdAqwvsyPsX3pRca
-        mDuuzhjyj8NOPMR55qzCmEocqtqhRANCAAQR6VCFEQou/74lv/a2AG6DigR4LFx/
-        5fV/RVfaN6Xj5gGHldg8XIZsMmaUeOmmIXmi+o8lMgxCfhPqMRmmOsId
+        MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY8guQ+hcKpHSgrm2
+        A+GcFrrUtM8nb4L++naSjVQnogGhRANCAATKBRvdmdwoI2v36FYM8xpY7lI7r5KW
+        oj1lOKS6OwyAyGQyUYobCm/o7a2WJnhAkGFUFrrV1Z7N1lAGCmQJOOb8
         -----END PRIVATE KEY-----
       cert: |
         -----BEGIN CERTIFICATE-----
-        MIIDgzCCAwqgAwIBAgISBNVmX90qEhTcM13UnwfR4uIfMAoGCCqGSM49BAMDMDIx
+        MIIDgzCCAwmgAwIBAgISBFMkWa9lPkFhl087yAiMkoEpMAoGCCqGSM49BAMDMDIx
         CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
-        NTAeFw0yNDA5MDMxNTExMTJaFw0yNDEyMDIxNTExMTFaMBwxGjAYBgNVBAMMESou
-        ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEelQhREK
-        Lv++Jb/2tgBug4oEeCxcf+X1f0VX2jel4+YBh5XYPFyGbDJmlHjppiF5ovqPJTIM
-        Qn4T6jEZpjrCHaOCAhQwggIQMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
-        BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxNJIe5Op
-        BPkPtPFg0yT8PI0B4iAwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
+        NTAeFw0yNDExMTgyMTA0NDRaFw0yNTAyMTYyMTA0NDNaMBwxGjAYBgNVBAMMESou
+        ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEygUb3Znc
+        KCNr9+hWDPMaWO5SO6+SlqI9ZTikujsMgMhkMlGKGwpv6O2tliZ4QJBhVBa61dWe
+        zdZQBgpkCTjm/KOCAhMwggIPMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
+        BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUd+z9mMaM
+        YJEbjoKZOyob74JP7vwwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
         VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5v
         cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHAYDVR0RBBUw
-        E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgor
-        BgEEAdZ5AgQCBIH2BIHzAPEAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+Zn
-        TFo6dAAAAZG4pibmAAAEAwBIMEYCIQD/k5H1pMTHkOjQNKEta4q1GGgo+fLxdgDm
-        8xrPoVipRwIhANzLrmkFPD2Ui/NHeQO6SeqPluy/MCJlaStFkqLtPcuTAHYAGZgQ
-        cQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMoAAAGRuKYm1gAABAMARzBFAiAu
-        mU3lLoDe2ZdcLIWkt9l5wTJp1o42Li3EotstZCyUKQIhAJ3QKqzvw93dx3Zq4dzU
-        ROGqLSZXMmBVZNNAkQr0vh2tMAoGCCqGSM49BAMDA2cAMGQCMGIuOMsqPPLylcDH
-        OxRVdPzEmTKv5hBL26q0ABJ+BGCkh/5+LBJO+XaPyuIVK9qATgIwQCt9i6+hbPvL
-        sKBpVn8oiiXjENXKM/KFFRsAD/LWxvVuwJlS98A2DM/ZrTTCIpGD
+        E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor
+        BgEEAdZ5AgQCBIH1BIHyAPAAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5
+        UKRH5wAAAZNBTSWpAAAEAwBIMEYCIQDxh3t5GRZRc+RdSV2GXQ7MhPmxNuaOK2K8
+        +0G1nhV+oQIhANFeYVYgmPAjCdZeTPbvRX8DdcQXLrencMhjrO+NQcGFAHUAE0rf
+        GrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr4CIAAAGTQU0mZAAABAMARjBEAiBd
+        yXAGHYvhbQaFdrYzQ191u5DoRP5wiiP16/8fYRfRDgIgAJeJwqBTR1+CG/BaIFir
+        xJHo82Ulcmo+IBLoL+5oJX0wCgYIKoZIzj0EAwMDaAAwZQIxAM0kS16QX1Qc9VtP
+        DypEln3luAegjWimBEi/45BDBeeOr1ofEL13oyDlKdP/6f+sWQIwLyEYai56gHmN
+        sSfBmgkdEEdz0M5HowiKAIahom+kg+Mj+0vvJeV3fREqC1joWzRB
         -----END CERTIFICATE-----
         -----BEGIN CERTIFICATE-----
         MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
@@ -118,31 +118,31 @@ addons:
     ingress:
       key: |
         -----BEGIN PRIVATE KEY-----
-        MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgHdAqwvsyPsX3pRca
-        mDuuzhjyj8NOPMR55qzCmEocqtqhRANCAAQR6VCFEQou/74lv/a2AG6DigR4LFx/
