add bb manifests

Signed-off-by: Austin Abro <[email protected]>
zarf-dev · Sep 17, 2024 · 7c3c6be · 7c3c6be
1 parent 00fb308
commit 7c3c6be
Show file tree

Hide file tree

Showing 7 changed files with 162 additions and 107 deletions.
diff --git a/examples/bb-generate/manifests/bb-zarf-credentials.yaml b/examples/bb-generate/manifests/bb-zarf-credentials.yaml
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  creationTimestamp: null
+  name: zarf-credentials
+  namespace: bigbang
+stringData:
+  values.yaml: "\nregistryCredentials:\n  registry: \"###ZARF_REGISTRY###\"\n  username:
+    \"zarf-pull\"\n  password: \"###ZARF_REGISTRY_AUTH_PULL###\"\ngit:\n  existingSecret:
+    \"private-git-server\"\t# -- Chart created secrets with user defined values\n
+    \ credentials:\n  # -- HTTP git credentials, both username and password must be
+    provided\n    username: \"###ZARF_GIT_PUSH###\"\n    password: \"###ZARF_GIT_AUTH_PUSH###\"\n#
+    -- Big Bang v2 Kyverno Support\nkyvernoPolicies:\n  values:\n    exclude:\n      any:\n
+    \     - resources:\n          namespaces:\n          - zarf # don't have Kyverno
+    prevent Zarf from doing zarf things\n          "
diff --git a/examples/bb-generate/manifests/gitrepository.yaml b/examples/bb-generate/manifests/gitrepository.yaml
@@ -0,0 +1,14 @@
+apiVersion: source.toolkit.fluxcd.io/v1
+kind: GitRepository
+metadata:
+  name: bigbang
+spec:
+  ignore: |
+    # exclude file extensions
+    /**/*.md
+    /**/*.txt
+    /**/*.sh
+  interval: 10m
+  url: https://repo1.dso.mil/big-bang/bigbang.git
+  ref:
+    tag: 2.35.0
diff --git a/examples/bb-generate/manifests/helmrelease.yaml b/examples/bb-generate/manifests/helmrelease.yaml
@@ -0,0 +1,38 @@
+apiVersion: helm.toolkit.fluxcd.io/v2
+kind: HelmRelease
+metadata:
+  name: bigbang
+spec:
+  chart:
+    spec:
+      chart: chart
+      sourceRef:
+        kind: GitRepository
+        name: bigbang
+  install:
+    remediation:
+      retries: -1
+  interval: 10m
+  releaseName: bigbang
+  rollback:
+    cleanupOnFail: false
+    timeout: 10m
+  targetNamespace: bigbang
+  test:
+    enable: false
+  upgrade:
+    cleanupOnFail: true
+    remediation:
+      remediateLastFailure: true
+      retries: 5
+  valuesFrom:
+  - kind: Secret
+    name: zarf-credentials
+  - kind: Secret
+    name: bb-usr-vals-0-ingress
+  - kind: ConfigMap
+    name: kyverno-config
+  - kind: ConfigMap
+    name: loki-config
+  - kind: Secret
+    name: bb-usr-vals-0-ingress
diff --git a/examples/bb-generate/zarf.yaml b/examples/bb-generate/zarf.yaml
@@ -3,71 +3,84 @@ kind: ZarfPackageConfig
 metadata:
   name: bigbang
 components:
+- name: flux
+  required: true
+  manifests:
+  - name: flux-system
+    namespace: flux-system
+    files:
+    - flux/bb-flux.yaml
+  images:
+  - registry1.dso.mil/ironbank/fluxcd/source-controller:v1.3.0
+  - registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v1.3.0
+  - registry1.dso.mil/ironbank/fluxcd/helm-controller:v1.0.1
+  - registry1.dso.mil/ironbank/fluxcd/notification-controller:v1.3.0
 - name: bigbang
   required: true
   manifests:
   - name: bigbang
     namespace: bigbang
     files:
-    - manifests/bb-ext-gitrepository.yaml
-    - manifests/bb-ext-zarf-credentials.yaml
+    - manifests/gitrepository.yaml
+    - manifests/bb-zarf-credentials.yaml
+    - manifests/helmrelease.yaml
     - values-files/ingress.yaml
     - values-files/kyverno.yaml
     - values-files/loki.yaml
     - values-files/neuvector.yaml
-    - manifests/bb-ext-helmrelease.yaml
+    - manifests/helmrelease.yaml
   images:
-  - registry1.dso.mil/ironbank/opensource/istio/operator:1.19.6
-  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.4
-  - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.17.5
-  - registry1.dso.mil/ironbank/opensource/grafana/loki:2.9.3
-  - registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.26.0
+  - registry1.dso.mil/ironbank/opensource/kyverno/policy-reporter:2.20.1
+  - registry1.dso.mil/ironbank/opensource/kubernetes-sigs/metrics-server:v0.7.1
