Merge branch 'master' into 25-multiingress-poc

cc54c7cb · Micah Nagel · b9d81813 · 2176c5b9 · cc54c7cb · cc54c7cb
Commit cc54c7cb authored 3 years ago by Micah Nagel
--- a/chart/templates/anchore/anchore-helmrelease.yaml
+++ b/chart/templates/anchore/anchore-helmrelease.yaml
@@ -19,6 +19,11 @@ spec:

  {{- toYaml $fluxSettingsAnchore | nindent 2 }}

+  {{- if .Values.addons.anchore.postRenderers }}
+  postRenderers:
+  {{ toYaml .Values.addons.anchore.postRenderers | nindent 4 }}
+  {{- end }}
+
  valuesFrom:
    - name: {{ .Release.Name }}-anchore-values
      kind: Secret

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -190,7 +190,7 @@ jaeger:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git
    path: "./chart"
-    tag: "2.21.4-bb.2"
+    tag: "2.22.0-bb.0"

  # -- Flux reconciliation overrides specifically for the Jaeger Package
  flux: {}
@@ -456,7 +456,7 @@ addons:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/argocd.git
      path: "./chart"
-      tag: "3.6.8-bb.3"
+      tag: "3.6.8-bb.4"

    # -- Flux reconciliation overrides specifically for the ArgoCD Package
    flux: {}
@@ -805,7 +805,7 @@ addons:
    git:
      repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
      path: "./chart"
-      tag: "1.13.0-bb.1"
+      tag: "1.13.0-bb.2"

    # -- Flux reconciliation overrides specifically for the Anchore Package
    flux:

--- a/docs/guides/README.md
+++ b/docs/guides/README.md
@@ -7,3 +7,7 @@ Beginner friendly how to guides are intended to be added to these subfolders ove
 ## prerequisites