-        5fV/RVfaN6Xj5gGHldg8XIZsMmaUeOmmIXmi+o8lMgxCfhPqMRmmOsId
+        MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgY8guQ+hcKpHSgrm2
+        A+GcFrrUtM8nb4L++naSjVQnogGhRANCAATKBRvdmdwoI2v36FYM8xpY7lI7r5KW
+        oj1lOKS6OwyAyGQyUYobCm/o7a2WJnhAkGFUFrrV1Z7N1lAGCmQJOOb8
         -----END PRIVATE KEY-----
       cert: |
         -----BEGIN CERTIFICATE-----
-        MIIDgzCCAwqgAwIBAgISBNVmX90qEhTcM13UnwfR4uIfMAoGCCqGSM49BAMDMDIx
+        MIIDgzCCAwmgAwIBAgISBFMkWa9lPkFhl087yAiMkoEpMAoGCCqGSM49BAMDMDIx
         CzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQDEwJF
-        NTAeFw0yNDA5MDMxNTExMTJaFw0yNDEyMDIxNTExMTFaMBwxGjAYBgNVBAMMESou
-        ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEEelQhREK
-        Lv++Jb/2tgBug4oEeCxcf+X1f0VX2jel4+YBh5XYPFyGbDJmlHjppiF5ovqPJTIM
-        Qn4T6jEZpjrCHaOCAhQwggIQMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
-        BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUxNJIe5Op
-        BPkPtPFg0yT8PI0B4iAwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
+        NTAeFw0yNDExMTgyMTA0NDRaFw0yNTAyMTYyMTA0NDNaMBwxGjAYBgNVBAMMESou
+        ZGV2LmJpZ2JhbmcubWlsMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEygUb3Znc
+        KCNr9+hWDPMaWO5SO6+SlqI9ZTikujsMgMhkMlGKGwpv6O2tliZ4QJBhVBa61dWe
+        zdZQBgpkCTjm/KOCAhMwggIPMA4GA1UdDwEB/wQEAwIHgDAdBgNVHSUEFjAUBggr
+        BgEFBQcDAQYIKwYBBQUHAwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUd+z9mMaM
+        YJEbjoKZOyob74JP7vwwHwYDVR0jBBgwFoAUnytfzzwhT50Et+0rLMTGcIvS1w0w
         VQYIKwYBBQUHAQEESTBHMCEGCCsGAQUFBzABhhVodHRwOi8vZTUuby5sZW5jci5v
         cmcwIgYIKwYBBQUHMAKGFmh0dHA6Ly9lNS5pLmxlbmNyLm9yZy8wHAYDVR0RBBUw
-        E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEFBgor
-        BgEEAdZ5AgQCBIH2BIHzAPEAdwB2/4g/Crb7lVHCYcz1h7o0tKTNuyncaEIKn+Zn
-        TFo6dAAAAZG4pibmAAAEAwBIMEYCIQD/k5H1pMTHkOjQNKEta4q1GGgo+fLxdgDm
-        8xrPoVipRwIhANzLrmkFPD2Ui/NHeQO6SeqPluy/MCJlaStFkqLtPcuTAHYAGZgQ
-        cQnw1lIuMIDSnj9ku4NuKMz5D1KO7t/OSj8WtMoAAAGRuKYm1gAABAMARzBFAiAu
-        mU3lLoDe2ZdcLIWkt9l5wTJp1o42Li3EotstZCyUKQIhAJ3QKqzvw93dx3Zq4dzU
-        ROGqLSZXMmBVZNNAkQr0vh2tMAoGCCqGSM49BAMDA2cAMGQCMGIuOMsqPPLylcDH
-        OxRVdPzEmTKv5hBL26q0ABJ+BGCkh/5+LBJO+XaPyuIVK9qATgIwQCt9i6+hbPvL
-        sKBpVn8oiiXjENXKM/KFFRsAD/LWxvVuwJlS98A2DM/ZrTTCIpGD
+        E4IRKi5kZXYuYmlnYmFuZy5taWwwEwYDVR0gBAwwCjAIBgZngQwBAgEwggEEBgor
+        BgEEAdZ5AgQCBIH1BIHyAPAAdwCi4wrkRe+9rZt+OO1HZ3dT14JbhJTXK14bLMS5
+        UKRH5wAAAZNBTSWpAAAEAwBIMEYCIQDxh3t5GRZRc+RdSV2GXQ7MhPmxNuaOK2K8
+        +0G1nhV+oQIhANFeYVYgmPAjCdZeTPbvRX8DdcQXLrencMhjrO+NQcGFAHUAE0rf
+        GrWYQgl4DG/vTHqRpBa3I0nOWFdq367ap8Kr4CIAAAGTQU0mZAAABAMARjBEAiBd
+        yXAGHYvhbQaFdrYzQ191u5DoRP5wiiP16/8fYRfRDgIgAJeJwqBTR1+CG/BaIFir
+        xJHo82Ulcmo+IBLoL+5oJX0wCgYIKoZIzj0EAwMDaAAwZQIxAM0kS16QX1Qc9VtP
+        DypEln3luAegjWimBEi/45BDBeeOr1ofEL13oyDlKdP/6f+sWQIwLyEYai56gHmN
+        sSfBmgkdEEdz0M5HowiKAIahom+kg+Mj+0vvJeV3fREqC1joWzRB
         -----END CERTIFICATE-----
         -----BEGIN CERTIFICATE-----
         MIIEVzCCAj+gAwIBAgIRAIOPbGPOsTmMYgZigxXJ/d4wDQYJKoZIhvcNAQELBQAw
@@ -169,4 +169,4 @@ addons:
         GWiWaeOyB7RP+OfDtvi2OsapxXiV7vNVs7fMlrRjY1joKaqmmycnBvAq14AEbtyL
         sVfOS66B8apkeFX2NY4XPEYV4ZSCe8VHPrdrERk2wILG3T/EGmSIkCYVUMSnjmJd
         VQD9F6Na/+zmXCc=
-        -----END CERTIFICATE-----
\ No newline at end of file
+        -----END CERTIFICATE-----

