diff --git a/Makefile b/Makefile index 3920e514..b1a03d77 100755 --- a/Makefile +++ b/Makefile @@ -1,9 +1,5 @@ # The version of Big Bang to use. -BIGBANG_VERSION := 1.50.0 - -# The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to -# the build folder. -ZARF_VERSION := v0.21.3 +BIGBANG_VERSION := 1.51.0 # Figure out which Zarf binary we should use based on the operating system we are on ZARF_BIN := zarf @@ -30,4 +26,4 @@ mkdir: build: mkdir ## Build the Big Bang Zarf Package @echo "Creating the deploy package" @$(ZARF_BIN) package create --skip-sbom --set BIGBANG_VERSION=$(BIGBANG_VERSION) --confirm - @mv zarf-package-big-bang-amd64.tar.zst build/zarf-package-big-bang-amd64.tar.zst + @mv zarf-package-big-bang-amd64-$(BIGBANG_VERSION).tar.zst build/zarf-package-big-bang-amd64.tar.zst diff --git a/README.md b/README.md index dcf329db..1416903d 100644 --- a/README.md +++ b/README.md @@ -1,8 +1,8 @@ # zarf-package-big-bang -Pre-built Zarf Package of Big Bang core. The current version of Big Bang supported is 1.50.0 +Pre-built Zarf Package of Big Bang core. The current version of Big Bang supported is 1.51.0 ## Prerequisites -- Zarf is installed. Current version used is: [v0.21.3](https://github.com/defenseunicorns/zarf/releases/tag/v0.21.3) +- Zarf is installed. Current version used is: [v0.23.5](https://github.com/defenseunicorns/zarf/releases/tag/v0.23.5) - Optional: A working Kubernetes cluster. e.g KinD, k3d, k3s, etc. If necessary, Zarf can be used to deploy a built-in k3s distribution. ## Build the package @@ -12,7 +12,7 @@ $ make build ... $ ls -l build/ total 2499764 --rw-r--r--. 1 user user 2559751131 Oct 12 08:24 zarf-package-big-bang-amd64.tar.zst +-rw-r--r--. 1 user user 2559751131 Jan 23 08:24 zarf-package-big-bang-amd64.tar.zst $ ``` @@ -30,27 +30,27 @@ zarf package deploy ~/Downloads/zarf-init-amd64.tar.zst --components k3s,git-ser 2. Deploy the Big Bang package created in the Build step above: ``` -zarf package deploy ./build/zarf-package-big-bang-amd64.tar.zst --confirm +zarf package deploy ./build/zarf-package-big-bang-amd64.tar.zst --components keycloak,authsvc --confirm ``` Check whether the deployement succeeded. If the deployment is successful, then you should see this message from the HelmRelease resource in the cluster. ``` $ kubectl get helmrelease -A -bigbang bigbang 72m True Release reconciliation succeeded -bigbang cluster-auditor 71m True Release reconciliation succeeded -bigbang gatekeeper 71m True Release reconciliation succeeded -bigbang istio 71m True Release reconciliation succeeded -bigbang istio-operator 71m True Release reconciliation succeeded -bigbang jaeger 71m True Release reconciliation succeeded -bigbang keycloak 71m True Release reconciliation succeeded -bigbang kiali 71m True Release reconciliation succeeded -bigbang loki 71m True Release reconciliation succeeded -bigbang metrics-server 71m True Release reconciliation succeeded -bigbang minio 71m True Release reconciliation succeeded -bigbang minio-operator 71m True Release reconciliation succeeded -bigbang monitoring 71m True Release reconciliation succeeded -bigbang promtail 71m True Release reconciliation succeeded +NAMESPACE NAME AGE READY STATUS +bigbang authservice 9m16s True Release reconciliation succeeded +bigbang bigbang 9m28s True Release reconciliation succeeded +bigbang istio 9m16s True Release reconciliation succeeded +bigbang istio-operator 9m16s True Release reconciliation succeeded +bigbang jaeger 9m16s True Release reconciliation succeeded +bigbang keycloak 9m16s True Release reconciliation succeeded +bigbang kiali 9m16s True Release reconciliation succeeded +bigbang kyverno 9m16s True Release reconciliation succeeded +bigbang loki 9m16s True Release reconciliation succeeded +bigbang minio 9m16s True Release reconciliation succeeded +bigbang minio-operator 9m16s True Release reconciliation succeeded +bigbang monitoring 9m16s True Release reconciliation succeeded +bigbang promtail 9m16s True Release reconciliation succeeded ``` ## Day 2. diff --git a/day2/Makefile b/day2/Makefile index 9f99cdbc..5c8db25f 100644 --- a/day2/Makefile +++ b/day2/Makefile @@ -1,5 +1,5 @@ # The version of Big Bang to use. -BIGBANG_VERSION := 1.50.0 +BIGBANG_VERSION := 1.51.0 ZARF_BIN := zarf diff --git a/kustomizations/kustomization.yaml b/kustomizations/kustomization.yaml index 198b66a3..9c2f35e5 100644 --- a/kustomizations/kustomization.yaml +++ b/kustomizations/kustomization.yaml @@ -1,5 +1,5 @@ -resources: - - git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=tags/1.50.0 +bases: + - git::https://repo1.dso.mil/big-bang/bigbang.git/base?ref=tags/1.51.0 configMapGenerator: - name: common diff --git a/kustomizations/podinfo/base/gitrepository.yaml b/kustomizations/podinfo/base/gitrepository.yaml index 7fcb24eb..e6f77c8e 100644 --- a/kustomizations/podinfo/base/gitrepository.yaml +++ b/kustomizations/podinfo/base/gitrepository.yaml @@ -5,8 +5,8 @@ metadata: namespace: podinfo spec: interval: 5m - url: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__sandbox__podinfo.git + url: https://repo1.dso.mil/big-bang/apps/sandbox/podinfo.git ref: - tag: 6.0.0-bb.5 + tag: 6.0.0-bb.7 secretRef: name: private-git-server diff --git a/kustomizations/podinfo/files/values.yaml b/kustomizations/podinfo/files/values.yaml index 4b58190d..09e109bd 100644 --- a/kustomizations/podinfo/files/values.yaml +++ b/kustomizations/podinfo/files/values.yaml @@ -1,2 +1,5 @@ istio: enabled: true +image: + repository: ghcr.io/stefanprodan/podinfo + tag: 6.0.0 diff --git a/kustomizations/values.yaml b/kustomizations/values.yaml index 1f8ed766..afb98ea1 100644 --- a/kustomizations/values.yaml +++ b/kustomizations/values.yaml @@ -17,8 +17,6 @@ networkPolicies: istio: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__istio-controlplane.git keycloak: enabled: true ingressGateways: @@ -162,8 +160,6 @@ istio: istiooperator: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__istio-operator.git values: operator: resources: @@ -176,8 +172,6 @@ istiooperator: jaeger: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__jaeger.git values: istio: mtls: @@ -210,8 +204,6 @@ jaeger: kiali: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__kiali.git values: istio: mtls: @@ -236,8 +228,6 @@ kiali: clusterAuditor: enabled: false - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__cluster-auditor.git values: istio: mtls: @@ -264,8 +254,6 @@ fluentbit: loki: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__sandbox__loki.git strategy: "scalable" objectStorage: endpoint: minio.minio.svc.cluster.local @@ -289,8 +277,6 @@ loki: promtail: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__sandbox__promtail.git values: istio: mtls: @@ -305,8 +291,6 @@ promtail: monitoring: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__monitoring.git values: istio: mtls: @@ -417,8 +401,6 @@ twistlock: kyverno: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__sandbox__kyverno.git sso: oidc: @@ -478,8 +460,6 @@ addons: minioOperator: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__application-utilities__minio-operator.git values: operator: resources: @@ -497,8 +477,6 @@ addons: minio: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__application-utilities__minio.git values: istio: mtls: @@ -551,111 +529,137 @@ addons: # neuvector: # enabled: true - # git: - # repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__sandbox__neuvector.git + # git: + # repo: https://repo1.dso.mil/big-bang/apps/sandbox/neuvector.git keycloak: enabled: true - git: - repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__security-tools__keycloak.git ingress: gateway: "passthrough" + key: | + -----BEGIN PRIVATE KEY----- + MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbI4SyUc4dXDvtm/x + PxxrC7qjmb2Kxit/ZphilhOoUF+hRANCAARBXS6lFbqcDFR5VUzihkUshJ7yX2s7 + cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2B0ZLcVa4kMkw + -----END PRIVATE KEY----- + cert: | + -----BEGIN CERTIFICATE----- + MIIEUzCCAzugAwIBAgISBHoCz33seokZ+hWF+OfiTMqlMA0GCSqGSIb3DQEBCwUA + MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD + EwJSMzAeFw0yMjExMjgwMjA3MzBaFw0yMzAyMjYwMjA3MjlaMBgxFjAUBgNVBAMM + DSouYmlnYmFuZy5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBXS6lFbqc + DFR5VUzihkUshJ7yX2s7cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2 + B0ZLcVa4kMkwo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG + AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZLuU4qIJi + qr/SY+/C7ifK344D4zAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV + BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y + ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP + gg0qLmJpZ2JhbmcuZGV2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T + AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB + AgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAtz77JN+cTbp18jnFulj0bF38Qs96nzXE + nh0JgSXttJkAAAGEvDQ68gAABAMARjBEAiB1/FhMAr6tarPIBlGR9ZiL/WBB6idj + yQeNNiGzaz/VcAIgBLdpCxIC+YJ9ASx+6sh4C20P90EsHbjbKX2VXTZiCMgAdQB6 + MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYS8NDsDAAAEAwBGMEQC + IGXii83fe7DSKjK/ySAxHki4A8OBittl2xHFHMwlMMctAiA2offWzUhaozyClcz8 + fhlQKYsJTfZbEwyEqqhHwyFnRTANBgkqhkiG9w0BAQsFAAOCAQEAuPfgvelt/5FX + 7ZVkuKWDMdfK/7+mEUk6NFKXgMALC4AY+mFn9FbdwNGcK1kCF1Iri45T/LFwKlOt + oZSz3zokzSqboAh7Fbz+ZLWEm+/rcjDtNC741nCfhRALQ3zTXTQ/eko8/KpMbrpJ + P9TwblH78XI3CDDl8dxTmKslpfENLUYfkK1dCKUtxykB8uXQ3AjbeKCN8MUPMDIs + SShD69vtzjpFIIK44dExBWkDAHZFiG/if3yutAciuipBkacbJMx8/V7BUZbqPaHe + IMw7np50bsAZWrIsN5rQfj0nZQWbgk3BpRqtswqpPMmhxFNq0d3uW+HVPTRRmUt8 + bCov2UvY8g== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw + TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh + cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw + WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg + RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP + R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx + sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm + NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg + Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG + /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC + AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB + Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA + FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw + AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw + Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB + gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W + PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl + ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz + CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm + lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 + avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 + yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O + yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids + hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ + HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv + MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX + nLRbwHOoq7hHwg== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ + MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT + DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow + TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh + cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB + AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC + ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL + wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D + LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK + 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 + bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y + sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ + Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 + FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc + SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql + PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND + TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw + SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 + c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx + +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB + ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu + b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E + U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu + MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC + 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW + 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG + WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O + he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC + Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 + -----END CERTIFICATE----- values: replicas: 1 - ingress: - key: | - -----BEGIN PRIVATE KEY----- - MIGHAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBG0wawIBAQQgbI4SyUc4dXDvtm/x - PxxrC7qjmb2Kxit/ZphilhOoUF+hRANCAARBXS6lFbqcDFR5VUzihkUshJ7yX2s7 - cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2B0ZLcVa4kMkw - -----END PRIVATE KEY----- - cert: | - -----BEGIN CERTIFICATE----- - MIIEUzCCAzugAwIBAgISBHoCz33seokZ+hWF+OfiTMqlMA0GCSqGSIb3DQEBCwUA - MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD - EwJSMzAeFw0yMjExMjgwMjA3MzBaFw0yMzAyMjYwMjA3MjlaMBgxFjAUBgNVBAMM - DSouYmlnYmFuZy5kZXYwWTATBgcqhkjOPQIBBggqhkjOPQMBBwNCAARBXS6lFbqc - DFR5VUzihkUshJ7yX2s7cXFqUD0ChkmsDnT+igae9xg6hEnz83JaTr4YAqJhEpI2 - B0ZLcVa4kMkwo4ICRjCCAkIwDgYDVR0PAQH/BAQDAgeAMB0GA1UdJQQWMBQGCCsG - AQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0GA1UdDgQWBBSZLuU4qIJi - qr/SY+/C7ifK344D4zAfBgNVHSMEGDAWgBQULrMXt1hWy65QCUDmH6+dixTCxjBV - BggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6Ly9yMy5vLmxlbmNyLm9y - ZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iub3JnLzAYBgNVHREEETAP - gg0qLmJpZ2JhbmcuZGV2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8T - AQEBMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIB - AgYKKwYBBAHWeQIEAgSB8wSB8ADuAHUAtz77JN+cTbp18jnFulj0bF38Qs96nzXE - nh0JgSXttJkAAAGEvDQ68gAABAMARjBEAiB1/FhMAr6tarPIBlGR9ZiL/WBB6idj - yQeNNiGzaz/VcAIgBLdpCxIC+YJ9ASx+6sh4C20P90EsHbjbKX2VXTZiCMgAdQB6 - MoxU2LcttiDqOOBSHumEFnAyE4VNO9IrwTpXo1LrUgAAAYS8NDsDAAAEAwBGMEQC - IGXii83fe7DSKjK/ySAxHki4A8OBittl2xHFHMwlMMctAiA2offWzUhaozyClcz8 - fhlQKYsJTfZbEwyEqqhHwyFnRTANBgkqhkiG9w0BAQsFAAOCAQEAuPfgvelt/5FX - 7ZVkuKWDMdfK/7+mEUk6NFKXgMALC4AY+mFn9FbdwNGcK1kCF1Iri45T/LFwKlOt - oZSz3zokzSqboAh7Fbz+ZLWEm+/rcjDtNC741nCfhRALQ3zTXTQ/eko8/KpMbrpJ - P9TwblH78XI3CDDl8dxTmKslpfENLUYfkK1dCKUtxykB8uXQ3AjbeKCN8MUPMDIs - SShD69vtzjpFIIK44dExBWkDAHZFiG/if3yutAciuipBkacbJMx8/V7BUZbqPaHe - IMw7np50bsAZWrIsN5rQfj0nZQWbgk3BpRqtswqpPMmhxFNq0d3uW+HVPTRRmUt8 - bCov2UvY8g== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw - WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg - RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK - AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP - R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx - sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm - NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg - Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG - /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC - AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB - Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA - FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw - AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw - Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB - gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W - PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl - ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz - CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm - lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 - avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 - yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O - yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids - hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ - HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv - MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX - nLRbwHOoq7hHwg== - -----END CERTIFICATE----- - -----BEGIN CERTIFICATE----- - MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ - MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT - DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow - TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh - cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB - AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC - ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL - wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D - LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK - 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 - bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y - sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ - Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 - FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc - SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql - PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND - TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw - SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 - c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx - +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB - ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu - b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E - U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu - MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC - 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW - 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG - WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O - he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC - Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 - -----END CERTIFICATE----- + extraEnv: |- + - name: KC_HTTPS_CERTIFICATE_FILE + value: /opt/keycloak/conf/tls.crt + - name: KC_HTTPS_CERTIFICATE_KEY_FILE + value: /opt/keycloak/conf/tls.key + - name: KC_HTTPS_TRUST_STORE_FILE + value: /opt/keycloak/conf/truststore.jks + - name: KC_HTTPS_TRUST_STORE_PASSWORD + value: password + - name: KC_HTTPS_CLIENT_AUTH + value: request + - name: KC_PROXY + value: passthrough + - name: KC_HTTP_ENABLED + value: "true" + - name: KC_HTTP_RELATIVE_PATH + value: /auth + - name: KC_HOSTNAME + value: keycloak.bigbang.dev + - name: KC_HOSTNAME_STRICT + value: "true" + - name: KC_HOSTNAME_STRICT_HTTPS + value: "true" + - name: KC_LOG_LEVEL + value: "org.keycloak.events:DEBUG,org.infinispan:INFO,org.jgroups:INFO" + - name: KC_CACHE + value: ispn + - name: KC_CACHE_STACK + value: kubernetes extraVolumes: |- - name: certauthority secret: @@ -666,6 +670,13 @@ addons: - name: realm secret: secretName: {{ include "keycloak.fullname" . }}-realm + - name: truststore + secret: + secretName: {{ include "keycloak.fullname" . }}-truststore + - name: quarkusproperties + secret: + secretName: {{ include "keycloak.fullname" . }}-quarkusproperties + defaultMode: 0777 extraVolumeMounts: |- - name: certauthority mountPath: /etc/x509/https/cas.pem @@ -679,6 +690,12 @@ addons: mountPath: /opt/jboss/keycloak/realm.json subPath: realm.json readOnly: true + - name: truststore + mountPath: /opt/keycloak/conf/truststore.jks + subPath: truststore.jks + - name: quarkusproperties + mountPath: /opt/keycloak/conf/quarkus.properties + subPath: quarkus.properties secrets: env: stringData: @@ -691,6 +708,21 @@ addons: customreg: stringData: customreg.yaml: '{{ .Files.Get "resources/dev/baby-yoda.yaml" }}' + truststore: + data: + truststore.jks: |- + {{ .Files.Get "resources/dev/truststore.jks" | b64enc }} + quarkusproperties: + stringData: + quarkus.properties: |- + quarkus.http.non-application-root-path=/ + quarkus.kc-routing-redirects.urls./=/auth/realms/baby-yoda/account + quarkus.kc-routing-redirects.urls./auth=/auth/realms/baby-yoda/account + quarkus.kc-routing-redirects.urls./register=/auth/realms/baby-yoda/protocol/openid-connect/registrations?client_id=account&response_type=code + quarkus.kc-routing-redirects.path-prefixes./oauth/authorize=/auth/realms/baby-yoda/protocol/openid-connect/auth + quarkus.kc-routing-redirects.path-filters./api/v4/user=/auth/realms/baby-yoda/protocol/openid-connect/userinfo + quarkus.kc-routing-redirects.path-filters./oauth/token=/auth/realms/baby-yoda/protocol/openid-connect/token + realm: data: realm.json: | diff --git a/manifests/big-bang.yaml b/manifests/big-bang.yaml index 656b2bcc..d79745ed 100644 --- a/manifests/big-bang.yaml +++ b/manifests/big-bang.yaml @@ -47,10 +47,10 @@ spec: kind: HelmRelease namespace: bigbang name: monitoring - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - namespace: bigbang - name: neuvector + #- apiVersion: helm.toolkit.fluxcd.io/v2beta1 + #kind: HelmRelease + #namespace: bigbang + #name: neuvector - apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease namespace: bigbang diff --git a/manifests/podinfo.yaml b/manifests/podinfo.yaml index 0b3c4b17..89edf0cb 100644 --- a/manifests/podinfo.yaml +++ b/manifests/podinfo.yaml @@ -4,6 +4,8 @@ metadata: name: podinfo namespace: flux-system spec: + dependsOn: + - name: bigbang interval: 5m path: "./kustomizations/podinfo" prune: true @@ -13,7 +15,7 @@ spec: healthChecks: - apiVersion: helm.toolkit.fluxcd.io/v2beta1 kind: HelmRelease - namespace: bigbang + namespace: podinfo name: podinfo timeout: 15m postBuild: diff --git a/manifests/setup.yaml b/manifests/setup.yaml