diff --git a/.gitignore b/.gitignore
index 92194a4ab886c8976ab6db849e19d4dc06677c8b..512dcfb5d868c69014085b6578f00255a0960d00 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
netpol.yaml
-override.yaml
\ No newline at end of file
+override*.yaml
\ No newline at end of file
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17701bdf9def7e5e81f80335a7d710037759a99a..43554d6f24e6ee83f6f85d2d04ec5d50126a26bc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,13 @@
> Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
---
+## [6.7.1-bb.6] - 2025-02-21
+
+### Changed
+
+- fix deployment readme
+- fix virtual service deployment
+
## [6.7.1-bb.5] - 2025-02-21
### Changed
diff --git a/README.md b/README.md
index ca4a1d0bea685bc54909ab0331c1ae9e806b2f43..a82496997e9ccdd3fad06f55f1ad2213f2be3b66 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# podinfo
-  
+  
Podinfo Helm chart for Kubernetes
@@ -169,6 +169,7 @@ helm install podinfo chart/
| privateRegistryEmail | string | `"help@dsop.io"` | |
| privateRegistrySecretName | string | `"private-registry"` | |
| autogensecrets.enabled | bool | `true` | |
+| warnInsteadOfFail | bool | `true` | |
## Contributing
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index eccf5b145605513cfde963cf71710f80467cb7dc..c2a2a1a5fbbd4a7d9bbc245b54ec748c324de8c0 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
icon: https://kubernetes.io/icons/icon-128x128.png
-version: 6.7.1-bb.5
+version: 6.7.1-bb.6
appVersion: 6.7.1
name: podinfo
engine: gotpl
diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml
index 712e76eca83be95c6b515333fa844e232d9729c1..0e01a0e0b7f11f8161a24c21cf3ed48b758ecb27 100644
--- a/chart/templates/bigbang/virtualservice.yaml
+++ b/chart/templates/bigbang/virtualservice.yaml
@@ -1,5 +1,5 @@
{{- $pkg := "podinfo" }}
-{{- if and .Values.istio.enabled (get .Values.istio $pkg).enabled }}
+{{- if .Values.istio.enabled }}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 9d38b3a7ec31bb59084f6ca17374ae8149f55417..c9918759b35f9d944896e68829053e5d3c146349 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -22,17 +22,14 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
## Big Bang considerations
-When deploying with kyverno you will need to add these to your overrides:
+### Automated deployment without credentials overrides
-```yaml
-monitoring:
- enabled: true
+When deploying you will need to add these to your overrides file called `overrides.yaml`:
-kyverno:
+```yaml
+istio:
enabled: true
-
-addons:
- argocd:
+ hardened:
enabled: true
packages:
@@ -43,7 +40,7 @@ packages:
repo: https://repo1.dso.mil/big-bang/apps/sandbox/podinfo.git
path: chart
tag: null
- branch: your-branch-name # add your branch name here after you publish it
+ branch: main # add your branch name here after you publish it
flux:
timeout: 5m
postRenderers: []
@@ -53,14 +50,15 @@ packages:
- name: monitoring
namespace: bigbang
values:
- autogensecrets:
- enabled: true
replicaCount: 3
istio:
+ enabled: true
hardened:
enabled: true
```
+- deploy podinfo
+
```bash
# Run the following command to install:
./docs/assets/scripts/developer/k3d-dev.sh
@@ -71,35 +69,46 @@ export KUBECONFIG=~/.kube/$(aws sts get-caller-identity --query "Arn" --output t
--set registryCredentials.password="${REGISTRY1_PASSWORD}" \
-f ./docs/assets/configs/example/policy-overrides-k3d.yaml \
-f ./chart/ingress-certs.yaml \
- -f /your/podinfo/override/file/location/override.yaml
+ -f /your/podinfo/override/file/location/overrides.yaml
```
-- Kyverno is a hard requirements for testing, because kyverno will be needed for policy replication
-- ArgoCD is a soft requirements, if not present then make sure to specify in an additional override file the following values:
+- This method uses flux to generate the private-registry secret. Istio is enabled to have VS (virtualservices) deployed and have a way to reach podinfo.
+
+### Automated deployment without flux
+
+- Set up an overrides.yaml file with the following values:
```yaml
+replicaCount: 3
privateRegistrySecret: true
privateRegistry: "registry1.dso.mil"
privateRegistryUsername: "your_harbor_username"
privateRegistryPassword: "your_harbor_password"
privateRegistryEmail: "help@dsop.io"
privateRegistrySecretName: "private-registry"
+autogensecrets:
+ enabled: false
```
+- Deploy podInfo
```bash
# Run the following command to install:
./docs/assets/scripts/developer/k3d-dev.sh
export KUBECONFIG=~/.kube/$(aws sts get-caller-identity --query "Arn" --output text | cut -d '/' -f2)-dev-default-config
-./scripts/install_flux.sh -u $REGISTRY1_USER -p $REGISTRY1_PASSWORD
- helm upgrade -i bigbang chart/ -n bigbang --create-namespace \
- --set registryCredentials.username=${REGISTRY1_USER} \
- --set registryCredentials.password="${REGISTRY1_PASSWORD}" \
- -f ./docs/assets/configs/example/policy-overrides-k3d.yaml \
- -f ./chart/ingress-certs.yaml \
- -f /your/podinfo/override/file/location/override.yaml \
- -f /your/podinfo/credentials/file/location/credentials.yaml
+helm upgrade -i bigbang chart/ -n bigbang --create-namespace \
+ -f /your/podinfo/override/file/location/overrides.yaml \
```
+- This method won't deploy a Virtual Service, PortForwarding need to be used to connect to podinfo
+
+### Deployment in pipeline and release tests
+
+For the pipeline and bigbang release tests the following packages are mandatory: istio, argocd, kyverno
+
+See [test_values.yaml](../tests/test-values.yml), that shows what is required to deploy in a pipeline and/or in the release tests.
+
+The reason for the hard requirement of kyverno and argocd is because kyverno will set up a policy to clone the private-registry secret from argocd (podinfo is a requirement for the argocd test), and the policy will copy the private registry from argocd naspace to podinfo namespace.
+
### Testing
How to run tests:
@@ -111,17 +120,24 @@ helm test -n podinfo podinfo
You will need to add these to your overrides to run tests when using kyverno:
```yaml
+addons:
+ argocd:
+ enabled: true
+
+istio:
+ enabled: true
+ hardened:
+ enabled: true
+
+monitoring:
+ enabled: true
+
+kyverno:
+ enabled: true
+
kyvernoPolicies:
values:
policies:
- restrict-image-registries:
- exclude:
- any:
- - resources:
- namespaces:
- - podinfo
- names:
- - podinfo*
restrict-host-path-mount:
exclude:
any: