From f1e571465fa6c45729fd1a0de008efda4fd97bd1 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 13:28:15 -0600 Subject: [PATCH 01/14] initial run at networkpolicy --- chart/Chart.yaml | 2 +- chart/charts/.gitkeep | 0 chart/charts/bb-test-lib-0.4.0.tgz | Bin 2366 -> 0 bytes chart/charts/bb-test-lib-0.5.2.tgz | Bin 0 -> 2475 bytes chart/requirements.lock | 10 ++--- .../helm-test-network-policy.yaml | 26 +++++++++++ .../networkpolicies/monitoring-ingress.yaml | 18 ++++++++ .../networkpolicies/postgres-egress.yaml | 42 ++++++++++++++++++ .../networkpolicies/webui-ingress.yaml | 20 +++++++++ chart/values.yaml | 3 ++ 10 files changed, 115 insertions(+), 6 deletions(-) delete mode 100644 chart/charts/.gitkeep delete mode 100644 chart/charts/bb-test-lib-0.4.0.tgz create mode 100644 chart/charts/bb-test-lib-0.5.2.tgz create mode 100644 chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml create mode 100644 chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml create mode 100644 chart/templates/bigbang/networkpolicies/postgres-egress.yaml create mode 100644 chart/templates/bigbang/networkpolicies/webui-ingress.yaml diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 592e434..6a2bf83 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -19,5 +19,5 @@ maintainers: email: tsiddique@live.com dependencies: - name: bb-test-lib - version: "0.4.0" + version: "0.5.2" repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" diff --git a/chart/charts/.gitkeep b/chart/charts/.gitkeep deleted file mode 100644 index e69de29..0000000 diff --git a/chart/charts/bb-test-lib-0.4.0.tgz b/chart/charts/bb-test-lib-0.4.0.tgz deleted file mode 100644 index 75be43576bcc47b2ea027059ec8ce1b94b9f5dcf..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2366 zcmV-E3BmRsiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PH($Z`(N1{j6Uxj~Wz?pNg^*J2`mKJ@ne%UUAoM&@PHwEQ*4X z#u96a)RB~vH0k~J1NCCd?{?!Rdwb>wTPBA?&MSvAau9e1wedI${1*vThFsH>KiX^S zbUK~0Ua$D>bUO3jo$mR`qi(O$>!0*a&MjQ`^t5yO2s-=S#`2bHL)D|so!6Qt?!Tnb zjD0|*nG^#UpExwjCO^BRdqz4=ggR6#GezHX_#5&RLaQk-lnVZy2dD%Z)Q+Gj4xph> zj=9co0GtJis%vLlBkqtM={OHf`Jvg?w10zX#;HN=e+sWNg<6MF3|XAg>`q=`gZ+0q z{r;T&pP%=82m8N|c5~xFghM6}+=ecYN&&p71_V^23tzuFGcKd+jF^Z9@S=cwLo+8u zLnCVFzyT;-f_rlVq&!^S(iGwAS8o=*>i|$8q@mW!Xgd?YO^~NVCw?O3$Q?kjHJyhc zYP|^HT_TGU;|{>}`ff30Vd;xlPR73g^cD;ft|d*UB%tf zyYBO3*xSLNGYm_Y?*SVE`9OJ&ngl`N^2=>6AFCO=4Gf{muptd=j2hLLh4?%SWiHIy zg3GI!tZB7C<-FJZ2&FKT2~-uyUM0izA}l}wSW06YfWnw*qpnG$B}p0gtuGl$m3mU3 zAF$X9sEGZHWyqO8Z|ZH9bk&FEC=W0+e9$Ky(rK=Dk#l|_ISa1`@Ot=GnhS**MZKp> zsYXo1FPR#E-`Hy?)0B#6Q2q44^#dmSfa=7Z_Ics-$8Ggw*>AwZ$0fV5|z2_80KA$!EO{e5=+Zl?(8^K*>vu3c^Im6v6Wnq!G8{ zPo4l?Wl|Y<_0QM8e0uTo%U92i{(KC#x6Aq`_}A(7I*3^f-v)AC&nqzx;WzN2IacUU zAqt&Hqv7KZU=kFQ832YV@V9tnoEWM|{AD%12A+_bbtrDZhDT>T_;C#s3C?;A zlxzr>#=tnsAMb7yG{V-W0LXHN%eVGQ*A#)b-hYIOk@Pp?K zl}x=M$mJ?gj;+v!*@;UOVFqBII#3b!9mT&u`2HkcZGM^1 zS2L`!{LE>!OBY@-14lO#4_A+jCC^iQV-He2Jq^lJuX)Bz*^ye<3u=-<;iu>3*aIhG zYAJN%{MqDGw{@u%oK!1)DvGgQIjAvIXkJ;62}%^>K?A#@B1SkGJ%yt&44$oDr@`<> z=wLDqM4@rrFv$+B*6_``y-S#|GTkxRSU^J;h=uh$uSwJD$MpysS0S=%)~1@g zn6f!4>_J--YYmyw#;WL)7uE1;b}k24!qxSF-^AQ{?{{YL4k@aJ6b|XBySMfEA1fDq z=ZfHl{Le|RcRrv0>GsbL`Jek}oBWoht8@PEXYvtCQa~G$6Zf6|@%rv=K3np|iih=l zgytrZihU`zMMi(pgh_wGmv@rmPTa5yJrF-s&TVYs0nOM?O6Hj!z;CYmv5aSAu0kw& zCgHv=#>S|EvcI?uxKF{2(bzA}bn#u@K-`Zzb39-oVj})l#{Z?9zBB);WgkimlH)rZ zT1>Sd)==yKG&F5X{nB~x8ADSDd#U~I(Q0>+c@au%6LeT#G!xIQ4^ay1-3@-Cd-L(# zL%Zqk)>fSV+GTqtp}W{(p~PH%Z*_E+PU%Zp>2F!TkHS#Q~uxN z|4+|4XAAeg-pRrL-$&bE>ND9r@1DH>-Ci=NcK%TB7<4=Pe#v0_;(UYj+1h-S1Yghj zMxOq6R$_0@*VV%$l@a{^6||?tBB`LH2bh5N4-m;l(E-Cmg6nynyU_VA7lMfxj&927 zUkM?LP;*m>KLMZgMpEDw)uo1zzE5#!Nl~a4^wOeGJ-COW(9AjySQJ`E(msnq+n0P6 zq`rN{XCaXNegz+|5xA^--V`A&Ry({uaD3Q2B#*b|Ve|Rn&i@thUqSr7{t2|{|3Byb z`Tzg)PtQ7s`0qZN)k44RELVKEWSm3!Xf7rE`uxp5V4@{JMFcW8S#H22Xq{os4RL-+ zmokCYX8x)2gnr==pGj+j^Wm> zNONwW6|vC3@pOfZZ$NUg5lMA?wMq#!c4x6~R~>EIKe0h5i-lCUR~_4A|NYbX|Nor! zyNCSWy|l-0L5)ErG#Ck`@ZmB+0YT1qWCP=jh9erICeC9hY+L79CY8~k6XYCXE(1uZ z2@@vbr=XBi!^Q|1HA$nNipY5k0^`DXp_M5dvMY?>l9>el@0h^Pf?tCa#Z0>;$WQ@i z0*OOjzW?;zNQKU0cp=kN3i$BiJw!}ths4bI#b>#FhXh}gUwqabN$lH?`llWXe~Kue z;V92w$T(`JP4s2vv`IimPMet2K1;=7r~Pl|F?^tk$y~$hm#?%#G9~Sm&LJ#9>X+b3 kes;)MhcZI{cb)h-v_m_z|M~Wx00030|K~II!vH`405D9fX#fBK diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz new file mode 100644 index 0000000000000000000000000000000000000000..2045d9ca5f02c5d182a0b1654b9dc1838bd6caa4 GIT binary patch literal 2475 zcmV;c2~_qUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGv>lH0b?zxfnf`XX~G{J z6uRAR_sL+8|989H)&FkqqW`Ej=nnfA=lwyy|ESwL?_WH51l_|9qZu-7sCv}Bb6=~> z{ht6$**jF4Nil+1-=S$bf9;Xp6Vi1e)S+Uj$;+O?KaeL7T1|nmRPfI%Kqb(ib_7ju z1T}?n%yo(*;4Dy7T|2XiaF+~8-+5@xk6@v0{|1wkQ-j+7Exb+@Y8^^3W^qE(J9&jI z_TTFchb#7faWS|!+W&pP&5Z{Uj+sDkYq~&61@IOc5KxUSeEjGvxs0AOWg;5EvmEaS znmP#@8c{<>4nW}&+?yL9#p3dcCI}xtdduWp2Y?D84YgiI+m-XN(OXFLmYu+;tg`78gn-CVk?h|*_#{akiRpIntab?0Insb{gPGx%snMfbs;CX z1;Ipw!a(1Wu(N<7vX9R0Ga_fG6pK*16%8gro<%DSGs8GZP{rs%ho-6Ri0m}mrz>N7 zXk|UZ!J*y%t4s(~cMS>K{eQ1}-n&@!|L479{C6*~&D)e3U{antnZnt>meJ}eu$R}j zy|_Di*F&xh2U{3)iecgMJz!%X?d96^R zsK#_D)s%_&Ia4F>Yhw*%l28$i%2y9uKVZTSsGhisGA~@b+?G#P{02OnzlJIJT7}h6 z$$KqD(U(8RNv07~;H71G#T63)7heEgrBWGq@$Z*E{r2p~=P$lJ`Rgg%-Zqub>9^^28^*GR?}E9i=jAky;TQ0t z6;bF=AqqW_M#Hb)fSI6}w*W9yf%g)=j6bjxyuW-2UO0xiK`fdQLlucXY^GhK8B)_m z;udVE^ke|vwP2Cp$)HA(jiFR*h|$12>H<$}bc9XR;fwG52xq>?IA4qyb6Sv`un4Vtmsut6!75Duvi zC8NKiDy%VnI4vj#-=qMW1y<{RX%*Y22(OrdlbgBct7>MFX9@mb7g#--V^`~8ef6sg zB(eCfshNy&AHLSkE=Lhl8(P%Xr^CD5OJ*jU9d8sdyQ)zBuEuwrL_x%)96Cn+OcM^| z6i#aU*RS`N{aVpBo_FQA#FJ_x!zgBYW2MGWp?P6Z<|I+fMm6e+iWuQ!`W2kaVDxQ! zKQ)$X0hN{I$rMhOr988A7WK1S#{bEr!DaT=M?X|KDb(>)3l+6|Ve zVzpN|Lu&_xovnnMP39F=2TKcU+~ZVflL=yyn(I6|y!kzpa4(}Z+4SH1&zt@RWxksEI5N?*_b{XyyDQ-ORnhz|Xp$o*~dY)J3Y4c+{!P;(^ z?0axmHeNrqJIRe-TYu6SGo_84^@S|T>doS8Mre>~JK`q^w;KDMMZCu;Wo;IYCzN-D z_VYhGDf-SC;Vt=}{$Q|n{?{A!kLQ2)0o$CGrkis@ykx$u(|O$tRZx`YyFT|TaAP#~k29VB7duV&*S#ekFcC2kf2!dBRy5yR{$;lh zH4T#E8ys6o)kL&#>;Tj>ZAbmmS@0f1lTUV|{T|S2_nPxOj@TvQu)b(1m}`$ua_ij> zf3AD0!QDf<>E8`DtpCN8pTk`L*n0nCI2f$1|HCK8{NKI6ChIH|py~R@-n+Yk)D9RV z-=iMtipdfOf9M+~rTBKeVY2mcqsv}XihJA3uIo@c;zE_~vf*qtg4I3e*2jmo@iu7n z|A)E$vCaPvh8O2+`@cc&=>P8nwwU_T(Vllt-v4fwOv;fz)E$#v_t2M2cE6laV}1E< zMtR)dF8NwU;(%8ynlD+bT(eldXt8$HqINlA^@asNI7ws#f4+jVdWKReD7XVA;OrZS z}Cdg zo4`t%aF;~iim2OOKQYDU)uPq5=WW}9_57Ci2i_FaBcs!uWmtcH=+G~R4e@_2heLe{ zxb6GDi{a|`f5Y?P`7!>#53ma9pE=Do0GEt&C?3tFgrA@O@GqEa2~ZJ%%uJdYFcY+H zKjVftKTVhhL#H_gP^IWK$T66SLM)cF{0!PQF*41=Tf8z=Nl86-T17L2xl4gggxWBX zN9w0-O{`r)r$}I&I%j@qdrj`EZu6DHvI84^3#GG~7cT~4E0s)g*WIaHNyj?xDnu&BG8*&* zIft0b01|4#2@~;Gppa9;W(X-YlUg|yk@FY?#<}rACsjCRR~Qu$)SpfX{3!S}NRhX+ zLxL0)a3+vAs+={4W3i|Npq$HH!d5006#N?a literal 0 HcmV?d00001 diff --git a/chart/requirements.lock b/chart/requirements.lock index df6e03a..45f9781 100644 --- a/chart/requirements.lock +++ b/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: -- name: postgresql - repository: file://./deps/postgresql - version: 8.6.4 -digest: sha256:ee20a56a481163f172694703dccf40e88ca9f8a5a4b1637f8dce3361f592aed2 -generated: "2021-05-07T13:46:34.5689816-06:00" +- name: bb-test-lib + repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates + version: 0.5.2 +digest: sha256:6c39110f76dc0327492bfd243a76c074ca0f5f4127953c3a167a288c14850a05 +generated: "2021-05-24T12:12:36.0576423-06:00" diff --git a/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml new file mode 100644 index 0000000..1b10c76 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml @@ -0,0 +1,26 @@ +{{- $bbtests := .Values.bbtests | default dict -}} +{{- $cypress := $bbtests.cypress | default dict -}} +{{- $enabled := (hasKey $bbtests "enabled") -}} +{{- $artifacts := (hasKey $cypress "artifacts") -}} +{{- if and $enabled $artifacts }} +{{- if and .Values.networkPolicies.enabled .Values.bbtests.enabled .Values.bbtests.cypress.artifacts }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-test-egress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: + helm-test: enabled + policyTypes: + - Egress + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- end }} +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml b/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml new file mode 100644 index 0000000..14ebea1 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-scraping + namespace: {{ .Release.Namespace }} +spec: + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: monitoring + ports: + - port: {{ .Values.service.internalPort }} + protocol: TCP +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml new file mode 100644 index 0000000..268605f --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml @@ -0,0 +1,42 @@ +{{- if and .Values.networkPolicies.enabled (not .Values.postgresql.enabled) }} +# For external postgres server +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-postgresql-egress + namespace: {{ .Release.Namespace }} +spec: + policyTypes: + - Egress + egress: + - ports: + - protocol: TCP + port: {{ .Values.postgresql.service.port }} + # Need to figure out how to limit to hostname of postgresqlServer + to: + - ipBlock: + #cidr: {{ .Values.postgresql.postgresqlServer }}/32 + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- else if and .Values.networkPolicies.enabled .Values.postgresql.enabled }} +# For postgres deployed by chart +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-postgresql-egress + namespace: {{ .Release.Namespace }} +spec: + policyTypes: + - Egress + egress: + - ports: + - protocol: TCP + port: {{ .Values.postgresql.service.port }} + # Need to figure out how to limit to hostname of postgresqlServer + to: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: sonarqube +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml new file mode 100644 index 0000000..dd14000 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml @@ -0,0 +1,20 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-webui-ingress + namespace: {{ .Release.Namespace }} +spec: + policyTypes: + - Ingress + ingress: + - ports: + - protocol: TCP + port: {{ .Values.service.internalPort }} + from: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 +{{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 83a686e..1a2fd20 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -371,3 +371,6 @@ istio: - sonarqube.{{ .Values.hostname }} monitoring: enabled: false + +networkPolicies: + enabled: false \ No newline at end of file -- GitLab From e5463c87006b7306a51b9be1d0989acf53acc010 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 19:32:39 +0000 Subject: [PATCH 02/14] chart bump --- chart/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 6a2bf83..e555328 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -2,7 +2,7 @@ apiVersion: v1 appVersion: 8.7.1-community name: sonarqube description: SonarQube is an open sourced code quality scanning tool -version: 9.2.6-bb.9 +version: 9.2.6-bb.10 keywords: - coverage - security -- GitLab From 9b7c1125042bee94caaf997eed152fefc76fa126 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 19:34:23 +0000 Subject: [PATCH 03/14] Update CHANGELOG.md --- CHANGELOG.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4cd7390..ec31ad8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). --- +## [9.2.6-bb.10] - 2021-05-24 +### Added +- Adding network policies. + ## [9.2.6-bb.9] - 2021-05-10 ### Changed - Moved cypress testing to the new helm test structure. -- GitLab From 4c9d67bf023b4a9956a8eef8f616667d149735ba Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 13:43:07 -0600 Subject: [PATCH 04/14] default-deny-all --- .../bigbang/networkpolicies/default-deny-all.yaml | 12 ++++++++++++ .../bigbang/networkpolicies/monitoring-ingress.yaml | 1 + .../bigbang/networkpolicies/postgres-egress.yaml | 1 + .../bigbang/networkpolicies/webui-ingress.yaml | 1 + 4 files changed, 15 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/default-deny-all.yaml diff --git a/chart/templates/bigbang/networkpolicies/default-deny-all.yaml b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml new file mode 100644 index 0000000..e5454cc --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml @@ -0,0 +1,12 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-all + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml b/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml index 14ebea1..09bb738 100644 --- a/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml +++ b/chart/templates/bigbang/networkpolicies/monitoring-ingress.yaml @@ -5,6 +5,7 @@ metadata: name: allow-scraping namespace: {{ .Release.Namespace }} spec: + podSelector: {} policyTypes: - Ingress ingress: diff --git a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml index 268605f..5e742ed 100644 --- a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml @@ -28,6 +28,7 @@ metadata: name: allow-postgresql-egress namespace: {{ .Release.Namespace }} spec: + podSelector: {} policyTypes: - Egress egress: diff --git a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml index dd14000..eece4be 100644 --- a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml +++ b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml @@ -5,6 +5,7 @@ metadata: name: allow-webui-ingress namespace: {{ .Release.Namespace }} spec: + podSelector: {} policyTypes: - Ingress ingress: -- GitLab From 0dcfc7989dc094053ec1ddcd8ce06a2322eb75e1 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 13:55:33 -0600 Subject: [PATCH 05/14] more --- .../bigbang/networkpolicies/istio-allow.yaml | 31 +++++++++++++++++++ chart/values.yaml | 5 ++- tests/test-values.yml | 3 ++ 3 files changed, 38 insertions(+), 1 deletion(-) create mode 100644 chart/templates/bigbang/networkpolicies/istio-allow.yaml diff --git a/chart/templates/bigbang/networkpolicies/istio-allow.yaml b/chart/templates/bigbang/networkpolicies/istio-allow.yaml new file mode 100644 index 0000000..f50c45e --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/istio-allow.yaml @@ -0,0 +1,31 @@ +{{- if and .Values.networkPolicies.enabled .Values.istio.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-istio + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: istio-controlplane + - podSelector: + matchLabels: + {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} + ports: + - port: 8065 + protocol: TCP + egress: + - to: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: istio-controlplane + podSelector: + matchLabels: + istio: pilot +{{- end }} \ No newline at end of file diff --git a/chart/values.yaml b/chart/values.yaml index 1a2fd20..7bb5d87 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -373,4 +373,7 @@ monitoring: enabled: false networkPolicies: - enabled: false \ No newline at end of file + enabled: false + ingressLabels: + app: istio-ingressgateway + istio: ingressgateway \ No newline at end of file diff --git a/tests/test-values.yml b/tests/test-values.yml index ef111d1..b16ee60 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -6,3 +6,6 @@ bbtests: cypress_user: "admin" cypress_password: "admin" cypress_newpassword: "new_admin_password" + +networkPolicies: + enabled: true \ No newline at end of file -- GitLab From 04beffcb78d2a206d7d021bfea396d81249c4f4a Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 14:08:44 -0600 Subject: [PATCH 06/14] ns allow --- .../networkpolicies/namespace-allow.yaml | 18 +++++++++++++++++ .../networkpolicies/postgres-egress.yaml | 20 ------------------- 2 files changed, 18 insertions(+), 20 deletions(-) create mode 100644 chart/templates/bigbang/networkpolicies/namespace-allow.yaml diff --git a/chart/templates/bigbang/networkpolicies/namespace-allow.yaml b/chart/templates/bigbang/networkpolicies/namespace-allow.yaml new file mode 100644 index 0000000..495131c --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/namespace-allow.yaml @@ -0,0 +1,18 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-in-ns + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: + - from: + - podSelector: {} + egress: + - to: + - podSelector: {} +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml index 5e742ed..d1d9629 100644 --- a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml @@ -20,24 +20,4 @@ spec: # ONLY Block requests to AWS metadata IP except: - 169.254.169.254/32 -{{- else if and .Values.networkPolicies.enabled .Values.postgresql.enabled }} -# For postgres deployed by chart -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-postgresql-egress - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Egress - egress: - - ports: - - protocol: TCP - port: {{ .Values.postgresql.service.port }} - # Need to figure out how to limit to hostname of postgresqlServer - to: - - namespaceSelector: - matchLabels: - app.kubernetes.io/name: sonarqube {{- end }} \ No newline at end of file -- GitLab From 081b13b7ef8213f2fee0ea81e3646ba5660bd186 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 14:11:33 -0600 Subject: [PATCH 07/14] separate in and out --- .../networkpolicies/default-deny-egress.yaml | 15 +++++++++++++++ ...lt-deny-all.yaml => default-deny-ingress.yaml} | 3 +-- 2 files changed, 16 insertions(+), 2 deletions(-) create mode 100644 chart/templates/bigbang/networkpolicies/default-deny-egress.yaml rename chart/templates/bigbang/networkpolicies/{default-deny-all.yaml => default-deny-ingress.yaml} (80%) diff --git a/chart/templates/bigbang/networkpolicies/default-deny-egress.yaml b/chart/templates/bigbang/networkpolicies/default-deny-egress.yaml new file mode 100644 index 0000000..19093c7 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/default-deny-egress.yaml @@ -0,0 +1,15 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-external-egress + namespace: {{ .Release.Namespace }} +spec: + podSelector: + matchLabels: {} + policyTypes: + - Egress + egress: + - to: + - namespaceSelector: {} +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/default-deny-all.yaml b/chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml similarity index 80% rename from chart/templates/bigbang/networkpolicies/default-deny-all.yaml rename to chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml index e5454cc..956331f 100644 --- a/chart/templates/bigbang/networkpolicies/default-deny-all.yaml +++ b/chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml @@ -2,11 +2,10 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: default-deny-all + name: default-deny-ingress namespace: {{ .Release.Namespace }} spec: podSelector: {} policyTypes: - Ingress - - Egress {{- end }} \ No newline at end of file -- GitLab From 07156e22e7ea01d414c922b1be241cf4625b061b Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 14:21:12 -0600 Subject: [PATCH 08/14] bbtestenabled --- tests/test-values.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-values.yml b/tests/test-values.yml index b16ee60..f7c4d52 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -1,4 +1,5 @@ bbtests: + enabled: true cypress: artifacts: true envs: -- GitLab From 21c498be214fd5fac53f8d198d44eb26d03a18f7 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 24 May 2021 15:49:55 -0600 Subject: [PATCH 09/14] tested-external-postgres --- chart/templates/bigbang/networkpolicies/postgres-egress.yaml | 3 ++- chart/templates/bigbang/networkpolicies/webui-ingress.yaml | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml index d1d9629..0d9d932 100644 --- a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml @@ -6,6 +6,7 @@ metadata: name: allow-postgresql-egress namespace: {{ .Release.Namespace }} spec: + podSelector: {} policyTypes: - Egress egress: @@ -20,4 +21,4 @@ spec: # ONLY Block requests to AWS metadata IP except: - 169.254.169.254/32 -{{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml index eece4be..a61b9e9 100644 --- a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml +++ b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml @@ -11,11 +11,11 @@ spec: ingress: - ports: - protocol: TCP - port: {{ .Values.service.internalPort }} + port: {{ .Values.service.externalPort }} from: - ipBlock: cidr: 0.0.0.0/0 # ONLY Block requests to AWS metadata IP except: - 169.254.169.254/32 -{{- end }} \ No newline at end of file +{{- end }} \ No newline at end of file -- GitLab From 014a23de2b60438980622c3339ee1fe3384ccf0a Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Tue, 25 May 2021 11:32:41 -0600 Subject: [PATCH 10/14] address comments --- ...deny-egress.yaml => default-deny-all.yaml} | 6 +++--- .../networkpolicies/default-deny-ingress.yaml | 11 ---------- .../bigbang/networkpolicies/istio-allow.yaml | 2 +- .../networkpolicies/postgres-egress.yaml | 2 +- .../networkpolicies/webui-ingress.yaml | 21 ------------------- 5 files changed, 5 insertions(+), 37 deletions(-) rename chart/templates/bigbang/networkpolicies/{default-deny-egress.yaml => default-deny-all.yaml} (72%) delete mode 100644 chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml delete mode 100644 chart/templates/bigbang/networkpolicies/webui-ingress.yaml diff --git a/chart/templates/bigbang/networkpolicies/default-deny-egress.yaml b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml similarity index 72% rename from chart/templates/bigbang/networkpolicies/default-deny-egress.yaml rename to chart/templates/bigbang/networkpolicies/default-deny-all.yaml index 19093c7..6ee4c27 100644 --- a/chart/templates/bigbang/networkpolicies/default-deny-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml @@ -2,12 +2,12 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: default-deny-external-egress + name: default-deny-all namespace: {{ .Release.Namespace }} spec: - podSelector: - matchLabels: {} + podSelector: {} policyTypes: + - Ingress - Egress egress: - to: diff --git a/chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml b/chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml deleted file mode 100644 index 956331f..0000000 --- a/chart/templates/bigbang/networkpolicies/default-deny-ingress.yaml +++ /dev/null @@ -1,11 +0,0 @@ -{{- if .Values.networkPolicies.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: default-deny-ingress - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Ingress -{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/istio-allow.yaml b/chart/templates/bigbang/networkpolicies/istio-allow.yaml index f50c45e..2da1573 100644 --- a/chart/templates/bigbang/networkpolicies/istio-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/istio-allow.yaml @@ -18,7 +18,7 @@ spec: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} ports: - - port: 8065 + - port: {{ .Values.service.externalPort }} protocol: TCP egress: - to: diff --git a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml index 0d9d932..bb1abad 100644 --- a/chart/templates/bigbang/networkpolicies/postgres-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/postgres-egress.yaml @@ -13,9 +13,9 @@ spec: - ports: - protocol: TCP port: {{ .Values.postgresql.service.port }} - # Need to figure out how to limit to hostname of postgresqlServer to: - ipBlock: + # This should be replaced with the IP of postgresql.postgresqlServer #cidr: {{ .Values.postgresql.postgresqlServer }}/32 cidr: 0.0.0.0/0 # ONLY Block requests to AWS metadata IP diff --git a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml b/chart/templates/bigbang/networkpolicies/webui-ingress.yaml deleted file mode 100644 index a61b9e9..0000000 --- a/chart/templates/bigbang/networkpolicies/webui-ingress.yaml +++ /dev/null @@ -1,21 +0,0 @@ -{{- if .Values.networkPolicies.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-webui-ingress - namespace: {{ .Release.Namespace }} -spec: - podSelector: {} - policyTypes: - - Ingress - ingress: - - ports: - - protocol: TCP - port: {{ .Values.service.externalPort }} - from: - - ipBlock: - cidr: 0.0.0.0/0 - # ONLY Block requests to AWS metadata IP - except: - - 169.254.169.254/32 -{{- end }} \ No newline at end of file -- GitLab From 38d2ffbaa75612fee395c09833270d6043d14414 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Tue, 25 May 2021 12:35:11 -0600 Subject: [PATCH 11/14] istio-all-fix --- .../helm-test-network-policy.yaml | 2 +- .../bigbang/networkpolicies/istio-allow.yaml | 8 ++---- tests/test-values.yml | 28 +++++++++++++++++-- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml index 1b10c76..fd3d356 100644 --- a/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml +++ b/chart/templates/bigbang/networkpolicies/helm-test-network-policy.yaml @@ -7,7 +7,7 @@ apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-test-egress + name: allow-helm-test-egress namespace: {{ .Release.Namespace }} spec: podSelector: diff --git a/chart/templates/bigbang/networkpolicies/istio-allow.yaml b/chart/templates/bigbang/networkpolicies/istio-allow.yaml index 2da1573..9d9b7a1 100644 --- a/chart/templates/bigbang/networkpolicies/istio-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/istio-allow.yaml @@ -12,9 +12,8 @@ spec: ingress: - from: - namespaceSelector: - matchLabels: - app.kubernetes.io/name: istio-controlplane - - podSelector: + matchLabels: {} + podSelector: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} ports: @@ -23,8 +22,7 @@ spec: egress: - to: - namespaceSelector: - matchLabels: - app.kubernetes.io/name: istio-controlplane + matchLabels: {} podSelector: matchLabels: istio: pilot diff --git a/tests/test-values.yml b/tests/test-values.yml index f7c4d52..dd885a3 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -7,6 +7,30 @@ bbtests: cypress_user: "admin" cypress_password: "admin" cypress_newpassword: "new_admin_password" - +istio: + enabled: true +monitoring: + enabled: false networkPolicies: - enabled: true \ No newline at end of file + enabled: true +initSysctl: + enabled: true +postgresql: + enabled: false + postgresqlServer: "postgres-postgresql-headless.postgres.svc.cluster.local" + postgresqlUsername: "sonarqube" + postgresqlPassword: "sonarqube" + postgresqlDatabase: "sonarqube" + service: + port: 5432 +sonarProperties: + sonar.auth.saml.enabled: true + sonar.core.serverBaseURL: https://sonarqube.bigbang.dev + sonar.auth.saml.applicationId: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube + sonar.auth.saml.providerName: "P1 SSO" + sonar.auth.saml.providerId: https://login.dso.mil/auth/realms/baby-yoda + sonar.auth.saml.loginUrl: https://login.dso.mil/auth/realms/baby-yoda/protocol/saml + sonar.auth.saml.certificate.secured: "MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=" + sonar.auth.saml.user.login: login + sonar.auth.saml.user.name: "name" + sonar.auth.saml.user.email: "email" \ No newline at end of file -- GitLab From cce933adc1d43f987a706357f0827653ddadd033 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Tue, 25 May 2021 12:37:33 -0600 Subject: [PATCH 12/14] removing test values --- tests/test-values.yml | 27 +-------------------------- 1 file changed, 1 insertion(+), 26 deletions(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index dd885a3..e5e7fa6 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -7,30 +7,5 @@ bbtests: cypress_user: "admin" cypress_password: "admin" cypress_newpassword: "new_admin_password" -istio: - enabled: true -monitoring: - enabled: false networkPolicies: - enabled: true -initSysctl: - enabled: true -postgresql: - enabled: false - postgresqlServer: "postgres-postgresql-headless.postgres.svc.cluster.local" - postgresqlUsername: "sonarqube" - postgresqlPassword: "sonarqube" - postgresqlDatabase: "sonarqube" - service: - port: 5432 -sonarProperties: - sonar.auth.saml.enabled: true - sonar.core.serverBaseURL: https://sonarqube.bigbang.dev - sonar.auth.saml.applicationId: platform1_a8604cc9-f5e9-4656-802d-d05624370245_bb8-saml-sonarqube - sonar.auth.saml.providerName: "P1 SSO" - sonar.auth.saml.providerId: https://login.dso.mil/auth/realms/baby-yoda - sonar.auth.saml.loginUrl: https://login.dso.mil/auth/realms/baby-yoda/protocol/saml - sonar.auth.saml.certificate.secured: "MIICoTCCAYkCBgFyLIEqUjANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjAwNTE5MTAzNDIyWhcNMzAwNTE5MTAzNjAyWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCGIwvWSPD6zDbkGBpkjUDJ+BwJEE8ko8T7DC22prs03Gm2v/lEIEa4leoPKjenW+NxtvwqN0qdcjuRZ6vxvY/P9E/Wb9Bw+so7FKW6TsZkXwBGxzoU8ZvNiCLyjxwFVKxqaXodnOk3dmcfgMVnbuJ8z5SX8/IzFnZrB6iEhqLNen6uAXtGqlq/k1dTCZxLIfws/3Y1Ui4WUPcdhMMaixVt8D+78fblnhcIYpb+8sNM2uXw9wDceoigP681q/Kx3ECr8o3DuIstzQouyMVhJ0kv/ngftC5uwZHQDIissu6sluoC2+20YkrfyTldhYojBga27qKInCNJvtS2idV0+HxXAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAIVkoDYkM6ryBcuchdAL5OmyKbmmY4WDrMlatfa3uniK5jvFXrmVaJ3rcu0apdY/NhBeLSOLFVlC5w1QroGUhWm0EjAA4zyuU63Pk0sro0vyHrxztBrGPQrGXI3kjXEssaehZZvYP4b9VtYpus6oGP6bTmaDw94Zu+WrDsWdFs+27VEYwBuU0D6E+ENDGlfR+9ADEW53t6H2M3H0VsOtbArEutYgb4gmQcOIBygC7L1tGJ4IqbnhTYLh9DMKNklU+tq8TMHacps9FxELpeAib3O0J0E5zYXdraQobCCe+ao1Y7sA/wqcGQBCVuoFgty7Y37nNL7LMvygcafgqVDqw5U=" - sonar.auth.saml.user.login: login - sonar.auth.saml.user.name: "name" - sonar.auth.saml.user.email: "email" \ No newline at end of file + enabled: true \ No newline at end of file -- GitLab From 1a3bde3e87c49b8c7b88ea4e3d356bdca88accf3 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Tue, 25 May 2021 12:57:22 -0600 Subject: [PATCH 13/14] micah wins --- chart/templates/bigbang/networkpolicies/istio-allow.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/istio-allow.yaml b/chart/templates/bigbang/networkpolicies/istio-allow.yaml index 9d9b7a1..3bbc079 100644 --- a/chart/templates/bigbang/networkpolicies/istio-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/istio-allow.yaml @@ -12,7 +12,8 @@ spec: ingress: - from: - namespaceSelector: - matchLabels: {} + matchLabels: + app.kubernetes.io/name: istio-controlplane podSelector: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} @@ -22,7 +23,8 @@ spec: egress: - to: - namespaceSelector: - matchLabels: {} + matchLabels: + app.kubernetes.io/name: istio-controlplane podSelector: matchLabels: istio: pilot -- GitLab From 1d6f6e8f1ceff1b1e311ee91384116cebe725c3c Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Tue, 25 May 2021 13:12:20 -0600 Subject: [PATCH 14/14] gluon --- chart/Chart.yaml | 6 +++--- chart/charts/bb-test-lib-0.5.2.tgz | Bin 2475 -> 0 bytes chart/charts/gluon-0.1.1.tgz | Bin 0 -> 2691 bytes chart/requirements.lock | 10 +++++----- .../templates/tests/sonarqube-cypress-test.yaml | 4 ++-- 5 files changed, 10 insertions(+), 10 deletions(-) delete mode 100644 chart/charts/bb-test-lib-0.5.2.tgz create mode 100644 chart/charts/gluon-0.1.1.tgz diff --git a/chart/Chart.yaml b/chart/Chart.yaml index e555328..515f121 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -18,6 +18,6 @@ maintainers: - name: tsiddique email: tsiddique@live.com dependencies: - - name: bb-test-lib - version: "0.5.2" - repository: "oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates" + - name: gluon + version: "0.1.1" + repository: "oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon" diff --git a/chart/charts/bb-test-lib-0.5.2.tgz b/chart/charts/bb-test-lib-0.5.2.tgz deleted file mode 100644 index 2045d9ca5f02c5d182a0b1654b9dc1838bd6caa4..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 2475 zcmV;c2~_qUiwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGv>lH0b?zxfnf`XX~G{J z6uRAR_sL+8|989H)&FkqqW`Ej=nnfA=lwyy|ESwL?_WH51l_|9qZu-7sCv}Bb6=~> z{ht6$**jF4Nil+1-=S$bf9;Xp6Vi1e)S+Uj$;+O?KaeL7T1|nmRPfI%Kqb(ib_7ju z1T}?n%yo(*;4Dy7T|2XiaF+~8-+5@xk6@v0{|1wkQ-j+7Exb+@Y8^^3W^qE(J9&jI z_TTFchb#7faWS|!+W&pP&5Z{Uj+sDkYq~&61@IOc5KxUSeEjGvxs0AOWg;5EvmEaS znmP#@8c{<>4nW}&+?yL9#p3dcCI}xtdduWp2Y?D84YgiI+m-XN(OXFLmYu+;tg`78gn-CVk?h|*_#{akiRpIntab?0Insb{gPGx%snMfbs;CX z1;Ipw!a(1Wu(N<7vX9R0Ga_fG6pK*16%8gro<%DSGs8GZP{rs%ho-6Ri0m}mrz>N7 zXk|UZ!J*y%t4s(~cMS>K{eQ1}-n&@!|L479{C6*~&D)e3U{antnZnt>meJ}eu$R}j zy|_Di*F&xh2U{3)iecgMJz!%X?d96^R zsK#_D)s%_&Ia4F>Yhw*%l28$i%2y9uKVZTSsGhisGA~@b+?G#P{02OnzlJIJT7}h6 z$$KqD(U(8RNv07~;H71G#T63)7heEgrBWGq@$Z*E{r2p~=P$lJ`Rgg%-Zqub>9^^28^*GR?}E9i=jAky;TQ0t z6;bF=AqqW_M#Hb)fSI6}w*W9yf%g)=j6bjxyuW-2UO0xiK`fdQLlucXY^GhK8B)_m z;udVE^ke|vwP2Cp$)HA(jiFR*h|$12>H<$}bc9XR;fwG52xq>?IA4qyb6Sv`un4Vtmsut6!75Duvi zC8NKiDy%VnI4vj#-=qMW1y<{RX%*Y22(OrdlbgBct7>MFX9@mb7g#--V^`~8ef6sg zB(eCfshNy&AHLSkE=Lhl8(P%Xr^CD5OJ*jU9d8sdyQ)zBuEuwrL_x%)96Cn+OcM^| z6i#aU*RS`N{aVpBo_FQA#FJ_x!zgBYW2MGWp?P6Z<|I+fMm6e+iWuQ!`W2kaVDxQ! zKQ)$X0hN{I$rMhOr988A7WK1S#{bEr!DaT=M?X|KDb(>)3l+6|Ve zVzpN|Lu&_xovnnMP39F=2TKcU+~ZVflL=yyn(I6|y!kzpa4(}Z+4SH1&zt@RWxksEI5N?*_b{XyyDQ-ORnhz|Xp$o*~dY)J3Y4c+{!P;(^ z?0axmHeNrqJIRe-TYu6SGo_84^@S|T>doS8Mre>~JK`q^w;KDMMZCu;Wo;IYCzN-D z_VYhGDf-SC;Vt=}{$Q|n{?