+  - registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.27.0
   - registry1.dso.mil/ironbank/big-bang/base:2.1.0
-  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.6
-  - registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.10.1
+  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.29.6
+  - registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.12.0
   - registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen:v1.3.0
-  - registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.49.1
-  - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.71.0
-  - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.71.0
-  - registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.7.0
-  - registry1.dso.mil/ironbank/opensource/thanos/thanos:v0.33.0
-  - registry1.dso.mil/ironbank/neuvector/neuvector/controller:5.2.2
-  - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer:5.2.2
-  - registry1.dso.mil/ironbank/neuvector/neuvector/manager:5.2.2
+  - registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.53.0
+  - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.75.0
+  - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.75.0
+  - registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.8.1
+  - registry1.dso.mil/ironbank/opensource/thanos/thanos:v0.35.1
+  - registry1.dso.mil/ironbank/opensource/grafana/loki:3.1.1
+  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.29.7
+  - registry1.dso.mil/ironbank/neuvector/neuvector/controller:5.3.4
+  - registry1.dso.mil/ironbank/neuvector/neuvector/enforcer:5.3.4
+  - registry1.dso.mil/ironbank/neuvector/neuvector/manager:5.3.4
   - registry1.dso.mil/ironbank/neuvector/neuvector/scanner:5
-  - registry1.dso.mil/ironbank/neuvector/neuvector/prometheus-exporter:5.1.0
-  - registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins:10.2.3
-  - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.25.3
-  - registry1.dso.mil/ironbank/opensource/istio/pilot:1.19.6
-  - registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.19.6
-  - registry1.dso.mil/ironbank/opensource/kiali/kiali:v1.78.0
-  - registry1.dso.mil/ironbank/opensource/kiali/kiali-operator:v1.78.0
-  - registry1.dso.mil/ironbank/opensource/kyverno:v1.11.4
-  - registry1.dso.mil/ironbank/opensource/kyverno/kyvernopre:v1.11.4
-  - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.28.5
-  - registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.3
-  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/reports-controller:v1.11.4
-  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/background-controller:v1.11.4
-  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/cleanup-controller:v1.11.4
-  - registry1.dso.mil/ironbank/opensource/kubernetes-sigs/metrics-server:v0.6.4
-  - registry1.dso.mil/ironbank/opensource/grafana/promtail:v2.9.2
-  - registry1.dso.mil/ironbank/opensource/grafana/tempo:2.3.0-ubi9
-  - registry1.dso.mil/ironbank/opensource/grafana/tempo-query:2.3.1
+  - registry1.dso.mil/ironbank/neuvector/neuvector/prometheus-exporter:5.3.2
+  - registry1.dso.mil/ironbank/big-bang/grafana/grafana-plugins:11.1.4
+  - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.27.5
+  - registry1.dso.mil/ironbank/opensource/istio/operator:1.22.4
+  - registry1.dso.mil/ironbank/opensource/istio/pilot:1.22.4
+  - registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.22.4
+  - registry1.dso.mil/ironbank/opensource/kiali/kiali:v1.89.0
+  - registry1.dso.mil/ironbank/opensource/kiali/kiali-operator:v1.89.1
+  - registry1.dso.mil/ironbank/opensource/kyverno:v1.12.5
+  - registry1.dso.mil/ironbank/opensource/kyverno/kyvernopre:v1.12.5
+  - registry1.dso.mil/ironbank/redhat/ubi/ubi9-minimal:9.4
+  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/reports-controller:v1.12.5
+  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/background-controller:v1.12.5
+  - registry1.dso.mil/ironbank/opensource/kyverno/kyverno/cleanup-controller:v1.12.5
+  - registry1.dso.mil/ironbank/opensource/kyverno/kyvernocli:v1.12.5
+  - registry1.dso.mil/ironbank/opensource/grafana/promtail:v3.0.0
+  - registry1.dso.mil/ironbank/opensource/grafana/tempo:2.5.0
+  - registry1.dso.mil/ironbank/opensource/grafana/tempo-query:2.5.0
   repos:
-  - https://repo1.dso.mil/big-bang/bigbang@2.19.2
-  - https://repo1.dso.mil/big-bang/product/packages/istio-operator.git@1.19.6-bb.0
-  - https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git@1.19.6-bb.1
-  - https://repo1.dso.mil/big-bang/product/packages/kiali.git@1.78.0-bb.1
-  - https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git@3.0.4-bb.18
-  - https://repo1.dso.mil/big-bang/product/packages/loki.git@5.41.4-bb.1
-  - https://repo1.dso.mil/big-bang/product/packages/metrics-server.git@3.11.0-bb.2
-  - https://repo1.dso.mil/big-bang/product/packages/monitoring.git@56.0.3-bb.0
-  - https://repo1.dso.mil/big-bang/product/packages/grafana.git@7.2.1-bb.3
-  - https://repo1.dso.mil/big-bang/product/packages/kyverno.git@3.1.4-bb.0
-  - https://repo1.dso.mil/big-bang/product/packages/neuvector.git@2.6.3-bb.8
-  - https://repo1.dso.mil/big-bang/product/packages/promtail.git@6.15.3-bb.4
-  - https://repo1.dso.mil/big-bang/product/packages/tempo.git@1.7.1-bb.2
-  - https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git@2.21.6-bb.0
+  - https://repo1.dso.mil/big-bang/bigbang@2.35.0
+  - https://repo1.dso.mil/big-bang/product/packages/kiali.git@1.89.0-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/kyverno.git@3.2.6-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/monitoring.git@62.1.0-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/neuvector.git@2.7.8-bb.1
+  - https://repo1.dso.mil/big-bang/product/packages/promtail.git@6.16.2-bb.3
+  - https://repo1.dso.mil/big-bang/product/packages/tempo.git@1.10.3-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/grafana.git@8.4.6-bb.1
+  - https://repo1.dso.mil/big-bang/product/packages/istio-operator.git@1.22.4-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/kyverno-reporter.git@2.24.1-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/loki.git@6.10.0-bb.0
+  - https://repo1.dso.mil/big-bang/product/packages/metrics-server.git@3.12.1-bb.4
+  - https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git@1.22.4-bb.1
+  - https://repo1.dso.mil/big-bang/product/packages/kyverno-policies.git@3.2.5-bb.3
   actions:
     onDeploy:
       onFailure:
@@ -98,52 +111,52 @@ components:
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: kyverno
+    name: monitoring
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: kyverno-policies
+    name: kyverno-reporter
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: istio-operator
+    name: metrics-server
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
     name: istio
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: monitoring
+    name: kiali
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: loki
+    name: kyverno-policies
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: grafana
+    name: kyverno
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: tempo
+    name: loki
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: promtail
+    name: neuvector
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: metrics-server
+    name: grafana
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: kiali
+    name: istio-operator
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: neuvector
+    name: promtail
   - apiVersion: v1
     kind: HelmRelease
     namespace: bigbang
-    name: kyverno-reporter
+    name: tempo
diff --git a/src/internal/bigbang/bigbang.go b/src/internal/bigbang/bigbang.go
@@ -94,12 +94,12 @@ func Create(ctx context.Context, baseDir string, version string, valuesFileManif
 	if !skipFlux {
 		fluxComponent := v1alpha1.ZarfComponent{Name: "flux", Required: helpers.BoolPtr(true)}
 		fluxTmpDir := filepath.Join(tmpDir, "flux")
-		err := getFluxManifest(ctx, fluxTmpDir, "kustomization.yaml", repo, version)
+		err := getBBFile(ctx, "flux/kustomization.yaml", filepath.Join(fluxTmpDir, "kustomization.yaml"), repo, version)
 		if err != nil {
 			return err
 		}
 
-		err = getFluxManifest(ctx, fluxTmpDir, "gotk-components.yaml", repo, version)
+		err = getBBFile(ctx, "flux/gotk-components.yaml", filepath.Join(fluxTmpDir, "gotk-components.yaml"), repo, version)
 		if err != nil {
 			return err
 		}
@@ -279,7 +279,7 @@ func Create(ctx context.Context, baseDir string, version string, valuesFileManif
 		return err
 	}
 
-	manifest, err := addBigBangManifests(airgap, manifestDir, valuesFileManifests, version, repo)
+	manifest, err := addBigBangManifests(ctx, airgap, manifestDir, valuesFileManifests, version, repo)
 	if err != nil {
 		return err
 	}
@@ -417,7 +417,7 @@ func findBBResources(t string) (map[string]string, map[string]HelmReleaseDepende
 }
 
 // addBigBangManifests creates the manifests component for deploying Big Bang.
-func addBigBangManifests(airgap bool, manifestDir string, valuesFiles []string, version string, repo string) (v1alpha1.ZarfManifest, error) {
+func addBigBangManifests(ctx context.Context, airgap bool, manifestDir string, valuesFiles []string, version string, repo string) (v1alpha1.ZarfManifest, error) {
 	// Create a manifest component that we add to the zarf package for bigbang.
 	manifest := v1alpha1.ZarfManifest{
 		Name:      bb,
@@ -440,14 +440,11 @@ func addBigBangManifests(airgap bool, manifestDir string, valuesFiles []string,
 		return nil
 	}
 
-	gitRepoFile := "gitrepository.yaml"
-	remotePath := fmt.Sprintf("%s/-/raw/%s/base/%s?ref_type=tags", repo, version, gitRepoFile)
-	localPath := filepath.Join(manifestDir, gitRepoFile)
-	err := utils.DownloadToFile(context.TODO(), remotePath, localPath, "")
-	if err != nil {
+	localGitRepoPath := filepath.Join(manifestDir, "gitrepository.yaml")
+	if err := getBBFile(ctx, "gitrepository.yaml", localGitRepoPath, repo, version); err != nil {
 		return v1alpha1.ZarfManifest{}, err
 	}
-	manifest.Files = append(manifest.Files, localPath)
+	manifest.Files = append(manifest.Files, localGitRepoPath)
 
 	var hrValues []fluxHelmCtrl.ValuesReference
 	// Only include the zarf-credentials secret if in airgap mode
@@ -469,19 +466,15 @@ func addBigBangManifests(airgap bool, manifestDir string, valuesFiles []string,
 	}
 
 	// TODO test with v2beta1 version
-	helmRepoFile := "helmrelease.yaml"
-	remotePath = fmt.Sprintf("%s/-/raw/%s/base/%s?ref_type=tags", repo, version, helmRepoFile)
-	localPath = filepath.Join(manifestDir, helmRepoFile)
-	if err := utils.DownloadToFile(context.TODO(), remotePath, localPath, ""); err != nil {
+	localHelmReleasePath := filepath.Join(manifestDir, "helmrelease.yaml")
+	if err := getBBFile(ctx, "helmrelease.yaml", localHelmReleasePath, repo, version); err != nil {
 		return v1alpha1.ZarfManifest{}, err
 	}
-	manifest.Files = append(manifest.Files, localPath)
-
-	b, err := os.ReadFile(localPath)
+	b, err := os.ReadFile(localHelmReleasePath)
 	if err != nil {
 		return v1alpha1.ZarfManifest{}, err
 	}
-	// Unmarshalling into a generic object since otherwise
+	// Unmarshalling into a generic object since otherwise boolean fields will disappear when re-marshalling
 	var helmReleaseObj map[string]interface{}
 	if err := yaml.Unmarshal(b, &helmReleaseObj); err != nil {
 		return v1alpha1.ZarfManifest{}, err
@@ -511,18 +504,16 @@ func addBigBangManifests(airgap bool, manifestDir string, valuesFiles []string,
 	} else {
 		return v1alpha1.ZarfManifest{}, errors.New("unable to find spec in helmrelease.yaml")
 	}
-
-	path := path.Join(manifestDir, helmRepoFile)
 	out, err := yaml.Marshal(helmReleaseObj)
 	if err != nil {
 		return v1alpha1.ZarfManifest{}, err
 	}
 
-	if err := os.WriteFile(path, out, helpers.ReadWriteUser); err != nil {
+	if err := os.WriteFile(localHelmReleasePath, out, helpers.ReadWriteUser); err != nil {
 		return v1alpha1.ZarfManifest{}, err
 	}
 
-	manifest.Files = append(manifest.Files, path)
+	manifest.Files = append(manifest.Files, localHelmReleasePath)
 
 	return manifest, nil
 }

diff --git a/src/internal/bigbang/bigbang_test.go b/src/internal/bigbang/bigbang_test.go
@@ -4,6 +4,7 @@
 package bigbang
 
 import (
+	"context"
 	"os"
 	"path/filepath"
 	"testing"
@@ -220,7 +221,7 @@ func TestAddBigBangManifests(t *testing.T) {
 			}
 
 			// TODO test the manifest
-			_, err = addBigBangManifests(tt.airgap, manifestDir, tt.valuesFiles, tt.version, tt.repo)
+			_, err = addBigBangManifests(context.Background(), tt.airgap, manifestDir, tt.valuesFiles, tt.version, tt.repo)
 			if tt.expectError {
 				require.Error(t, err)
 				return