diff --git a/CHANGELOG.md b/CHANGELOG.md index 805368e22d3b8e067315d12400cc83d54fd17a29..1252c6e1d81092c0a49e9441f365e96d333ea3d9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.1.7-bb.0] - 2021-05-17 +### Changed +- Updated to latest Minio package as dependency + ## [0.1.6-bb.0] - 2021-05-11 ### Changed - Migrated Cypress tests to Helm tests diff --git a/chart/Chart.lock b/chart/Chart.lock index 042b2326021e186e4404306634d56e28d14c5de4..30b1f548b3b4ce8cf97313bd0771285080382e9b 100644 --- a/chart/Chart.lock +++ b/chart/Chart.lock @@ -4,9 +4,9 @@ dependencies: version: 10.3.5 - name: minio-instance repository: file://./deps/minio - version: 2.0.9-bb.9 -- name: bb-test-lib - repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates - version: 0.5.2 -digest: sha256:0a15fa5bcd2dafdc621740c7cd177210b2c875337f32fe78755af8806bba735a -generated: "2021-05-13T10:38:37.154607-06:00" + version: 4.0.4-bb.4 +- name: gluon + repository: oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon + version: 0.1.1 +digest: sha256:41c1bd38bd9212477829389128629a39aa58e92e441058fcae5995a6006a84d2 +generated: "2021-05-24T14:25:13.642798-06:00" diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 54b8cbec72703189434be6484519f2a193875583..1f50e479307d62cec4b8490122f89d7477f8e92c 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,15 +1,13 @@ ---- apiVersion: v2 name: mattermost type: application -version: "0.1.6-bb.0" +version: "0.1.7-bb.0" appVersion: "5.34.2" description: "Deployment of mattermost" -keywords: +keywords: - Mattermost - Instance kubeVersion: ">=1.12.0-0" - dependencies: - name: postgresql version: 10.3.5 @@ -17,10 +15,10 @@ dependencies: condition: postgresql.install repository: file://./deps/postgresql - name: minio-instance - version: 2.0.9-bb.9 + version: 4.0.4-bb.4 alias: minio condition: minio.install repository: file://./deps/minio - - name: bb-test-lib - version: 0.5.2 - repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" + - name: gluon + version: 0.1.1 + repository: oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz index 0df8143dd476200a3e95ccc1ddc9b52dac0bfae4..2045d9ca5f02c5d182a0b1654b9dc1838bd6caa4 100644 Binary files a/chart/charts/bb-test-lib-0.5.2.tgz and b/chart/charts/bb-test-lib-0.5.2.tgz differ diff --git a/chart/charts/gluon-0.1.1.tgz b/chart/charts/gluon-0.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b4a4878dae126348cdee9d80977a15121ba59f9f Binary files /dev/null and b/chart/charts/gluon-0.1.1.tgz differ diff --git a/chart/charts/minio-instance-2.0.9-bb.9.tgz b/chart/charts/minio-instance-2.0.9-bb.9.tgz deleted file mode 100644 index bbfa7b0d3abe6d2381694e9538bf214d1dbb934b..0000000000000000000000000000000000000000 Binary files a/chart/charts/minio-instance-2.0.9-bb.9.tgz and /dev/null differ diff --git a/chart/charts/minio-instance-4.0.4-bb.4.tgz b/chart/charts/minio-instance-4.0.4-bb.4.tgz new file mode 100644 index 0000000000000000000000000000000000000000..fe167b6193d834cfa1ad4bfe9089c3b04361ee46 Binary files /dev/null and b/chart/charts/minio-instance-4.0.4-bb.4.tgz differ diff --git a/chart/charts/postgresql-10.3.5.tgz b/chart/charts/postgresql-10.3.5.tgz index a90af7a853398f710107dc689d2ee464c97d70d8..e7f8893b27fa7f380421adb17f258bc870348ad0 100644 Binary files a/chart/charts/postgresql-10.3.5.tgz and b/chart/charts/postgresql-10.3.5.tgz differ diff --git a/chart/deps/minio/Chart.lock b/chart/deps/minio/Chart.lock new file mode 100644 index 0000000000000000000000000000000000000000..df1fa9acc94dbd8ebaef34d38bbc4ec099279c1a --- /dev/null +++ b/chart/deps/minio/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: bb-test-lib + repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates + version: 0.5.0 +digest: sha256:ec47e1f5de8d2060a2e7b93a756bb34c21b62069f04237c915adf8619ac03698 +generated: "2021-05-12T14:29:40.198378-06:00" diff --git a/chart/deps/minio/Chart.yaml b/chart/deps/minio/Chart.yaml index 42df286241f9d1427f12b2e72cd2eb17e9c1dd95..677b4ce4f4a47864157cc2dc0198e7846927c2ae 100644 --- a/chart/deps/minio/Chart.yaml +++ b/chart/deps/minio/Chart.yaml @@ -9,7 +9,7 @@ description: |- type: application -version: 2.0.9-bb.9 +version: 4.0.4-bb.4 appVersion: RELEASE.2020-11-19T23-48-16Z @@ -24,3 +24,6 @@ maintainers: email: dependencies: + - name: bb-test-lib + version: "0.5.0" + repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" diff --git a/chart/deps/minio/Kptfile b/chart/deps/minio/Kptfile index 521d9164c2fcb4d2583212057c7b4f002b1a66f7..5111a051474bf3e64932f4ddf5745cd6b6f76725 100644 --- a/chart/deps/minio/Kptfile +++ b/chart/deps/minio/Kptfile @@ -5,7 +5,7 @@ metadata: upstream: type: git git: - commit: a8ef3702468317396a58ed94bb1823f9d4ae59cf + commit: 3da8ff8e918a5f0fbff1e9a14e2f00a4cba3f925 repo: https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio directory: /chart - ref: 2.0.9-bb.9 + ref: 4.0.4-bb.4 diff --git a/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz b/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz new file mode 100644 index 0000000000000000000000000000000000000000..ca0adf9edaa4f6f8a56ee22c14af94e432b150b8 Binary files /dev/null and b/chart/deps/minio/charts/bb-test-lib-0.5.0.tgz differ diff --git a/chart/deps/minio/templates/_helpers.tpl b/chart/deps/minio/templates/_helpers.tpl index 8e7b94ff7ea3dd4960fa32bb0e52095aed6b178e..d0d93096c6cd0b831256169532b3c4d8a1a5e20f 100644 --- a/chart/deps/minio/templates/_helpers.tpl +++ b/chart/deps/minio/templates/_helpers.tpl @@ -2,7 +2,7 @@ Expand the name of the chart. */}} {{- define "minio.name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- default .Chart.Name | trunc 63 | trimSuffix "-" }} {{- end }} {{/* @@ -11,17 +11,13 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this If release name contains chart name it will be used as a full name. */}} {{- define "minio.fullname" -}} -{{- if .Values.fullnameOverride }} -{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} -{{- else }} -{{- $name := default .Chart.Name .Values.nameOverride }} +{{- $name := default .Chart.Name }} {{- if contains $name .Release.Name }} {{- .Release.Name | trunc 63 | trimSuffix "-" }} {{- else }} {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} {{- end }} {{- end }} -{{- end }} {{/* Create chart name and version as used by the chart label. @@ -62,9 +58,22 @@ Create the name of the service account to use {{- end }} {{/* -Create the name of the service used to access the UI +Create the name of the service used to access the Minio object UI. +Note: the Minio operator has a fixed name of "minio" for the service it creates. */}} {{- define "minio.serviceName" -}} -{{- default (include "minio.fullname" .) .Values.service.nameOverride }} +minio +{{- end }} + +{{/* +Create the port used to communicate with the Minio service. +Note: the Minio operator has a fixed name of "minio" for the service it creates. +*/}} +{{- define "minio.servicePort" -}} +{{- if or .Values.tenants.certificate.requestAutoCert .Values.tenants.certificate.externalCertSecret }} +443 +{{- else }} +80 +{{- end }} {{- end }} diff --git a/chart/deps/minio/templates/console-secret.yaml b/chart/deps/minio/templates/console-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..f2523a43db92e87f134f85ec312a398ff65dd5e7 --- /dev/null +++ b/chart/deps/minio/templates/console-secret.yaml @@ -0,0 +1,16 @@ +{{- if .Values.tenants.console.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tenants.console.secrets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "minio.labels" . | nindent 4 }} +type: Opaque +stringData: + CONSOLE_PBKDF_PASSPHRASE: {{ .Values.tenants.console.secrets.passphrase }} + CONSOLE_PBKDF_SALT: {{ .Values.tenants.console.secrets.salt }} + CONSOLE_ACCESS_KEY: {{ .Values.tenants.console.secrets.accessKey }} + CONSOLE_SECRET_KEY: {{ .Values.tenants.console.secrets.secretKey }} +--- +{{- end }} \ No newline at end of file diff --git a/chart/deps/minio/templates/default-secret.yaml b/chart/deps/minio/templates/default-secret.yaml deleted file mode 100644 index c79e87de13e6aad205d6dd03a06e327dd3e2d964..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/default-secret.yaml +++ /dev/null @@ -1,10 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: default-minio-creds-secret - namespace: {{ .Release.Namespace }} -type: Opaque -data: - accesskey: bWluaW8= # base 64 encoded "minio" (echo -n 'minio' | base64) - secretkey: bWluaW8xMjM= # based 64 encoded "minio123" (echo -n 'minio123' | base64) ---- diff --git a/chart/deps/minio/templates/minio-vs.yaml b/chart/deps/minio/templates/minio-vs.yaml index 0fbee17d32a9dd3228e11ec22de4721828eb6643..08496b4aa5eb09d40b5593e2b0fc360eef47994d 100644 --- a/chart/deps/minio/templates/minio-vs.yaml +++ b/chart/deps/minio/templates/minio-vs.yaml @@ -31,7 +31,7 @@ spec: - destination: host: {{ include "minio.serviceName" . }} port: - number: {{ .Values.service.port }} + number: {{ include "minio.servicePort" . | trim }} fault: abort: percentage: @@ -42,7 +42,6 @@ spec: prefix: / route: - destination: + # Note: the minio operator creates the service for the tenant with a fixed name host: {{ include "minio.serviceName" . }} - port: - number: {{ .Values.service.port }} -{{- end }} + {{ end }} diff --git a/chart/deps/minio/templates/minioinstance.yaml b/chart/deps/minio/templates/minioinstance.yaml deleted file mode 100644 index b79519ad4b978902da4401a993201134a99d5802..