{A!kLQ2)0o$CGrkis@ykx$u(|O$tRZx`YyFT|TaAP#~k29VB7duV&*S#ekFcC2kf2!dBRy5yR{$;lh zH4T#E8ys6o)kL&#>;Tj>ZAbmmS@0f1lTUV|{T|S2_nPxOj@TvQu)b(1m}`$ua_ij> zf3AD0!QDf<>E8`DtpCN8pTk`L*n0nCI2f$1|HCK8{NKI6ChIH|py~R@-n+Yk)D9RV z-=iMtipdfOf9M+~rTBKeVY2mcqsv}XihJA3uIo@c;zE_~vf*qtg4I3e*2jmo@iu7n z|A)E$vCaPvh8O2+`@cc&=>P8nwwU_T(Vllt-v4fwOv;fz)E$#v_t2M2cE6laV}1E< zMtR)dF8NwU;(%8ynlD+bT(eldXt8$HqINlA^@asNI7ws#f4+jVdWKReD7XVA;OrZS z}Cdg zo4`t%aF;~iim2OOKQYDU)uPq5=WW}9_57Ci2i_FaBcs!uWmtcH=+G~R4e@_2heLe{ zxb6GDi{a|`f5Y?P`7!>#53ma9pE=Do0GEt&C?3tFgrA@O@GqEa2~ZJ%%uJdYFcY+H zKjVftKTVhhL#H_gP^IWK$T66SLM)cF{0!PQF*41=Tf8z=Nl86-T17L2xl4gggxWBX zN9w0-O{`r)r$}I&I%j@qdrj`EZu6DHvI84^3#GG~7cT~4E0s)g*WIaHNyj?xDnu&BG8*&* zIft0b01|4#2@~;Gppa9;W(X-YlUg|yk@FY?#<}rACsjCRR~Qu$)SpfX{3!S}NRhX+ zLxL0)a3+vAs+={4W3i|Npq$HH!d5006#N?a diff --git a/chart/charts/gluon-0.1.1.tgz b/chart/charts/gluon-0.1.1.tgz new file mode 100644 index 0000000000000000000000000000000000000000..b4a4878dae126348cdee9d80977a15121ba59f9f GIT binary patch literal 2691 zcmV-}3Vih+iwG0|00000|0w_~VMtOiV@ORlOnEsqVl!4SWK%V1T2nbTPgYhoO;>Dc zVQyr3R8em|NM&qo0PGuUbK5pDpZP2H7*A^ZN>EZPyQfZjlP0-dX4*89bTZfJWHKPR zq7Z`s4*=yjPVTqgfDehHNIh)D&gFy;76~jC*e9`zb<8s<{Kpfj47sEUzxNqhuh;9H zo}A>ry zs{zSnpP-5nE*R%fJems$e?0p27no@YP!WO5Oqv-m69k1i4)Fa2srx=++D22iIrs^rNgY_!KGz2+CrC5X-4kOft32I%_(W)r{)d+`L zW-7!Z=h*-B$+1L6IA#LDZBpt&32r{!RN20?(i} z+J75frV6zVr5Lj~q3QLV!W#SUKRg{S+W(+89Gvd$|2EpPY2@N3rS!eI_^n;djD?MX zyv_}p1VKKddxW5%0mob+7mgc!=bVXX1dsDIex<3CprH{pbmRaOhYR=W3P^E0eQu5X z(!1ac1KCW4W zAytHF!z5wSXW|`(W(4k-a*Y;<(*Sw7p2e2i%?L_jO9FICLmYu6;w5sV8gnx8Zp)8~ z*sCizB>!L>HTjv#0Nla|OH%z~_lP{w1)ty}2wH5gev|UtB@_<(g^Ze>d@IjwmvA@qkh}EmJ9F+j#jtSO zU7y0Pv5K(^Fj94a5vmLu)6nQn2z;MPRV}JfO<9PK!cb zQzlTAT=7aVuauytEvtIKza&Sml=Ex8OV` z@APIfX8228s|_7i`m8bmo);*2p;19NQ8GdByb02X+wlhv%GvPrU(bGj`}nsfPk%W0 z`w@Kn*w$ZLVU>-ohFP?=&0rVJsV2x$%^*etvqOg!XqV@L$_^@w59Y#Nk~7TkN669O z^_Hk195ZJbcc_qF7dLpGja$7j<5=l|-(c&^SzNF47NtCQt4%o<_PSsdI#h^4Po&YX zY@z^$D)64cH}MCSg7>#?zzfGS_SGg6LlucXbYow@8d9?g$;Uj=ae4wju7D!J>B$1p z8!2*~537~=hU(nKk_Dx{p<368sjK$J%v{(^yW&h)gz_3XQ_O2umtw3_Qx>PTD9HlA zZuO%i_p_=-3;Da$ijssjg;>S7g)Q9B6XJVj;NWWZHJp#lR+&nkCHSj7;_11A4@41D9W!btq)oi_=DylOUNAH1_SI3u?1_Z(*EPDAIcZW3 zhh=({9Kk^?QSx1L!3Nhi=~_qgrWCI~^P`w{ANMte3e8gsGDC@CI;vq;RKy4e=ikD? z6h=R+UZ+NK?MQEVd2kK~i(JlgIrH&p&f|Y)(%>R_OMEMKv<*piH|07VGVS-)EV@O9 zLT#urRkZLNr)ceCVQWHL1Gv5HDt4@t;LVcdHR;Tj>ZA1OiS?~@+lMB1mes^fKTgf~>{cLhhvc72HguD7wm0Rz2@H5?Oo_+7yO@Fr5 z{rxWrfp<{;wYL82^x;zd*Ta*+{`-F$t;;$K>0hh-i`oFB5f&BbmP6g;V69^&$x{Qn zDj{2-?yIgKE7^Cm3bIYy`I5ryKH#^C)e&}A`gPNsz>>CIFW_#sp3P$J+x_aS^Zz?2 z|61q&PtS(^rTDLZviJYD(bkyrLe|v#0=)mt3eZZb?yCN*-`jNo+U8YRHPRQ0vdUYQ z)ts+g1nsc4s=d0ZQD3!KVYO6awTmjNT20h)an;h@?iWyuRMI=EEUMF7)#hwOcTw53 zTs~BAWR9w(;AfY2-X%#D4P=w8kEMb_Nr4GC{vIOPC^VQc>fovX{M3#KiW@w`M26ot zMjFKh0O2H&5&ZT29BBgp!-)jf^E|h8;AJKR6Y+dHA*3C$1qJcjSB<2=Hqopu6sWm` zP3i=8ed)iQ-Z!sbmvy$j@8;+=@BDAKIHLMYZc-dkx#usdIHKjcv)X8DQA0JjgQA9o zb?&gJVHHWcENa-MWTC~-x2afIik8>u_-1}!J0Gyx{=3O(z|Xf|W9{nK4U03b#gc}} zZ*A_4l8#M^GPa=on&lW?Es9jZqWlKIH%5 zud}pp&3b~IL(F9W2{qw_iTGPk$f;pdgp`^|t)Gg>xeo&4Jd}pRRNo!X zo8XrqMLyGR2~t$RnLy%@C$HYVGE$*)A0Epjkpf;negzRz+95GBe*U-EzC(f!%Fq8+ z9h2C%f2vnK75*GiK*RGag)!r(onxXeQs_vDi8Ok8>YhQ^jPa;n|a? x+99cuHf(nYi;(&SxRUQ2GS#7s(EoaGjrMKd_U&tE{|x{D|Nn#y-Ua|n0063gS|tDg literal 0 HcmV?d00001 diff --git a/chart/requirements.lock b/chart/requirements.lock index 45f9781..f7b92aa 100644 --- a/chart/requirements.lock +++ b/chart/requirements.lock @@ -1,6 +1,6 @@ dependencies: -- name: bb-test-lib - repository: oci://registry.dso.mil/platform-one/big-bang/pipeline-templates/pipeline-templates - version: 0.5.2 -digest: sha256:6c39110f76dc0327492bfd243a76c074ca0f5f4127953c3a167a288c14850a05 -generated: "2021-05-24T12:12:36.0576423-06:00" +- name: gluon + repository: oci://registry.dso.mil/platform-one/big-bang/apps/library-charts/gluon + version: 0.1.1 +digest: sha256:cf1107c00a11cde8074a39624643312fe85ee11250bb7d9380e3787bde0af0f7 +generated: "2021-05-25T13:09:48.372995-06:00" diff --git a/chart/templates/tests/sonarqube-cypress-test.yaml b/chart/templates/tests/sonarqube-cypress-test.yaml index cdc9635..6ccb206 100644 --- a/chart/templates/tests/sonarqube-cypress-test.yaml +++ b/chart/templates/tests/sonarqube-cypress-test.yaml @@ -1,4 +1,4 @@ -{{- include "bb-test-lib.cypress-configmap.overrides" (list . "sonarqube-test.cypress-configmap") }} +{{- include "gluon.tests.cypress-configmap.overrides" (list . "sonarqube-test.cypress-configmap") }} {{- define "sonarqube-test.cypress-configmap" }} metadata: labels: @@ -8,7 +8,7 @@ metadata: app.kubernetes.io/part-of: sonarqube {{- end }} --- -{{- include "bb-test-lib.cypress-runner.overrides" (list . "sonarqube-test.cypress-runner") -}} +{{- include "gluon.tests.cypress-runner.overrides" (list . "sonarqube-test.cypress-runner") -}} {{- define "sonarqube-test.cypress-runner" -}} metadata: labels: -- GitLab