chart/templates/kyverno-policies/values.yaml

@@ -111,6 +111,7 @@ policies:
           names:
           - neuvector-enforcer-pod*
           - neuvector-controller-pod*
+          - neuvector-scanner-pod*
       {{- end }}
   {{- end }}
 
@@ -204,7 +205,9 @@ policies:
           - neuvector
           names:
           - neuvector-enforcer-pod*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod*
+          - neuvector-scanner-pod*
           - neuvector-prometheus-exporter-pod*
       {{- end }}
       {{- if .Values.addons.holocron.enabled }}
@@ -354,6 +357,7 @@ policies:
           names:
           - neuvector-enforcer-pod-*
           - neuvector-controller-pod-*
+          - neuvector-cert-upgrader-job-*
       {{- end }}
     {{- end }}
 
@@ -577,6 +581,7 @@ policies:
           - neuvector
           names:
           - neuvector-enforcer-pod*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod*
       {{- end }}
       {{- if $deployNodeAgent }}
@@ -887,6 +892,7 @@ policies:
           allow:
           - neuvector-manager-pod-*
           - neuvector-scanner-pod-*
+          - neuvector-cert-upgrader-job-*
           - neuvector-controller-pod-*
           - neuvector-enforcer-pod-*
           - neuvector-updater-pod-*

chart/values.yaml

@@ -174,11 +174,11 @@ istio:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
     path: "./chart"
-    tag: "1.23.2-bb.1"
+    tag: "1.23.3-bb.1"
   helmRepo:
     repoName: "registry1"
     chartName: "istio"
-    tag: "1.23.2-bb.1"
+    tag: "1.23.3-bb.1"
     # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI).  Set to 'false' to disable verification.
     # cosignVerify:
 