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/minioinstance.yaml +++ /dev/null @@ -1,119 +0,0 @@ -apiVersion: operator.min.io/v1 -kind: MinIOInstance -metadata: - name: {{ include "minio.fullname" . }} -## If specified, MinIOInstance pods will be dispatched by specified scheduler. -## If not specified, the pod will be dispatched by default scheduler. -# scheduler: -# name: my-custom-scheduler -spec: - ## Add metadata to the all pods created by the StatefulSet - metadata: - ## Optionally pass labels to be applied to the statefulset pods - labels: - {{- include "minio.labels" . | nindent 6 }} - {{- with .Values.podAnnotations }} - annotations: - prometheus.io/path: /minio/prometheus/metrics - prometheus.io/port: "9000" - prometheus.io/scrape: "true" - {{- toYaml . | nindent 6 }} - {{- end }} - {{- if .Values.affinity }} - affinity: -{{ toYaml .Values.affinity | indent 8 }} -{{- end }} - {{- if .Values.nodeSelector }} - nodeSelector: -{{ toYaml .Values.nodeSelector | indent 8 }} - {{- end }} - - ## Registry location and Tag to download MinIO Server image - image: {{ .Values.image.name }}:{{ .Values.image.tag }} - serviceAccountName: {{ include "minio.serviceAccountName" . }} - ## A ClusterIP Service will be created with the given name - serviceName: minio-internal-service - zones: - - name: "zone-0" - ## Number of MinIO servers/pods in this zone. - ## For standalone mode, supply 1. For distributed mode, supply 4 or more. - ## Note that the operator does not support upgrading from standalone to distributed mode. - servers: {{ .Values.zones.servers }} - ## Supply number of volumes to be mounted per MinIO server instance. - ## 2 is minimum volumes with 3 servers - volumesPerServer: {{ .Values.volumesPerServer }} - ## Mount path where PV will be mounted inside container(s). Defaults to "/export". - mountPath: /export - ## Sub path inside Mount path where MinIO starts. Defaults to "". - # subPath: /data - ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO cluster. - ## Please do not change the volumeClaimTemplate field while expanding the cluster, this may - ## lead to unbound PVCs and missing data - volumeClaimTemplate: - metadata: - name: data - spec: - accessModes: - - {{ .Values.volumeClaimTemplate.accessModes}} - resources: - requests: - storage: {{ .Values.volumeClaimTemplate.storage}} - ## Secret with credentials to be used by MinIO instance. - credsSecret: - name: {{ .Values.minioRootCreds }} - ## PodManagement policy for pods created by StatefulSet. Can be "OrderedReady" or "Parallel" - ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy - ## for details. Defaults to "Parallel" - podManagementPolicy: Parallel - ## Secret with certificates to configure TLS for MinIO certs. Create secrets as explained - ## here: https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret - # externalCertSecret: - # name: tls-ssl-minio - ## Enable Kubernetes based certificate generation and signing as explained in - ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster - requestAutoCert: false - ## Used when "requestAutoCert" is set to true. Set CommonName for the auto-generated certificate. - ## Internal DNS name for the pod will be used if CommonName is not provided. - ## DNS name format is minio-{0...3}.minio.default.svc.cluster.local - certConfig: - commonName: "" - organizationName: [] - dnsNames: [] - ## Used to specify a toleration for a pod - # tolerations: - # - effect: NoSchedule - # key: dedicated - # operator: Equal - # value: storage - ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) - env: - - name: MINIO_PROMETHEUS_AUTH_TYPE - value: "public" - # - name: MINIO_BROWSER - # value: "off" # to turn-off browser - # - name: MINIO_STORAGE_CLASS_STANDARD - # value: "EC:2" - ## Configure resource requests and limits for MinIO containers - # resources: - # requests: - # memory: 20Gi - ## Liveness probe detects situations where MinIO server instance - ## is not working properly and needs restart. Kubernetes automatically - ## restarts the pods if liveness checks fail. - liveness: - initialDelaySeconds: 10 - periodSeconds: 1 - timeoutSeconds: 1 - ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be - ## eligible to run on a node, the node must have each of the - ## indicated key-value pairs as labels. - ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ - # nodeSelector: - # disktype: ssd - ## Affinity settings for MinIO pods. Read more about affinity - ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. - # affinity: - securityContext: - runAsUser: 1001 - runAsGroup: 1001 - fsGroup: 1001 diff --git a/chart/deps/minio/templates/role.yaml b/chart/deps/minio/templates/role.yaml deleted file mode 100644 index a45547bf96c1bb8750dd6447fe89e5ce67a0d442..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/role.yaml +++ /dev/null @@ -1,23 +0,0 @@ -{{- if .Values.monitoring.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleList -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: Role - metadata: - name: prometheus-k8s - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: "monitoring" - rules: - - apiGroups: - - "" - resources: - - services - - endpoints - - pods - verbs: - - get - - list - - watch -{{- end }} diff --git a/chart/deps/minio/templates/rolebinding.yaml b/chart/deps/minio/templates/rolebinding.yaml deleted file mode 100644 index ef303a8af8f05a9cead39cd821fc9e0eb2345e50..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/rolebinding.