Updates for Big Bang example to PR #237 (#267)

.pre-commit-config.yaml

@@ -3,6 +3,7 @@ repos:
     rev: v4.0.1
     hooks:
       - id: check-added-large-files
+        args: ['--maxkb=1024']
       - id: check-merge-conflict
       - id: detect-aws-credentials
         args:

assets/scripts/k3s.service

@@ -24,4 +24,4 @@ RestartSec=5s
 ExecStartPre=/bin/sh -xc '! /usr/bin/systemctl is-enabled --quiet nm-cloud-setup.service'
 ExecStartPre=-/sbin/modprobe br_netfilter
 ExecStartPre=-/sbin/modprobe overlay
-ExecStart=/usr/local/bin/k3s server --write-kubeconfig-mode=700
+ExecStart=/usr/local/bin/k3s server --write-kubeconfig-mode=700 --disable traefik

examples/big-bang/README.md

@@ -1,28 +1,96 @@
-# Example: Big Bang Core All-In-One
+# Example: Big Bang Core
 
-This example deploys Big Bang Core with a gitops service. This is not normally the method that will be used in production but for a demo it works great.
+This example shows a deployment of [Big Bang Core](https://repo1.dso.mil/platform-one/big-bang/bigbang) using Zarf.
 
-Because the same cluster will be running both Traefik and Istio, Istio's VirtualServices will be available on port 9443
+![pods](img/pods.png)
+
+![helmreleases](img/helmreleases.png)
+
+## Known Issues
+
+- Inside the Vagrant VM the services are available on the standard port `443`. Outside the VM if you want to pull something up in your browser that traffic is being routed to port `8443` to avoid needing to be root when running the Vagrant box.
+- Due to issues with Elasticsearch this example doesn't work yet in some distros. It does work in the Vagrant VM detailed below. Upcoming work to update to the latest version of Big Bang and swap the EFK stack out for the PLG stack (Promtail, Loki, Grafana) should resolve this issue
+- Currently this example does the equivalent of `kustomize build | kubectl apply -f -`, which means Flux will be used to deploy everything, but it won't be watching a Git repository for changes. Upcoming work is planned to update the example so that you will be able to open up a Git repo in the private Gitea server inside the cluster, commit and push a change, and see that change get reflected in the deployment.
 
 ## Prerequisites
 
 1. Install [Vagrant](https://www.vagrantup.com/)
-2. Install `make` and `kustomize`
+2. Install `make`
 1. Install `sha256sum` (on Mac it's `brew install coreutils`)
 
 ## Instructions
 
-1. `cd examples/big-bang`
-1. Run one of these two commands:
-   - `make all` - Download the latest version of Zarf, build the deploy package, and start a VM with Vagrant
-   - `make all-dev` - Build Zarf locally, build the deploy package, and start a VM with Vagrant
-2. Run: `./zarf init --confirm --components k3s,gitops-service` - Initialize Zarf, telling it to install the management component and gitops service and skip logging component (since BB has logging already) and tells Zarf to use `localhost` as the domain. If you want to use interactive mode instead just run `./zarf init`.
-3. Wait a bit, run `./zarf tools k9s` to see pods come up. Don't move on until everything is running
-4. Run: `./zarf package deploy zarf-package-big-bang-core-demo.tar.zst --components kubescape --confirm` - Deploy Big Bang Core. If you want interactive mode instead just run `./zarf package deploy`, it will give you a picker to choose the package.
-5. Wait several minutes. Run `./zarf tools k9s` to watch progress
-6. :warning: `kubectl delete -n istio-system envoyfilter/misdirected-request` (due to [this bug](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/802))
-7. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
-8. When you're done, run `exit` to leave the VM then `make vm-destroy` to bring everything down
+### Pull down the code and binaries
+
+```shell
+# clone the binaries
+git clone https://github.com/defenseunicorns/zarf.git
+
+# change to the examples folder
+cd zarf/examples
+
+# Download the latest release of Zarf and the Init Package to the 'examples/sync' folder
+make fetch-release
+```
+
+> NOTE:
+>
+> If you have any issues with `make fetch-release` you can try `make build-release` instead. It will build the files instead of downloading them. You'll need Golang installed.
+
+### Build the deploy package
+
+```shell
+# Create the deploy package and move it to the 'examples/sync' folder
+make package-example-big-bang
+```
+
+### Start the Vagrant VM
+
+```shell
+# Start the VM. You'll be dropped into a shell in the VM as the Root user
+make vm-init
+```
+
+> NOTE:
+>
+> All subsequent commands should be happening INSIDE the Vagrant VM
+
+### Initialize Zarf
+
+```shell
+# Initialize Zarf
+./zarf init --confirm --components k3s,gitops-service
+
+# (Optional) Inspect the results
+./zarf tools k9s
+```
+
+### Deploy Big Bang
+
+```shell
+# Deploy Big Bang
+./zarf package deploy --confirm zarf-package-big-bang-core-demo.tar.zst --components kubescape
+
+# (Optional) Inspect the results
+./zarf tools k9s
+```
+
+### Delete buggy EnvoyFilter
+
+```shell
+# Delete this EnvoyFilter, it is bugged. Will be fixed when we update to a later version of Big Bang
+kubectl delete -n istio-system envoyfilter/misdirected-request
+```
+
+### Clean Up
+
+```shell
+# Inside the VM
+exit
+
+# On the host
+make vm-destroy
+```
 
 ## Kubescape scan
 
@@ -36,10 +104,20 @@ kubescape scan framework nsa --use-from=/usr/local/bin/kubescape-framework-nsa.j
 
 | URL                                                   | Username  | Password                                                                                                                                                                                   | Notes                                                               |
 | ----------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------- |
-| [AlertManager](https://alertmanager.bigbang.dev:9443) | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
-| [Grafana](https://grafana.bigbang.dev:9443)           | `admin`   | `prom-operator`                                                                                                                                                                            |                                                                     |
-| [Kiali](https://kiali.bigbang.dev:9443)               | n/a       | `kubectl get secret -n kiali -o=json \| jq -r '.items[] \| select(.metadata.annotations."kubernetes.io/service-account.name"=="kiali-service-account") \| .data.token' \| base64 -d; echo` |                                                                     |
-| [Kibana](https://kibana.bigbang.dev:9443)             | `elastic` | `kubectl get secret -n logging logging-ek-es-elastic-user -o=jsonpath='{.data.elastic}' \| base64 -d; echo`                                                                                |                                                                     |
-| [Prometheus](https://prometheus.bigbang.dev:9443)     | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
-| [Jaeger](https://tracing.bigbang.dev:9443)            | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
-| [Twistlock](https://twistlock.bigbang.dev:9443)       | n/a       | n/a                                                                                                                                                                                        | Twistlock has you create an admin account the first time you log in |
+| [AlertManager](https://alertmanager.bigbang.dev:8443) | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
+| [Grafana](https://grafana.bigbang.dev:8443)           | `admin`   | `prom-operator`                                                                                                                                                                            |                                                                     |
+| [Kiali](https://kiali.bigbang.dev:8443)               | n/a       | `kubectl get secret -n kiali -o=json \| jq -r '.items[] \| select(.metadata.annotations."kubernetes.io/service-account.name"=="kiali-service-account") \| .data.token' \| base64 -d; echo` |                                                                     |
+| [Kibana](https://kibana.bigbang.dev:8443)             | `elastic` | `kubectl get secret -n logging logging-ek-es-elastic-user -o=jsonpath='{.data.elastic}' \| base64 -d; echo`                                                                                |                                                                     |
+| [Prometheus](https://prometheus.bigbang.dev:8443)     | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
+| [Jaeger](https://tracing.bigbang.dev:8443)            | n/a       | n/a                                                                                                                                                                                        | Unauthenticated                                                     |
+| [Twistlock](https://twistlock.bigbang.dev:8443)       | n/a       | n/a                                                                                                                                                                                        | Twistlock has you create an admin account the first time you log in |
+
+## Troubleshooting
+
+### Elasticsearch isn't working when I try to deploy the Big Bang package on KinD (or K3d, or any other distro other than K3s)
+That's a known issue. This example is only supported right now when using the K3s cluster that Zarf is able to deploy when running `zarf init`. Updating to the latest version of Big Bang and swapping the EFK stack out for the PLG stack should fix this issue. It's on the roadmap™.
+### I'm getting "Misdirected Request" when trying to get to any of the services in my browser
+Run the `kubectl delete` command documented above to delete the buggy EnvoyFilter. Updating to the latest version of Big Bang will fix this issue. It's on the roadmap™.
+
+### My computer crashed!
+Close all those hundreds of chrome tabs, shut down all non-essential programs, and try again. Big Bang is a HOG. If you have less than 32GB of RAM you're in for a rough time.