@@ -316,11 +316,11 @@ istioOperator:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/istio-operator.git
     path: "./chart"
-    tag: "1.23.2-bb.0"
+    tag: "1.23.3-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "istio-operator"
-    tag: "1.23.2-bb.0"
+    tag: "1.23.3-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Istio Operator Package
   flux: {}
@@ -384,11 +384,11 @@ kiali:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/kiali.git
     path: "./chart"
-    tag: "1.89.7-bb.1"
+    tag: "2.1.0-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "kiali"
-    tag: "1.89.7-bb.1"
+    tag: "2.1.0-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Kiali Package
   flux: {}
@@ -515,11 +515,11 @@ kyvernoPolicies:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
     path: ./chart
-    tag: "3.2.6-bb.0"
+    tag: "3.2.6-bb.1"
   helmRepo:
     repoName: "registry1"
     chartName: "kyverno-policies"
-    tag: "3.2.6-bb.0"
+    tag: "3.2.6-bb.1"
 
   # -- Flux reconciliation overrides specifically for the Kyverno Package
   flux: {}
@@ -570,11 +570,11 @@ elasticsearchKibana:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
     path: "./chart"
-    tag: "1.21.0-bb.0"
+    tag: "1.22.0-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "elasticsearch-kibana"
-    tag: "1.21.0-bb.0"
+    tag: "1.22.0-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Logging (EFK) Package
   flux:
@@ -648,11 +648,11 @@ fluentbit:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
     path: "./chart"
-    tag: "0.47.10-bb.1"
+    tag: "0.48.2-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "fluentbit"
-    tag: "0.47.10-bb.1"
+    tag: "0.48.2-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Fluent-Bit Package
   flux: {}
@@ -701,11 +701,11 @@ loki:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/loki.git
     path: "./chart"
-    tag: "6.18.0-bb.1"
+    tag: "6.18.0-bb.3"
   helmRepo:
     repoName: "registry1"
     chartName: "loki"
-    tag: "6.18.0-bb.1"
+    tag: "6.18.0-bb.3"
 
   # -- Flux reconciliation overrides specifically for the Loki Package
   flux: {}
@@ -758,11 +758,11 @@ neuvector:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
     path: "./chart"
-    tag: "2.7.8-bb.4"
+    tag: "2.8.2-bb.2"
   helmRepo:
     repoName: "registry1"
     chartName: "neuvector"
-    tag: "2.7.8-bb.4"
+    tag: "2.8.2-bb.2"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress:
@@ -810,11 +810,11 @@ tempo:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/tempo.git
     path: "./chart"
-    tag: "1.10.3-bb.6"
+    tag: "1.11.0-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "tempo"
-    tag: "1.10.3-bb.6"
+    tag: "1.11.0-bb.0"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress:
@@ -933,11 +933,11 @@ grafana:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/grafana.git
     path: "./chart"
-    tag: "8.5.5-bb.0"
+    tag: "8.6.2-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "grafana"
-    tag: "8.5.5-bb.0"
+    tag: "8.6.2-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Monitoring Package
   flux: {}
@@ -984,11 +984,11 @@ twistlock:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/twistlock.git
     path: "./chart"
-    tag: "0.17.0-bb.2"
+    tag: "0.18.0-bb.0"
   helmRepo:
     repoName: "registry1"
     chartName: "twistlock"
-    tag: "0.17.0-bb.2"
+    tag: "0.18.0-bb.0"
 
   # -- Flux reconciliation overrides specifically for the Twistlock Package
   flux: {}
@@ -1031,11 +1031,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/argocd.git
       path: "./chart"
-      tag: "7.6.6-bb.0"
+      tag: "7.7.5-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "argocd"
-      tag: "7.6.6-bb.0"
+      tag: "7.7.5-bb.0"
 
