Add Debian Base Image

Background

The CHT team is wanting to add Debian as a base image.

POPs will need to work on all the required steps to onboard a new base image.

Acceptance Criteria

• Add the Debian repos to Nexus
  • in the bootstrap repo, in umbrella/base/values/app-values/nexus-values.yaml

            - name: "debian"
              format: "apt"
              type: "proxy"
              repo_data:
                name: "debian"
                online: true
                storage:
                  blobStoreName: "nexus-s3"
                  strictContentTypeValidation: true
                cleanup:
                  policyNames:
                    - "string"
                proxy:
                  remoteUrl: "https://deb.debian.org/debian"
                  contentMaxAge: 1440
                  metadataMaxAge: 1440
                negativeCache:
                  enabled: true
                  timeToLive: 1440
                httpClient:
                  blocked: "false"
                  autoBlock: "false"
                routingRule: "string"
                apt:
                  distribution: "bullseye"
                  flat: false
  
            - name: "debian-security"
              format: "apt"
              type: "proxy"
              repo_data:
                name: "debian-security"
                online: true
                storage:
                  blobStoreName: "nexus-s3"
                  strictContentTypeValidation: true
                cleanup:
                  policyNames:
                    - "string"
                proxy:
                  remoteUrl: "https://deb.debian.org/debian-security"
                  contentMaxAge: 1440
                  metadataMaxAge: 1440
                negativeCache:
                  enabled: true
                  timeToLive: 1440
                httpClient:
                  blocked: "false"
                  autoBlock: "false"
                routingRule: "string"
                apt:
                  distribution: "bullseye-security"
                  flat: false
  
            - name: "debian-updates"
              format: "apt"
              type: "proxy"
              repo_data:
                name: "debian-updates"
                online: true
                storage:
                  blobStoreName: "nexus-s3"
                  strictContentTypeValidation: true
                cleanup:
                  policyNames:
                    - "string"
                proxy:
                  remoteUrl: "https://deb.debian.org/debian"
                  contentMaxAge: 1440
                  metadataMaxAge: 1440
                negativeCache:
                  enabled: true
                  timeToLive: 1440
                httpClient:
                  blocked: "false"
                  autoBlock: "false"
                routingRule: "string"
                apt:
                  distribution: "bullseye-updates"
                  flat: false
  

• Add Debian repo files to the build stage dir

  deb http://nexus-repository-manager.nexus-repository-manager.svc.cluster.local:8081/repository/debian bullseye main
  deb http://nexus-repository-manager.nexus-repository-manager.svc.cluster.local:8081/repository/debian-security bullseye-security main
  deb http://nexus-repository-manager.nexus-repository-manager.svc.cluster.local:8081/repository/debian-updates bullseye-updates main
  

• Create a pipeline template for Debian to add mount the repofile
• Update access log parser
• Update ACCESS_LOG CI variable
• Debian CHT project has os-type var added to hardening manifest, and LABEL_ALLOWLIST_REGEX added to it's CI vars

Definition of Done

• Successfully build, scan, and push to prod, Debian 11 image