UNCLASSIFIED - NO CUI

Skip to content
Commits on Source (64)
Expand all Hide whitespace changes
Inline Side-by-side
CHANGELOG.md
View file @ 1ef2d685
......@@ -3,6 +3,14 @@
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
---
## [2.42.0]
- [!2.42.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.42.0); List of merge requests in this release.
## [2.41.0]
- [!2.41.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.41.0); List of merge requests in this release.
## [2.40.0]
- [!2.40.0](https://repo1.dso.mil/big-bang/bigbang/-/merge_requests?scope=all&utf8=%E2%9C%93&state=merged&milestone_title=2.40.0); List of merge requests in this release.
......
CODEOWNERS
View file @ 1ef2d685
# Big Bang Maintainers
* @michaelmartin @chris.oconnell @andrewshoell @troymobley
# Additional Documentation Maintainer
docs/ @michaelmartin @chris.oconnell @andrewshoell @troymobley
[Documentation] @michaelmartin @chris.oconnell @andrewshoell @troymobley
docs/
*.md
[Blog] @troymobley
blog/
base/flux/kustomization.yaml
View file @ 1ef2d685
......@@ -78,8 +78,8 @@ patches:
- name: manager
resources:
limits:
cpu: 900m
memory: 1Gi
cpu: 1800m
memory: 2Gi
requests:
cpu: 900m
memory: 1Gi
......@@ -108,8 +108,8 @@ patches:
- name: manager
resources:
limits:
cpu: 300m
memory: 600Mi
cpu: 600m
memory: 1200Mi
requests:
cpu: 300m
memory: 600Mi
......@@ -138,8 +138,8 @@ patches:
- name: manager
resources:
limits:
cpu: 100m
memory: 200Mi
cpu: 200m
memory: 400Mi
requests:
cpu: 100m
memory: 200Mi
......@@ -168,8 +168,8 @@ patches:
- name: manager
resources:
limits:
cpu: 300m
memory: 384Mi
cpu: 600m
memory: 800Mi
requests:
cpu: 300m
memory: 384Mi
base/gitrepository.yaml
View file @ 1ef2d685
......@@ -11,4 +11,4 @@ spec:
interval: 10m
url: https://repo1.dso.mil/big-bang/bigbang.git
ref:
tag: 2.40.0
tag: 2.42.0
chart/Chart.yaml
View file @ 1ef2d685
apiVersion: v2
name: bigbang
version: 2.40.0
version: 2.42.0
kubeVersion: '>=1.29.0-0'
description: Big Bang is a declarative, continuous delivery tool for core DoD hardened and approved packages into a Kubernetes cluster.
type: application
......
chart/templates/_helpers.tpl
View file @ 1ef2d685
......@@ -165,7 +165,7 @@ metadata:
namespace: {{ .root.Release.Namespace }}
type: generic
stringData:
common: |
common: ""
defaults: {{- toYaml .defaults | nindent 4 }}
overlays: |
{{- toYaml .package.values | nindent 4 }}
......
chart/templates/harbor/values.yaml
View file @ 1ef2d685
......@@ -54,7 +54,4 @@ serviceMonitor:
openshift: {{ .Values.openshift }}
sso:
enabled: {{ .Values.addons.harbor.sso.enabled }}
{{- end }}
chart/templates/kyverno-policies/values.yaml
View file @ 1ef2d685
......@@ -257,8 +257,8 @@ policies:
validationFailureAction: Audit
parameters:
require:
- app
- version
- app.kubernetes.io/name
- app.kubernetes.io/version
require-istio-on-namespaces:
enabled: {{ .Values.istio.enabled }}
......
chart/values.yaml
View file @ 1ef2d685
......@@ -174,11 +174,11 @@ istio:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
path: "./chart"
tag: "1.23.3-bb.1"
tag: "1.23.3-bb.2"
helmRepo:
repoName: "registry1"
chartName: "istio"
tag: "1.23.3-bb.1"
tag: "1.23.3-bb.2"