index ee3f61c7..7d6107df 100644 --- a/manifests/setup.yaml +++ b/manifests/setup.yaml @@ -20,8 +20,8 @@ metadata: namespace: flux-system spec: interval: 1m - url: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__github.com__defenseunicorns__zarf-package-big-bang.git + url: https://github.com/defenseunicorns/zarf-package-big-bang.git ref: - branch: main + tag: 1.51.0 secretRef: name: private-git-server diff --git a/zarf.yaml b/zarf.yaml index f7b7b25c..98044c29 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -11,11 +11,11 @@ metadata: components: - name: flux - required: false + required: true manifests: - name: flux-installer kustomizations: - - https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base/flux?ref=###ZARF_PKG_VAR_BIGBANG_VERSION### + - https://repo1.dso.mil/big-bang/bigbang.git/base/flux?ref=###ZARF_PKG_VAR_BIGBANG_VERSION### images: - registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.27.0 - registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v0.31.0 @@ -44,7 +44,7 @@ components: - registry1.dso.mil/ironbank/tetrate/istio/operator:1.15.1-tetratefips-v1 - registry1.dso.mil/ironbank/tetrate/istio/pilot:1.15.1-tetratefips-v1 - registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.15.1-tetratefips-v1 - - registry1.dso.mil/ironbank/opensource/kubernetes-sigs/metrics-server:0.6.2 + - registry1.dso.mil/ironbank/opensource/kubernetes-sigs/metrics-server:v0.6.2 - registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.7.0 - name: policy-kyverno @@ -54,8 +54,8 @@ components: - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno.git - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/kyverno-policies.git images: - - registry1.dso.mil/ironbank/nirmata/kyverno:v1.8.1 - - registry1.dso.mil/ironbank/nirmata/kyvernopre:v1.8.1 + - registry1.dso.mil/ironbank/nirmata/kyverno:v1.8.5 + - registry1.dso.mil/ironbank/nirmata/kyvernopre:v1.8.5 - name: observability-tracing description: "Git repositories and OCI images used by Big Bang observability & tracing" @@ -103,8 +103,8 @@ components: repos: - https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/keycloak.git images: - - registry.dso.mil/platform-one/big-bang/apps/security-tools/keycloak/keycloak-ib:18.0.2-1.2.0-1 - - registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.11 + - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:20.0.2 + - registry1.dso.mil/ironbank/opensource/postgres/postgresql12:12.13 - registry1.dso.mil/ironbank/bitnami/redis:7.0.0-debian-10-r3 - name: authsvc @@ -128,7 +128,7 @@ components: - name: big-bang-storage description: "Git repositories and OCI images need for Big Bang storage" - required: false + required: true repos: - https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio-operator.git - https://repo1.dso.mil/platform-one/big-bang/apps/application-utilities/minio.git @@ -143,16 +143,16 @@ components: repos: - https://repo1.dso.mil/platform-one/big-bang/apps/cluster-utilities/velero.git images: - - registry1.dso.mil/ironbank/opensource/velero/velero:v1.9.3 - # - "velero/velero-plugin-for-csi:v0.3.2" - # - "velero/velero-plugin-for-aws:v1.5.2" - # - "registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure:v1.5.2" + - registry1.dso.mil/ironbank/opensource/velero/velero:v1.10.0 + # - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.4.0 + # - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.6.0 + # - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-microsoft-azure:v1.6.0 - name: big-bang-umbrella-chart description: "Deploy a version of Big Bang Core with Keycloak deployed in-cluster" required: true repos: - - https://github.com/defenseunicorns/zarf-package-big-bang.git@###ZARF_PKG_VAR_BIGBANG_VERSION###-test + - https://github.com/defenseunicorns/zarf-package-big-bang.git@###ZARF_PKG_VAR_BIGBANG_VERSION### manifests: - name: big-bang-config files: @@ -163,9 +163,9 @@ components: description: "Tiny web application that showcases best practices of running microservices" required: false repos: - - https://repo1.dso.mil/platform-one/big-bang/apps/sandbox/podinfo.git + - https://repo1.dso.mil/big-bang/apps/sandbox/podinfo.git images: - - registry.dso.mil/platform-one/big-bang/apps/sandbox/podinfo/podinfo:6.0.0 + - ghcr.io/stefanprodan/podinfo:6.0.0 manifests: - name: podinfo files: