chore: rebase, resolve conflict

defenseunicorns · Sep 20, 2024 · df6378c · df6378c
2 parents 4581de3 + df4d2da
commit df6378c
Show file tree

Hide file tree

Showing 43 changed files with 241 additions and 96 deletions.
diff --git a/.github/actions/debug-output/action.yaml b/.github/actions/debug-output/action.yaml
@@ -7,18 +7,18 @@ runs:
     - name: Print basic debug info for a k8s cluster
       run: |
         echo "::group::kubectl get all"
-        uds zarf tools kubectl get all -A | tee /tmp/debug-k-get-all.log
+        uds zarf tools kubectl get all -A | tee /tmp/debug-k-get-all.log || true
         echo "::endgroup::"
         echo "::group::kubectl get pv,pvc"
-        uds zarf tools kubectl get pv,pvc -A | tee /tmp/debug-k-get-pv-pvc.log
+        uds zarf tools kubectl get pv,pvc -A | tee /tmp/debug-k-get-pv-pvc.log || true
         echo "::endgroup::"
         echo "::group::kubectl get package"
-        uds zarf tools kubectl get package -A | tee /tmp/debug-k-get-package.log
+        uds zarf tools kubectl get package -A | tee /tmp/debug-k-get-package.log || true
         echo "::endgroup::"
         echo "::group::kubectl get events"
-        uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' | tee /tmp/debug-k-get-events.log
+        uds zarf tools kubectl get events -A --sort-by='.lastTimestamp' | tee /tmp/debug-k-get-events.log || true
         echo "::endgroup::"
         echo "::group::kubectl describe nodes"
-        uds zarf tools kubectl describe nodes k3d-uds-server-0 | tee /tmp/debug-k-describe-node.log
+        uds zarf tools kubectl describe nodes k3d-uds-server-0 | tee /tmp/debug-k-describe-node.log || true
         echo "::endgroup::"
       shell: bash
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -25,7 +25,8 @@ runs:
 
     - name: Install k3d
       shell: bash
-      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.6.0 bash
+      # renovate: datasource=github-tags depName=k3d-io/k3d versioning=semver
+      run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.7.4 bash
 
     - name: Set up Homebrew
       uses: Homebrew/actions/setup-homebrew@master

diff --git a/.github/bundles/uds-bundle.yaml b/.github/bundles/uds-bundle.yaml
@@ -3,7 +3,7 @@ metadata:
   name: uds-core-eks-nightly
   description: A UDS bundle for deploying EKS and UDS Core
   # x-release-please-start-version
-  version: "0.27.0"
+  version: "0.27.3"
   # x-release-please-end
 
 packages:
@@ -14,7 +14,7 @@ packages:
   - name: core
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.27.0
+    ref: 0.27.3
     # x-release-please-end
     optionalComponents:
       - metrics-server

