From b32b484e31f802ad48a9d72f738448a43ad7aa7d Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Thu, 2 Nov 2023 23:49:44 +0000 Subject: [PATCH 1/5] upped version and moved policy exclusions to kyverno ns --- Makefile | 8 ++++---- gitlab-runner-flux-values.yaml | 2 +- utils/pkg-deps/rbac/policy-exceptions/registry.yaml | 2 +- zarf.yaml | 10 +++++----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/Makefile b/Makefile index a935208..e5d462f 100755 --- a/Makefile +++ b/Makefile @@ -1,14 +1,14 @@ # The version of Zarf to use. To keep this repo as portable as possible the Zarf binary will be downloaded and added to # the build folder. # renovate: datasource=github-tags depName=defenseunicorns/zarf -ZARF_VERSION := v0.29.2 +ZARF_VERSION := v0.30.1 # The version of the build harness container to use BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness # renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness BUILD_HARNESS_VERSION := 1.10.2 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?\d+\.\d+\.\d+) -DUBBD_K3D_VERSION := 0.10.1 +DUBBD_K3D_VERSION := 0.12.0 # Figure out which Zarf binary we should use based on the operating system we are on ZARF_BIN := zarf @@ -165,7 +165,7 @@ build/dubbd-k3d: | build/zarf ## Download dubbd k3d oci package build/test-pkg-deps: | build/zarf ## Build package dependencies for testing cd build && ./zarf package create ../utils/pkg-deps/namespaces/ --skip-sbom --confirm - cd build && ./zarf package create ../utils/pkg-deps/gitlab/ --skip-sbom --confirm + # cd build && ./zarf package create ../utils/pkg-deps/gitlab/ --skip-sbom --confirm cd build && ./zarf package create ../utils/pkg-deps/rbac/ --skip-sbom --confirm build/uds-capability-gitlab-runner: | build/zarf ## Build the gitlab-runner capability @@ -185,7 +185,7 @@ deploy/dubbd-k3d: | build/zarf ## Deploy the k3d flavor of DUBBD deploy/test-pkg-deps: | build/zarf ## Deploy the package dependencies needed for testing the gitlab-runner capability cd build && ./zarf package deploy zarf-package-gitlab-runner-namespaces-* --confirm - cd build && ./zarf package deploy zarf-package-gitlab-runner-gitlab* --confirm + # cd build && ./zarf package deploy zarf-package-gitlab-runner-gitlab* --confirm cd build && ./zarf package deploy zarf-package-gitlab-runner-rbac* --confirm deploy/uds-capability-gitlab-runner: | build/zarf ## Deploy the gitlab-runner capability diff --git a/gitlab-runner-flux-values.yaml b/gitlab-runner-flux-values.yaml index 30fab4e..3adb082 100644 --- a/gitlab-runner-flux-values.yaml +++ b/gitlab-runner-flux-values.yaml @@ -6,7 +6,7 @@ application: repository: https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git ref: # renovate: datasource=gitlab-tags depName=big-bang/product/packages/gitlab-runner versioning=loose registryUrl=https://repo1.dso.mil - tag: 0.52.0-bb.6 + tag: 0.52.0-bb.7 values: | ###ZARF_VAR_GITLAB_RUNNER_VALUES### dependsOn: diff --git a/utils/pkg-deps/rbac/policy-exceptions/registry.yaml b/utils/pkg-deps/rbac/policy-exceptions/registry.yaml index e439455..1055187 100644 --- a/utils/pkg-deps/rbac/policy-exceptions/registry.yaml +++ b/utils/pkg-deps/rbac/policy-exceptions/registry.yaml @@ -2,7 +2,7 @@ apiVersion: kyverno.io/v2alpha1 kind: PolicyException metadata: name: gitlab-runner-sandbox-registry-exception - namespace: gitlab-runner-sandbox + namespace: kyverno spec: exceptions: - policyName: restrict-image-registries diff --git a/zarf.yaml b/zarf.yaml index 88868d9..2bba056 100644 --- a/zarf.yaml +++ b/zarf.yaml @@ -3,7 +3,7 @@ kind: ZarfPackageConfig metadata: name: gitlab-runner description: "UDS GitLab Runner capability deployed via flux" - version: "0.0.8" + version: "0.0.9" architecture: amd64 variables: @@ -37,11 +37,11 @@ components: valuesFiles: - gitlab-runner-flux-values.yaml repos: - - https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git@0.52.0-bb.6 + - https://repo1.dso.mil/big-bang/product/packages/gitlab-runner.git@0.52.0-bb.7 images: - - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v15.11.0" - - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v15.11.0" - - "registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.8" + - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner:v15.11.0" + - "registry1.dso.mil/ironbank/gitlab/gitlab-runner/gitlab-runner-helper:v15.11.0" + - "registry1.dso.mil/ironbank/redhat/ubi/ubi8:8.8" actions: onDeploy: after: From 69374c855b957efa22a97fcfc0263380fd52f5d6 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 3 Nov 2023 16:06:32 +0000 Subject: [PATCH 2/5] makefile fix --- Makefile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e5d462f..e4f1c47 100755 --- a/Makefile +++ b/Makefile @@ -165,7 +165,7 @@ build/dubbd-k3d: | build/zarf ## Download dubbd k3d oci package build/test-pkg-deps: | build/zarf ## Build package dependencies for testing cd build && ./zarf package create ../utils/pkg-deps/namespaces/ --skip-sbom --confirm - # cd build && ./zarf package create ../utils/pkg-deps/gitlab/ --skip-sbom --confirm + cd build && ./zarf package create ../utils/pkg-deps/gitlab/ --skip-sbom --confirm cd build && ./zarf package create ../utils/pkg-deps/rbac/ --skip-sbom --confirm build/uds-capability-gitlab-runner: | build/zarf ## Build the gitlab-runner capability @@ -185,7 +185,7 @@ deploy/dubbd-k3d: | build/zarf ## Deploy the k3d flavor of DUBBD deploy/test-pkg-deps: | build/zarf ## Deploy the package dependencies needed for testing the gitlab-runner capability cd build && ./zarf package deploy zarf-package-gitlab-runner-namespaces-* --confirm - # cd build && ./zarf package deploy zarf-package-gitlab-runner-gitlab* --confirm + cd build && ./zarf package deploy zarf-package-gitlab-runner-gitlab* --confirm cd build && ./zarf package deploy zarf-package-gitlab-runner-rbac* --confirm deploy/uds-capability-gitlab-runner: | build/zarf ## Deploy the gitlab-runner capability From 47db8cd23ad0d1e11ed3c067c281ce3ff4bbd830 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 3 Nov 2023 16:42:15 +0000 Subject: [PATCH 3/5] Changed the ns for the registry exception for the dummy gitlab instance --- utils/pkg-deps/gitlab/policy-exceptions/registry.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml b/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml index 4f38192..befb42b 100644 --- a/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml +++ b/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml @@ -2,7 +2,7 @@ apiVersion: kyverno.io/v2alpha1 kind: PolicyException metadata: name: gitlab-registry-exception - namespace: gitlab + namespace: kyverno spec: exceptions: - policyName: restrict-image-registries From c3fcc45c1422f9e5b3474e9028cd0b1caf2dd912 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 3 Nov 2023 17:37:22 +0000 Subject: [PATCH 4/5] Upped dubbd version to 0.12.1 --- Makefile | 2 +- utils/pkg-deps/gitlab/policy-exceptions/registry.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Makefile b/Makefile index e4f1c47..90e2b5c 100755 --- a/Makefile +++ b/Makefile @@ -8,7 +8,7 @@ BUILD_HARNESS_REPO := ghcr.io/defenseunicorns/build-harness/build-harness # renovate: datasource=docker depName=ghcr.io/defenseunicorns/build-harness/build-harness BUILD_HARNESS_VERSION := 1.10.2 # renovate: datasource=docker depName=ghcr.io/defenseunicorns/packages/dubbd-k3d extractVersion=^(?\d+\.\d+\.\d+) -DUBBD_K3D_VERSION := 0.12.0 +DUBBD_K3D_VERSION := 0.12.1 # Figure out which Zarf binary we should use based on the operating system we are on ZARF_BIN := zarf diff --git a/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml b/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml index befb42b..4f38192 100644 --- a/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml +++ b/utils/pkg-deps/gitlab/policy-exceptions/registry.yaml @@ -2,7 +2,7 @@ apiVersion: kyverno.io/v2alpha1 kind: PolicyException metadata: name: gitlab-registry-exception - namespace: kyverno + namespace: gitlab spec: exceptions: - policyName: restrict-image-registries From bb20c048373319c2891f19cacefc9155900828b2 Mon Sep 17 00:00:00 2001 From: Michael-Kruggel Date: Fri, 3 Nov 2023 17:40:34 +0000 Subject: [PATCH 5/5] Missed one exception --- utils/pkg-deps/rbac/policy-exceptions/registry.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/utils/pkg-deps/rbac/policy-exceptions/registry.yaml b/utils/pkg-deps/rbac/policy-exceptions/registry.yaml index 1055187..e439455 100644 --- a/utils/pkg-deps/rbac/policy-exceptions/registry.yaml +++ b/utils/pkg-deps/rbac/policy-exceptions/registry.yaml @@ -2,7 +2,7 @@ apiVersion: kyverno.io/v2alpha1 kind: PolicyException metadata: name: gitlab-runner-sandbox-registry-exception - namespace: kyverno + namespace: gitlab-runner-sandbox spec: exceptions: - policyName: restrict-image-registries