From 0e1db1fad4e5a19a97f3f2bf5f21bd1652b9ec23 Mon Sep 17 00:00:00 2001 From: awendt Date: Wed, 20 Mar 2024 13:56:48 -0600 Subject: [PATCH] chore: upgrade init to v0.32.5-0.2.4 (#41) chore: upgrade gitlab 16.9.2-uds.0-registry1 chore: upgrade uds to v0.9.4 and remove zarf feat: Configure velero --- .github/actions/setup/action.yaml | 7 +- README.md | 8 +- bundles/uds-core-swf/uds-bundle.yaml | 79 ++++++++++++++++++- config/dev-cluster/uds-config.yaml | 5 ++ config/test-cluster/uds-config.yaml | 5 ++ .../rook-ceph-exemption.yaml | 8 +- tasks/create.yaml | 18 ++--- 7 files changed, 104 insertions(+), 26 deletions(-) diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml index a7d93787..76e4a727 100644 --- a/.github/actions/setup/action.yaml +++ b/.github/actions/setup/action.yaml @@ -9,12 +9,7 @@ runs: - name: Set up Homebrew uses: Homebrew/actions/setup-homebrew@master - - name: Install Zarf - shell: bash - # renovate: datasource=github-tags depName=defenseunicorns/zarf versioning=semver - run: brew install defenseunicorns/tap/zarf@0.32.4 - - name: Install UDS CLI shell: bash # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver - run: brew install defenseunicorns/tap/uds@0.9.3 + run: brew install defenseunicorns/tap/uds@0.9.4 diff --git a/README.md b/README.md index 3ed29c99..09d19502 100644 --- a/README.md +++ b/README.md @@ -16,15 +16,11 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d ### Prerequisites **Tools**: -* [zarf version v0.32.4](https://github.com/defenseunicorns/zarf/tree/v0.32.4) -- `sudo curl -sL https://github.com/defenseunicorns/zarf/releases/download/v0.32.4/zarf_v0.32.4_Linux_amd64` -* [uds version v0.9.3](https://github.com/defenseunicorns/uds-cli/tree/v0.9.3) -- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.9.3/uds-cli_v0.9.3_Linux_amd64` +* [uds version v0.9.4](https://github.com/defenseunicorns/uds-cli/tree/v0.9.4) +- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.9.4/uds-cli_v0.9.4_Linux_amd64` * (OPTIONAL) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) * (OPTIONAL) [helm](https://github.com/helm/helm) -> NOTE: Zarf must be accessible on the user's PATH - **Infrastructure**: * Kubernetes cluster * Access to the cluster with enough privilege to deploy diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml index 4c024fbe..1104c79a 100644 --- a/bundles/uds-core-swf/uds-bundle.yaml +++ b/bundles/uds-core-swf/uds-bundle.yaml @@ -1,4 +1,4 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.3/uds.schema.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.4/uds.schema.json kind: UDSBundle metadata: name: software-factory-nutanix @@ -14,7 +14,7 @@ packages: repository: ghcr.io/defenseunicorns/uds-capability/rook-ceph/init optionalComponents: - git-server - ref: v0.32.4-0.2.3 + ref: v0.32.5-0.2.4 overrides: rook-ceph-cluster: rook-ceph-cluster: @@ -38,8 +38,79 @@ packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core - ref: 0.15.0-upstream + ref: 0.16.1-upstream overrides: + velero: + velero: + values: + - path: snapshotsEnabled + value: true + - path: configuration.volumeSnapshotLocation + value: + - name: default + provider: aws + config: + region: "us-east-1" + credential: + name: "velero-bucket-credentials" + key: "cloud" + - path: schedules + value: + uds-jira-backup: + disabled: false + schedule: "0 3 * * *" + useOwnerReferencesInBackup: false + template: + csiSnapshotTimeout: 0s + includeClusterResources: true + snapshotVolumes: true + includedNamespaces: + - jira + ttl: "240h" + uds-confluence-backup: + disabled: false + schedule: "0 3 * * *" + useOwnerReferencesInBackup: false + template: + csiSnapshotTimeout: 0s + includeClusterResources: true + snapshotVolumes: true + includedNamespaces: + - confluence + ttl: "240h" + uds-mattermost-backup: + disabled: false + schedule: "0 3 * * *" + useOwnerReferencesInBackup: false + template: + csiSnapshotTimeout: 0s + includeClusterResources: true + snapshotVolumes: true + includedNamespaces: + - mattermost + ttl: "240h" + uds-nexus-backup: + disabled: false + schedule: "0 3 * * *" + useOwnerReferencesInBackup: false + template: + csiSnapshotTimeout: 0s + includeClusterResources: true + snapshotVolumes: true + includedNamespaces: + - nexus + ttl: "240h" + uds-gitlab-backup: + disabled: false + schedule: "0 3 * * *" + useOwnerReferencesInBackup: false + template: + csiSnapshotTimeout: 0s + includeClusterResources: true + snapshotVolumes: true + includedNamespaces: + - gitlab + ttl: "240h" keycloak: keycloak: variables: @@ -128,7 +199,7 @@ packages: - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 16.9.1-uds.1-registry1 + ref: 16.9.2-uds.0-registry1 overrides: gitlab: gitlab: diff --git a/config/dev-cluster/uds-config.yaml b/config/dev-cluster/uds-config.yaml index 0f98bb3d..4eea009b 100644 --- a/config/dev-cluster/uds-config.yaml +++ b/config/dev-cluster/uds-config.yaml @@ -22,6 +22,11 @@ variables: KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords" KEYCLOAK_DB_NAME: "keycloakdb" KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi-dev.bigbang.dev" + VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev" + VELERO_BUCKET: "velero-bucket-dev" + VELERO_BUCKET_REGION: "us-east-1" + VELERO_BUCKET_KEY: "replace-me-object-store-access-key" + VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key" gitlab-database-secret: GITLAB_DB_PASSWORD: "replace-me-db-passwords" gitlab-object-store: diff --git a/config/test-cluster/uds-config.yaml b/config/test-cluster/uds-config.yaml index ca0c14da..347f181c 100644 --- a/config/test-cluster/uds-config.yaml +++ b/config/test-cluster/uds-config.yaml @@ -22,6 +22,11 @@ variables: KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords" KEYCLOAK_DB_NAME: "keycloakdb" KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi.bigbang.dev" + VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev" + VELERO_BUCKET: "velero-bucket-test" + VELERO_BUCKET_REGION: "us-east-1" + VELERO_BUCKET_KEY: "replace-me-object-store-access-key" + VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key" gitlab-database-secret: GITLAB_DB_PASSWORD: "replace-me-db-passwords" gitlab-object-store: diff --git a/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml b/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml index d84c0ca0..9820c3e3 100644 --- a/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml +++ b/packages/additional-manifests/pepr-policy-exemptions/rook-ceph-exemption.yaml @@ -8,9 +8,15 @@ spec: - policies: - DisallowHostNamespaces - DisallowPrivileged - - RequireNonRootUser + - DisallowSELinuxOptions - DropAllCapabilities + - RequireNonRootUser + - RestrictCapabilities - RestrictHostPathWrite + - RestrictHostPorts + - RestrictProcMount + - RestrictSeccomp + - RestrictSELinuxType - RestrictVolumeTypes matcher: namespace: rook-ceph diff --git a/tasks/create.yaml b/tasks/create.yaml index 9fe891da..a757b888 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -21,32 +21,32 @@ tasks: - name: database-manifest-packages description: Create database manifest packages actions: - - cmd: zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: gitlab-redis-secret-package description: Create package for the gitlab redis secret actions: - - cmd: zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/gitlab-redis --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: namespaces-package description: Create the namespaces package actions: - - cmd: zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/namespaces --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: idam-packages description: Create the idam packages actions: - - cmd: zarf package create ./packages/idam-dns --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/idam-dns --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: object-store-packages description: Create the object storage packages actions: - - cmd: zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: additional-manifests-package description: Create package create additional manifests needed. actions: - - cmd: zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build + - cmd: uds zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build