 Beginner friendly comprehensive explanations of prerequisites that are generically applicable to multiple scenarios
+
+## using_bigbang
+
+Beginner friendly information on how to use Big Bang, intended to encompass how to navigate and work with BB packages
--- a/docs/guides/using_bigbang/default_credentials.md
+++ b/docs/guides/using_bigbang/default_credentials.md
+# Credentials for Big Bang Packages
+
+This document includes details on credentials to access each package in a default install (without SSO). It is safe to assume that any packages not listed in the two categories below either have no need for authentication or use different methods (ex: velero require kubectl access).
+
+## Packages with no built in authentication
+
+Although the below applications have no built in authentication, Big Bang's helm values can be configured to deploy authservice in front of these endpoints. Authservice is an Authentication Proxy that can integrate with SSO providers like Keycloak.
+
+- Jaeger
+- Monitoring (Prometheus)
+- Monitoring (Alertmanager)
+
+## Packages with built in authentication
+
+The applications in the table below provide both SSO and built in auth. The table gives default credentials and ways to access and/or override those.
+
+| Package (Application) | Default Username | Default Password | Additional Notes |
+| --------------------- | ---------------- | ---------------- | ---------------- |
+| Kiali | N/A | (randomly generated) | Use `kubectl get secret -n kiali \| grep kiali-service-account-token \| awk '{print $1}' \| xargs kubectl get secret -n kiali -o go-template='{{.data.token \| base64decode}}'` to get the token |
+| Logging (Kibana) | `elastic` | (randomly generated) | Use `kubectl get secrets -n logging logging-ek-es-elastic-user -o go-template='{{.data.elastic \| base64decode}}'` to get the password |
+| Monitoring (Grafana) | `admin` | `prom-operator` | Default password can be overridden with Helm values `monitoring.values.grafana.adminPassword` |
+| Twistlock | N/A | N/A | Prompted to setup an admin account when you first hit the virtual service, no default user |
+| ArgoCD | `admin` | (randomly generated) | Use `kubectl -n argocd get secret argocd-initial-admin-secret -o go-template='{{.data.password \| base64decode}}'` to get the password |
+| Minio | `minio` | `minio123` | Access and secret key can be overridden with Helm values `addons.minio.accesskey` and `addons.minio.secretkey` respectively |
+| Gitlab | `root` | (randomly generated) | Use `kubectl -n gitlab get secret gitlab-gitlab-initial-root-password -o go-template='{{.data.password \| base64decode}}'` to get the password |
+| Nexus | `admin` | (randomly generated) | Use `kubectl get secret -n nexus-repository-manager nexus-repository-manager-secret -o go-template='{{index .data "admin.password" \| base64decode}}'` to get the password |
+| Sonarqube | `admin` | `admin` | Default password can be overridden with Helm values `addons.sonarqube.values.account.adminPassword` |
+| Anchore | `admin` | (randomly generated) | Use `kubectl get secrets -n anchore anchore-anchore-engine-admin-pass -o go-template='{{.data.ANCHORE_ADMIN_PASSWORD \| base64decode}}'` to get the password, or override with Helm values `addons.anchore.values.anchoreGlobal.defaultAdminPassword` |
+| Mattermost | N/A | N/A | Prompted to setup an account when you first hit the virtual service - this user becomes admin, no default user |
+| Keycloak | `admin` | `password` | Default username and password can be overridden with Helm values `addons.keycloak.values.secrets.credentials.stringData.adminuser` and `addons.keycloak.values.secrets.credentials.stringData.password` respectively |
--- a/scripts/deploy/01_deploy_bigbang.sh
+++ b/scripts/deploy/01_deploy_bigbang.sh
@@ -37,19 +37,27 @@ helm upgrade -i bigbang chart -n bigbang --create-namespace \
 # otherwise use *.bigbang.dev
 if [ "$(yq e ".addons.keycloak.enabled" "tests/ci/k3d/values.yaml")" == "true" ]; then
  # apply secrets kustomization pointing to current branch
-  echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
-  if [ -z "$CI_COMMIT_TAG" ]; then
+  if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
+    echo "Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
+    kubectl apply -f tests/ci/keycloak.yaml
+  elif [ -z "$CI_COMMIT_TAG" ]; then
+    echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
    cat tests/ci/keycloak.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
  else
+    echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
    # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
    cat tests/ci/keycloak.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
  fi
 else
-  # apply secrets kustomization pointing to current branch
-  echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
-  if [ -z "$CI_COMMIT_TAG" ]; then
+  # apply secrets kustomization pointing to current branch or master if an upgrade job
+  if [[ $(git branch --show-current) == "${CI_DEFAULT_BRANCH}" ]]; then
+    echo "Deploying secrets from the ${CI_DEFAULT_BRANCH} branch"
+    kubectl apply -f tests/ci/shared-secrets.yaml
+  elif [ -z "$CI_COMMIT_TAG" ]; then
+    echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} branch"
    cat tests/ci/shared-secrets.yaml | sed 's|master|'"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
  else
+    echo "Deploying secrets from the ${CI_COMMIT_REF_NAME} tag"
    # NOTE: $CI_COMMIT_REF_NAME = $CI_COMMIT_TAG when running on a tagged build
    cat tests/ci/shared-secrets.yaml | sed 's|branch: master|tag: '"$CI_COMMIT_REF_NAME"'|g' | kubectl apply -f -
  fi

--- a/scripts/package/synker.yaml
+++ b/scripts/package/synker.yaml
@@ -31,6 +31,7 @@ source:
    - registry1.dso.mil/ironbank/twistlock/defender/defender:20.12.531
    - registry1.dso.mil/ironbank/anchore/enterprise/enterprise:3.1.0
    - registry1.dso.mil/ironbank/anchore/enterpriseui/enterpriseui:3.1.0
+    - registry1.dso.mil/ironbank/big-bang/base:8.4
    - registry1.dso.mil/ironbank/gitlab/gitlab/kubectl:13.9.0
    - registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.2
    # Images used by pipeline-templates