feat: adds sso framework and removes default join and master keys

chart/templates/uds-package.yaml

@@ -4,6 +4,13 @@ metadata:
   name: artifactory
   namespace: {{ .Release.Namespace }}
 spec:
+  {{- if .Values.sso }}
+  sso:
+    - name: Artifactory SSO
+      clientId: uds-core-artifactory
+      redirectUris:
+        - "https://artifactory.{{ .Values.domain }}/artifactory/"
+  {{- end }}
   network:
     expose:
       - service: artifactory
@@ -13,6 +20,18 @@ spec:
         host: artifactory
         port: 8082
     allow:
+      - direction: Ingress
+        remoteGenerated: IntraNamespace
+      - direction: Egress
+        remoteGenerated: IntraNamespace
+      - direction: Egress
+        podLabels:
+          app.kubernetes.io/name: artifactory
+        port: 443
+        description: "SSO"
+      - direction: Egress
+        # todo: this is over permissive, need to scope it down
+        remoteGenerated: KubeAPI
       - direction: Egress
         podLabels:
           app: artifactory

chart/values.yaml

@@ -0,0 +1,2 @@
+domain: "###ZARF_VAR_DOMAIN###"
+sso: true

src/dev-secrets/zarf.yaml

@@ -23,10 +23,3 @@ components:
         namespace: artifactory
         files:
           - postgres-secret.yaml
-  - name: artifactory-keys
-    required: true
-    manifests:
-      - name: artifactory-keys
-        namespace: artifactory
-        files:
-          - join-master-key-secret.yaml

values/registry1-values.yaml

@@ -2,8 +2,6 @@ global:
   imageRegistry: registry1.dso.mil
   joinKey: null
   masterKey: null
-  joinKeySecretName: artifactory-keys
-  masterKeySecretName: artifactory-keys
   artifactoryHaEnabled: false
   imagePullSecrets:
     - private-registry

values/upstream-values.yaml

@@ -1,6 +1,4 @@
 global:
-  joinKeySecretName: artifactory-keys
-  masterKeySecretName: artifactory-keys
 initContainerImage: registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.3
 artifactory:
   name: artifactory

zarf.yaml

@@ -21,6 +21,10 @@ components:
     only:
       flavor: registry1
     charts:
+      - name: uds-artifactory-config
+        namespace: artifactory
+        version: 0.1.0
+        localPath: chart
       # renovate: bb-chart
       - name: artifactory
         url: https://repo1.dso.mil/big-bang/apps/third-party/jfrog-platform.git
@@ -29,10 +33,6 @@ components:
         namespace: artifactory
         valuesFiles:
           - values/registry1-values.yaml
-      - name: uds-artifactory-config
-        namespace: artifactory
-        version: 0.1.0
-        localPath: chart
     images:
       - registry1.dso.mil/ironbank/jfrog/artifactory/artifactory:7.63.9
       - registry1.dso.mil/ironbank/jfrog/jfrog-xray/router:7.61.1
@@ -44,19 +44,19 @@ components:
     only:
       flavor: upstream
     charts:
+      - name: uds-artifactory-config
+        namespace: artifactory
+        version: 0.1.0
+        localPath: chart
       # renovate: datasource=helm
       - name: artifactory
         url: https://charts.jfrog.io
-        version: 107.71.9
+        version: 107.77.7
         namespace: artifactory
         repoName: artifactory
         releaseName: artifactory
         valuesFiles:
           - values/upstream-values.yaml
-      - name: uds-artifactory-config
-        namespace: artifactory
-        version: 0.1.0
-        localPath: chart
     images:
       - registry1.dso.mil/ironbank/jfrog/artifactory/artifactory:7.71.5
       - registry1.dso.mil/ironbank/jfrog/jfrog-xray/router:7.87.0