README.md

BigBang Template

This is a mirror of a government repo hosted on Repo1 by DoD Platform One. Please direct all code changes, issues and comments to https://repo1.dso.mil/platform-one/big-bang/customers/template**

• BigBang Template
  • Prerequisites
  • Setup
    • Create Git Repository
    • Create GPG Encryption Key
    • Add TLS Certificates
    • Add Pull Credentials
    • Configure for GitOps
  • Deploy
  • Customize
    • Enable a package
    • Update the Big Bang Version
    • Update the domain
    • Use NodePorts for Istio Ingress Gateway
    • Additional Big Bang values
    • Additional resources
  • Secrets
    • Key Vault
    • Key Rotation
    • Multiple Keys
    • Different keys for different environments
    • Modifying an encrypted file
  • Multi-environment Workflow

This folder contains a template that you can replicate in your own Git repo to get started with Big Bang configuration. If you are new to Big Bang it is recommended you start with the Big Bang Quickstart before attempting customization.

The main benefits of this template include:

• Isolation of the Big Bang product and your custom configuration
  • Allows you to easily consume upstream Big Bang changes since you never change the product
  • Big Bang product tags are explicitly referenced in your configuration, giving you control over upgrades
• GitOps for your deployments configurations
  • Single source of truth for the configurations deployed
  • Historical tracking of changes made
  • Allows tighter control of what is deployed to production (via merge requests)
  • Enables use of CI/CD pipelines to test prior to deployment
  • Avoids problem of helm upgrade using values.yaml that are not controlled
  • Allows you to limit access to production Kubernetes cluster since all changes are made via Git
• Shared configurations across deployments
  • Common settings across deployments (e.g. dev, staging, prod) can be configured in one place
  • Secrets (e.g. pull credentials) can be shared across deployments.

    NOTE: SOPS supports multiple keys for encrypting the same secret so that each environment can use a different SOPS key but share a secret.

Prerequisites

To deploy Big Bang, the following items are required:

• Kubernetes cluster ready for Big Bang
• A git repo for your configuration
• Kubectl
• GPG (Mac users need to read this important note)
• SOPS
• Git
• Iron Bank Personal Access Token - Under your User Profile, copy the CLI secret.
• Repo1 Personal Access Token - You will need read_repository permissions.
• Helm
• Kustomize

In addition, the following items are recommended to assist with troubleshooting:

• K9S

Setup

This template supports a multi-environment template for two distinct deployments: prod and dev. Additional environments can be added by replicating one of the existing folders.

Each environment consists of a Kubernetes manifest containing Flux resources (bigbang.yaml), a Kustomization file (kustomization.yaml), values to pass to Big Bang (configmap.yaml), secrets (secrets.enc.yaml), and additional files used to deploy resources. All of the environments share a base folder to allow reusability of values between environments.

To insure variables (e.g. ${fp}) are set correctly, execute all of the steps below in the same terminal window.

Create Git Repository

We need to work off our own Git repo for storing configuration. So, you should fork this repo into a private Git repo owned by yourself or your project. Then, clone your repo locally.

git clone https://<your domain>/<your repo>.git
cd <your repo>

# Create branch for your changes
git checkout -b template-demo

It is recommended that you create your own branch so that you can pull the original repository's main branch as a mirror to keep it in sync.

Create GPG Encryption Key