diff --git a/.release-please-manifest.json b/.release-please-manifest.json
@@ -1,3 +1,3 @@
 {
-    ".": "0.27.0"
+    ".": "0.27.3"
 }
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,47 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.27.3](https://github.com/defenseunicorns/uds-core/compare/v0.27.2...v0.27.3) (2024-09-19)
+
+
+### Miscellaneous
+
+* add uds-runtime as an optional component in core ([#788](https://github.com/defenseunicorns/uds-core/issues/788)) ([a2dfede](https://github.com/defenseunicorns/uds-core/commit/a2dfede9eedb5a99265676437e40eab9eead5208))
+
+## [0.27.2](https://github.com/defenseunicorns/uds-core/compare/v0.27.1...v0.27.2) (2024-09-18)
+
+
+### Bug Fixes
+
+* use boltdb-shipper store by default for loki ([#779](https://github.com/defenseunicorns/uds-core/issues/779)) ([e438e12](https://github.com/defenseunicorns/uds-core/commit/e438e12bef407587c67e2abf41ad26e3310cefd5))
+
+## [0.27.1](https://github.com/defenseunicorns/uds-core/compare/v0.27.0...v0.27.1) (2024-09-18)
+
+
+### Bug Fixes
+
+* validate packages using full resource name ([#775](https://github.com/defenseunicorns/uds-core/issues/775)) ([678ed44](https://github.com/defenseunicorns/uds-core/commit/678ed4495fb3175ca722adb615fb19dfdec2f01d))
+
+
+### Miscellaneous
+
+* allow service ports to be overridden in test bundles ([#765](https://github.com/defenseunicorns/uds-core/issues/765)) ([5f9a920](https://github.com/defenseunicorns/uds-core/commit/5f9a92056258a64ef8f439e1ba73301fba2c407c))
+* **deps:** update authservice to v1.0.2 ([#738](https://github.com/defenseunicorns/uds-core/issues/738)) ([3328b08](https://github.com/defenseunicorns/uds-core/commit/3328b08177723aa395bee7d9e3d27c28a1ab9121))
+* **deps:** update githubactions ([#762](https://github.com/defenseunicorns/uds-core/issues/762)) ([c7bab2a](https://github.com/defenseunicorns/uds-core/commit/c7bab2a0609bc821489dd048f20e8c5032b8fa32))
+* **deps:** update grafana curl image to v8.10.1 ([#773](https://github.com/defenseunicorns/uds-core/issues/773)) ([0d56ef2](https://github.com/defenseunicorns/uds-core/commit/0d56ef22a3ccf7725d4fd13e16aab97b9e6fdf2f))
+* **deps:** update istio to v1.23.1 ([#744](https://github.com/defenseunicorns/uds-core/issues/744)) ([f222ea3](https://github.com/defenseunicorns/uds-core/commit/f222ea39e64e612ab082271ef8ac2d129a1014ad))
+* **deps:** update neuvector chart to 2.7.9 ([#750](https://github.com/defenseunicorns/uds-core/issues/750)) ([a97b509](https://github.com/defenseunicorns/uds-core/commit/a97b50937fa790d8e894862c3d6969443701692e))
+* **deps:** update neuvector updater image to v8.10.1 ([#774](https://github.com/defenseunicorns/uds-core/issues/774)) ([2afddfc](https://github.com/defenseunicorns/uds-core/commit/2afddfc6363c5a4663071083550af9695aa7ed5f))
+* **deps:** update pepr to 0.36.0 ([#696](https://github.com/defenseunicorns/uds-core/issues/696)) ([2a1591e](https://github.com/defenseunicorns/uds-core/commit/2a1591e36ca681a976eb2c773090b538f8088563))
+* **deps:** update prometheus-stack ([#743](https://github.com/defenseunicorns/uds-core/issues/743)) ([61f7a60](https://github.com/defenseunicorns/uds-core/commit/61f7a608856458062970baee62f415cd4e953f5a))
+* **deps:** update test-infra random provider to v3.6.3 ([#753](https://github.com/defenseunicorns/uds-core/issues/753)) ([009326d](https://github.com/defenseunicorns/uds-core/commit/009326da3af36b6218736844465e5698e3d33819))
+* **deps:** update uds-identity-config version to 0.6.3 ([#772](https://github.com/defenseunicorns/uds-core/issues/772)) ([a2ad936](https://github.com/defenseunicorns/uds-core/commit/a2ad936d509b04dd2f3e3d591839bff7715eae21))
+* **deps:** update uds-k3d to v0.9.0 (1.30.4 k3s), k3d to 5.7.4 ([#770](https://github.com/defenseunicorns/uds-core/issues/770)) ([20656e6](https://github.com/defenseunicorns/uds-core/commit/20656e65856d573dee41fdd79a9fe3d962d0eac0))
+* **deps:** update velero kubectl image to v1.31.1 ([#763](https://github.com/defenseunicorns/uds-core/issues/763)) ([56b3a21](https://github.com/defenseunicorns/uds-core/commit/56b3a21728da1838476bb35e6402a86dbe127244))
+* **deps:** update velero kubectl to v1.31.1 ([#757](https://github.com/defenseunicorns/uds-core/issues/757)) ([c15d77e](https://github.com/defenseunicorns/uds-core/commit/c15d77e94d4a0e9c85f4b1017875a71ce0b5fa24))
+* remove unused neuvector exporter ([#768](https://github.com/defenseunicorns/uds-core/issues/768)) ([bd4f5cf](https://github.com/defenseunicorns/uds-core/commit/bd4f5cff79cb95d59c82a4a185f5d52573838fed))
+* task for custom pepr ([#766](https://github.com/defenseunicorns/uds-core/issues/766)) ([e624d73](https://github.com/defenseunicorns/uds-core/commit/e624d73f79bd6739b6808fbdbf5ca75ebb7c1d3c))
+
 ## [0.27.0](https://github.com/defenseunicorns/uds-core/compare/v0.26.1...v0.27.0) (2024-09-11)
 
