Fix wildcard cert issue and update documentation

d9497e1d · michaelmcleroy · c44ba150 · d9497e1d · d9497e1d · c44ba150
Commit d9497e1d authored Jul 28, 2021 by michaelmcleroy
6 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,9 +2,21 @@

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [1.2.0]
+
+### Changed
+
+- Fix namespace error (istio-system) when deploying wildcard-cert
+- Updated expired certificate for *.bigbang.dev
+- Added default values for `istio.ingress.tls.*` to workaround Helm error on `nil` values.
+- Updated [README.md](./README.md) for TLS cert
+- Updated [README.md](./README.md) for sops key creation (Issue #8)
+- Updated default BigBang release to 1.12.0 in kustomization.
+
 ## [1.1.1]

 ### Changed
+
 - Security groups between internet facing network load balancer and agent's node ports updated to fix ingress

 ## [1.1.0]

--- a/README.md
+++ b/README.md
@@ -173,7 +173,7 @@ Big Bang follows a [GitOps](https://www.weave.works/blog/what-is-gitops-really)
   ```shell
   # The private key is not stored in Git (and should NEVER be stored there).  We deploy it manually by exporting the key into a secret.
   kubectl create namespace bigbang
-   gpg --export-secret-key --armor ${fp} | kubectl create secret generic sops-gpg -n bigbang --from-file=bigbangkey=/dev/stdin
+   gpg --export-secret-key --armor ${fp} | kubectl create secret generic sops-gpg -n bigbang --from-file=bigbangkey.asc=/dev/stdin
   ```

 1. Create imagePullSecrets for Flux
@@ -184,6 +184,7 @@ Big Bang follows a [GitOps](https://www.weave.works/blog/what-is-gitops-really)

   # Adding a space before this command keeps our PAT out of our history
    kubectl create secret docker-registry private-registry --docker-server=registry1.dso.mil --docker-username=<Your IronBank Username> --docker-password=<Your IronBank Personal Access Token> -n flux-system
+   ```

 1. Create Git credentials for Flux

@@ -232,7 +233,7 @@ Big Bang follows a [GitOps](https://www.weave.works/blog/what-is-gitops-really)
   # If you are deployed on a remote host you will need to point "kiali.bigbang.dev" to your cluster master node via your /etc/hosts file
   ```

-   > If you cannot get to the main page of Kiali, it may be due to an expired certificate.  Check the expiration of the certificate in `base/bigbang-dev-cert.yaml`.
+   > If you cannot get to the main page of Kiali, it may be due to an expired certificate.  Check the expiration of the certificate in `base/configmap.yaml`.

   > For troubleshooting deployment problems, refer to the [Big Bang](https://repo1.dsop.io/platform-one/big-bang/bigbang) documentation.

@@ -274,7 +275,7 @@ To minimize the risk of an unexpected deployment of a BigBang release, the BigBa

  ```yaml
  bases:
-  - https://repo1.dsop.io/platform-one/big-bang/bigbang.git/base/?ref=v1.8.0
+  - https://repo1.dsop.io/platform-one/big-bang/bigbang.git/base/?ref=v1.12.0
  ```

 - Reference for the Big Bang helm release:
@@ -287,7 +288,7 @@ To minimize the risk of an unexpected deployment of a BigBang release, the BigBa
   spec:
      ref:
         $patch: replace
-         semver: "1.8.0"
+         semver: "1.12.0"
   ```

 To update `dev/kustomization.yaml`, you would create a `mergePatch` like the following:
@@ -303,7 +304,7 @@ patchesStrategicMerge:
    interval: 1m
    ref:
      $patch: replace
-      semver: "1.9.0"
+      semver: "1.13.0"
 ```

 > This does not update the kustomize base, but it is unusual for that to change.
@@ -312,7 +313,7 @@ Then, commit your change:

 ```shell
   git add kustomization.yaml
-   git commit -m "feat(dev): update bigbang to 1.9.0"
+   git commit -m "feat(dev): update bigbang to 1.13.0"
   git push
 ```

@@ -326,19 +327,49 @@ When you are done testing, you can update the reference in `base` (and delete th