     # -- Flux reconciliation overrides specifically for the ArgoCD Package
     flux: {}
@@ -1088,11 +1088,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/authservice.git
       path: "./chart"
-      tag: "1.0.2-bb.1"
+      tag: "1.0.3-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "authservice"
-      tag: "1.0.2-bb.1"
+      tag: "1.0.3-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Authservice Package
     flux: {}
@@ -1188,11 +1188,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
       path: "./chart"
-      tag: "8.3.6-bb.3"
+      tag: "8.5.2-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "gitlab"
-      tag: "8.3.6-bb.3"
+      tag: "8.5.2-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Gitlab Package
     flux: {}
@@ -1329,11 +1329,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/nexus.git
       path: "./chart"
-      tag: "73.0.0-bb.1"
+      tag: "74.0.0-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "nexus-repository-manager"
-      tag: "73.0.0-bb.1"
+      tag: "74.0.0-bb.0"
 
     # -- Base64 encoded license file.
     license_key: ""
@@ -1463,11 +1463,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/fortify.git
       path: "./chart"
-      tag: "1.1.2320154-bb.19"
+      tag: "1.1.2320154-bb.20"
     helmRepo:
       repoName: "registry1"
       chartName: "fortify-ssc"
-      tag: "1.1.2320154-bb.19"
+      tag: "1.1.2320154-bb.20"
 
     # -- Flux reconciliation overrides specifically for the Fortify Package
     flux: {}
@@ -1531,11 +1531,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/anchore-enterprise.git
       path: "./chart"
-      tag: "3.0.0-bb.2"
+      tag: "3.1.1-bb.3"
     helmRepo:
       repoName: "registry1"
       chartName: "anchore"
-      tag: "3.0.0-bb.2"
+      tag: "3.1.1-bb.3"
 
     # -- Flux reconciliation overrides specifically for the Anchore Package
     flux:
@@ -1648,11 +1648,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/mattermost.git
       path: "./chart"
-      tag: "10.1.2-bb.0"
+      tag: "10.2.0-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "mattermost"
-      tag: "10.1.2-bb.0"
+      tag: "10.2.0-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Mattermost Package
     flux: {}
@@ -1742,11 +1742,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/velero.git
       path: "./chart"
-      tag: "7.2.2-bb.0"
+      tag: "7.2.2-bb.3"
     helmRepo:
       repoName: "registry1"
       chartName: "velero"
-      tag: "7.2.2-bb.0"
+      tag: "7.2.2-bb.3"
 
     # -- Flux reconciliation overrides specifically for the Velero Package
     flux: {}
@@ -1778,11 +1778,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/keycloak.git
       path: "./chart"
-      tag: "2.5.1-bb.0"
+      tag: "2.5.1-bb.2"
     helmRepo:
       repoName: "registry1"
       chartName: "keycloak"
-      tag: "2.5.1-bb.0"
+      tag: "2.5.1-bb.2"
 
     database:
       # -- Hostname of a pre-existing database to use for Keycloak.
@@ -1835,11 +1835,11 @@ addons:
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/vault.git
       path: "./chart"
-      tag: "0.28.1-bb.12"
+      tag: "0.29.0-bb.0"
     helmRepo:
       repoName: "registry1"
       chartName: "vault"
-      tag: "0.28.1-bb.12"
+      tag: "0.29.0-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Vault Package
     flux: {}
@@ -1900,12 +1900,12 @@ addons:
 
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/harbor.git
-      tag: "1.15.1-bb.1"
+      tag: "1.16.0-bb.2"
       path: "./chart"
     helmRepo:
       repoName: "registry1"
       chartName: "harbor"
-      tag: "1.15.1-bb.1"
+      tag: "1.16.0-bb.2"
 
     # -- Flux reconciliation overrides specifically for the Jaeger Package
     flux: {}
@@ -2058,12 +2058,12 @@ addons:
 
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/thanos.git
-      tag: "15.7.27-bb.3"
+      tag: "15.8.1-bb.0"
       path: "./chart"
     helmRepo:
       repoName: "registry1"
       chartName: "thanos"
-      tag: "15.7.27-bb.3"
+      tag: "15.8.1-bb.0"
 
     # -- Flux reconciliation overrides specifically for the Thanos Package
     flux: {}
@@ -2085,12 +2085,12 @@ addons:
 
     git:
       repo: https://repo1.dso.mil/big-bang/product/packages/external-secrets.git
-      tag: "0.10.2-bb.1"
+      tag: "0.10.4-bb.0"
       path: "./chart"
     helmRepo:
       repoName: "registry1"
       chartName: "external-secrets"
-      tag: "0.10.2-bb.1"
+      tag: "0.10.4-bb.0"
 