 
@@ -931,5 +972,5 @@ PRE RELEASE
 - CONTRIBUTING.md
 - DEVELOPMENT_MAINTENANCE.md
 - LICENSE
-- READEME.md
+- README.md
 - zarf.yaml
diff --git a/README.md b/README.md
@@ -19,6 +19,7 @@ UDS Core establishes a secure baseline for cloud-native systems and ships with c
 - [Prometheus Stack](https://github.com/prometheus-operator/kube-prometheus) - Monitoring
 - [Vector](https://vector.dev/) - Log Aggregation
 - [Velero](https://velero.io/) - Backup & Restore
+- [UDS Runtime](https://github.com/defenseunicorns/uds-runtime) - Frontend Views & Insights
 
 #### Future Applications
 
@@ -55,7 +56,7 @@ If you want to try out UDS Core, you can use the [k3d-core-demo bundle](./bundle
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-demo:0.27.0
+uds deploy k3d-core-demo:0.27.3
 ```
 
 <!-- x-release-please-end -->
@@ -69,7 +70,7 @@ Deploy Istio, Keycloak and Pepr:
 <!-- x-release-please-start-version -->
 
 ```bash
-uds deploy k3d-core-slim-dev:0.27.0
+uds deploy k3d-core-slim-dev:0.27.3
 ```
 
 <!-- x-release-please-end -->

diff --git a/bundles/k3d-slim-dev/README.md b/bundles/k3d-slim-dev/README.md
@@ -14,9 +14,51 @@ The k3d uds-dev-stack provides:
 - [MetalLB](https://metallb.universe.tf/) - Provides type: LoadBalancer for cluster resources and Istio Gateways
 - [HAProxy](https://www.haproxy.org/) - Utilizes k3d host port mapping to bind ports 80 and 443, facilitating local FQDN-based routing through ACLs to MetalLB load balancer backends for Istio Gateways serving *.uds.dev, keycloak.uds.dev, and *.admin.uds.dev.
 
-## Configuration
+## Available Overrides
+### Package: uds-k3d
+##### uds-dev-stack (minio)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `BUCKETS` | Set Minio Buckets | buckets |
+| `SVCACCTS` | Minio Service Accounts | svcaccts |
+| `USERS` | Minio Users | users |
+| `POLICIES` | Minio policies | policies |
 
-### Minio
+
+### Package: core
+
+##### istio-admin-gateway (uds-istio-config)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `ADMIN_TLS_CERT` | The TLS cert for the admin gateway (must be base64 encoded) | tls.cert |
+| `ADMIN_TLS_KEY` | The TLS key for the admin gateway (must be base64 encoded) | tls.key |
+
+##### istio-tenant-gateway (uds-istio-config)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert |
+| `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key |
+
+##### istio-tenant-gateway (gateway)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `TENANT_SERVICE_PORTS` | The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic) | service.ports |
+
+##### keycloak (keycloak)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `INSECURE_ADMIN_PASSWORD_GENERATION` | Generate an insecure admin password for dev/test | `insecureAdminPasswordGeneration.enabled` |
+| `KEYCLOAK_HA`              | Enable Keycloak HA                         | `autoscaling.enabled`           |
+| `KEYCLOAK_PG_USERNAME`     | Keycloak Postgres username                 | `postgresql.username`           |
+| `KEYCLOAK_PG_PASSWORD`     | Keycloak Postgres password                 | `postgresql.password`           |
+| `KEYCLOAK_PG_DATABASE`     | Keycloak Postgres database                 | `postgresql.database`           |
+| `KEYCLOAK_PG_HOST`         | Keycloak Postgres host                     | `postgresql.host`               |
+| `KEYCLOAK_DEVMODE`         | Enables Keycloak dev mode                  | `devMode`                       |
+
+
+## Override Examples:
+
+### Minio Customization
 
 You can customize the Minio setup at deploy time via your ```uds-config.yaml```.
 

diff --git a/bundles/k3d-slim-dev/uds-bundle.yaml b/bundles/k3d-slim-dev/uds-bundle.yaml
@@ -3,13 +3,13 @@ metadata:
   name: k3d-core-slim-dev
   description: A UDS bundle for deploying Istio from UDS Core on a development cluster
   # x-release-please-start-version
-  version: "0.27.0"
+  version: "0.27.3"
   # x-release-please-end
 
 packages:
   - name: uds-k3d-dev
     repository: ghcr.io/defenseunicorns/packages/uds-k3d
-    ref: 0.8.0
+    ref: 0.9.0
     overrides:
       uds-dev-stack:
         minio:
@@ -34,7 +34,7 @@ packages:
   - name: core-slim-dev
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.27.0
+    ref: 0.27.3
     # x-release-please-end
     overrides:
       istio-admin-gateway:
@@ -55,6 +55,11 @@ packages:
             - name: TENANT_TLS_KEY
               description: "The TLS key for the tenant gateway (must be base64 encoded)"
               path: tls.key
+        gateway:
+          variables:
+            - name: TENANT_SERVICE_PORTS
+              description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)"
+              path: "service.ports"
       keycloak:
         keycloak:
           variables:

diff --git a/bundles/k3d-standard/README.md b/bundles/k3d-standard/README.md
@@ -43,6 +43,22 @@ This bundle is used for demonstration, development, and testing of UDS Core. In
 | `TENANT_TLS_CERT` | The TLS cert for the tenant gateway (must be base64 encoded) | tls.cert |
 | `TENANT_TLS_KEY` | The TLS key for the tenant gateway (must be base64 encoded) | tls.key |
 
+##### istio-tenant-gateway (gateway)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `TENANT_SERVICE_PORTS` | The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic) | service.ports |
+
+##### keycloak (keycloak)
+| Variable | Description | Path |
+|----------|-------------|------|
+| `INSECURE_ADMIN_PASSWORD_GENERATION` | Generate an insecure admin password for dev/test | `insecureAdminPasswordGeneration.enabled` |
+| `KEYCLOAK_HA`              | Enable Keycloak HA                         | `autoscaling.enabled`           |
+| `KEYCLOAK_PG_USERNAME`     | Keycloak Postgres username                 | `postgresql.username`           |
+| `KEYCLOAK_PG_PASSWORD`     | Keycloak Postgres password                 | `postgresql.password`           |
+| `KEYCLOAK_PG_DATABASE`     | Keycloak Postgres database                 | `postgresql.database`           |
+| `KEYCLOAK_PG_HOST`         | Keycloak Postgres host                     | `postgresql.host`               |
+| `KEYCLOAK_DEVMODE`         | Enables Keycloak dev mode                  | `devMode`                       |
+
 
 ## Override Examples:
 

diff --git a/bundles/k3d-standard/uds-bundle.yaml b/bundles/k3d-standard/uds-bundle.yaml
@@ -3,13 +3,13 @@ metadata:
   name: k3d-core-demo
   description: A UDS bundle for deploying the standard UDS Core package on a development cluster
   # x-release-please-start-version
-  version: "0.27.0"
+  version: "0.27.3"
   # x-release-please-end
 
 packages:
   - name: uds-k3d-dev
     repository: ghcr.io/defenseunicorns/packages/uds-k3d
-    ref: 0.8.0
+    ref: 0.9.0
     overrides:
       uds-dev-stack:
         minio:
@@ -34,11 +34,12 @@ packages:
   - name: core
     path: ../../build/
     # x-release-please-start-version
-    ref: 0.27.0
+    ref: 0.27.3
     # x-release-please-end
     optionalComponents:
       - istio-passthrough-gateway
       - metrics-server
+      - uds-runtime
     overrides:
       loki:
         loki:
@@ -94,6 +95,11 @@ packages:
             - name: TENANT_TLS_KEY
               description: "The TLS key for the tenant gateway (must be base64 encoded)"
               path: tls.key
+        gateway:
+          variables:
+            - name: TENANT_SERVICE_PORTS
+              description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)"
+              path: "service.ports"
       keycloak:
         keycloak:
           variables:

diff --git a/docs/application-baseline.md b/docs/application-baseline.md
@@ -23,3 +23,4 @@ For optimal deployment and operational efficiency, it is important to deliver a
 | **Identity and Access Management** | **[Keycloak](https://www.keycloak.org/):** A robust open-source Identity and Access Management solution, providing centralized authentication, authorization, and user management for enhanced security and control over access to mission-critical resources.|
 | **Backup and Restore**             | **[Velero](https://velero.io/):** Provides backup and restore capabilities for Kubernetes clusters, ensuring data protection and disaster recovery.|
