chore: upgrade init to v0.32.5-0.2.4 (#41)

chore: upgrade gitlab 16.9.2-uds.0-registry1 chore: upgrade uds to v0.9.4 and remove zarf feat: Configure velero
defenseunicorns · Mar 20, 2024 · 0e1db1f · 0e1db1f
1 parent 44c3f58
commit 0e1db1f
Show file tree

Hide file tree

Showing 7 changed files with 104 additions and 26 deletions.
diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -9,12 +9,7 @@ runs:
     - name: Set up Homebrew
       uses: Homebrew/actions/setup-homebrew@master
 
-    - name: Install Zarf
-      shell: bash
-      # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver
-      run: brew install defenseunicorns/tap/[email protected]
-
     - name: Install UDS CLI
       shell: bash
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/[email protected].3
+      run: brew install defenseunicorns/tap/[email protected].4
diff --git a/README.md b/README.md
@@ -16,15 +16,11 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d
 
 ### Prerequisites
 **Tools**:
-* [zarf version v0.32.4](https://github.com/defenseunicorns/zarf/tree/v0.32.4)
-- `sudo curl -sL https://github.com/defenseunicorns/zarf/releases/download/v0.32.4/zarf_v0.32.4_Linux_amd64`
-* [uds version v0.9.3](https://github.com/defenseunicorns/uds-cli/tree/v0.9.3)
-- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.9.3/uds-cli_v0.9.3_Linux_amd64`
+* [uds version v0.9.4](https://github.com/defenseunicorns/uds-cli/tree/v0.9.4)
+- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.9.4/uds-cli_v0.9.4_Linux_amd64`
 * (OPTIONAL) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
 * (OPTIONAL) [helm](https://github.com/helm/helm)
 
-> NOTE: Zarf must be accessible on the user's PATH
-
 **Infrastructure**:
 * Kubernetes cluster
 * Access to the cluster with enough privilege to deploy

diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
@@ -1,4 +1,4 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.3/uds.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.4/uds.schema.json
 kind: UDSBundle
 metadata:
   name: software-factory-nutanix
@@ -14,7 +14,7 @@ packages:
     repository: ghcr.io/defenseunicorns/uds-capability/rook-ceph/init
     optionalComponents:
       - git-server
-    ref: v0.32.4-0.2.3
+    ref: v0.32.5-0.2.4
     overrides:
       rook-ceph-cluster:
         rook-ceph-cluster:
@@ -38,8 +38,79 @@ packages:
 
   - name: core
     repository: ghcr.io/defenseunicorns/packages/uds/core
-    ref: 0.15.0-upstream
+    ref: 0.16.1-upstream
     overrides:
+      velero:
+        velero:
+          values:
+            - path: snapshotsEnabled
+              value: true
+            - path: configuration.volumeSnapshotLocation
+              value:
+                - name: default
+                  provider: aws
+                  config:
+                    region: "us-east-1"
+                  credential:
+                    name: "velero-bucket-credentials"
+                    key: "cloud"
+            - path: schedules
+              value:
+                uds-jira-backup:
+                  disabled: false
+                  schedule: "0 3 * * *"
+                  useOwnerReferencesInBackup: false
+                  template:
+                    csiSnapshotTimeout: 0s
+                    includeClusterResources: true
+                    snapshotVolumes: true
+                    includedNamespaces:
+                      - jira
+                    ttl: "240h"
+                uds-confluence-backup:
+                  disabled: false
+                  schedule: "0 3 * * *"
+                  useOwnerReferencesInBackup: false
+                  template:
+                    csiSnapshotTimeout: 0s
+                    includeClusterResources: true
+                    snapshotVolumes: true
+                    includedNamespaces:
+                      - confluence
+                    ttl: "240h"
+                uds-mattermost-backup:
+                  disabled: false
+                  schedule: "0 3 * * *"
+                  useOwnerReferencesInBackup: false
+                  template:
+                    csiSnapshotTimeout: 0s
+                    includeClusterResources: true
+                    snapshotVolumes: true
+                    includedNamespaces:
+                      - mattermost
+                    ttl: "240h"
+                uds-nexus-backup:
+                  disabled: false
+                  schedule: "0 3 * * *"
+                  useOwnerReferencesInBackup: false
+                  template:
+                    csiSnapshotTimeout: 0s
+                    includeClusterResources: true
+                    snapshotVolumes: true
+                    includedNamespaces:
+                      - nexus
+                    ttl: "240h"
+                uds-gitlab-backup:
+                  disabled: false
+                  schedule: "0 3 * * *"
+                  useOwnerReferencesInBackup: false
+                  template:
+                    csiSnapshotTimeout: 0s
+                    includeClusterResources: true
+                    snapshotVolumes: true
+                    includedNamespaces:
+                      - gitlab
+                    ttl: "240h"
       keycloak:
         keycloak:
           variables:
@@ -128,7 +199,7 @@ packages:
 
