From 5fb603431d088cead20f553a3d6573806ca4f638 Mon Sep 17 00:00:00 2001
From: Danilo Patrucco <danilo.patrucco@gmail.com>
Date: Fri, 21 Feb 2025 17:26:46 -0500
Subject: [PATCH 1/4] fix readme
---
docs/DEVELOPMENT_MAINTENANCE.md | 73 +++++++++++++++++++--------------
1 file changed, 43 insertions(+), 30 deletions(-)
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 9d38b3a..291c621 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -22,17 +22,14 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
## Big Bang considerations
-When deploying with kyverno you will need to add these to your overrides:
+### Automated deployment without credentials file
-```yaml
-monitoring:
- enabled: true
+When deploying you will need to add these to your overrides file called `overrides.yaml`:
-kyverno:
+```yaml
+istio:
enabled: true
-
-addons:
- argocd:
+ hardened:
enabled: true
packages:
@@ -43,7 +40,7 @@ packages:
repo: https://repo1.dso.mil/big-bang/apps/sandbox/podinfo.git
path: chart
tag: null
- branch: your-branch-name # add your branch name here after you publish it
+ branch: main # add your branch name here after you publish it
flux:
timeout: 5m
postRenderers: []
@@ -53,14 +50,14 @@ packages:
- name: monitoring
namespace: bigbang
values:
- autogensecrets:
- enabled: true
replicaCount: 3
istio:
hardened:
enabled: true
```
+- deploy podinfo
+
```bash
# Run the following command to install:
./docs/assets/scripts/developer/k3d-dev.sh
@@ -71,13 +68,19 @@ export KUBECONFIG=~/.kube/$(aws sts get-caller-identity --query "Arn" --output t
--set registryCredentials.password="${REGISTRY1_PASSWORD}" \
-f ./docs/assets/configs/example/policy-overrides-k3d.yaml \
-f ./chart/ingress-certs.yaml \
- -f /your/podinfo/override/file/location/override.yaml
+ -f /your/podinfo/override/file/location/overrides.yaml
```
-- Kyverno is a hard requirements for testing, because kyverno will be needed for policy replication
-- ArgoCD is a soft requirements, if not present then make sure to specify in an additional override file the following values:
+- This method uses flux to generate the private-registry secret. Istio is enabled to have VS (virtualservices) deployed and have a way to reach podinfo.
+
+### Automated deployment without flux
+
+- Set up an overrides.yaml file with the following values:
```yaml
+autogensecrets:
+ enabled: false
+replicaCount: 3
privateRegistrySecret: true
privateRegistry: "registry1.dso.mil"
privateRegistryUsername: "your_harbor_username"
@@ -85,21 +88,24 @@ privateRegistryPassword: "your_harbor_password"
privateRegistryEmail: "help@dsop.io"
privateRegistrySecretName: "private-registry"
```
+- Deploy podInfo
```bash
# Run the following command to install:
./docs/assets/scripts/developer/k3d-dev.sh
export KUBECONFIG=~/.kube/$(aws sts get-caller-identity --query "Arn" --output text | cut -d '/' -f2)-dev-default-config
-./scripts/install_flux.sh -u $REGISTRY1_USER -p $REGISTRY1_PASSWORD
- helm upgrade -i bigbang chart/ -n bigbang --create-namespace \
- --set registryCredentials.username=${REGISTRY1_USER} \
- --set registryCredentials.password="${REGISTRY1_PASSWORD}" \
- -f ./docs/assets/configs/example/policy-overrides-k3d.yaml \
- -f ./chart/ingress-certs.yaml \
- -f /your/podinfo/override/file/location/override.yaml \
- -f /your/podinfo/credentials/file/location/credentials.yaml
+helm upgrade -i bigbang chart/ -n bigbang --create-namespace \
+ -f /your/podinfo/override/file/location/overrides.yaml \
```
+### Deployment in pipeline and release tests
+
+For the pipeline and bigbang release tests the following packages are mandatory: istio, argocd, kyverno
+
+See [test_values.yaml](../tests/test-values.yml), that shows what is required to deploy in a pipeline and/or in the release tests.
+
+The reason for the hard requirement of kyverno and argocd is because kyverno will set up a policy to clone the private-registry secret from argocd (podinfo is a requirement for the argocd test), and the policy will copy the private registry from argocd naspace to podinfo namespace.
