Skip to content

Commit

Permalink
Upgrade Big Bang Core example to BB v1.17.0 (#67)
Browse files Browse the repository at this point in the history
Signed-off-by: Jeff McCoy <code@jeffm.us>
  • Loading branch information
RothAndrew authored and jeff-mccoy committed Sep 29, 2021
1 parent e8866b7 commit ee54c2d
Show file tree
Hide file tree
Showing 6 changed files with 338 additions and 250 deletions.
4 changes: 2 additions & 2 deletions examples/Vagrantfile
Original file line number Diff line number Diff line change
Expand Up @@ -16,8 +16,8 @@ Vagrant.configure("2") do |config|

config.vm.network "forwarded_port", guest: 80, host: 8080
config.vm.network "forwarded_port", guest: 443, host: 8443
config.vm.network "forwarded_port", guest: 8080, host: 9080
config.vm.network "forwarded_port", guest: 8443, host: 9443
config.vm.network "forwarded_port", guest: 9080, host: 9080
config.vm.network "forwarded_port", guest: 9443, host: 9443

config.ssh.insert_key = false

Expand Down
19 changes: 14 additions & 5 deletions examples/big-bang/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -18,8 +18,9 @@ Because the same cluster will be running both Traefik and Istio, Istio's Virtual
8. Wait a bit, run `k9s` to see pods come up. Don't move on until everything is running
9. Run: `./zarf package deploy zarf-package-big-bang-core-demo.tar.zst --confirm` - Deploy Big Bang Core
10. Wait several minutes. Run `k9s` to watch progress
11. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
12. When you're done, run `make vm-destroy` to bring everything down
11. :warning: `kubectl delete -n istio-system envoyfilter/misdirected-request` (due to [this bug](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/802))
12. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
13. When you're done, run `make vm-destroy` to bring everything down

## Kubescape scan

Expand All @@ -29,6 +30,14 @@ This example adds the `kubescape` binary, which can scan clusters for compliance
kubescape scan framework nsa --use-from /usr/local/bin/kubescape-framework-nsa.json
```

## To-Do

1. Re-enable the NetworkPolicies - They got disabled to resolve an issue connecting to the k8s cluster API server, which is fine for a demo but unacceptable in production
## Services

| URL | Username | Password | Notes |
| ----------------------------------------------------- | --------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------- |
| [AlertManager](https://alertmanager.bigbang.dev:9443) | n/a | n/a | Unauthenticated |
| [Grafana](https://grafana.bigbang.dev:9443) | `admin` | `prom-operator` | |
| [Kiali](https://kiali.bigbang.dev:9443) | n/a | `kubectl get secret -n kiali -o=json \| jq -r '.items[] \| select(.metadata.annotations."kubernetes.io/service-account.name"=="kiali-service-account") \| .data.token' \| base64 -d; echo` | |
| [Kibana](https://kibana.bigbang.dev:9443) | `elastic` | `kubectl get secret -n logging logging-ek-es-elastic-user -o=jsonpath='{.data.elastic}' \| base64 -d; echo` | |
| [Prometheus](https://prometheus.bigbang.dev:9443) | n/a | n/a | Unauthenticated |
| [Jaeger](https://tracing.bigbang.dev:9443) | n/a | n/a | Unauthenticated |
| [Twistlock](https://twistlock.bigbang.dev:9443) | n/a | n/a | Twistlock has you create an admin account the first time you log in |
2 changes: 1 addition & 1 deletion examples/big-bang/template/bigbang/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
bases:
- git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=1.14.1
- git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=1.17.0

configMapGenerator:
- name: common
Expand Down
Loading

0 comments on commit ee54c2d

Please sign in to comment.