   - name: gitlab
     repository: ghcr.io/defenseunicorns/packages/uds/gitlab
-    ref: 16.9.1-uds.1-registry1
+    ref: 16.9.2-uds.0-registry1
     overrides:
       gitlab:
         gitlab:

diff --git a/config/dev-cluster/uds-config.yaml b/config/dev-cluster/uds-config.yaml
@@ -22,6 +22,11 @@ variables:
     KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords"
     KEYCLOAK_DB_NAME: "keycloakdb"
     KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi-dev.bigbang.dev"
+    VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev"
+    VELERO_BUCKET: "velero-bucket-dev"
+    VELERO_BUCKET_REGION: "us-east-1"
+    VELERO_BUCKET_KEY: "replace-me-object-store-access-key"
+    VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key"
   gitlab-database-secret:
     GITLAB_DB_PASSWORD: "replace-me-db-passwords"
   gitlab-object-store:

diff --git a/config/test-cluster/uds-config.yaml b/config/test-cluster/uds-config.yaml
@@ -22,6 +22,11 @@ variables:
     KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords"
     KEYCLOAK_DB_NAME: "keycloakdb"
     KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi.bigbang.dev"
+    VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev"
+    VELERO_BUCKET: "velero-bucket-test"
+    VELERO_BUCKET_REGION: "us-east-1"
+    VELERO_BUCKET_KEY: "replace-me-object-store-access-key"
+    VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key"
   gitlab-database-secret:
     GITLAB_DB_PASSWORD: "replace-me-db-passwords"
   gitlab-object-store:

diff --git a/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml b/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml
@@ -8,9 +8,15 @@ spec:
     - policies:
       - DisallowHostNamespaces
       - DisallowPrivileged
-      - RequireNonRootUser
+      - DisallowSELinuxOptions
       - DropAllCapabilities
+      - RequireNonRootUser
+      - RestrictCapabilities
       - RestrictHostPathWrite
+      - RestrictHostPorts
+      - RestrictProcMount
+      - RestrictSeccomp
+      - RestrictSELinuxType
       - RestrictVolumeTypes
       matcher:
         namespace: rook-ceph

diff --git a/tasks/create.yaml b/tasks/create.yaml
@@ -21,32 +21,32 @@ tasks:
   - name: database-manifest-packages
     description: Create database manifest packages
     actions:
-      - cmd: zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
-      - cmd: zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
-      - cmd: zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
-      - cmd: zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: gitlab-redis-secret-package
     description: Create package for the gitlab redis secret
     actions:
-      - cmd: zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: namespaces-package
     description: Create the namespaces package
     actions:
-      - cmd: zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: idam-packages
     description: Create the idam packages
     actions:
-      - cmd: zarf package create ./packages/idam-dns --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/idam-dns --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: object-store-packages
     description: Create the object storage packages
     actions:
-      - cmd: zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: additional-manifests-package
     description: Create package create additional manifests needed.
     actions:
-      - cmd: zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+      - cmd: uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build