From d24614bf8dffc186cc4832627ddf053144bcd0f1 Mon Sep 17 00:00:00 2001 From: Matt Strong <90784516+matt-strong@users.noreply.github.com> Date: Mon, 7 Mar 2022 20:32:37 -0600 Subject: [PATCH] upgrade big bang version to latest version (#346) --- .pre-commit-config.yaml | 2 +- examples/Makefile | 2 +- examples/big-bang/README.md | 7 - .../kustomizations/bigbang/kustomization.yaml | 2 +- .../kustomizations/bigbang/values.yaml | 448 +++++++++--------- examples/big-bang/zarf.yaml | 141 +++--- 6 files changed, 292 insertions(+), 310 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index d78f0c34f1..18f0e778ac 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -11,7 +11,7 @@ repos: - id: detect-private-key exclude: | (?x)^( - examples/big-bang/template/bigbang/values.yaml| + examples/big-bang/kustomizations/bigbang/values.yaml| examples/software-factory/template/bigbang/values.yaml| examples/istio-with-separate-cert/files/bigbangdev.key )$ diff --git a/examples/Makefile b/examples/Makefile index 5e1ec1e988..4d6d818cac 100755 --- a/examples/Makefile +++ b/examples/Makefile @@ -60,7 +60,7 @@ package-examples: package-example-big-bang package-example-software-factory pack .PHONY: package-example-big-bang package-example-big-bang: ## Create the Big Bang Core example - cd big-bang && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/ + cd big-bang && $(ZARF_BIN) package create -l debug --confirm && mv zarf-package-* ../sync/ .PHONY: generate-bigbang-dev-cert generate-bigbang-dev-cert: ## Download the TLS cert and key for the *.bigbang.dev domain diff --git a/examples/big-bang/README.md b/examples/big-bang/README.md index ecac9ea687..b452c57000 100644 --- a/examples/big-bang/README.md +++ b/examples/big-bang/README.md @@ -75,13 +75,6 @@ make vm-init ./zarf tools k9s ``` -### Delete buggy EnvoyFilter - -```shell -# Delete this EnvoyFilter, it is bugged. Will be fixed when we update to a later version of Big Bang -kubectl delete -n istio-system envoyfilter/misdirected-request -``` - ### Clean Up ```shell diff --git a/examples/big-bang/kustomizations/bigbang/kustomization.yaml b/examples/big-bang/kustomizations/bigbang/kustomization.yaml index a5cdd8f7f4..c5e26b91a6 100644 --- a/examples/big-bang/kustomizations/bigbang/kustomization.yaml +++ b/examples/big-bang/kustomizations/bigbang/kustomization.yaml @@ -1,5 +1,5 @@ bases: - - git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=tags/1.17.0 + - git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=tags/1.28.0 configMapGenerator: - name: common diff --git a/examples/big-bang/kustomizations/bigbang/values.yaml b/examples/big-bang/kustomizations/bigbang/values.yaml index 7f297fa7bc..2388a0785d 100644 --- a/examples/big-bang/kustomizations/bigbang/values.yaml +++ b/examples/big-bang/kustomizations/bigbang/values.yaml @@ -8,16 +8,12 @@ registryCredentials: git: existingSecret: "zarf-git-secret" -flux: - interval: 1m - rollback: - cleanupOnFail: false - networkPolicies: enabled: true # When in prod use a real CIDR. Don't do this, it isn't secure. This is done here since it is a demo and the CIDR changes based on which Linux distro you are running on. controlPlaneCidr: "0.0.0.0/0" nodeCidr: "0.0.0.0/0" + vpcCidr: "0.0.0.0/0" istio: enabled: true @@ -29,29 +25,11 @@ istio: kubernetesResourceSpec: resources: requests: - cpu: "100m" - memory: "512Mi" + cpu: "50m" + memory: "256Mi" limits: cpu: "500m" memory: "512Mi" - # service: - # ports: - # - name: status-port - # port: 15021 - # protocol: TCP - # targetPort: 15021 - # - name: http2 - # port: 9080 - # protocol: TCP - # targetPort: 8080 - # - name: https - # port: 9443 - # protocol: TCP - # targetPort: 8443 - # - name: tls - # port: 15443 - # protocol: TCP - # targetPort: 15443 gateways: public: tls: @@ -176,28 +154,23 @@ istio: he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 -----END CERTIFICATE----- - - values: hub: "###ZARF_REGISTRY###/ironbank/opensource/istio" - cni: - image: - hub: "###ZARF_REGISTRY###/ironbank/opensource/istio" istiod: - hpaSpec: - maxReplicas: 1 - minReplicas: 1 resources: requests: - cpu: "100m" - memory: "1Gi" + cpu: "50m" + memory: "512Mi" limits: cpu: "500m" memory: "1Gi" - kiali: - dashboard: - auth: - strategy: "anonymous" + hpaSpec: + maxReplicas: 1 + cni: + image: + hub: "###ZARF_REGISTRY###/ironbank/opensource/istio" + postInstallHook: + image: "###ZARF_REGISTRY###/ironbank/big-bang/base:1.0.0" istiooperator: enabled: true @@ -207,56 +180,58 @@ istiooperator: hub: "###ZARF_REGISTRY###/ironbank/opensource/istio" operator: resources: - requests: - cpu: "100m" - memory: "256Mi" limits: - cpu: "500m" + cpu: "200m" memory: "256Mi" + requests: + cpu: "50m" + memory: "128Mi" jaeger: enabled: true git: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__jaeger.git values: + cleanSvcMonitor: + image: + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-operator + repository: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-operator" retention: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-es-index-cleaner:1.24.0 - - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "500m" - memory: "128Mi" + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-es-index-cleaner:1.29.0" jaeger: spec: allInOne: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/all-in-one:1.24.0 + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/all-in-one:1.29.0" resources: requests: - cpu: "100m" - memory: "128Mi" + cpu: "50m" + memory: "64Mi" limits: - cpu: "500m" + cpu: "200m" memory: "128Mi" agent: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-agent:1.24.0 + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-agent:1.29.0" ingester: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-ingester:1.24.0 + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-ingester:1.29.0" query: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-query:1.24.0 + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-query:1.29.0" collector: - image: ###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-collector:1.24.0 + image: "###ZARF_REGISTRY###/ironbank/opensource/jaegertracing/jaeger-collector:1.29.0" resources: requests: - cpu: "100m" - memory: "128Mi" + cpu: "50m" + memory: "64Mi" limits: - cpu: "500m" + cpu: "200m" memory: "128Mi" + resources: + limits: + cpu: "100m" + memory: "128Mi" + requests: + cpu: "50m" + memory: "64Mi" kiali: enabled: true @@ -264,29 +239,28 @@ kiali: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__kiali.git values: image: - repo: ###ZARF_REGISTRY###/ironbank/opensource/kiali/kiali-operator + repo: "###ZARF_REGISTRY###/ironbank/opensource/kiali/kiali-operator" resources: requests: - cpu: "100m" + cpu: "50m" memory: "256Mi" limits: - cpu: "500m" - memory: "256Mi" + cpu: "100m" + memory: "512Mi" cr: spec: deployment: - image_name: ###ZARF_REGISTRY###/ironbank/opensource/kiali/kiali + image_name: "###ZARF_REGISTRY###/ironbank/opensource/kiali/kiali" resources: requests: cpu: "100m" - memory: "368Mi" + memory: "128Mi" limits: - cpu: "500m" + cpu: "200m" memory: "368Mi" svcPatchJob: image: - repository: ###ZARF_REGISTRY###/ironbank/big-bang/base - + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" clusterAuditor: enabled: true @@ -294,14 +268,14 @@ clusterAuditor: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__cluster-auditor.git values: image: - repo: ###ZARF_REGISTRY###/ironbank/cluster-auditor/opa-collector + repo: "###ZARF_REGISTRY###/ironbank/bigbang/cluster-auditor/opa-exporter" resources: requests: - cpu: "100m" - memory: "512Mi" + cpu: "50m" + memory: "150Mi" limits: - cpu: "500m" - memory: "512Mi" + cpu: "300m" + memory: "300Mi" gatekeeper: enabled: true @@ -311,35 +285,34 @@ gatekeeper: postInstall: labelNamespace: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/kubernetes-1.21/kubectl - postUpgrade: - cleanupCRD: - image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/kubernetes-1.21/kubectl + repository: "###ZARF_REGISTRY###/ironbank/opensource/kubernetes/kubectl" image: repository: "###ZARF_REGISTRY###/ironbank/opensource/openpolicyagent/gatekeeper" - replicas: 1 + crdRepository: "###ZARF_REGISTRY###/ironbank/opensource/kubernetes/kubectl" controllerManager: resources: - requests: + limits: cpu: "175m" memory: "512Mi" - limits: - cpu: "1" - memory: "2Gi" + requests: + cpu: "50m" + memory: "256Mi" audit: resources: - requests: - cpu: "200m" - memory: "768Mi" limits: - cpu: "1.2" - memory: "2Gi" + cpu: "500m" + memory: "768Mi" + requests: + cpu: "50m" + memory: "256Mi" + bbtests: + scripts: + image: "###ZARF_REGISTRY###/ironbank/opensource/kubernetes/kubectl:v1.22.2" violations: allowedDockerRegistries: parameters: repos: - - ###ZARF_REGISTRY### + - "###ZARF_REGISTRY###" excludedResources: # K3s kube-system stuff, better than excluding the whole namespace - "kube-system/coredns-.*" @@ -353,67 +326,58 @@ gatekeeper: # K3s needs this if you are doing K3s-specific "HelmRelease"-type CRDs - ".*/helm-install-.*" - ".*/helm" - # TODO: Get Gitea in Iron Bank - - "git/stuart-gitea-.*" - - "git/gitea" - - "git/init" + # TODO: Get Zarf images in Iron Bank and don't wildcard the whole namespace + - "zarf/.*" hostNetworking: parameters: excludedResources: # K3s needs these due to how it creates services of type "LoadBalancer" - "istio-system/svclb-.*" - "istio-system/lb-port-.*" - httpsOnly: - parameters: - excludedResources: - # TODO: Fix these ingresses so they don't need to be excluded - - "git/git-ingress" - - "registry/registry-ingress" logging: enabled: true git: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__elasticsearch-kibana.git values: + kibana: + image: + repository: "###ZARF_REGISTRY###/ironbank/elastic/kibana/kibana" + count: 1 + resources: + requests: + memory: "512Mi" + cpu: "50m" + limits: + memory: "1Gi" + cpu: "500m" elasticsearch: image: - repository: ###ZARF_REGISTRY###/ironbank/elastic/elasticsearch/elasticsearch + repository: "###ZARF_REGISTRY###/ironbank/elastic/elasticsearch/elasticsearch" master: count: 1 - persistence: - size: "5Gi" resources: - requests: - cpu: "100m" - memory: "3Gi" limits: cpu: "500m" memory: "3Gi" + requests: + cpu: "50m" + memory: "1Gi" data: count: 1 - persistence: - size: 5Gi resources: - requests: - cpu: "100m" - memory: "3Gi" limits: cpu: "500m" memory: "3Gi" - kibana: - image: - repository: ###ZARF_REGISTRY###/ironbank/elastic/kibana/kibana - count: 1 - resources: - requests: - memory: "1Gi" - cpu: "100m" - limits: - memory: "1Gi" - cpu: "500m" + requests: + cpu: "50m" + memory: "1Gi" upgradeJob: image: - repository: ###ZARF_REGISTRY###/ironbank/big-bang/base + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" + bbtests: + scripts: + image: "###ZARF_REGISTRY###/ironbank/stedolan/jq:1.6" eckoperator: enabled: true @@ -421,7 +385,17 @@ eckoperator: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__eck-operator.git values: image: - repository: ###ZARF_REGISTRY###/ironbank/elastic/eck-operator/eck-operator + repository: "###ZARF_REGISTRY###/ironbank/elastic/eck-operator/eck-operator" + resources: + limits: + cpu: "200m" + memory: "256Mi" + requests: + cpu: "50m" + memory: "128Mi" + upgradeCrds: + image: + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" fluentbit: enabled: true @@ -429,106 +403,151 @@ fluentbit: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__fluentbit.git values: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/fluent/fluent-bit - securityContext: - privileged: true + repository: "###ZARF_REGISTRY###/ironbank/opensource/fluent/fluent-bit" resources: - requests: - cpu: "100m" - memory: "128Mi" limits: - cpu: "500m" + cpu: "100m" memory: "128Mi" + requests: + cpu: "50m" + memory: "64Mi" + bbtests: + scripts: + image: "###ZARF_REGISTRY###/ironbank/stedolan/jq:1.6" monitoring: enabled: true git: repo: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__apps__core__monitoring.git values: - alertmanager: - alertmanagerSpec: - image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/prometheus/alertmanager - resources: - requests: - cpu: "100m" - memory: "256Mi" - limits: - cpu: "500m" - memory: "256Mi" - prometheusOperator: - image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/prometheus-operator/prometheus-operator + cleanUpgrade: + image: "###ZARF_REGISTRY###/ironbank/big-bang/base:1.0.0" resources: requests: - cpu: "100m" - memory: "512Mi" + memory: "128Mi" + cpu: "50m" limits: - cpu: "500m" - memory: "512Mi" - admissionWebhooks: - patch: - image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/jet/kube-webhook-certgen - configmapReloadImage: - repository: ###ZARF_REGISTRY###/ironbank/opensource/jimmidyson/configmap-reload - prometheusConfigReloaderImage: - repository: ###ZARF_REGISTRY###/ironbank/opensource/prometheus-operator/prometheus-config-reloader - kubectlImage: - repository: ###ZARF_REGISTRY###/ironbank/opensource/kubernetes-1.20/kubectl-1.20 - prometheus: - prometheusSpec: + memory: "256Mi" + cpu: "100m" + alertmanager: + alertmanagerSpec: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/prometheus/prometheus + repository: "###ZARF_REGISTRY###/ironbank/opensource/prometheus/alertmanager" resources: + limits: + cpu: "100m" + memory: "100Mi" requests: cpu: "100m" - memory: "512Mi" - limits: - cpu: "500m" - memory: "2Gi" + memory: "50Mi" grafana: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/grafana/grafana + repository: "###ZARF_REGISTRY###/ironbank/opensource/grafana/grafana" + resources: + limits: + cpu: "100m" + memory: "256Mi" + requests: + cpu: "50m" + memory: "128Mi" + testFramework: + image: "###ZARF_REGISTRY###/ironbank/opensource/bats/bats" sidecar: image: - repository: ###ZARF_REGISTRY###/ironbank/kiwigrid/k8s-sidecar + repository: "###ZARF_REGISTRY###/ironbank/kiwigrid/k8s-sidecar" resources: + limits: + cpu: "100m" + memory: "100Mi" requests: cpu: "50m" memory: "50Mi" + downloadDashboardsImage: + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" + downloadDashboards: + resources: limits: - cpu: "500m" - memory: "100Mi" - resources: - requests: - cpu: "100m" - memory: "128Mi" - limits: - cpu: "500m" - memory: "128Mi" - testFramework: - image: "###ZARF_REGISTRY###/ironbank/opensource/bats/bats" + cpu: "20m" + memory: "20Mi" + requests: + cpu: "20m" + memory: "20Mi" kube-state-metrics: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/coreos/kube-state-metrics + repository: "###ZARF_REGISTRY###/ironbank/opensource/kubernetes/kube-state-metrics" resources: - requests: - cpu: "10m" - memory: "128Mi" limits: - cpu: "500m" + cpu: "100m" memory: "128Mi" + requests: + cpu: "50m" + memory: "64Mi" prometheus-node-exporter: image: - repository: ###ZARF_REGISTRY###/ironbank/opensource/prometheus/node-exporter + repository: "###ZARF_REGISTRY###/ironbank/opensource/prometheus/node-exporter" resources: + limits: + cpu: "200m" + memory: "50Mi" requests: - cpu: "100m" - memory: "128Mi" + cpu: "50m" + memory: "50Mi" + prometheusOperator: + admissionWebhooks: + patch: + image: + repository: "###ZARF_REGISTRY###/ironbank/opensource/ingress-nginx/kube-webhook-certgen" + resources: + limits: + cpu: "50m" + memory: "50Mi" + requests: + cpu: "50m" + memory: "50Mi" + cleanupProxy: + image: + repository: "###ZARF_REGISTRY###/ironbank/big-bang/base" + resources: + limits: + cpu: "50m" + memory: "50Mi" + requests: + cpu: "50m" + memory: "50Mi" + resources: limits: - cpu: "500m" - memory: "128Mi" + cpu: "200m" + memory: "512Mi" + requests: + cpu: "100m" + memory: "256Mi" + image: + repository: "###ZARF_REGISTRY###/ironbank/opensource/prometheus-operator/prometheus-operator" + prometheusConfigReloader: + image: + repository: "###ZARF_REGISTRY###/ironbank/opensource/prometheus-operator/prometheus-config-reloader" + resources: + requests: + cpu: "50m" + memory: "50Mi" + limits: + cpu: "100m" + memory: "50Mi" + thanosImage: + repository: "###ZARF_REGISTRY###/ironbank/opensource/thanos/thanos" + kubectlImage: + repository: "###ZARF_REGISTRY###/ironbank/opensource/kubernetes-1.20/kubectl-1.20" + prometheus: + prometheusSpec: + image: + repository: "###ZARF_REGISTRY###/ironbank/opensource/prometheus/prometheus" + resources: + limits: + cpu: "300m" + memory: "5Gi" + requests: + cpu: "50m" + memory: "2Gi" twistlock: enabled: true @@ -537,41 +556,14 @@ twistlock: values: console: image: - repository: ###ZARF_REGISTRY###/ironbank/twistlock/console/console - persistence: - size: 5Gi + repository: "###ZARF_REGISTRY###/ironbank/twistlock/console/console" resources: - requests: - cpu: "100m" - memory: "256Mi" limits: - cpu: "500m" + memory: "1Gi" + cpu: "250m" + requests: memory: "256Mi" - -addons: - argocd: - enabled: false - authservice: - enabled: false - gitlab: - enabled: false - gitlabRunner: - enabled: false - anchore: - enabled: false - sonarqube: - enabled: false - minioOperator: - enabled: false - minio: - enabled: false - mattermostoperator: - enabled: false - mattermost: - enabled: false - nexus: - enabled: false - velero: - enabled: false - keycloak: - enabled: false + cpu: "50m" + bbtests: + scripts: + image: "###ZARF_REGISTRY###/ironbank/stedolan/jq:1.6" diff --git a/examples/big-bang/zarf.yaml b/examples/big-bang/zarf.yaml index c703249b19..9ca89ea241 100644 --- a/examples/big-bang/zarf.yaml +++ b/examples/big-bang/zarf.yaml @@ -1,7 +1,7 @@ kind: ZarfPackageConfig metadata: name: big-bang-core-demo - description: "Demo Zarf basic deployment of Big Bang core" + description: "Demo Zarf basic deployment of Big Bang Core" # Big Bang / Iron Bank are only amd64 architecture: amd64 @@ -13,101 +13,98 @@ components: - name: flux-installer # This will be built on the package create side and deployed as a regular manifest on package deploy kustomizations: - - https://repo1.dso.mil/platform-one/big-bang/bigbang.git//base/flux?ref=1.17.0 + - https://repo1.dso.mil/platform-one/big-bang/bigbang.git//base/flux?ref=1.28.0 images: # Flux images - - registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.11.0 - - registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v0.13.0 - - registry1.dso.mil/ironbank/fluxcd/notification-controller:v0.15.0 - - registry1.dso.mil/ironbank/fluxcd/source-controller:v0.14.0 + - registry1.dso.mil/ironbank/fluxcd/helm-controller:v0.16.0 + - registry1.dso.mil/ironbank/fluxcd/kustomize-controller:v0.20.0 + - registry1.dso.mil/ironbank/fluxcd/notification-controller:v0.21.0 + - registry1.dso.mil/ironbank/fluxcd/source-controller:v0.21.1 - - name: bb-core + - name: big-bang required: true secretName: "private-registry" manifests: - - name: bb-core-config + - name: big-bang-config kustomizations: - "kustomizations/bigbang" - # 1. helm template bigbang ./chart | yq e '. | select(.kind == "GitRepository") | "- " + .spec.url + "@" + .spec.ref.tag' - - # 2. Add the actual bigbang repo as well - # https://repo1.dso.mil/platform-one/big-bang/bigbang/-/tags/1.17.0 repos: - - https://repo1.dso.mil/platform-one/big-bang/bigbang.git@1.17.0 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git@0.3.0-bb.7 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git@3.5.2-bb.1 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git@1.10.4-bb.3 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git@1.10.4-bb.1 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git@2.23.0-bb.2 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git@1.39.0-bb.2 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git@1.6.0-bb.2 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git@0.1.21-bb.0 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git@0.16.6-bb.0 - - https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git@14.0.0-bb.10 - - https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git@0.0.9-bb.0 + - https://repo1.dso.mil/platform-one/big-bang/bigbang.git@1.28.0 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git@1.11.5-bb.2 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-operator.git@1.11.5-bb.1 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/jaeger.git@2.27.1-bb.4 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali.git@1.45.0-bb.3 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/cluster-auditor.git@1.2.0-bb.1 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/policy.git@3.7.0-bb.9 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/elasticsearch-kibana.git@0.6.0-bb.2 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git@1.9.1-bb.4 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/fluentbit.git@0.19.19-bb.0 + - https://repo1.dso.mil/platform-one/big-bang/apps/core/monitoring.git@30.0.1-bb.8 + - https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git@0.4.0-bb.0 images: - # TODO: Figure out a better way to derive this list. - # 1. Deploy Big Bang Core using some other method like https://repo1.dso.mil/platform-one/quick-start/big-bang - # 2. kubectl get pods --all-namespaces -o json | jq '.items[].spec.containers[].image' | jq -s 'unique' | yq e -P - # 3. Move all 'registry1.dso.mil/ironbank/fluxcd' images to the 'local.images' section - # 4. Add 'docker.io/' to any images that aren't fully qualified (example: rancher/metrics-server -> docker.io/rancher/metrics-server - # OR go through each values.yaml file in each git repo specified above and pull out all the images - - # common - - registry1.dso.mil/ironbank/big-bang/base:8.4 - - # cluster-auditor - - registry1.dso.mil/ironbank/cluster-auditor/opa-collector:0.3.2 - - # policy - - registry1.dso.mil/ironbank/opensource/kubernetes-1.21/kubectl:v1.21.1 - - registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper:v3.5.2 - # istio-controlplane - - registry1.dso.mil/ironbank/opensource/istio/istioctl:1.10.4 - - registry1.dso.mil/ironbank/opensource/istio/install-cni:1.10.4 - - registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.10.4 - - registry1.dso.mil/ironbank/opensource/istio/pilot:1.10.4 + - registry1.dso.mil/ironbank/big-bang/base:1.0.0 + - registry1.dso.mil/ironbank/opensource/istio/pilot:1.11.5 + - registry1.dso.mil/ironbank/opensource/istio/proxyv2:1.11.5 + - registry1.dso.mil/ironbank/opensource/istio/install-cni:1.11.5 # istio-operator - - registry1.dso.mil/ironbank/opensource/istio/operator:1.10.4 + - registry1.dso.mil/ironbank/opensource/istio/operator:1.11.5 # jaeger - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-operator:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-es-index-cleaner:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/all-in-one:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-agent:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-ingester:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-query:1.24.0 - - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-collector:1.24.0 + # - registry1.dso.mil/ironbank/big-bang/base:1.0.0 -- Already present in istio-controlplane section + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-operator:1.29.1 + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-es-index-cleaner:1.29.0 + - registry1.dso.mil/ironbank/opensource/jaegertracing/all-in-one:1.29.0 + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-agent:1.29.0 + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-ingester:1.29.0 + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-query:1.29.0 + - registry1.dso.mil/ironbank/opensource/jaegertracing/jaeger-collector:1.29.0 # kiali - - registry1.dso.mil/ironbank/opensource/kiali/kiali-operator:v1.39.0 - - registry1.dso.mil/ironbank/opensource/kiali/kiali:v1.39.0 + - registry1.dso.mil/ironbank/opensource/kiali/kiali-operator:v1.45.0 + - registry1.dso.mil/ironbank/opensource/kiali/kiali:v1.45.0 + - registry1.dso.mil/ironbank/big-bang/base:8.4 - # eck-operator - - registry1.dso.mil/ironbank/elastic/eck-operator/eck-operator:1.6.0 + # cluster-auditor + - registry1.dso.mil/ironbank/bigbang/cluster-auditor/opa-exporter:v0.0.3 + + # policy (OPA Gatekeeper) + - registry1.dso.mil/ironbank/opensource/kubernetes/kubectl:v1.22.2 + - registry1.dso.mil/ironbank/opensource/openpolicyagent/gatekeeper:v3.7.0 # elasticsearch-kibana - - registry1.dso.mil/ironbank/elastic/kibana/kibana:7.12.0 - - registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch:7.13.4 + - registry1.dso.mil/ironbank/elastic/kibana/kibana:7.16.2 + - registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch:7.16.2 + # - registry1.dso.mil/ironbank/big-bang/base:8.4 -- Already present in kiali section + - registry1.dso.mil/ironbank/stedolan/jq:1.6 + + # eck-operator + - registry1.dso.mil/ironbank/elastic/eck-operator/eck-operator:1.9.1 + # - registry1.dso.mil/ironbank/big-bang/base:8.4 -- Already present in kiali section # fluentbit - - registry1.dso.mil/ironbank/opensource/fluent/fluent-bit:1.8.6 + - registry1.dso.mil/ironbank/opensource/fluent/fluent-bit:1.8.12 + # - registry1.dso.mil/ironbank/stedolan/jq:1.6 -- Already present in elasticsearch-kibana section # monitoring - - registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.21.0 - - registry1.dso.mil/ironbank/opensource/grafana/grafana:7.5.2 - - registry1.dso.mil/ironbank/opensource/bats/bats:1.2.1 - - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.10.6 - - registry1.dso.mil/ironbank/opensource/coreos/kube-state-metrics:v1.9.8 - - registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.0.1 - - registry1.dso.mil/ironbank/opensource/jet/kube-webhook-certgen:v1.5.1 - - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.46.0 - - registry1.dso.mil/ironbank/opensource/jimmidyson/configmap-reload:v0.5.0 - - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.46.0 - - registry1.dso.mil/ironbank/opensource/kubernetes-1.20/kubectl-1.20:v1.20.8 - - registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.25.0 + # - registry1.dso.mil/ironbank/big-bang/base:1.0.0 -- Already present in istio-controlplane section + - registry1.dso.mil/ironbank/opensource/prometheus/alertmanager:v0.23.0 + - registry1.dso.mil/ironbank/opensource/grafana/grafana:8.3.3 + - registry1.dso.mil/ironbank/opensource/bats/bats:1.5.0 + - registry1.dso.mil/ironbank/kiwigrid/k8s-sidecar:1.15.0 + # - registry1.dso.mil/ironbank/big-bang/base:1.0.0 -- Already present in istio-controlplane section + - registry1.dso.mil/ironbank/opensource/kubernetes/kube-state-metrics:v2.3.0 + - registry1.dso.mil/ironbank/opensource/prometheus/node-exporter:v1.3.1 + - registry1.dso.mil/ironbank/opensource/ingress-nginx/kube-webhook-certgen:v1.1.1 + # - registry1.dso.mil/ironbank/big-bang/base:1.0.0 -- Already present in istio-controlplane section + - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-operator:v0.53.1 + - registry1.dso.mil/ironbank/opensource/prometheus-operator/prometheus-config-reloader:v0.53.1 + - registry1.dso.mil/ironbank/opensource/thanos/thanos:v0.24.0 + - registry1.dso.mil/ironbank/opensource/kubernetes-1.20/kubectl-1.20:v1.20.11 + - registry1.dso.mil/ironbank/opensource/prometheus/prometheus:v2.32.1 # twistlock - - registry1.dso.mil/ironbank/twistlock/console/console:21.04.439 + - registry1.dso.mil/ironbank/twistlock/console/console:22.01.840 + # - registry1.dso.mil/ironbank/stedolan/jq:1.6 -- Already present in elasticsearch-kibana section