diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
index 76e4a727..bac87e2b 100644
--- a/.github/actions/setup/action.yaml
+++ b/.github/actions/setup/action.yaml
@@ -12,4 +12,4 @@ runs:
- name: Install UDS CLI
shell: bash
# renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
- run: brew install defenseunicorns/tap/uds@0.9.4
+ run: brew install defenseunicorns/tap/uds@0.10.3
diff --git a/README.md b/README.md
index 09d19502..94cf7900 100644
--- a/README.md
+++ b/README.md
@@ -16,8 +16,8 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d
### Prerequisites
**Tools**:
-* [uds version v0.9.4](https://github.com/defenseunicorns/uds-cli/tree/v0.9.4)
-- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.9.4/uds-cli_v0.9.4_Linux_amd64`
+* [uds version v0.10.3](https://github.com/defenseunicorns/uds-cli/tree/v0.10.3)
+- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.10.3/uds-cli_v0.10.3_Linux_amd64`
* (OPTIONAL) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
* (OPTIONAL) [helm](https://github.com/helm/helm)
@@ -48,7 +48,19 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d
> NOTE: If using the example domain (`*.bigbang.dev`), a valid corresponding certificate and key can be found [in the Platform1 Big Bang repo](https://repo1.dso.mil/big-bang/bigbang/-/blob/master/chart/ingress-certs.yaml?ref_type=heads).
* Object Storage with provisioned buckets (expand for details).
-These are the default bucket names. Gitlab allows you to add a suffix in your `uds-config.yaml`, so reflect that if you configure a suffix. Also, Velero and Mattermost allow you to configure your bucket name in your `uds-config.yaml`. Reflect that if you configure those differently then the below defaults.
+These are the default bucket names. Gitlab allows you to add a suffix in your `uds-config.yaml`, so reflect that if you configure a suffix. Also, Loki, Velero and Mattermost allow you to configure your bucket name in your `uds-config.yaml`. Reflect that if you configure those differently then the below defaults.
+
+ Loki
+
+ * loki-chunks-bucket
+ * loki-ruler-bucket
+ * loki-admin-bucket
+
+
+ Velero
+
+ * velero-backups
+
Velero
@@ -94,7 +106,7 @@ These are the default bucket names. Gitlab allows you to add a suffix in your `u
Deployment configuration is managed via a `uds-config.yaml` file in the deployment directory. Some values in the configuration will be sensitive, **we do not recommend checking this into source control in its entierty**. Best practice would involve either storing the configuration in an external secrets manager (like Vault), or managing deployments via CD and generating the config file dynamically at deploy time using CD managed secrets.
For demonstration purposes, you can setup a local configfile as follows:
-* Copy an example configuration from [config/dev-cluster/uds-config.yaml](config/dev-cluster/uds-config.yaml) to your working directory
+* Copy an example configuration from [config/uds-config.yaml](config/uds-config.yaml) to your working directory
* Update the config according to your environment taking care to set:
* domain variables
* certificate values
@@ -106,18 +118,23 @@ For demonstration purposes, you can setup a local configfile as follows:
### Deployment
Select a target version number and gather the OCI image reference [from the packages page](https://github.com/orgs/defenseunicorns/packages?repo_name=uds-bundle-software-factory-nutanix). With the above prerequisites and configuration complete, you can deploy the bundle directly via OCI:
```
-uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:0.1.x --architecure amd64 --confirm
+uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:0.x.x --architecure amd64 --confirm
```
### (OPTIONAL) Local Deployment Reference
Situationally, it may be useful to download the deployment artifact so that it may be referenced offline. This can be accomplished by first downloading the target release:
```
-uds pull oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:0.1.x --architecture amd64
+uds pull oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:0.x.x --architecture amd64
```
And subsequently deploying from the local file:
```
-uds deploy uds-bundle-software-factory-nutanix-amd64-0.1.4.tar.zst --confirm
+uds deploy uds-bundle-software-factory-nutanix-amd64-0.x.x.tar.zst --confirm
+```
+
+>NOTE: There is a new default terminal user interface for UDS. When running a deploy from a pipeline you can choose to have the normal terminal output by using the `--no-tea` flag with your uds deploy.