# -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI). Set to 'false' to disable verification.
# cosignVerify:
......@@ -490,11 +490,11 @@ kyverno:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/kyverno.git
path: "./chart"
tag: "3.2.7-bb.0"
tag: "3.3.4-bb.0"
helmRepo:
repoName: "registry1"
chartName: "kyverno"
tag: "3.2.7-bb.0"
tag: "3.3.4-bb.0"
# -- Flux reconciliation overrides specifically for the Kyverno Package
flux: {}
......@@ -515,11 +515,11 @@ kyvernoPolicies:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git
path: ./chart
tag: "3.2.6-bb.1"
tag: "3.3.4-bb.0"
helmRepo:
repoName: "registry1"
chartName: "kyverno-policies"
tag: "3.2.6-bb.1"
tag: "3.3.4-bb.0"
# -- Flux reconciliation overrides specifically for the Kyverno Package
flux: {}
......@@ -570,11 +570,11 @@ elasticsearchKibana:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/elasticsearch-kibana.git
path: "./chart"
tag: "1.22.0-bb.0"
tag: "1.23.0-bb.0"
helmRepo:
repoName: "registry1"
chartName: "elasticsearch-kibana"
tag: "1.22.0-bb.0"
tag: "1.23.0-bb.0"
# -- Flux reconciliation overrides specifically for the Logging (EFK) Package
flux:
......@@ -623,11 +623,11 @@ eckOperator:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/eck-operator.git
path: "./chart"
tag: "2.14.0-bb.0"
tag: "2.15.0-bb.0"
helmRepo:
repoName: "registry1"
chartName: "eck-operator"
tag: "2.14.0-bb.0"
tag: "2.15.0-bb.0"
# -- Flux reconciliation overrides specifically for the ECK Operator Package
flux: {}
......@@ -648,11 +648,11 @@ fluentbit:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/fluentbit.git
path: "./chart"
tag: "0.48.2-bb.0"
tag: "0.48.3-bb.1"
helmRepo:
repoName: "registry1"
chartName: "fluentbit"
tag: "0.48.2-bb.0"
tag: "0.48.3-bb.1"
# -- Flux reconciliation overrides specifically for the Fluent-Bit Package
flux: {}
......@@ -701,11 +701,11 @@ loki:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/loki.git
path: "./chart"
tag: "6.18.0-bb.3"
tag: "6.23.0-bb.0"
helmRepo:
repoName: "registry1"
chartName: "loki"
tag: "6.18.0-bb.3"
tag: "6.23.0-bb.0"
# -- Flux reconciliation overrides specifically for the Loki Package
flux: {}
......@@ -758,11 +758,11 @@ neuvector:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
path: "./chart"
tag: "2.8.2-bb.2"
tag: "2.8.3-bb.0"
helmRepo:
repoName: "registry1"
chartName: "neuvector"
tag: "2.8.2-bb.2"
tag: "2.8.3-bb.0"
# -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`). The default is "public".
ingress:
......@@ -1031,11 +1031,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/argocd.git
path: "./chart"
tag: "7.6.6-bb.0"
tag: "7.7.5-bb.0"
helmRepo:
repoName: "registry1"
chartName: "argocd"
tag: "7.6.6-bb.0"
tag: "7.7.5-bb.0"
# -- Flux reconciliation overrides specifically for the ArgoCD Package
flux: {}
......@@ -1148,11 +1148,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/minio.git
path: "./chart"
tag: "6.0.4-bb.2"
tag: "6.0.4-bb.4"
helmRepo:
repoName: "registry1"
chartName: "minio-instance"
tag: "6.0.4-bb.2"
tag: "6.0.4-bb.4"
# -- Flux reconciliation overrides specifically for the Minio Package
flux: {}
......@@ -1188,11 +1188,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/gitlab.git
path: "./chart"
tag: "8.5.2-bb.0"
tag: "8.6.1-bb.0"
helmRepo:
repoName: "registry1"
chartName: "gitlab"
tag: "8.5.2-bb.0"
tag: "8.6.1-bb.0"
# -- Flux reconciliation overrides specifically for the Gitlab Package
flux: {}
......@@ -1302,12 +1302,12 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git
path: "./chart"
tag: "0.67.1-bb.1"
tag: "0.68.1-bb.2"
helmRepo:
repoName: "registry1"
chartName: "gitlab-runner"
tag: "0.67.1-bb.1"
tag: "0.68.1-bb.2"
# -- Flux reconciliation overrides specifically for the Gitlab Runner Package
......@@ -1463,11 +1463,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/fortify.git
path: "./chart"
tag: "1.1.2320154-bb.20"
tag: "1.1.2320154-bb.21"
helmRepo:
repoName: "registry1"
chartName: "fortify-ssc"
tag: "1.1.2320154-bb.20"
tag: "1.1.2320154-bb.21"
# -- Flux reconciliation overrides specifically for the Fortify Package
flux: {}
......@@ -1623,11 +1623,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/mattermost-operator.git
path: "./chart"
tag: "1.22.1-bb.0"
tag: "1.22.1-bb.1"
helmRepo:
repoName: "registry1"
chartName: "mattermost-operator"
tag: "1.22.1-bb.0"
tag: "1.22.1-bb.1"
# -- Flux reconciliation overrides specifically for the Mattermost Operator Package
flux: {}
......@@ -1742,11 +1742,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/velero.git
path: "./chart"
tag: "7.2.2-bb.3"
tag: "7.2.2-bb.4"
helmRepo:
repoName: "registry1"
chartName: "velero"
tag: "7.2.2-bb.3"
tag: "7.2.2-bb.4"
# -- Flux reconciliation overrides specifically for the Velero Package
flux: {}
......@@ -1778,11 +1778,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/keycloak.git
path: "./chart"
tag: "2.5.1-bb.2"
tag: "2.5.1-bb.3"
helmRepo:
repoName: "registry1"
chartName: "keycloak"
tag: "2.5.1-bb.2"
tag: "2.5.1-bb.3"
database:
# -- Hostname of a pre-existing database to use for Keycloak.
......@@ -1835,11 +1835,11 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/vault.git
path: "./chart"
tag: "0.29.0-bb.0"
tag: "0.29.1-bb.0"
helmRepo:
repoName: "registry1"
chartName: "vault"
tag: "0.29.0-bb.0"
tag: "0.29.1-bb.0"
# -- Flux reconciliation overrides specifically for the Vault Package
flux: {}
......@@ -1914,16 +1914,6 @@ addons:
ingress:
gateway: ""
sso:
# -- Toggle SSO for Harbor on and off
enabled: false
# -- OIDC Client ID to use for Harbor
client_id: ""
# -- OIDC Client Secret to use for Harbor
client_secret: ""
# -- Values to pass through to Habor chart: https://repo1.dso.mil/big-bang/product/packages/harbor.git
values: {}
......@@ -2085,12 +2075,12 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/external-secrets.git
tag: "0.10.4-bb.0"
tag: "0.11.0-bb.0"
path: "./chart"
helmRepo:
repoName: "registry1"
chartName: "external-secrets"
tag: "0.10.4-bb.0"
tag: "0.11.0-bb.0"
# -- Override flux settings for this package
flux: {}
......@@ -2112,7 +2102,7 @@ addons:
git:
repo: https://repo1.dso.mil/big-bang/product/packages/alloy.git
tag: "1.6.4-bb.0"
tag: "1.6.13-bb.0"
path: "./chart"
values: {}
......
docs/developer/testing-repo1-CI.md 0 → 100644
View file @ 1ef2d685
# Testing repo1 CI against a dedicated runner
This page will describe how to deploy bigbang with a GitLab Runner that is connected to repo1. Source documentation for GitLab Runner is available at https://docs.gitlab.com/runner/.
## Why
* You need to test GitLab Runner configuration against repo1
* You need to test integrating CI pipelines to infrastructure or other bigbang services.
## How
### Request access
You will need either of these:
* Admin access to a repo on repo1
* Or access to create personal repos under your account on repo1
Contact the Big Bang Government Team Lead to request access.
### Create gitlab runner and token
1. Go to *Settings -> CI/CD* on the repo you want to test against.
1. Expand the *Runners* section and click *New project runner*
1. Select *Run untagged jobs* and *Lock to current projects* and click *Create runner*
1. On the next page Copy the *runner authentication token* for later
### Deploy a k8s cluster and install flux
by default the easiest way to test is to spin up a cluster using the k3d-dev.sh script.
you can follow the directions <https://repo1.dso.mil/big-bang/bigbang/-/blob/master/docs/developer/aws-k3d-script.md>
### Deploy Big Bang
1. Create an overrides file with the following content, along with any additional [configuration settings](https://docs.gitlab.com/runner/executors/kubernetes/#configuration-settings) you need to test
```yaml
# enable grafana alloy to push traces to
addons:
alloy:
enabled: true
# enable gitlabrunners for ci-tracing
gitlabRunner:
enabled: true
values:
# set the url to repo1
gitlabUrl: https://repo1.dso.mil
runners:
# use custom config and remove cloneUrl paramaters
config: |
[[runners]]
[runners.kubernetes]
pull_policy = "always"
namespace = "{{.Release.Namespace}}"
image = "{{ printf "%s/%s:%s" .Values.runners.job.registry .Values.runners.job.repository .Values.runners.job.tag }}"
helper_image = "{{ printf "%s/%s:%s" .Values.runners.helper.registry .Values.runners.helper.repository .Values.runners.helper.tag }}"
image_pull_secrets = ["private-registry"]
[runners.kubernetes.pod_security_context]
run_as_non_root = true
run_as_user = 1001
[runners.kubernetes.helper_container_security_context]
run_as_non_root = true
run_as_user = 1001
[runners.kubernetes.pod_labels]
"job_id" = "${CI_JOB_ID}"
"job_name" = "${CI_JOB_NAME}"
"pipeline_id" = "${CI_PIPELINE_ID}"
"app" = "gitlab-runner"
```
1. Deploy BigBang with the above override file
```bash
helm upgrade -i bigbang ./chart -n bigbang --create-namespace -f ./docs/assets/configs/example/policy-overrides-k3d.yaml -f ../overrides/registry-values.yaml -f ./chart/ingress-certs.yaml -f ../overrides/gitlabrunner-test.yaml
```
1. Create a secret with the token for the runner
Replace *runnertoken* with the token that was created for the runner.
```bash
kubectl -n gitlab-runner create secret generic gitlab-gitlab-runner-secret --from-literal=runner-registration-token=runnertoken --from-literal=runner-token=runnertoken
```
1. Validate that the runner is connected to repo1. Goto the repo on repo1 then *Settings->CI/CD*, expand the *Runners* section the runner should be marked as green.
1. Now create a CI workflow for the repo and let it run, it should choose the gitlab runner on your k3d cluster.

UNCLASSIFIED - NO CUI