     # -- Override flux settings for this package
     flux: {}

docs/FAQ.md

@@ -103,3 +103,9 @@ on the [Big Bang Universe.](https://universe.bigbang.dso.mil/)
 
 It would also be useful to review
 [Understanding Big Bang.](https://docs-bigbang.dso.mil/latest/docs/understanding-bigbang/?h=understanding+bigbang%2F)
+
+## New Packages
+
+> How do I get a new package integrated into Big Bang?
+
+To integrate a new package into Big Bang, follow the steps outlined in the [package integration documents](developer/package-integration/README.md) and the [developing a package document](developer/develop-package.md).

docs/assets/scripts/developer/k3d-dev.sh

@@ -714,7 +714,7 @@ echo '$PrivateIP2	keycloak.dev.bigbang.mil vault.dev.bigbang.mil' >> /etc/hosts
 echo '$PrivateIP anchore-api.dev.bigbang.mil anchore.dev.bigbang.mil argocd.dev.bigbang.mil gitlab.dev.bigbang.mil registry.dev.bigbang.mil tracing.dev.bigbang.mil kiali.dev.bigbang.mil kibana.dev.bigbang.mil chat.dev.bigbang.mil minio.dev.bigbang.mil minio-api.dev.bigbang.mil alertmanager.dev.bigbang.mil grafana.dev.bigbang.mil prometheus.dev.bigbang.mil nexus.dev.bigbang.mil sonarqube.dev.bigbang.mil tempo.dev.bigbang.mil twistlock.dev.bigbang.mil' >> /etc/hosts
 echo '## end dev.bigbang.mil section' >> /etc/hosts
 
-kubectl get configmap -n kube-system coredns -o yaml | sed '/^		.* host.k3d.internal$/a\ \ \ \ $PrivateIP2 keycloak.dev.bigbang.mil vault.dev.bigbang.mil' | kubectl apply -f -
+kubectl get configmap -n kube-system coredns -o yaml | sed '/^    .* host.k3d.internal$/a\ \ \ \ $PrivateIP2 keycloak.dev.bigbang.mil vault.dev.bigbang.mil' | kubectl apply -f -
 EOF
   fi
 

docs/developer/develop-package.md

@@ -214,3 +214,5 @@ In some instances you may wish to manually create a private-registry secret in t
     ```shell
     -f reg-creds.yaml
     ```
+
+21. Integrate the package using the [Package Integration Documents](package-integration/README.md).

docs/developer/package-integration/README.md

@@ -2,6 +2,7 @@
 
 The following documents should be followed, in order, to fully integrate a new package into Big Bang:
 
+1. [Get BBTOC Approval](https://repo1.dso.mil/big-bang/product/bbtoc/-/blob/main/process/Package%20Maintenance%20Tracks.md): Follow the BBTOC Package Maintenance Tracks process to get approval for package integration
 1. [Upstream Helm Chart](upstream.md): Initialize package workspace using an upstream Helm chart
 1. [CICD Pipeline](pipeline.md): Establish a baseline package pipeline for testing changes
 1. [Flux Helm Chart](flux.md): Create Flux compatible GitOps Helm chart required by Big Bang
@@ -13,6 +14,7 @@ The following documents should be followed, in order, to fully integrate a new p
 1. [Additional Tests](testing.md): Add testing to validate basic functionality
 1. [Network Policies](network-policies.md): Add ingress/egress policies to restrict network traffic for security
 1. [Policy Enforcement](policy-enforcement.md): Update package to comply with default security and governance policies in Big Bang
-2. [Supported Package](supported.md): Migrate package into the Big Bang repo as a supported package
-3. [Final Documentation](documentation.md): Add additional Big Bang documentation for final release
-4. [Big Bang Merge Request](bigbang-merge-request.md): Create Big Bang Merge Request and run all packages pipeline
+1. [Istio Hardening](../IstioHardened.md): Update package to comply with Istio hardening policies in Big Bang
+1. [Supported Package](supported.md): Migrate package into the Big Bang repo as a supported package
+1. [Final Documentation](documentation.md): Add additional Big Bang documentation for final release
+1. [Big Bang Merge Request](bigbang-merge-request.md): Create Big Bang Merge Request and run all packages pipeline