 ### Update the domain

-Big Bang deploys applications to `*.bigbang.dev` by default.  You can override the `bigbang.dev` domain to your domain by updating `dev/configmap.yaml` and adding the following:
+Big Bang deploys applications to `*.bigbang.dev` by default.  You can override the `bigbang.dev` domain to your domain by updating `base/configmap.yaml` and adding the following:

 ```yaml
 hostname: insert-your-domain-here
+# Also, comment out or delete the TLS certificate for *.bigbang.dev
+```
+
+Since you are changing the domain, you will also need to update your TLS certificates.  You should have already removed the default `*.bigbang.dev` certificate from `base/configmap.yaml`.  Now, add your new certificate to `base/secrets.enc.yaml`.
+
+```shell
+sops base/secrets.enc.yaml
 ```

+Put your TLS certificate and private key where it states `replace-with-your-tls-certificate` and `replace-with-your-tls-private-key`.
+
+> The name of the secret must be `common-bb` if the secret is in the `base` folder or `environment-bb` if the secret is in the `dev` or `prod` folder.  The `environment-bb` values take precedence over the `common-bb` values.
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+   name: common-bb
+stringData:
+   values.yaml: |-
+      registryCredentials:
+      - registry: registry1.dso.mil
+        username: already-configured-iron-bank-user
+        password: already-configured-iron-bank-personal-access-token
+      istio:
+        ingress:
+          cert: "replace-with-your-tls-certificate"
+          key: "replace-with-your-tls-private-key"
+```
+
+When you save the file, it will automatically encrypt your secret using SOPS.
+
 > NOTE: The `dev` template includes several overrides to minimize resource usage and increase polling time in a development environment.  They are provided for convenience and are NOT required.

 Commit your change:

 ```shell
-   git add configmap.yaml
-   git commit -m "feat(dev): updated domain name"
+   git add base/configmap.yaml base/secrets.enc.yaml
+   git commit -m "feat(dev): updated domain name and certificate"
   git push
 ```


--- a/base/bigbang-dev-cert.yaml
+++ b/base/bigbang-dev-cert.yaml
-apiVersion: v1
-kind: Secret
-metadata:
-  name: wildcard-cert
-  namespace: istio-system
-type: kubernetes.io/tls
-data:
-  tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSUZNekNDQkJ1Z0F3SUJBZ0lTQS9iZlFINVZneTNLVHUzUFh4aU5IZWQ4TUEwR0NTcUdTSWIzRFFFQkN3VUEKTURJeEN6QUpCZ05WQkFZVEFsVlRNUll3RkFZRFZRUUtFdzFNWlhRbmN5QkZibU55ZVhCME1Rc3dDUVlEVlFRRApFd0pTTXpBZUZ3MHlNVEEwTVRZd01UQTFNVE5hRncweU1UQTNNVFV3TVRBMU1UTmFNQmd4RmpBVUJnTlZCQU1NCkRTb3VZbWxuWW1GdVp5NWtaWFl3Z2dFaU1BMEdDU3FHU0liM0RRRUJBUVVBQTRJQkR3QXdnZ0VLQW9JQkFRRGwKN29JZWNESFJiOFhCakc0c0VXMXFzQmxJOTRvSWE1MEtUSFdPZXQ3bWhXODJCWCtzY1dWZ3FJM1BiSVZVSTE0NApJZ0tHUFNxM1NFa2lnUDB6TmdTbHhOalpaL1VhQjk5SFhsSzVrWjg3cHVEdm9PWU1CaXVyanEvUXpnd3lnaU45Ck55eXFkVXRXZGMvVjk0b3d4UzQ3SHNjbGhuT0VYc2NWT2pTUUkvUElHTTVHOFVYWnllVjB5dkdWdnJVWU5iTWYKejlNaGgzckQyaWh3NkxRVmdYNzEwSjdxM0lPaUMxQ0RDdDB3WHVyMXcxOExZcytSMVl1MDdBTTdSNUVvRUVGQgoyVFpoWWdEWjMrdjdsdnYvRUlOeVZjNUZmb2xJaHlWMVZHK2RaeGV2SEZpdVpRNWNOTHBpTHdlcDNRcmVLZU5rCjFpakJoQWVoUm5UTWE4ZkIrbWI5QWdNQkFBR2pnZ0piTUlJQ1Z6QU9CZ05WSFE4QkFmOEVCQU1DQmFBd0hRWUQKVlIwbEJCWXdGQVlJS3dZQkJRVUhBd0VHQ0NzR0FRVUZCd01DTUF3R0ExVWRFd0VCL3dRQ01BQXdIUVlEVlIwTwpCQllFRkFxWXBTQy9hcTg2VkdnMFBqK0FKTDhKcTRvcE1COEdBMVVkSXdRWU1CYUFGQlF1c3hlM1dGYkxybEFKClFPWWZyNTJMRk1MR01GVUdDQ3NHQVFVRkJ3RUJCRWt3UnpBaEJnZ3JCZ0VGQlFjd0FZWVZhSFIwY0RvdkwzSXoKTG04dWJHVnVZM0l1YjNKbk1DSUdDQ3NHQVFVRkJ6QUNoaFpvZEhSd09pOHZjak11YVM1c1pXNWpjaTV2Y21jdgpNQ3NHQTFVZEVRUWtNQ0tDRFNvdVltbG5ZbUZ1Wnk1a1pYYUNFU291WkdWMkxtSnBaMkpoYm1jdVpHVjJNRXdHCkExVWRJQVJGTUVNd0NBWUdaNEVNQVFJQk1EY0dDeXNHQVFRQmd0OFRBUUVCTUNnd0pnWUlLd1lCQlFVSEFnRVcKR21oMGRIQTZMeTlqY0hNdWJHVjBjMlZ1WTNKNWNIUXViM0puTUlJQkJBWUtLd1lCQkFIV2VRSUVBZ1NCOVFTQgo4Z0R3QUhVQWIxTjJyREh3TVJuWW1RQ2tVUlgvZHhVY0Vka0N3UUFwQm8yeUNKbzMyUk1BQUFGNDJHelJYQUFBCkJBTUFSakJFQWlCQzlTSnpwQlVtTWZwVFRmbEthc1ZVTUNPVkVIL3lRSExlejlPaWpleUxFUUlnSjI5cXQrbXQKQ3doZHM1MnA4Rm44ZDREUTA1WDFZR2U4M3cvL25KRzc2aHdBZHdEMlhKUXYwWGN3SWhSVUdBZ3dsRmFPNDAwVApHVE8vM3d3dklBdk1UdkZrNHdBQUFYalliTkhQQUFBRUF3QklNRVlDSVFEQnRTbHYydTNTejNiVE9LUUF6c21TCit1NzlQanRwdlRuSGZwN1N3cUdUQUFJaEFPSkw3ZHI5cEp0OUpSS0JsNEU3VnU3OXhVN3hPdXgxTElVVkUra0EKZFIxcU1BMEdDU3FHU0liM0RRRUJDd1VBQTRJQkFRQlFLNzZrWkp3YTF6TnYyazJoL3U1aXN2Y1FpREw4ZW9VZAppZElkWHk3eWRJYmh6WWw5VmgrekRHa1V3eHZJUDRqVmpENEZCQzRRcVFUanF1dHc4c0xXamJ6U1BKTFZmWUxWClRtd3RrYkN2aFRpRTNQQWRUK1Ntb09GSVVzZDJMRW1qRko2MjJEeVVhTkgwT3NkckhLQ2xDL0tJTzBOdmhUUXMKWm5OODllSDF3cmVJTDlEb2xYa28zUmdrR0IxTGJHOU1INC9kdnpUbktIb0JvNEVVRlhvSmNuU2lLN3JkSEVYSQp1N3dLRmp3OU9KbnFqQ0x4N1NHT0l5aExvNGM1VXRKWFU4dXhLbXhzTzYzV0daRytaQjM4dXp1UlphRUV0K3pzClNvbFN0ZUVFSEhYYmUvQmpZZnVmVzJCWGRKd3FpM2dhdzA0ais4UTRoY250SDJjTTI4VFcKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQotLS0tLUJFR0lOIENFUlRJRklDQVRFLS0tLS0KTUlJRVpUQ0NBMDJnQXdJQkFnSVFRQUYxQklNVXBNZ2hqSVNwREJiTjN6QU5CZ2txaGtpRzl3MEJBUXNGQURBLwpNU1F3SWdZRFZRUUtFeHRFYVdkcGRHRnNJRk5wWjI1aGRIVnlaU0JVY25WemRDQkRieTR4RnpBVkJnTlZCQU1UCkRrUlRWQ0JTYjI5MElFTkJJRmd6TUI0WERUSXdNVEF3TnpFNU1qRTBNRm9YRFRJeE1Ea3lPVEU1TWpFME1Gb3cKTWpFTE1Ba0dBMVVFQmhNQ1ZWTXhGakFVQmdOVkJBb1REVXhsZENkeklFVnVZM0o1Y0hReEN6QUpCZ05WQkFNVApBbEl6TUlJQklqQU5CZ2txaGtpRzl3MEJBUUVGQUFPQ0FROEFNSUlCQ2dLQ0FRRUF1d0lWS016Mm9KVFREeExzCmpWV1N3L2lDOFptbWVrS0lwMTBtcXJVcnVjVk1zYStPYS9sMXlLUFhEMGVVRkZVMVY0eWVxS0k1R2ZXQ1BFS3AKVG03MU84TXUyNDNBc0Z6eldUam43YzlwOEZvTEc3N0FsQ1FsaC9vM2NiTVQ1eHlzNFp2djIrUTdSVkpGbHFuQgpVODQweUZMdXRhN3RqOTVnY09LbFZLdTJiUTZYcFVBMGF5dlR2R2JyWmpSOCttdUxqMWNwbWZnd0YxMjZjbS83CmdjV3Qwb1pZUFJmSDV3bTc4U3YzaHR6QjJuRmQxRWJqekswbHdZaThZR2QxWnJQeEdQZWlYT1pUL3pxSXRrZWwKL3hNWTZwZ0pkeitkVS9uUEFlWDFwbkFYRks5anBQK1pzNU9kM0ZPbkJ2NUloUjJoYWE0bGRic1R6RklEOWUxUgpvWXZiRlFJREFRQUJvNElCYURDQ0FXUXdFZ1lEVlIwVEFRSC9CQWd3QmdFQi93SUJBREFPQmdOVkhROEJBZjhFCkJBTUNBWVl3U3dZSUt3WUJCUVVIQVFFRVB6QTlNRHNHQ0NzR0FRVUZCekFDaGk5b2RIUndPaTh2WVhCd2N5NXAKWkdWdWRISjFjM1F1WTI5dEwzSnZiM1J6TDJSemRISnZiM1JqWVhnekxuQTNZekFmQmdOVkhTTUVHREFXZ0JURQpwN0drZXl4eCt0dmhTNUIxLzhRVllJV0pFREJVQmdOVkhTQUVUVEJMTUFnR0JtZUJEQUVDQVRBL0Jnc3JCZ0VFCkFZTGZFd0VCQVRBd01DNEdDQ3NHQVFVRkJ3SUJGaUpvZEhSd09pOHZZM0J6TG5KdmIzUXRlREV1YkdWMGMyVnUKWTNKNWNIUXViM0puTUR3R0ExVWRId1ExTURNd01hQXZvQzJHSzJoMGRIQTZMeTlqY213dWFXUmxiblJ5ZFhOMApMbU52YlM5RVUxUlNUMDlVUTBGWU0wTlNUQzVqY213d0hRWURWUjBPQkJZRUZCUXVzeGUzV0ZiTHJsQUpRT1lmCnI1MkxGTUxHTUIwR0ExVWRKUVFXTUJRR0NDc0dBUVVGQndNQkJnZ3JCZ0VGQlFjREFqQU5CZ2txaGtpRzl3MEIKQVFzRkFBT0NBUUVBMlV6Z3lmV0VpRGN4MjdzVDRyUDhpMnRpRW14WXQwbCtQQUszcUI4b1lldk80QzV6NzBrSAplaldFSHgydGFQRFkvbGFCTDIxL1dLWnVOVFlRSEhQRDViMXRYZ0hYYm5MN0txQzQwMWRrNVZ2Q2FkVFFzdmQ4ClM4TVhqb2h5Yzl6OS9HMjk0OGtMam1FNkZsaDlkRFlyVllBOXgyTytoRVBHT2FFT2ExZWVQeW5CZ1BheXZVZkwKcWpCc3R6TGhXVlFMR0FrWFhtTnMrNVpuUEJ4ekRKT0x4aEYySkliZVFBY0g1SDB0WnJVbG81Wll5T3FBN3M5cApPNWI4NW8zQU0vT0orQ2t0RkJRdGZ2QmhjSlZkOXd2bHdQc2srdXlPeTJISTdtTnhLS2dzQlR0Mzc1dGVBMlR3ClVkSGtoVk5jc0FLWDFIN0dOTkxPRUFEa3NkODZ3dW9Ydmc9PQotLS0tLUVORCBDRVJUSUZJQ0FURS0tLS0tCg==
-  tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCk1JSUV2Z0lCQURBTkJna3Foa2lHOXcwQkFRRUZBQVNDQktnd2dnU2tBZ0VBQW9JQkFRRGw3b0llY0RIUmI4WEIKakc0c0VXMXFzQmxJOTRvSWE1MEtUSFdPZXQ3bWhXODJCWCtzY1dWZ3FJM1BiSVZVSTE0NElnS0dQU3EzU0VraQpnUDB6TmdTbHhOalpaL1VhQjk5SFhsSzVrWjg3cHVEdm9PWU1CaXVyanEvUXpnd3lnaU45Tnl5cWRVdFdkYy9WCjk0b3d4UzQ3SHNjbGhuT0VYc2NWT2pTUUkvUElHTTVHOFVYWnllVjB5dkdWdnJVWU5iTWZ6OU1oaDNyRDJpaHcKNkxRVmdYNzEwSjdxM0lPaUMxQ0RDdDB3WHVyMXcxOExZcytSMVl1MDdBTTdSNUVvRUVGQjJUWmhZZ0RaMyt2NwpsdnYvRUlOeVZjNUZmb2xJaHlWMVZHK2RaeGV2SEZpdVpRNWNOTHBpTHdlcDNRcmVLZU5rMWlqQmhBZWhSblRNCmE4ZkIrbWI5QWdNQkFBRUNnZ0VBUzdLaUUvTkw4MitnNDMrZ0pkSDIrOURPQWorOHFka0Q4b2dKaThiWDYzeXkKaUU1M0lnYVRJYWRjU0pXcHIzR1ZhMVdIRHpyRC9XTkc4SjBXdnUxaHlsRnNNdWNPd21zbER4SDJtakZmQXZ5Rgp3VjV2WGpZSjJvazNTTDhOTlBPelMxNEd6bmVmUGUrN1pPNENDTnhoeEFUMSsxeXdXenY0dnZ4U29jRzBXSU55ClF3Ylk1M3ZsNy9meUp6bWtpRFV1cVJxdFZLUi9TQ3ZWRnlWL016YjlYd0xWVk96bWU3ek1iSzlFd2xSN1h4d0gKTnRqWlMydC9EYkZVaCtPOWxqMjhmdVY0cVZvODNqR1dFNjNQNGJFdk9YekZDNXp1K2twRW1RRVA1WDFVR3FxcApoMU5CUEcwb2VQMTdodjBqVnpjNzAzZGJuQnppZjU4U2M0REZyYVE5NFFLQmdRRDgxK0lxdVNwbVcxZXBKZE51CkFHQWFsdlBTMEpXV2pqQnJuK3NDMEpBKzdRV0dKckdBTjhGdFpyeC9FdTU4b3Z1RDNZcmE