+
### Testing
How to run tests:
@@ -111,17 +117,24 @@ helm test -n podinfo podinfo
You will need to add these to your overrides to run tests when using kyverno:
```yaml
+addons:
+ argocd:
+ enabled: true
+
+istio:
+ enabled: true
+ hardened:
+ enabled: true
+
+monitoring:
+ enabled: true
+
+kyverno:
+ enabled: true
+
kyvernoPolicies:
values:
policies:
- restrict-image-registries:
- exclude:
- any:
- - resources:
- namespaces:
- - podinfo
- names:
- - podinfo*
restrict-host-path-mount:
exclude:
any:
--
GitLab
From d3d5133fc8292d737c5c3108768488eb0cf29fd6 Mon Sep 17 00:00:00 2001
From: Danilo Patrucco <danilo.patrucco@gmail.com>
Date: Mon, 24 Feb 2025 10:18:48 -0500
Subject: [PATCH 2/4] test
---
.gitignore | 2 +-
chart/templates/bigbang/virtualservice.yaml | 2 +-
docs/DEVELOPMENT_MAINTENANCE.md | 6 +++---
3 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/.gitignore b/.gitignore
index 92194a4..512dcfb 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,2 @@
netpol.yaml
-override.yaml
\ No newline at end of file
+override*.yaml
\ No newline at end of file
diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml
index 712e76e..63a42e7 100644
--- a/chart/templates/bigbang/virtualservice.yaml
+++ b/chart/templates/bigbang/virtualservice.yaml
@@ -1,5 +1,5 @@
{{- $pkg := "podinfo" }}
-{{- if and .Values.istio.enabled (get .Values.istio $pkg).enabled }}
+{{- if and .Values.istio.enabled }}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 291c621..3ea1375 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -22,7 +22,7 @@ BigBang makes modifications to the upstream helm chart. The full list of changes
## Big Bang considerations
-### Automated deployment without credentials file
+### Automated deployment without credentials overrides
When deploying you will need to add these to your overrides file called `overrides.yaml`:
@@ -78,8 +78,6 @@ export KUBECONFIG=~/.kube/$(aws sts get-caller-identity --query "Arn" --output t
- Set up an overrides.yaml file with the following values:
```yaml
-autogensecrets:
- enabled: false
replicaCount: 3
privateRegistrySecret: true
privateRegistry: "registry1.dso.mil"
@@ -87,6 +85,8 @@ privateRegistryUsername: "your_harbor_username"
privateRegistryPassword: "your_harbor_password"
privateRegistryEmail: "help@dsop.io"
privateRegistrySecretName: "private-registry"
+autogensecrets:
+ enabled: false
```
- Deploy podInfo
--
GitLab
From 2c8fbccdbf3ce8621b4c63383379a6f0be8731b2 Mon Sep 17 00:00:00 2001
From: Danilo Patrucco <danilo.patrucco@gmail.com>
Date: Mon, 24 Feb 2025 15:41:39 -0500
Subject: [PATCH 3/4] fx
---
chart/templates/bigbang/virtualservice.yaml | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/chart/templates/bigbang/virtualservice.yaml b/chart/templates/bigbang/virtualservice.yaml
index 63a42e7..0e01a0e 100644
--- a/chart/templates/bigbang/virtualservice.yaml
+++ b/chart/templates/bigbang/virtualservice.yaml
@@ -1,5 +1,5 @@
{{- $pkg := "podinfo" }}
-{{- if and .Values.istio.enabled }}
+{{- if .Values.istio.enabled }}
apiVersion: networking.istio.io/v1beta1
kind: VirtualService
metadata:
--
GitLab
From 72afa0353fe01d230b3902215f0d5990a0cb9184 Mon Sep 17 00:00:00 2001
From: Danilo Patrucco <danilo.patrucco@gmail.com>
Date: Mon, 24 Feb 2025 15:55:21 -0500
Subject: [PATCH 4/4] fixes
---
CHANGELOG.md | 7 +++++++
README.md | 3 ++-
chart/Chart.yaml | 2 +-
docs/DEVELOPMENT_MAINTENANCE.md | 3 +++
4 files changed, 13 insertions(+), 2 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 17701bd..43554d6 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,13 @@
> Format: [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
---
+## [6.7.1-bb.6] - 2025-02-21
+
+### Changed
+
+- fix deployment readme
+- fix virtual service deployment
+
## [6.7.1-bb.5] - 2025-02-21
### Changed
diff --git a/README.md b/README.md
index ca4a1d0..a824969 100644
--- a/README.md
+++ b/README.md
@@ -1,7 +1,7 @@
<!-- Warning: Do not manually edit this file. See notes on gluon + helm-docs at the end of this file for more information. -->
# podinfo
-  
+  
Podinfo Helm chart for Kubernetes
@@ -169,6 +169,7 @@ helm install podinfo chart/
| privateRegistryEmail | string | `"help@dsop.io"` | |
| privateRegistrySecretName | string | `"private-registry"` | |
| autogensecrets.enabled | bool | `true` | |
+| warnInsteadOfFail | bool | `true` | |
## Contributing
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index eccf5b1..c2a2a1a 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
apiVersion: v2
icon: https://kubernetes.io/icons/icon-128x128.png
-version: 6.7.1-bb.5
+version: 6.7.1-bb.6
appVersion: 6.7.1
name: podinfo
engine: gotpl
diff --git a/docs/DEVELOPMENT_MAINTENANCE.md b/docs/DEVELOPMENT_MAINTENANCE.md
index 3ea1375..c991875 100644
--- a/docs/DEVELOPMENT_MAINTENANCE.md
+++ b/docs/DEVELOPMENT_MAINTENANCE.md
@@ -52,6 +52,7 @@ packages:
values:
replicaCount: 3
istio:
+ enabled: true
hardened:
enabled: true
```
@@ -98,6 +99,8 @@ helm upgrade -i bigbang chart/ -n bigbang --create-namespace \
-f /your/podinfo/override/file/location/overrides.yaml \
```
+- This method won't deploy a Virtual Service, PortForwarding need to be used to connect to podinfo
+
### Deployment in pipeline and release tests
For the pipeline and bigbang release tests the following packages are mandatory: istio, argocd, kyverno
--
GitLab