 | **Authorization**                  | **[AuthService](https://github.com/istio-ecosystem/authservice):** Offers centralized authorization services, managing access control and permissions within the Istio mesh. AuthService plays a supporting role to Keycloak as it handles part of the OIDC redirect flow.|
+| **Frontend Views & Insights**      | **[UDS Runtime](https://github.com/defenseunicorns/uds-runtime)**: UDS Runtime is an optional component in Core that provides the frontend for all things UDS, providing views and insights into your UDS cluster. |
diff --git a/packages/slim-dev/zarf.yaml b/packages/slim-dev/zarf.yaml
@@ -4,7 +4,7 @@ metadata:
   description: "UDS Core (Istio, UDS Operator and Keycloak)"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.27.0"
+  version: "0.27.3"
   # x-release-please-end
 
 components:

diff --git a/packages/standard/zarf.yaml b/packages/standard/zarf.yaml
@@ -4,7 +4,7 @@ metadata:
   description: "UDS Core"
   authors: "Defense Unicorns - Product"
   # x-release-please-start-version
-  version: "0.27.0"
+  version: "0.27.3"
   # x-release-please-end
 
 components:
@@ -94,6 +94,12 @@ components:
     import:
       path: ../../src/authservice
 
+  # UDS Runtime
+  - name: uds-runtime
+    required: false
+    import:
+      path: ../../src/runtime
+
   # Velero
   - name: velero
     required: true

diff --git a/src/authservice/common/zarf.yaml b/src/authservice/common/zarf.yaml
@@ -19,7 +19,7 @@ components:
             maxTotalSeconds: 300
             wait:
               cluster:
-                kind: Packages
+                kind: packages.uds.dev
                 name: authservice
                 namespace: authservice
                 condition: "'{.status.phase}'=Ready"
diff --git a/src/grafana/common/zarf.yaml b/src/grafana/common/zarf.yaml
@@ -25,7 +25,7 @@ components:
             maxTotalSeconds: 300
             wait:
               cluster:
-                kind: Packages
+                kind: packages.uds.dev
                 name: grafana
                 namespace: grafana
                 condition: "'{.status.phase}'=Ready"
diff --git a/src/grafana/values/unicorn-values.yaml b/src/grafana/values/unicorn-values.yaml
@@ -12,7 +12,7 @@ initChownData:
 downloadDashboardsImage:
   registry: cgr.dev
   repository: du-uds-defenseunicorns/curl-fips
-  tag: 8.10.0
+  tag: 8.10.1
 
 sidecar:
   image:

diff --git a/src/grafana/values/upstream-values.yaml b/src/grafana/values/upstream-values.yaml
@@ -19,4 +19,4 @@ initChownData:
 downloadDashboardsImage:
   registry: docker.io
   repository: curlimages/curl
-  tag: 8.10.0
+  tag: 8.10.1
diff --git a/src/grafana/zarf.yaml b/src/grafana/zarf.yaml
@@ -22,7 +22,7 @@ components:
           - values/upstream-values.yaml
     images:
       - docker.io/grafana/grafana:11.2.0
-      - docker.io/curlimages/curl:8.10.0
+      - docker.io/curlimages/curl:8.10.1
       - docker.io/library/busybox:1.36.1
       - ghcr.io/kiwigrid/k8s-sidecar:1.27.6
 
@@ -54,5 +54,5 @@ components:
     images:
       - cgr.dev/du-uds-defenseunicorns/grafana-fips:11.2.0
       - cgr.dev/du-uds-defenseunicorns/busybox-fips:1.36.1
-      - cgr.dev/du-uds-defenseunicorns/curl-fips:8.10.0
+      - cgr.dev/du-uds-defenseunicorns/curl-fips:8.10.1
       - cgr.dev/du-uds-defenseunicorns/k8s-sidecar-fips:1.27.6
diff --git a/src/keycloak/chart/values.yaml b/src/keycloak/chart/values.yaml
@@ -7,7 +7,7 @@ image:
   pullPolicy: IfNotPresent
 
 # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver
-configImage: ghcr.io/defenseunicorns/uds/identity-config:0.6.2
+configImage: ghcr.io/defenseunicorns/uds/identity-config:0.6.3
 
 # The public domain name of the Keycloak server
 domain: "###ZARF_VAR_DOMAIN###"

diff --git a/src/keycloak/common/zarf.yaml b/src/keycloak/common/zarf.yaml
@@ -19,7 +19,7 @@ components:
             maxTotalSeconds: 300
             wait:
               cluster:
-                kind: Packages
+                kind: packages.uds.dev
                 name: keycloak
                 namespace: keycloak
                 condition: "'{.status.phase}'=Ready"