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.monitoring.enabled }} -apiVersion: rbac.authorization.k8s.io/v1 -kind: RoleBindingList -items: -- apiVersion: rbac.authorization.k8s.io/v1 - kind: RoleBinding - metadata: - name: prometheus-k8s - namespace: {{ .Release.Namespace }} - labels: - app.kubernetes.io/component: "monitoring" - roleRef: - apiGroup: rbac.authorization.k8s.io - kind: Role - name: prometheus-k8s - subjects: - - kind: ServiceAccount - name: prometheus-k8s - namespace: {{ .Values.monitoring.namespace }} -{{- end }} diff --git a/chart/deps/minio/templates/service-account.yaml b/chart/deps/minio/templates/service-account.yaml index 7d2de011d52fb972e246a76957d203015ab6873b..1ff1374e539829a7214d3c8f7c6d340a8ce0312a 100644 --- a/chart/deps/minio/templates/service-account.yaml +++ b/chart/deps/minio/templates/service-account.yaml @@ -1,4 +1,3 @@ -{{- if .Values.serviceAccount.create -}} apiVersion: v1 kind: ServiceAccount metadata: @@ -12,4 +11,3 @@ metadata: {{- end }} imagePullSecrets: {{ toYaml .Values.imagePullSecrets | indent 2 }} -{{- end }} diff --git a/chart/deps/minio/templates/service.yaml b/chart/deps/minio/templates/service.yaml deleted file mode 100644 index c64299dadda0e70d55b29c980fa6b91f978c54bb..0000000000000000000000000000000000000000 --- a/chart/deps/minio/templates/service.yaml +++ /dev/null @@ -1,15 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "minio.serviceName" . }} - labels: - {{- include "minio.labels" . | nindent 4 }} -spec: - type: {{ .Values.service.type }} - ports: - - port: {{ .Values.service.port }} - targetPort: 9000 - protocol: TCP - name: http - selector: - {{- include "minio.selectorLabels" . | nindent 4 }} diff --git a/chart/deps/minio/templates/tenant-secret.yaml b/chart/deps/minio/templates/tenant-secret.yaml new file mode 100644 index 0000000000000000000000000000000000000000..c1ded296474fdd50d31fbe4ec633465ce79ce10e --- /dev/null +++ b/chart/deps/minio/templates/tenant-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ .Values.tenants.secrets.name }} + namespace: {{ .Release.Namespace }} + labels: + {{- include "minio.labels" . | nindent 4 }} +type: Opaque +stringData: + accesskey: {{ .Values.tenants.secrets.accessKey }} + secretkey: {{ .Values.tenants.secrets.secretKey }} +--- diff --git a/chart/deps/minio/templates/tenant.yaml b/chart/deps/minio/templates/tenant.yaml new file mode 100644 index 0000000000000000000000000000000000000000..aa06c5f55301df481fa9dae5feb9293ca11a84d7 --- /dev/null +++ b/chart/deps/minio/templates/tenant.yaml @@ -0,0 +1,222 @@ +apiVersion: minio.min.io/v2 +kind: Tenant +metadata: + name: {{ include "minio.fullname" . }} + namespace: {{ .Release.Namespace }} + + ## Optionally pass labels to be applied to the statefulset pods + labels: + app: {{ template "minio.fullname" . }} + {{- include "minio.labels" . | nindent 4 }} + {{- if .Values.istio.virtualService.labels }} + {{ toYaml .Values.istio.virtualservice.labels | indent 4 }} + {{- end }} + {{- if .Values.istio.virtualService.annotations }} + ## Annotations for MinIO Tenant Pods + annotations: + prometheus.io/path: /minio/prometheus/metrics + prometheus.io/port: "9000" + prometheus.io/scrape: "true" + {{ toYaml .Values.istio.virtualService.annotations | indent 4 }} + {{- end }} + +## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. +## If not specified, the Tenant pods will be dispatched by default scheduler. + ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. + ## If not specified, the Tenant pods will be dispatched by default scheduler. + ##scheduler: + ## name: + +spec: + ## Registry location and Tag to download MinIO Server image + image: {{ .Values.tenants.image.repository }}:{{ .Values.tenants.image.tag }} + imagePullPolicy: {{ .Values.tenants.image.pullPolicy }} + imagePullSecret: + {{ toYaml .Values.tenants.imagePullSecret | indent 4 }} + + ## Secret with credentials to be used by MinIO Tenant. + ## Refers to the secret object created above. + credsSecret: + name: {{ .Values.tenants.secrets.name }} + + ## Specification for MinIO Pool(s) in this Tenant. + {{- range .Values.tenants.pools }} + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: {{ .servers }} + + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: {{ .volumesPerServer }} + + ## This VolumeClaimTemplate is used across all the volumes provisioned for MinIO Tenant in this + ## Pool. + volumeClaimTemplate: + metadata: + name: data + spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .size }} + + ## Used to specify a toleration for a pod + # tolerations: + # - effect: NoSchedule + # key: dedicated + # operator: Equal + # value: storage + {{- with .tolerations }} + tolerations: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + # nodeSelector: + # disktype: ssd + {{- with .nodeSelector }} + nodeSelector: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + # affinity: + # nodeAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # nodeSelectorTerms: + # - matchExpressions: + # - key: kubernetes.io/hostname + # operator: In + # values: + # - hostname1 + # - hostname2 + {{- with .affinity }} + affinity: + {{ toYaml . | nindent 8 }} + {{- end }} + # podAntiAffinity: + # requiredDuringSchedulingIgnoredDuringExecution: + # - labelSelector: + # matchExpressions: + # - key: app + # operator: In + # values: + # - store + # topologyKey: "kubernetes.io/hostname" + + ## Configure resource requests and limits for MinIO containers + # resources: + # requests: + # cpu: 250m + # memory: 16Gi + # limits: + # cpu: 500m + # memory: 16Gi + {{- with .resources }} + resources: + {{ toYaml . | nindent 8 }} + {{- end }} + + ## Configure security context + #securityContext: + # runAsUser: 1000 + # runAsGroup: 1000 + # runAsNonRoot: true + {{- with .securityContext }} + securityContext: + {{ toYaml . | nindent 8 }} + {{- end }} + {{ end }} + + ## Mount path where PV will be mounted inside container(s). + mountPath: {{ .Values.tenants.mountPath }} + + ## Sub path inside Mount path where MinIO stores data. + subPath: {{ .Values.tenants.subPath }} + + ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure + ## TLS for MinIO Tenant pods. Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + # externalCertSecret: + # - name: tls-ssl-minio + # type: kubernetes.io/tls + #{{- with .Values.tenants.certificate.externalCertSecret }} + #externalCertSecret: + # {{ toYaml . | nindent 6 }} + #{{ end }} + + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + requestAutoCert: {{ .Values.tenants.certificate.requestAutoCert }} + + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.default.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: {{ .Values.tenants.s3.bucketDNS }} + + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + {{- with .Values.tenants.certificate.certConfig }} + certConfig: + {{ toYaml . | nindent 4 }} + {{- end }} + + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: {{ .Values.tenants.podManagementPolicy }} + + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + {{- with .Values.tenants.serviceMetadata }} + serviceMetadata: + {{ toYaml . | nindent 4 }} + {{- end }} + {{- with .env }} + {{ toYaml . | nindent 4 }} + {{- end }} + + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + # env: + # - name: MINIO_BROWSER + # value: "off" # to turn-off browser + # - name: MINIO_STORAGE_CLASS_STANDARD + # value: "EC:2" + # ## For secure env vars like passwords, create an opaque Kubernetes secret and specify the secret in + # ## the `valueFrom` field. The `valueFrom` object must contain the following fields: + # ## `name` - the secret from which MinIO extracts the password, `key` - the data field + # ## within secret, whose value will be set to the env variable's value + # - name: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD + # valueFrom: + # secretKeyRef: + # name: ldap-minio-secret + # key: MINIO_IDENTITY_LDAP_LOOKUP_BIND_PASSWORD + + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + {{- if .Values.tenants.priorityClassName }} + priorityClassName: {{ .Values.tenants.priorityClassName }} + {{- end }} + + ## Define configuration for Console (Graphical user interface for MinIO) + ## Refer https://github.com/minio/console + {{- if .Values.tenants.console.enabled }} + console: + image: {{ .Values.tenants.console.image.repository }}:{{ .Values.tenants.console.image.tag }} + replicas: {{ .Values.tenants.console.replicaCount }} + consoleSecret: + name: {{ .Values.tenants.console.secrets.name }} + {{- with .Values.tenants.securityContext }} + securityContext: + {{ toYaml . | nindent 6 }} + {{ end }} + {{- end }} diff --git a/chart/deps/minio/values.yaml b/chart/deps/minio/values.yaml index e51cc84d1471039f7671066bc632ab1410fe6cfe..97f048bd12204df2e7745dae3b2050222dcb97d4 100644 --- a/chart/deps/minio/values.yaml +++ b/chart/deps/minio/values.yaml @@ -3,33 +3,31 @@ ## This is a YAML-formatted file. ## Declare variables to be passed into your templates. ## Configure number of MinIO Operator Deployment Replicas -replicas: - count: 1 +#replicas: +# count: 1 hostname: bigbang.dev -nameOverride: "" -fullnameOverride: "" +#nameOverride: "" +#fullnameOverride: "" # Configure repo and tag of MinIO Operator Image -image: - name: registry1.dso.mil/ironbank/opensource/minio/minio - tag: RELEASE.2020-11-19T23-48-16Z - imagePullPolicy: IfNotPresent +#image: +# name: registry1.dso.mil/ironbank/opensource/minio/minio +# tag: RELEASE.2020-11-19T23-48-16Z +# imagePullPolicy: IfNotPresent -zones: +#zones: # refer to documentation for number of servers versus volumes per server # https://docs.min.io/docs/minio-server-limits-per-tenant.html - servers: 3 # scale to 3 for dev +# servers: 3 # scale to 3 for dev +#volumesPerServer: 2 # 2 is minimum volumes with 3 servers -volumesPerServer: 2 # 2 is minimum volumes with 3 servers +#volumeClaimTemplate: +# accessModes: ReadWriteOnce +# storage: 1Gi # scale down for dev -volumeClaimTemplate: - accessModes: ReadWriteOnce - storage: 1Gi # scale down for dev - -minioRootCreds: default-minio-creds-secret - -imagePullSecrets: [ ] +imagePullSecrets: + - name: private-registry serviceAccount: # Specifies whether a service account should be created @@ -67,4 +65,142 @@ monitoring: enabled: false namespace: monitoring -mcImage: registry1.dso.mil/ironbank/opensource/minio/mc:RELEASE.2021-03-23T05-46-11Z \ No newline at end of file + +## MinIO Tenant Definition +tenants: + # Tenant name + name: minio + ## Registry location and Tag to download MinIO Server image +# Configure repo and tag of MinIO Operator Image + image: + repository: registry1.dso.mil/ironbank/opensource/minio/minio + tag: RELEASE.2020-11-19T23-48-16Z + pullPolicy: "IfNotPresent" + imagePullSecret: + name: private-registry + ## If a scheduler is specified here, Tenant pods will be dispatched by specified scheduler. + ## If not specified, the Tenant pods will be dispatched by default scheduler. + ##scheduler: + ## name: + scheduler: {} + + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: {} + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + secrets: + name: minio-creds-secret + accessKey: ThisIsAVeryLongPasswordForExample + secretKey: ThisIsAVeryLongPasswordForExample + metrics: + enabled: false + port: 9000 + ## Specification for MinIO Pool(s) in this Tenant. + pools: + ## Servers specifies the number of MinIO Tenant Pods / Servers in this pool. + ## For standalone mode, supply 1. For distributed mode, supply 4 or more. + ## Note that the operator does not support upgrading from standalone to distributed mode. + - servers: 4 + ## volumesPerServer specifies the number of volumes attached per MinIO Tenant Pod / Server. + volumesPerServer: 4 + ## size specifies the capacity per volume + size: 1Gi + ## storageClass specifies the storage class name to be used for this pool + storageClassName: standard + ## Used to specify a toleration for a pod + tolerations: {} + ## nodeSelector parameters for MinIO Pods. It specifies a map of key-value pairs. For the pod to be + ## eligible to run on a node, the node must have each of the + ## indicated key-value pairs as labels. + ## Read more here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/ + nodeSelector: {} + ## Affinity settings for MinIO pods. Read more about affinity + ## here: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/#affinity-and-anti-affinity. + affinity: {} + ## Configure resource requests and limits for MinIO containers + resources: {} + ## Configure security context + ## BB Note: Defaults for Ironbank image are 1001 for user, group, and fsGroup + securityContext: + runAsUser: 1001 + runAsGroup: 1001 + fsGroup: 1001 + ## Mount path where PV will be mounted inside container(s). + mountPath: /export + ## Sub path inside Mount path where MinIO stores data. + subPath: /data + certificate: + ## Use this field to provide a list of Secrets with external certificates. This can be used to to configure + ## TLS for MinIO Tenant pods. Create secrets as explained here: + ## https://github.com/minio/minio/tree/master/docs/tls/kubernetes#2-create-kubernetes-secret + externalCertSecret: {} + ## Enable automatic Kubernetes based certificate generation and signing as explained in + ## https://kubernetes.io/docs/tasks/tls/managing-tls-in-a-cluster + ## false = disabled TLS endpoints at the tenants + requestAutoCert: false + ## This field is used only when "requestAutoCert" is set to true. Use this field to set CommonName + ## for the auto-generated certificate. Internal DNS name for the pod will be used if CommonName is + ## not provided. DNS name format is *.minio.default.svc.cluster.local + ##certConfig: + ## commonName: "" + ## organizationName: [] + ## dnsNames: [] + certConfig: {} + ## Enable S3 specific features such as Bucket DNS which would allow `buckets` to be + ## accessible as DNS entries of form `.minio.default.svc.cluster.local` + s3: + ## This feature is turned off by default + bucketDNS: false + ## PodManagement policy for MinIO Tenant Pods. Can be "OrderedReady" or "Parallel" + ## Refer https://kubernetes.io/docs/tutorials/stateful-application/basic-stateful-set/#pod-management-policy + ## for details. + podManagementPolicy: Parallel + ## serviceMetadata allows passing additional labels and annotations to MinIO and Console specific + ## services created by the operator. + ##serviceMetadata: {} + serviceMetadata: + minioServiceLabels: + label: minio-svc + minioServiceAnnotations: + v2.min.io: minio-svc + # consoleServiceLabels: + # label: console-svc + # consoleServiceAnnotations: + # v2.min.io: console-svc + + ## Add environment variables to be set in MinIO container (https://github.com/minio/minio/tree/master/docs/config) + env: {} + ## PriorityClassName indicates the Pod priority and hence importance of a Pod relative to other Pods. + ## This is applied to MinIO pods only. + ## Refer Kubernetes documentation for details https://kubernetes.io/docs/concepts/configuration/pod-priority-preemption/#priorityclass/ + # e.g., priorityClassName: high-priority + priorityClassName : "" + ## Define configuration for Console (Graphical user interface for MinIO) + ## Refer https://github.com/minio/console + console: + enabled: false + image: + repository: minio/console + tag: v0.6.3 + pullPolicy: IfNotPresent + replicaCount: 1 + secrets: + name: minio-console-secret + passphrase: ThisIsAVeryLongConsolePasswordForExample + salt: ThisIsAVeryLongConsolePasswordForExample + accessKey: ThisIsAVeryLongConsolePasswordForExample + secretKey: ThisIsAVeryLongConsolePasswordForExample diff --git a/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml b/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml new file mode 100644 index 0000000000000000000000000000000000000000..90b516fbd5f6c864c4991fbb2b33967fa4aac319 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-external-minio.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.networkPolicies.enabled (not .Values.minio.install) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-external-minio-egress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app: mattermost + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml b/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml new file mode 100644 index 0000000000000000000000000000000000000000..bf112324976294213be04f8ccba2a62448e53b21 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-external-postgres.yaml @@ -0,0 +1,20 @@ +{{- if and .Values.networkPolicies.enabled (not .Values.postgresql.install) }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-external-postgres-egress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app: mattermost + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml b/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml new file mode 100644 index 0000000000000000000000000000000000000000..97a841cca7ca41fbbfe94e4f1415e4230d70f49b --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-in-ns.yaml @@ -0,0 +1,18 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-in-ns + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - podSelector: {} + egress: + - to: + - podSelector: {} +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/allow-istio.yaml b/chart/templates/bigbang/networkpolicies/allow-istio.yaml new file mode 100644 index 0000000000000000000000000000000000000000..6c4c48ca2c873b93a7d7e0a753fd2f2ebbf7fb34 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-istio.yaml @@ -0,0 +1,33 @@ +{{- if and .Values.networkPolicies.enabled .Values.istio.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-istio + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app: mattermost + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: istio-controlplane + podSelector: + matchLabels: + {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} + ports: + - port: 8065 + protocol: TCP + egress: + - to: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: istio-controlplane + podSelector: + matchLabels: + istio: pilot +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml b/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..38f98d32b99def52c46754ae86f9527573aab565 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-monitoring-ingress.yaml @@ -0,0 +1,21 @@ +{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled .Values.enterprise.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring-ingress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + app: mattermost + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: monitoring + ports: + - port: 8067 + protocol: TCP +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml new file mode 100644 index 0000000000000000000000000000000000000000..1a9b59b404f39730dd6b18a1d3f18160ea0a6b85 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -0,0 +1,26 @@ +{{- $bbtests := .Values.bbtests | default dict -}} +{{- $cypress := $bbtests.cypress | default dict -}} +{{- $enabled := (hasKey $bbtests "enabled") -}} +{{- $artifacts := (hasKey $cypress "artifacts") -}} +{{- if and $enabled $artifacts }} +{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled .Values.bbtests.cypress.artifacts }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-test-egress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + helm-test: enabled + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- end }} +{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/deny-default.yaml b/chart/templates/bigbang/networkpolicies/deny-default.yaml new file mode 100644 index 0000000000000000000000000000000000000000..31c4a35ec2b894c53867d02c1608b981bdb3469f --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/deny-default.yaml @@ -0,0 +1,18 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + # Deny all ingress + ingress: [] + # Deny external egress (outside cluster) + egress: + - to: + - namespaceSelector: {} +{{- end }} diff --git a/chart/templates/env-secret.yaml b/chart/templates/env-secret.yaml index 9dd5e1e513130438f6884fe3d6ccbca6105b77ef..e20b9bdebe6bc5cb8b1e5fdbcda073ab01619696 100644 --- a/chart/templates/env-secret.yaml +++ b/chart/templates/env-secret.yaml @@ -40,10 +40,8 @@ stringData: MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .Values.elasticsearch.password }} {{- else }} {{ $secretname := printf "%s-es-elastic-user" ( .Values.elasticsearch.name | default "logging-ek" )}} - SECRET_NAME: {{ $secretname }} - NAMESPACE: {{ .Values.elasticsearch.namespace | default "logging" }} {{- with lookup "v1" "Secret" (.Values.elasticsearch.namespace | default "logging" ) $secretname }} - MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .data.elastic | b64dec }} - {{- end }} - {{- end }} + MM_ELASTICSEARCHSETTINGS_PASSWORD: {{ .data.elastic | b64dec }} + {{- end }} + {{- end }} {{- end }} diff --git a/chart/templates/mattermost.yaml b/chart/templates/mattermost.yaml index 190ebebb02981f46b75b085f8d05df9ca265b3a8..524b26d0e847d5845e46921d04c9c1e5a413bc10 100644 --- a/chart/templates/mattermost.yaml +++ b/chart/templates/mattermost.yaml @@ -155,6 +155,6 @@ spec: fileStore: external: - url: {{ .Values.fileStore.url | default (printf "%s:9000" .Values.minio.service.nameOverride) }} + url: {{ .Values.fileStore.url | default "minio:80" }} bucket: {{ .Values.fileStore.bucket | default "mattermost" }} - secret: {{ .Values.fileStore.secret | default "mattermost-objstore-creds" }} + secret: {{ .Values.fileStore.secret | default .Values.minio.tenants.secrets.name }} diff --git a/chart/templates/objectstorage-credentials.yaml b/chart/templates/objectstorage-credentials.yaml deleted file mode 100644 index 00acf7ebc7d4b918db72129ef62f19689adeb22c..0000000000000000000000000000000000000000 --- a/chart/templates/objectstorage-credentials.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if and (not .Values.fileStore.secret) .Values.minio.install }} -apiVersion: v1 -kind: Secret -type: Opaque -metadata: - name: mattermost-objstore-creds - namespace: {{ .Release.Namespace }} - labels: - {{ include "mattermost.labels" . | nindent 4 }} - app.kubernetes.io/component: "objectstorage" -data: - accesskey: {{ .Values.minio.accessKey | b64enc }} - secretkey: {{ .Values.minio.secretKey | b64enc }} -{{- end }} diff --git a/chart/templates/tests/test-ui.yaml b/chart/templates/tests/test-ui.yaml index 57f97717fa3416c85c53db25f8f04b7837fa6134..163bd16f97c275ce0d713081a0afdf6e07f0116d 100644 --- a/chart/templates/tests/test-ui.yaml +++ b/chart/templates/tests/test-ui.yaml @@ -1,11 +1,11 @@ -{{- include "bb-test-lib.cypress-configmap.overrides" (list . "mattermost-test.cypress-configmap") }} +{{- include "gluon.tests.cypress-configmap.overrides" (list . "mattermost-test.cypress-configmap") }} {{- define "mattermost-test.cypress-configmap" }} metadata: labels: {{ include "mattermost.labels" . | nindent 4 }} {{- end }} --- -{{- include "bb-test-lib.cypress-runner.overrides" (list . "mattermost-test.cypress-runner") -}} +{{- include "gluon.tests.cypress-runner.overrides" (list . "mattermost-test.cypress-runner") -}} {{- define "mattermost-test.cypress-runner" -}} metadata: labels: diff --git a/chart/values.yaml b/chart/values.yaml index 67ed032aca4e71c44692922394470bad472cbeb9..e0d41c7fb57736e6b1fdcdbc94421a4a971dd7a9 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -13,6 +13,12 @@ istio: hosts: - chat.{{ .Values.hostname }} +networkPolicies: + enabled: false + ingressLabels: + app: istio-ingressgateway + istio: ingressgateway + # NOTE: Requires enterprise.enabled to have any effect monitoring: enabled: false @@ -98,19 +104,11 @@ existingSecretEnvs: {} minio: install: false - # Override the minio service name for easier connection setup - service: - nameOverride: "minio-mattermost-service" - - # Specify the secret to the Mattermost created secret - minioRootCreds: mattermost-objstore-creds - - # Credentials to populate the secret with - accessKey: minio - secretKey: minio#123 # default key, change this! - - imagePullSecrets: - - name: private-registry + tenants: + secrets: + name: "mattermost-objstore-creds" + accessKey: "minio" + secretKey: "minio#123" # default key, change this! postgresql: install: false diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index 3b18fbc707fe4712a18b56f139f543c0b01d7bb1..0199dcdca193f9dcd384d15024b2213f0b2e69ab 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,9 +1,9 @@ mattermostoperator: git: "https://repo1.dso.mil/platform-one/big-bang/apps/collaboration-tools/mattermost-operator.git" namespace: "mattermost-operator" - branch: "1.12.0-bb.0" + branch: "1.13.0-bb.2" miniooperator: git: "https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git" namespace: "minio-operator" - branch: "2.0.9-bb.1" + branch: "4.0.4-bb.1" diff --git a/tests/test-values.yml b/tests/test-values.yml index f180ba22f089d4c494ebb1c963a5f6c06f31f7ca..071bdd1bb6e03b91ae67af62c95a5cbf0ecc9388 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -5,6 +5,7 @@ postgresql: install: true bbtests: + enabled: true cypress: artifacts: true envs: @@ -12,3 +13,6 @@ bbtests: cypress_mm_email: "test@bigbang.dev" cypress_mm_user: "bigbang" cypress_mm_password: "Bigbang#123" + +networkPolicies: + enabled: true