Skip to content

Commit

Permalink
wip: some cleanup
Browse files Browse the repository at this point in the history
chore(deps): update prometheus-stack (#863)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[cgr.dev/du-uds-defenseunicorns/kube-webhook-certgen-fips](https://images.chainguard.dev/directory/image/kube-webhook-certgen-fips/overview)
([source](https://redirect.github.com/chainguard-images/images-private/tree/HEAD/images/kube-webhook-certgen-fips))
| patch | `1.11.2` -> `1.11.3` |
|
[kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus)
([source](https://redirect.github.com/prometheus-community/helm-charts))
| minor | `65.0.0` -> `65.2.0` |
|
[registry.k8s.io/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx)
| patch | `v1.4.3` -> `v1.4.4` |
|
[registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen](https://redirect.github.com/kubernetes/ingress-nginx/)
([source](https://repo1.dso.mil/dsop/opensource/kubernetes/ingress-nginx/kube-webhook-certgen))
| patch | `v1.4.3` -> `v1.4.4` |

---

<details>
<summary>prometheus-community/helm-charts
(kube-prometheus-stack)</summary>

[`v65.2.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.1...kube-prometheus-stack-65.2.0)

[Compare
Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.1...kube-prometheus-stack-65.2.0)

[`v65.1.1`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.0...kube-prometheus-stack-65.1.1)

[Compare
Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.1.0...kube-prometheus-stack-65.1.1)

[`v65.1.0`](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.0.0...kube-prometheus-stack-65.1.0)

[Compare
Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.0.0...kube-prometheus-stack-65.1.0)

</details>

---

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC45Ny4wIiwidXBkYXRlZEluVmVyIjoiMzguMTE1LjEiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Chance <[email protected]>

chore(deps): update support-deps (#912)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| aws | required_provider | minor | `~> 5.71.0` -> `~> 5.72.0` |
|
[terraform-aws-modules/rds/aws](https://registry.terraform.io/modules/terraform-aws-modules/rds/aws)
([source](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds))
| module | minor | `6.9.0` -> `6.10.0` |

---

<details>
<summary>terraform-aws-modules/terraform-aws-rds
(terraform-aws-modules/rds/aws)</summary>

[`v6.10.0`](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/blob/HEAD/CHANGELOG.md#6100-2024-10-16)

[Compare
Source](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/compare/v6.9.0...v6.10.0)

- Support `cloudwatch_log_group_tags` parameter
([#&#8203;571](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/issues/571))
([73e33fe](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/commit/73e33feba5d907801791168ebf6d3132fbd646f5))

- Update CI workflow versions to latest
([#&#8203;570](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/issues/570))
([220cc85](https://redirect.github.com/terraform-aws-modules/terraform-aws-rds/commit/220cc85dcdc8eb63772e25526db693dd563d40a1))

</details>

---

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

👻 **Immortal**: This PR will be recreated if closed unmerged. Get
[config
help](https://redirect.github.com/renovatebot/renovate/discussions) if
that's undesired.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Micah Nagel <[email protected]>

fix: don't add duplicate policy names to `uds-core.pepr.dev/mutated` annotation (#916)

Adds a check to the `annotateMutation` function that prevents duplicate
values (policy names) from being added to the
`uds-core.pepr.dev/mutated` key

Fixes #717

- [x] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

---------

Co-authored-by: Micah Nagel <[email protected]>

fix: decompose istio oscal (#826)

Splits the validations out from the OSCAL Component-Definition. `lula
validate` can work remotely to validate the validations.

Updated the OSCAL Assessment-Result as the baseline has changed from
High to Moderate.

Updated the Istio catalog source url to a tagged version (recent GSA
release)

This pattern allows for easier maintenance and development of the
validations by not reading through 1000s of lines of OSCAL and OSCAL
formatting just to make a small update.

All of the validations under the ./compliance/validations directory are
a pull from the compliance-artifacts repo where OSCAL and Validations
development happen.

Relates to #797

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

chore(deps): update pepr to v0.38.1 (#922)

This PR contains the following updates:

| Package | Change | Age | Adoption | Passing | Confidence |
|---|---|---|---|---|---|
| [pepr](https://redirect.github.com/defenseunicorns/pepr) | [`0.38.0`
-> `0.38.1`](https://renovatebot.com/diffs/npm/pepr/0.38.0/0.38.1) |
[![age](https://developer.mend.io/api/mc/badges/age/npm/pepr/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![adoption](https://developer.mend.io/api/mc/badges/adoption/npm/pepr/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![passing](https://developer.mend.io/api/mc/badges/compatibility/npm/pepr/0.38.0/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|
[![confidence](https://developer.mend.io/api/mc/badges/confidence/npm/pepr/0.38.0/0.38.1?slim=true)](https://docs.renovatebot.com/merge-confidence/)
|

---

<details>
<summary>defenseunicorns/pepr (pepr)</summary>

[`v0.38.1`](https://redirect.github.com/defenseunicorns/pepr/releases/tag/v0.38.1)

[Compare
Source](https://redirect.github.com/defenseunicorns/pepr/compare/v0.38.0...v0.38.1)

- chore: get pods each reporting interval by
[@&#8203;cmwylie19](https://redirect.github.com/cmwylie19) in
[https://github.com/defenseunicorns/pepr/pull/1279](https://redirect.github.com/defenseunicorns/pepr/pull/1279)
- chore: node-latest is breaking ci - change matrix to 22 by
[@&#8203;cmwylie19](https://redirect.github.com/cmwylie19) in
[https://github.com/defenseunicorns/pepr/pull/1288](https://redirect.github.com/defenseunicorns/pepr/pull/1288)
- chore: reduce package size - exclude tests from package by
[@&#8203;cmwylie19](https://redirect.github.com/cmwylie19) in
[https://github.com/defenseunicorns/pepr/pull/1275](https://redirect.github.com/defenseunicorns/pepr/pull/1275)
- test: http2-enable watcher and iso format logs in soak test by
[@&#8203;btlghrants](https://redirect.github.com/btlghrants) in
[https://github.com/defenseunicorns/pepr/pull/1277](https://redirect.github.com/defenseunicorns/pepr/pull/1277)
- test: http2-enable watcher in smoke test by
[@&#8203;btlghrants](https://redirect.github.com/btlghrants) in
[https://github.com/defenseunicorns/pepr/pull/1281](https://redirect.github.com/defenseunicorns/pepr/pull/1281)
- chore: update resource limits/requests on controllers by
[@&#8203;cmwylie19](https://redirect.github.com/cmwylie19) in
[https://github.com/defenseunicorns/pepr/pull/1291](https://redirect.github.com/defenseunicorns/pepr/pull/1291)
- chore: bump peter-murray/workflow-application-token-action from 3.0.1
to 4.0.0 by [@&#8203;dependabot](https://redirect.github.com/dependabot)
in
[https://github.com/defenseunicorns/pepr/pull/1273](https://redirect.github.com/defenseunicorns/pepr/pull/1273)
- chore: bump anchore/scan-action from 5.0.0 to 5.0.1 by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/defenseunicorns/pepr/pull/1272](https://redirect.github.com/defenseunicorns/pepr/pull/1272)
- chore: bump chainguard/node from `8a604e5` to `b0b04bb` by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/defenseunicorns/pepr/pull/1271](https://redirect.github.com/defenseunicorns/pepr/pull/1271)
- chore: bump kubernetes-fluent-client from 3.1.1 to 3.1.2 in the
production-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/defenseunicorns/pepr/pull/1292](https://redirect.github.com/defenseunicorns/pepr/pull/1292)
- chore: bump
[@&#8203;types/node](https://redirect.github.com/types/node) from 22.7.5
to 22.7.6 in the development-dependencies group by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/defenseunicorns/pepr/pull/1293](https://redirect.github.com/defenseunicorns/pepr/pull/1293)
- chore: bump chainguard/node from `b0b04bb` to `96260af` by
[@&#8203;dependabot](https://redirect.github.com/dependabot) in
[https://github.com/defenseunicorns/pepr/pull/1289](https://redirect.github.com/defenseunicorns/pepr/pull/1289)

**Full Changelog**:
defenseunicorns/pepr@v0.38.0...v0.38.1

</details>

---

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

fix: test ci license check (#924)

CI currently doesn't check for license linting. Also updating some
compliance files with license headers.

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

chore: group setup action in support deps (#930)

Should regroup these:
https://github.com/defenseunicorns/uds-core/pull/926/files

N/A

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

- [ ] Test, docs, adr added or updated as needed
- [ ] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

chore(deps): update prometheus-stack to v65.3.1 (#920)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
|
[kube-prometheus-stack](https://redirect.github.com/prometheus-operator/kube-prometheus)
([source](https://redirect.github.com/prometheus-community/helm-charts))
| minor | `65.2.0` -> `65.3.1` |

---

<details>
<summary>prometheus-community/helm-charts
(kube-prometheus-stack)</summary>

[`v65.3.1`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-65.3.1)

[Compare
Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.3.0...kube-prometheus-stack-65.3.1)

kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
and Prometheus rules combined with documentation and scripts to provide
easy to operate end-to-end Kubernetes cluster monitoring with Prometheus
using the Prometheus Operator.

- \[kube-prometheus-stack] fix Provision Grafana comment example by
[@&#8203;VergeDX](https://redirect.github.com/VergeDX) in
[https://github.com/prometheus-community/helm-charts/pull/4919](https://redirect.github.com/prometheus-community/helm-charts/pull/4919)

- [@&#8203;VergeDX](https://redirect.github.com/VergeDX) made their
first contribution in
[https://github.com/prometheus-community/helm-charts/pull/4919](https://redirect.github.com/prometheus-community/helm-charts/pull/4919)

**Full Changelog**:
prometheus-community/helm-charts@prometheus-operator-admission-webhook-0.16.0...kube-prometheus-stack-65.3.1

[`v65.3.0`](https://redirect.github.com/prometheus-community/helm-charts/releases/tag/kube-prometheus-stack-65.3.0)

[Compare
Source](https://redirect.github.com/prometheus-community/helm-charts/compare/kube-prometheus-stack-65.2.0...kube-prometheus-stack-65.3.0)

kube-prometheus-stack collects Kubernetes manifests, Grafana dashboards,
and Prometheus rules combined with documentation and scripts to provide
easy to operate end-to-end Kubernetes cluster monitoring with Prometheus
using the Prometheus Operator.

- \[kube-prometheus-stack] support kubelet endpoint slices by
[@&#8203;DrFaust92](https://redirect.github.com/DrFaust92) in
[https://github.com/prometheus-community/helm-charts/pull/4899](https://redirect.github.com/prometheus-community/helm-charts/pull/4899)

**Full Changelog**:
prometheus-community/helm-charts@prometheus-mongodb-exporter-3.7.2...kube-prometheus-stack-65.3.0

</details>

---

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/defenseunicorns/uds-core).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOC4xMjAuMSIsInVwZGF0ZWRJblZlciI6IjM4LjEyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6W119-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Chance <[email protected]>

chore: add nightly testing for AKS (#908)

Adds nightly testing for uds-core on AKS

Callouts:
- Removes `nightly-testing.yaml` in favor of a single workflow for each
distribution
- Deploys storage account and containers for velero and loki and
configures uds-core to use them
- Deploys postgresql database and configures grafana to use it for HA
configuration
- adds `uds-config.tf` file and writes `uds-config.yaml` using terraform
`local_sensitive_file` instead of `tf output xyz >> uds-config.yaml`
pattern used in the past

Fixes:
  - #727
  - #856

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [ ] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

---------

Co-authored-by: Micah Nagel <[email protected]>

chore: add local lula compose task (#892)

Created a local task to run Lula Compose.

Due to the structure of UDS Core there are several oscal-component.yaml
under src/service-name with a top level oscal-component.yaml in the
./compliance directory.

To create a single holistic artifact that can be used as a deliverable
and the source of truth/tested artifact we need a way to run `lula tools
compose -f ./compliance/oscal-component.yaml`

The task will likely stay local as opposed to moving into UDS Common
because the functionality of the monorepo. This could be change in the
future as more scenarios unfold but can be easily ported.

Relates to #798

- [ ] Bug fix (non-breaking change which fixes an issue)
- [x] New feature (non-breaking change which adds functionality)
- [ ] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

chore: group vscode/settings.json with support-deps (#933)

Add .vscode/settings.json to support-deps renovate for capturing uds-cli
version changes.

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

chore: add e2e playwright tests for grafana (#844)

Adds e2e testing structure and specific e2e test for Grafana using
playwright. This test:
- Validates existence and successful connection to datasources (Loki and
Prometheus)
- Validates two custom dashboards exist and dropdowns populate for ns
selection (resources and loki quicksearch)
- Validates SSO login success

Fixes #764

- [ ] Bug fix (non-breaking change which fixes an issue)
- [ ] New feature (non-breaking change which adds functionality)
- [x] Other (security config, docs update, etc)

- [x] Test, docs, adr added or updated as needed
- [x] [Contributor
Guide](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)
followed

fix: merge main and add single package test
  • Loading branch information
UnicornChance committed Oct 18, 2024
1 parent fccfeff commit 2a83681
Show file tree
Hide file tree
Showing 140 changed files with 60,646 additions and 3,268 deletions.
4 changes: 2 additions & 2 deletions .codespellrc
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
# Lint Codespell configurations
[codespell]
skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md
ignore-words-list = NotIn,AKS,LICENS
enable-colors =
ignore-words-list = NotIn,AKS,LICENS,aks
enable-colors =
29 changes: 23 additions & 6 deletions .eslintrc.json
Original file line number Diff line number Diff line change
Expand Up @@ -3,21 +3,38 @@
"browser": false,
"es2021": true
},
"extends": ["eslint:recommended", "plugin:@typescript-eslint/recommended"],
"extends": [
"eslint:recommended",
"plugin:@typescript-eslint/recommended"
],
"parser": "@typescript-eslint/parser",
"parserOptions": {
"project": ["./tsconfig.json"],
"project": [
"./tsconfig.json"
],
"ecmaVersion": 2022
},
"plugins": ["@typescript-eslint"],
"ignorePatterns": ["node_modules", "dist", "jest.*.js"],
"plugins": [
"@typescript-eslint"
],
"ignorePatterns": [
"node_modules",
"dist",
"jest.*.js",
"e2e/"
],
"root": true,
"rules": {
"@typescript-eslint/no-floating-promises": ["error"]
"@typescript-eslint/no-floating-promises": [
"error"
]
},
"overrides": [
{
"files": [ "src/pepr/operator/crd/generated/**/*.ts", "src/pepr/operator/crd/generated/*.ts" ],
"files": [
"src/pepr/operator/crd/generated/**/*.ts",
"src/pepr/operator/crd/generated/*.ts"
],
"rules": {
"@typescript-eslint/no-explicit-any": "off"
}
Expand Down
2 changes: 1 addition & 1 deletion .github/actions/debug-output/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,6 @@ runs:
uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' | tee /tmp/debug-k-get-events.log || true
echo "::endgroup::"
echo "::group::kubectl describe nodes"
uds zarf tools kubectl describe nodes k3d-uds-server-0 | tee /tmp/debug-k-describe-node.log || true
uds zarf tools kubectl describe nodes | tee /tmp/debug-k-describe-node.log || true
echo "::endgroup::"
shell: bash
8 changes: 8 additions & 0 deletions .github/actions/save-logs/action.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -37,6 +37,12 @@ runs:
sudo chown $USER /tmp/uds-*.log || echo ""
shell: bash

- name: Move Playwright Artifacts
run: |
sudo mkdir -p /tmp/playwright
sudo mv e2e/playwright/.playwright/* /tmp/playwright || true
shell: bash

- uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
with:
name: debug-log${{ inputs.suffix }}
Expand All @@ -47,3 +53,5 @@ runs:
/tmp/debug-*.log
/tmp/uds-containerd-logs
/tmp/k3d-uds-*.log
/tmp/playwright/output
/tmp/playwright/reports
137 changes: 137 additions & 0 deletions .github/bundles/aks/uds-bundle.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,137 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

kind: UDSBundle
metadata:
name: uds-core-aks-nightly
description: A UDS bundle for deploying UDS Core on AKS
version: "0.29.0"

packages:
- name: init
repository: ghcr.io/zarf-dev/packages/init
ref: v0.41.0

- name: core
path: ../../../build
# x-release-please-start-version
ref: 0.29.0
# x-release-please-end
overrides:
istio-admin-gateway:
gateway:
values:
- path: service.annotations
value:
service.beta.kubernetes.io/azure-load-balancer-internal: "false"
service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"

istio-tenant-gateway:
gateway:
values:
- path: service.annotations
value:
service.beta.kubernetes.io/azure-load-balancer-internal: "false"
service.beta.kubernetes.io/azure-load-balancer-sku: "Standard"
service.beta.kubernetes.io/azure-load-balancer-resource-group: "${NODE_RESOURCE_GROUP_NAME}"
loki:
loki:
variables:
- name: AZURE_LOKI_STORAGE_ACCOUNT
description: "Name of the Storage Account to use for storing logs"
path: "loki.storage_config.azure.account_name"
- name: AZURE_LOKI_STORAGE_ACCOUNT_ACCESS_KEY
description: "Primary access Key for the Storage Account"
path: "loki.storage_config.azure.account_key"
- name: AZURE_LOKI_STORAGE_ACCOUNT_CONTAINER
description: "The destination container in the Storage Account where logs will be saved"
path: "loki.storage_config.azure.container_name"
values:
- path: loki.storage.type
value: "azure"

kube-prometheus-stack:
kube-prometheus-stack:
values:
- path: kube-state-metrics
value:
resources:
limits:
memory: 512Mi
grafana:
grafana:
variables:
- name: GRAFANA_HA
description: Enable HA Grafana
path: autoscaling.enabled
uds-grafana-config:
variables:
- name: GRAFANA_PG_HOST
description: Grafana postgresql host
path: postgresql.host
- name: GRAFANA_PG_PORT
description: Grafana postgresql port
path: postgresql.port
- name: GRAFANA_PG_DATABASE
description: Grafana postgresql database
path: postgresql.database
- name: GRAFANA_PG_PASSWORD
description: Grafana postgresql password
path: postgresql.password
- name: GRAFANA_PG_USER
description: Grafana postgresql username
path: postgresql.user

neuvector:
core:
values:
- path: runtimePath
value: /run/containerd/containerd.sock
- path: enforcer.tolerations
value:
- effect: NoSchedule
key: node-role.kubernetes.io/master
- effect: NoSchedule
key: node-role.kubernetes.io/control-plane
- effect: NoSchedule
key: dedicated
operator: Exists
velero:
velero:
variables:
- name: AZURE_VELERO_STORAGE_ACCOUNT
description: "Name of the Storage Account to use for storing backups"
path: "configuration.backupStorageLocation[0].config.storageAccount"
- name: AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY
description: "Primary access Key for the Storage Account"
path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
- name: AZURE_VELERO_STORAGE_ACCOUNT_CONTAINER
description: "The destination container in the Storage Account where backups will be saved"
path: "configuration.backupStorageLocation[0].bucket"
- name: AZURE_RESOURCE_GROUP
description: "The name of the resource group that the Storage Account is in"
path: "configuration.backupStorageLocation[0].config.resourceGroup"
- name: AZURE_SUBSCRIPTION_ID
description: "The resource ID of the Azure Subscription that is being used"
path: "configuration.backupStorageLocation[0].config.subscriptionId"
- name: VELERO_CLIENT_SECRET_ENV_VAR
description: "Name of the env variable that velero will use to read Azure config"
path: "configuration.backupStorageLocation[0].config.storageAccountKeyEnvVar"
default: "AZURE_STORAGE_ACCOUNT_ACCESS_KEY"
- name: VELERO_BACKUP_STORAGE_CONFIG_NAME
description: "Name of the Backup Storage Location"
path: "configuration.backupStorageLocation[0].name"
default: "default"
- name: VELERO_STORAGE_PROVIDER
description: "Type of storage provider that will be used"
path: "configuration.backupStorageLocation[0].provider"
default: "azure"
values:
- path: credentials
value:
useSecret: true
secretContents:
cloud: |
AZURE_STORAGE_ACCOUNT_ACCESS_KEY=${AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
AZURE_CLOUD_NAME=AzurePublicCloud
14 changes: 14 additions & 0 deletions .github/bundles/aks/uds-config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

# Overwritten in ci by uds-config.tf in test-infra/azure/aks
variables:
core:
azure_loki_storage_account: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT}
azure_loki_storage_account_access_key: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT_ACCESS_KEY}
azure_loki_storage_account_container: ${ZARF_VAR_AZURE_LOKI_STORAGE_ACCOUNT_CONTAINER}
azure_velero_storage_account: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT}
azure_velero_storage_account_acces_key: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT_ACCESS_KEY}
azure_velero_storage_account_container: ${ZARF_VAR_AZURE_VELERO_STORAGE_ACCOUNT_CONTAINER}
azure_subscription_id: ${ZARF_VAR_AZURE_SUBSCRIPTION_ID}
azure_resource_group: ${ZARF_VAR_AZURE_RESOURCE_GROUP}
1 change: 0 additions & 1 deletion .github/test-infra/aws/eks/main.tf
Original file line number Diff line number Diff line change
@@ -1,7 +1,6 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial


resource "random_id" "default" {
byte_length = 2
}
Expand Down
2 changes: 1 addition & 1 deletion .github/test-infra/aws/eks/rds.tf
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,7 @@ resource "aws_secretsmanager_secret_version" "db_secret_value" {

module "db" {
source = "terraform-aws-modules/rds/aws"
version = "6.9.0"
version = "6.10.0"

identifier = "${var.db_name}-db"
instance_use_identifier_prefix = true
Expand Down
33 changes: 33 additions & 0 deletions .github/test-infra/aws/eks/uds-config.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

resource "local_sensitive_file" "uds_config" {
filename = "../../../bundles/eks/uds-config.yaml"
content = yamlencode({
"options" : {
"architecture" : "amd64"
},
"variables" : {
"core" : {
"loki_chunks_bucket" : module.S3["loki"].bucket_name
"loki_ruler_bucket" : module.S3["loki"].bucket_name,
"loki_admin_bucket" : module.S3["loki"].bucket_name,
"loki_s3_region" : data.aws_region.current.name,
"loki_irsa_role_arn" : module.irsa["loki"].role_arn,
"velero_use_secret" : false,
"velero_irsa_role_arn" : module.irsa["velero"].role_arn,
"velero_bucket" : module.S3["velero"].bucket_name,
"velero_bucket_region" : data.aws_region.current.name,
"velero_bucket_provider_url" : "",
"velero_bucket_credential_name" : "",
"velero_bucket_credential_key" : "",
"grafana_ha" : true,
"grafana_pg_host" : element(split(":", module.db.db_instance_endpoint), 0),
"grafana_pg_port" : var.db_port,
"grafana_pg_database" : var.db_name,
"grafana_pg_password" : random_password.db_password.result,
"grafana_pg_user" : var.username
}
}
})
}
1 change: 0 additions & 1 deletion .github/test-infra/aws/rke2/irsa.tf
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,6 @@ module "oidc_bucket" {
restrict_public_buckets = false
}


# OIDC file creation
resource "local_file" "oidc_config" {
content = <<EOF
Expand Down
4 changes: 3 additions & 1 deletion .github/test-infra/aws/rke2/scripts/get-kubeconfig.sh
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,9 @@ scp -o StrictHostKeyChecking=no -i key.pem ${node_user}@${bootstrap_ip}:/home/${

# Replace the loopback address with the cluster hostname
sed -i "s/127.0.0.1/${bootstrap_ip}/g" ./rke2-config > /dev/null
export KUBECONFIG=$(pwd)/rke2-config
mkdir -p /home/runner/.kube
mv ./rke2-config /home/runner/.kube/config
#export KUBECONFIG=$(pwd)/rke2-config

# find existing host record in the host file and save the line numbers
matches_in_hosts="$(grep -n $cluster_hostname /etc/hosts | cut -f1 -d:)"
Expand Down
33 changes: 33 additions & 0 deletions .github/test-infra/aws/rke2/uds-config.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,33 @@
# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

resource "local_sensitive_file" "uds_config" {
filename = "../../../bundles/rke2/uds-config.yaml"
content = yamlencode({
"options" : {
"architecture" : "amd64"
},
"variables" : {
"core" : {
"loki_chunks_bucket" : module.storage.s3_buckets["loki"].bucket_name
"loki_ruler_bucket" : module.storage.s3_buckets["loki"].bucket_name,
"loki_admin_bucket" : module.storage.s3_buckets["loki"].bucket_name,
"loki_s3_region" : data.aws_region.current.name,
"loki_irsa_role_arn" : module.storage.irsa["loki"].bucket_role.arn
"velero_use_secret" : false,
"velero_irsa_role_arn" : module.storage.irsa["velero"].bucket_role.arn,
"velero_bucket" : module.storage.s3_buckets["velero"].bucket_name,
"velero_bucket_region" : data.aws_region.current.name,
"velero_bucket_provider_url" : ""
"velero_bucket_credential_name" : "",
"velero_bucket_credential_key" : "",
"grafana_ha" : false,
"grafana_pg_host" : "\"\"",
"grafana_pg_port" : "\"\"",
"grafana_pg_database" : "\"\"",
"grafana_pg_password" : "\"\"",
"grafana_pg_user" : "\"\"",
}
}
})
}
2 changes: 1 addition & 1 deletion .github/test-infra/aws/rke2/versions.tf
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ terraform {
}
required_providers {
aws = {
version = "~> 5.71.0"
version = "~> 5.72.0"
}
random = {
version = "~> 3.6.0"
Expand Down
Loading

0 comments on commit 2a83681

Please sign in to comment.