From 04b3db1a90be3e84f85fe38fb874d57b06468fce Mon Sep 17 00:00:00 2001
From: Michael-Kruggel <michael.kruggel@defenseunicorns.com>
Date: Thu, 11 Jul 2024 19:11:37 +0000
Subject: [PATCH 1/3] feat: Add prometheus integration to jenkins

---
 chart/templates/uds-package.yaml | 32 +++++++++++++++++++++++++++++++-
 chart/values.yaml                | 18 ++++++++++++++++++
 tasks.yaml                       |  9 ++++++++-
 values/common.yaml               |  2 ++
 4 files changed, 59 insertions(+), 2 deletions(-)

diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index c4c6455..74ae2ce 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -11,6 +11,15 @@ spec:
       redirectUris:
         - "https://jenkins.{{ .Values.domain }}/securityRealm/finishLogin"
   {{- end }}
+
+  monitor:
+    - selector:
+        app.kubernetes.io/name: jenkins
+      targetPort: 8080
+      portName: http
+      path: /prometheus/
+      description: Metrics
+
   network:
     expose:
       - service: jenkins
@@ -22,18 +31,39 @@ spec:
     allow:
       - direction: Ingress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         remoteGenerated: IntraNamespace
+
       - direction: Egress
         podLabels:
           app.kubernetes.io/name: jenkins
         port: 443
         description: "Jenkins-plugins & SSO"
+
       - direction: Egress
         podLabels:
           jenkins/label: jenkins-jenkins-agent
         port: 443
         description: "Jenkins-jobs phone home"
+
       - direction: Egress
-        # todo: this is over permissive, need to scope it down
+        podLabels:
+          app.kubernetes.io/name: jenkins
         remoteGenerated: KubeAPI
+
+      # Custom rules for unanticipated scenarios
+      {{- range .Values.customNetworkPolicies }}
+      - direction: {{ .direction }}
+        selector:
+          {{ .selector | toYaml | nindent 10 }}
+        {{- if not .remoteGenerated }}
+        remoteNamespace: {{ .remoteNamespace }}
+        remoteSelector:
+          {{ .remoteSelector | toYaml | nindent 10 }}
+        port: {{ .port }}
+        {{- else }}
+        remoteGenerated: {{ .remoteGenerated }}
+        {{- end }}
+        description: {{ .description }}
+      {{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
index f2c9f7d..edd282f 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -1,3 +1,21 @@
 domain: "###ZARF_VAR_DOMAIN###"
+
 sso:
   enabled: true
+
+# customNetworkPolicies:
+#    # Notice no `remoteGenerated` field here on custom internal rule
+#   - direction: Ingress
+#     selector:
+#       app: jenkins
+#     remoteNamespace: jenkins
+#     remoteSelector:
+#       app: jenkins
+#     port: 8180
+#     description: "Ingress from Jenkins"
+#   # No `remoteNamespace`, `remoteSelector`, or `port` fields on rule to `remoteGenerated`
+#   - direction: Egress
+#     selector:
+#       app: webservice
+#     remoteGenerated: Anywhere
+#     description: "Egress from Mattermost"
diff --git a/tasks.yaml b/tasks.yaml
index 9312549..03a43f6 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -15,12 +15,19 @@ tasks:
       - task: setup:k3d-test-cluster
       - task: deploy:test-bundle
 
+  - name: default-full
+    description: Create K3D Cluster with UDS-Core + Jenkins
+    actions:
+      - task: create-test-bundle
+      - task: setup:k3d-full-cluster
+      - task: deploy:test-bundle
+
   - name: create-package
     description: Create UDS Jenkins Package
     actions:
       - task: create:package
         with:
-          options: "--skip-sbom"
+          options: "--skip-sbom --flavor registry1"
 
   - name: create-test-bundle
     description: Create a local UDS Jenkins bundle
diff --git a/values/common.yaml b/values/common.yaml
index 30453ff..4431e9e 100644
--- a/values/common.yaml
+++ b/values/common.yaml
@@ -21,6 +21,8 @@ controller:
     - git:5.2.2
     - configuration-as-code:1810.v9b_c30a_249a_4c
     - oic-auth:4.269.va_7526f34f306
+    - prometheus:773.v3b_62d8178eec
+    - cloudbees-disk-usage-simple:203.v3f46a_7462b_1a_
   overwritePlugins: true
   JCasC:
     defaultConfig: true

From 89e51c5fc9f10c5097ac6dbddd5465b313ce83fa Mon Sep 17 00:00:00 2001
From: Michael-Kruggel <michael.kruggel@defenseunicorns.com>
Date: Thu, 11 Jul 2024 19:23:42 +0000
Subject: [PATCH 2/3] feat: update codeowners and updated name for sso client
 id

---
 CODEOWNERS                       | 3 ++-
 chart/templates/uds-package.yaml | 2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/CODEOWNERS b/CODEOWNERS
index f900a18..f1e1095 100644
--- a/CODEOWNERS
+++ b/CODEOWNERS
@@ -1 +1,2 @@
-* @defenseunicorns/uds
+# This repository is owned by the Defense Unicorns UDS-Marketplace Team
+/* @defenseunicorns/uds-marketplace
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
index 74ae2ce..b79365c 100644
--- a/chart/templates/uds-package.yaml
+++ b/chart/templates/uds-package.yaml
@@ -6,7 +6,7 @@ metadata:
 spec:
   {{- if .Values.sso.enabled }}
   sso:
-    - name: Jenkins SSO
+    - name: Jenkins Login
       clientId: uds-package-jenkins
       redirectUris:
         - "https://jenkins.{{ .Values.domain }}/securityRealm/finishLogin"

From 4a2ed1a58c574d04cf6cb45ae4d2413d7f9bbf64 Mon Sep 17 00:00:00 2001
From: Michael-Kruggel <michael.kruggel@defenseunicorns.com>
Date: Thu, 11 Jul 2024 21:03:38 +0000
Subject: [PATCH 3/3] fix: fixed task

---
 tasks.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks.yaml b/tasks.yaml
index 03a43f6..df930e7 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -27,7 +27,7 @@ tasks:
     actions:
       - task: create:package
         with:
-          options: "--skip-sbom --flavor registry1"
+          options: "--skip-sbom"
 
   - name: create-test-bundle
     description: Create a local UDS Jenkins bundle