4NmlsV0FMV0pLUWoKdmFFZy94YnJaaXhiUW9hcDZNSTRYWUs2aHFFWTJPZzI4SzRNcVFYdHZRQjVOcmpuRGRZWTdjSUNTdEo4V01HcwpLVjBNS3pIR3NVYnZUQlJRR1hhRlhIRFNsd0tCZ1FEb3pXV0lIWitmTzBSZC9uRzhNK2tSWTNIbUlGTHl4WjdDCllaNXBnRW4rWDR4TmkzbGdoa0JNWEF4NTBCQithczE1OGxQcmRITFRwa2VZYmNXZzd4ZmNuMkM0VittS3VVRG8KYUFYOFRlcWJJeS9XYzY3SHhNMCt1alJrd05OSXFaSmhMckUzNFNHQkR6ajlqRHYrc0xBamdsQXpJYkszdnRMUgpuUDVEUlExSml3S0JnRmQ3RGpwLzlHYVR4Z0cxSDdFWW1pZTVBTVY0KzdpcW02QXhKV3ZFNDVPU0NHNUE1dnNZCnoyamR1ZXd4amFnNzc4L1JFQ0R2V3ZOU1B6RCtYbmdyUFJ1Z2hycU5rRjFHNkRiVFhKZUo2eGhFU21yQmFaN1EKcVRlaUozWDVCYmZxc2hEblhhTWthQkxJOW9pbFlPVURMcmx1SEh2RmpHaHhKem9MaFZGaENYd2pBb0dCQUxtTQo5QzdnUlpoNWVZMWRQek9kUUZlZXBtcWdPdHpMRERXcjdzSHlBWWZnaWdoSWNXNndzbERxVVB0S0RjdGt2dTlDCmFRYlM0cTYwNm4yZ2lKTXozaFgzWmZTb0JUbVBYQitnd1p5T1ViNWk5ajc4SjBPTUpYYW9uUmZzNUxvV2hkZzEKaWdTYXlNUi82SkdXRXo5MWZuNWU0Q05RNll3d2FRR3ZHcTF0UFNEdkFvR0JBTUg3eXpjTm9QbFRHRjd0SUh1Zgp4dkZHQ25uclMrVUZXbTZKYUZDYU5tS0NyMUZxUnFhMHNlUW1SbDBGcm53WEgzUTkvS3BlcEJsY01qeGhJMWFGClp0WE1qcVlxM0ZlNlY4UUF4MEh4YmJBbHl6ZU9uSzV4bUtmelYwWVhTSEg1R2p2Szk5ektUNnM4R3Uxanh1NEkKdmZrY3pyckJsS2JOcDV3eFBnamNBWmQ3Ci0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0K
--- a/base/configmap.yaml
+++ b/base/configmap.yaml
-hostname: bigbang.dev
\ No newline at end of file
+hostname: bigbang.dev
+
+# TLS key pair for *.bigbang.dev
+# These should be moved to a secret and SOPS encrypted when replaced
+istio:
+  ingress:
+    key: "-----BEGIN PRIVATE KEY-----\nMIIEwAIBADANBgkqhkiG9w0BAQEFAASCBKowggSmAgEAAoIBAQD1ahjVSH4A+inh\nYyeVfOMQJhzrtt7OXpcGbSeepDY0lz+opc29BWafqcwZKef12aYMU7CzoyPJCL13\ngOjn6FbU3h8FNkDZQ0kiZfGWQxHGYoJLB8MdXKyYgcynDCczMFNR/mc7YwF0IMVp\niApW/XYg2sv4ouuaBAZI/F7jQVYl1SB18gkk180YxZK9mzetie8V9dCEMkodH1tq\n+BRzCYbrh3oSX/dL/CXYq/x29nFYTZmMctMc7T9ligS7n/JCBVTsLLGL/BL7E/Ba\n8g54qDGR78FEW1kgr0dsWVcOWJQdb8JpwCRUUFXYHL5liFGS1IozD+bpFfUvUxNH\n1sjPo18JAgMBAAECggEBAJRaQ5LC1LDAiQqfhvE94oEDmR4AmOWFlqQi3f1vZPkb\nqTbIq/skxamk2iUoCPm8TT1MZhfheaNwLiCMg76U29CoSXY8Gq17mD08BPOBrcAQ\nEpVKpu8b85XpeQ5OMXAnOWbqc/sZWWqa2Nt3ilCVvZAU05KE4gljf20lajLUb0BE\nS+EOHgiPgbL9Upgb2HvsYjaBkgy6dMIJhH9ybyQqRJPaLceEbu53Krrv4iuZjzLD\nCIdePYRge9DfvIff0UBlAFPVgahrwJNzZoqhEv9KlvSshE51tfaNv7zzMpoEnq7z\nXqbisXXq/Pn6MaWiyF/6sYxYZDrAIHI5exmoJAYs4tECgYEA/V9eNpdh70Vzv19l\nTkpjEklaAgDzSda68TSb5hYLtINI3m3+vVN+rlth5gZN7n8hKjxIBuUI8yERMY8B\nis5g+qgIqK1jDeRHUJTKo7x+fRgM2vCTcYQgxCC4x2czkG86AifsNaGZ6j2P9y2v\nlpaozs+ONkADpGwnOu0lsCBxbVUCgYEA9/WaPrhOO/ImKlyFbXnXHZsoRXKuWVKm\nDRcs7z8LZmPH7n3ikiMZW7CUbKHB3mreL6Xv5gQ/nait2tjYRPT2OfBA+WTQi/kO\nMwHyuq92J1965WCld3hzGYeJHtB12rVjheRQ3TBeBCFFu3pgEVsgqnVV1gqceBL7\nedXnu85KSuUCgYEAxbhURvmfPR7PknmZDp1R7oU7LfEb6XUd8PiC5+wwOi9w/9KK\nRagQZXN+VAh7bC/c656a/nZgo4ocZrYYF/+xAil6iFa1w7NuS12xPFDtzCSmc3vl\nM2JOR37ZcxH/1ShW9jO9SqTO/VIJNHR8X2E2Xhzt9zvBG+AiRQOms2i92vkCgYEA\npZ2AiZXWg0mIXlDvuaBgouCoNEKV2wlN6X5qP94PAjNxLYUdWNhirpAxgqFD+QfO\nIWsm4a5Cw04P2RVu1hf7gdVLwIeql2MhLcaGVlStiTzHu/8iZbqovgt99Xvsy8jN\nkXde323XzdBfYAorskv4dIHsdAsgWT7sgoLxxcnSa1UCgYEAh0SDR9xTdNnCRTL8\nFz+YyN8EWm4XaiYv4fDu7mBEiAYJFQjfez/ZammSASwfv+sFcE4rCEMED2InlLin\n73hJO8bDRMI7BEtaYKyEFcCgdNXOyDRfYhLtJllaIiJNbC8m4dW8H7Hq4Av2pTc0\ndbfd2CfWKgXWqJNl2RCGWIoqDIU=\n-----END PRIVATE KEY-----"
+    cert: "-----BEGIN CERTIFICATE-----\nMIIFITCCBAmgAwIBAgISA4QDnwfowfekJU7pBgWPPB3SMA0GCSqGSIb3DQEBCwUA\nMDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD\nEwJSMzAeFw0yMTA2MzAwODQxNDhaFw0yMTA5MjgwODQxNDdaMBgxFjAUBgNVBAMM\nDSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQD1\nahjVSH4A+inhYyeVfOMQJhzrtt7OXpcGbSeepDY0lz+opc29BWafqcwZKef12aYM\nU7CzoyPJCL13gOjn6FbU3h8FNkDZQ0kiZfGWQxHGYoJLB8MdXKyYgcynDCczMFNR\n/mc7YwF0IMVpiApW/XYg2sv4ouuaBAZI/F7jQVYl1SB18gkk180YxZK9mzetie8V\n9dCEMkodH1tq+BRzCYbrh3oSX/dL/CXYq/x29nFYTZmMctMc7T9ligS7n/JCBVTs\nLLGL/BL7E/Ba8g54qDGR78FEW1kgr0dsWVcOWJQdb8JpwCRUUFXYHL5liFGS1Ioz\nD+bpFfUvUxNH1sjPo18JAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCBaAwHQYD\nVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O\nBBYEFLKxa8BVwd6HZjzGXLkyXZLww/DwMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ\nQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz\nLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv\nMBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw\nNwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j\ncnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwCUILwejtWNbIhzH4KL\nIiwN0dpNXmxPlD1h204vWE2iwgAAAXpcS8iTAAAEAwBIMEYCIQCcXRHwJqXD4XZJ\n69yt9vwm/5d3fV5iEncCsg4XoV8APAIhALuWdIvzfv1qLlS3Yv+DrVf5t2lMGdrL\nRilySJivVC0QAHYA9lyUL9F3MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF6\nXEvIqAAABAMARzBFAiEA7mPS3NK7XQQo+GxdVRq0kJX4uV3ELIKbVzPIdpXCmxYC\nIHfgadCRBTml5nnTd7xpjwRuvRNr/gsyyyIV0Xjao4DIMA0GCSqGSIb3DQEBCwUA\nA4IBAQBbccxKHBf4FOqHSP3U3+pCrU3Z3zhfTjYVaPP/gI7+rus4m6Jnq/pP21ak\nRWFJx9Yfp0zYPG33H4b65vvmG2jYzb/sLorHIodSn8O7HD11peWwFzgRLflVQ2Kx\nyPYdn/yY1BFIZ5cyz1iQNIUghMZVLc1JfqQbuRuodf2si0x7d2CTMV3k0qUvpll9\n6KstE/OEjLA0jgRmZAq0JBHZjDeYi65LoQWF1XM6Al1p0GvhGC+x//UyYZr/sBOl\n3FvnSe9NXeAMqeJ6QIrkFFsogPMUoTpJYs47gjMdEl6eOT2uwgchZsHpqrdHVHG6\n9xxT5njjSqfC0xOqknR0hhhn5Pbu\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw\nWhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg\nRW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK\nAoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP\nR5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx\nsxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm\nNHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg\nZ3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG\n/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC\nAYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB\nAf8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA\nFHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw\nAoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw\nOi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB\ngt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W\nPTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl\nikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz\nCkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm\nlJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4\navAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2\nyJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O\nyK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids\nhCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+\nHlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv\nMldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX\nnLRbwHOoq7hHwg==\n-----END CERTIFICATE-----\n-----BEGIN CERTIFICATE-----\nMIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/\nMSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT\nDkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow\nTzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh\ncmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB\nAQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC\nov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL\nwYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D\nLtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK\n4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5\nbHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y\nsR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ\nXmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4\nFQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc\nSLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql\nPRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND\nTwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw\nSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1\nc3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx\n+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB\nATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu\nb3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E\nU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu\nMA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC\n5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW\n9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG\nWCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O\nhe8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC\nDfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5\n-----END CERTIFICATE-----"
\ No newline at end of file
--- a/base/kustomization.yaml
+++ b/base/kustomization.yaml
 # When updating the version of BigBang, make sure to update
 #   both the bases reference and the GitRepository reference
 bases:
- git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git//base?ref=1.8.0
-resources:
- bigbang-dev-cert.yaml
+- git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git//base?ref=1.12.0
 configMapGenerator:
  - name: common
    behavior: merge
@@ -19,4 +17,4 @@ patchesStrategicMerge:
  spec:
    ref:
      $patch: replace
-      semver: "1.8.0"
\ No newline at end of file
+      semver: "1.12.0"
\ No newline at end of file
--- a/dev/configmap.yaml
+++ b/dev/configmap.yaml
@@ -6,7 +6,6 @@ flux:
    cleanupOnFail: false

 logging:
-  enabled: true
  values:
    elasticsearch:
      master:
@@ -31,25 +30,10 @@ fluentbit:
    securityContext:
      privileged: true

-istio:
-  enabled: true
-  values:
-    kiali:
-      dashboard:
-        auth:
-          strategy: "anonymous"
-
 clusterAuditor:
-  enabled: true
-  values:
-    resources:
-      requests:
-        cpu: 100m
-        memory: .5Gi
-      limits: {}
+  enabled: false

 monitoring:
-  enabled: true
  values:
    alertmanager:
      alertmanagerSpec:
@@ -57,48 +41,35 @@ monitoring:
          requests:
            cpu: 100m
            memory: 200Mi
-          limits: {}
    prometheusOperator:
      resources:
        requests:
          cpu: 250m
          memory: 400Mi
-        limits: {}
    prometheus:
      prometheusSpec:
        resources:
          requests:
            cpu: 100m
            memory: 200Mi
-          limits: {}
    grafana:
      resources:
        requests:
          cpu: 100m
          memory: 128Mi
-        limits: {}
    kubeStateMetrics:
      resources:
        requests:
          cpu: 10m
          memory: 32Mi
-        limits: {}
    nodeExporter:
      resources:
        requests:
          cpu: 100m
          memory: 30Mi
-        limits: {}

 gatekeeper:
-  enabled: true
-  values:
-    replicas: 1
-    resources:
-      requests:
-        cpu: 100m
-        memory: 256Mi
-      limits: {}
+  enabled: false

 twistlock:
  enabled: false