+```
+uds deploy uds-bundle-software-factory-nutanix-amd64-0.x.x.tar.zst --confirm --no-tea
```
## Additional Notes
@@ -129,11 +146,5 @@ uds run --list
# Run the create-bundle task
uds run create-bundle
-
-# Run the deploy-bundle-to-dev task
-uds run deploy-bundle-to-dev
-
-# Run the deploy-bundle-to-test task
-uds run deploy-bundle-to-test
```
diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
index 9d60b086..3b88979d 100644
--- a/bundles/uds-core-swf/uds-bundle.yaml
+++ b/bundles/uds-core-swf/uds-bundle.yaml
@@ -1,4 +1,4 @@
-# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.9.4/uds.schema.json
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.10.3/uds.schema.json
kind: UDSBundle
metadata:
name: software-factory-nutanix
@@ -14,7 +14,7 @@ packages:
repository: ghcr.io/defenseunicorns/uds-capability/rook-ceph/init
optionalComponents:
- git-server
- ref: v0.32.4-0.2.3
+ ref: v0.32.6-0.2.5
overrides:
rook-ceph-cluster:
rook-ceph-cluster:
@@ -38,7 +38,7 @@ packages:
- name: core
repository: ghcr.io/defenseunicorns/packages/uds/core
- ref: 0.16.1-upstream
+ ref: 0.18.0-registry1
overrides:
velero:
velero:
@@ -130,12 +130,52 @@ packages:
description: "keycloak database name"
path: postgresql.host
default: "postgresql"
+ - name: KEYCLOAK_INSECURE_ADMIN_PASSWORD_GENERATION
+ description: "Generate an insecure admin password for dev/test"
+ path: insecureAdminPasswordGeneration.enabled
loki:
loki:
values:
# Override default dns service name for Loki Gateway
- path: "global.dnsService"
value: "rke2-coredns-rke2-coredns"
+ variables:
+ - name: LOKI_CHUNKS_BUCKET
+ description: "The object storage bucket for Loki chunks"
+ path: loki.storage.bucketNames.chunks
+ default: "loki-chunks-bucket"
+ - name: LOKI_RULER_BUCKET
+ description: "The object storage bucket for Loki ruler"
+ path: loki.storage.bucketNames.ruler
+ default: "loki-ruler-bucket"
+ - name: LOKI_ADMIN_BUCKET
+ description: "The object storage bucket for Loki admin"
+ path: loki.storage.bucketNames.admin
+ default: "loki-admin-bucket"
+ - name: LOKI_S3_ENDPOINT
+ description: "The S3 endpoint"
+ path: loki.storage.s3.endpoint
+ - name: LOKI_S3_REGION
+ description: "The S3 region"
+ path: loki.storage.s3.region
+ - name: LOKI_S3_ACCESS_KEY_ID
+ description: "The S3 Access Key ID"
+ path: loki.storage.s3.accessKeyId
+ - name: LOKI_S3_SECRET_ACCESS_KEY
+ path: loki.storage.s3.secretAccessKey
+ description: "The S3 Secret Access Key"
+ - name: LOKI_WRITE_REPLICAS
+ path: write.replicas
+ description: "Loki write replicas"
+ default: "1"
+ - name: LOKI_READ_REPLICAS
+ path: read.replicas
+ description: "Loki read replicas"
+ default: "1"
+ - name: LOKI_BACKEND_REPLICAS
+ path: backend.replicas
+ description: "Loki backend replicas"
+ default: "1"
istio-admin-gateway:
uds-istio-config:
variables:
@@ -199,7 +239,7 @@ packages:
- name: gitlab
repository: ghcr.io/defenseunicorns/packages/uds/gitlab
- ref: 16.9.2-uds.0-registry1
+ ref: 16.10.1-uds.1-registry1
overrides:
gitlab:
gitlab:
@@ -221,7 +261,7 @@ packages:
path: "gitlab.webservice.resources"
- name: WORKHORSE_RESOURCES
description: "Gitlab Workhorse Resources"
- path: "gitlab.workhorse.resources"
+ path: "gitlab.webservice.workhorse.resources"
- name: SIDEKIQ_REPLICAS
description: "Gitlab Sidekiq Min Replicas"
path: "gitlab.sidekiq.minReplicas"
@@ -244,7 +284,7 @@ packages:
# Gitlab Runner
- name: gitlab-runner
repository: ghcr.io/defenseunicorns/packages/uds/gitlab-runner
- ref: 16.9.1-uds.2-registry1
+ ref: 16.10.0-uds.0-registry1
# Sonarqube
- name: sonarqube-database-secret
@@ -253,7 +293,7 @@ packages:
- name: sonarqube
repository: ghcr.io/defenseunicorns/packages/uds/sonarqube
- ref: 8.0.3-uds.4-registry1
+ ref: 8.0.3-uds.6-registry1
# Jira
- name: jira-database-secret
@@ -262,20 +302,19 @@ packages:
- name: jira
repository: ghcr.io/defenseunicorns/packages/uds/jira
- ref: 1.17.0-uds.1-registry1
+ ref: 1.17.2-uds.0-registry1
overrides:
jira:
jira:
variables:
- - name: LOCAL_HOME_ENABLED
+ - name: JIRA_LOCAL_HOME_ENABLED
path: "volumes.localHome.persistentVolumeClaim.create"
description: "Local Home Toggle"
default: "true"
- - name: RWO_STORAGE_CLASS
+ - name: JIRA_RWO_STORAGE_CLASS
path: "volumes.localHome.persistentVolumeClaim.storageClassName"
description: "RWO storage class name"
- default: "ceph-block"
- - name: LOCAL_HOME_SIZE
+ - name: JIRA_LOCAL_HOME_SIZE
path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage"
description: "Storage size"
default: "128Gi"
@@ -287,20 +326,19 @@ packages:
- name: confluence
repository: ghcr.io/defenseunicorns/packages/uds/confluence
- ref: 1.17.0-uds.2-registry1
+ ref: 1.18.0-uds.0-registry1
overrides:
confluence:
confluence:
variables:
- - name: LOCAL_HOME_ENABLED
+ - name: CONFLUENCE_LOCAL_HOME_ENABLED
path: "volumes.localHome.persistentVolumeClaim.create"
description: "Local Home Toggle"
default: "true"
- - name: RWO_STORAGE_CLASS
+ - name: CONFLUENCE_RWO_STORAGE_CLASS
path: "volumes.localHome.persistentVolumeClaim.storageClassName"
description: "RWO storage class name"
- default: "ceph-block"
- - name: LOCAL_HOME_SIZE
+ - name: CONFLUENCE_LOCAL_HOME_SIZE
path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage"
description: "Storage size"
default: "128Gi"
@@ -308,7 +346,7 @@ packages:
# Mattermost
- name: mattermost
repository: ghcr.io/defenseunicorns/packages/uds/mattermost
- ref: 9.4.1-uds.2-registry1
+ ref: 9.6.1-uds.0-registry1
overrides:
mattermost:
uds-mattermost-config:
@@ -320,15 +358,13 @@ packages:
- name: OBJECT_STORE_ENDPOINT
path: "objectStorage.endpoint"
description: "Object storage endpoint"
- default: "swf.objects.mtsi.bigbang.dev"
- name: OBJECT_STORE_BUCKET
path: "objectStorage.bucket"
description: "Object storage bucket"
- default: "mattermost-bucket-dev"
+ default: "mattermost-bucket"
- name: DB_ENDPOINT
path: "postgres.host"
description: "Postgres DB endpoint"
- default: "mattermost-pg.mtsi-dev.bigbang.dev"
- name: DB_USERNAME
path: "postgres.username"
description: "Postgres DB username"
@@ -345,4 +381,4 @@ packages:
# Nexus
- name: nexus
repository: ghcr.io/defenseunicorns/packages/uds/nexus
- ref: 3.64.0-uds.1-registry1
+ ref: 3.66.0-uds.1-registry1
diff --git a/config/test-cluster/uds-config.yaml b/config/test-cluster/uds-config.yaml
deleted file mode 100644
index 347f181c..00000000
--- a/config/test-cluster/uds-config.yaml
+++ /dev/null
@@ -1,140 +0,0 @@
-options:
- log_level: info
-shared:
- DOMAIN: mtsi.bigbang.dev
-variables:
- init:
- # TODO - remove this if/when functionality is restored upstream
- REGISTRY_HPA_ENABLE: false
- CEPH_OSD_MEM_REQUESTS: "4Gi"
- CEPH_OSD_MEM_LIMITS: "4Gi"
- ENABLE_CEPH_TOOLBOX: "true"
- metallb:
- # Replace with a valid IP address range
- IP_ADDRESS_POOL: "10.0.120.70-10.0.120.79"
- core:
- # CERT values must be base64 encoded
- ADMIN_TLS_CERT: replace-me-cert
- ADMIN_TLS_KEY: replace-me-key
- TENANT_TLS_CERT: replace-me-cert
- TENANT_TLS_KEY: replace-me-key
- KEYCLOAK_DB_USERNAME: "postgres"
- KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords"
- KEYCLOAK_DB_NAME: "keycloakdb"
- KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi.bigbang.dev"
- VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev"
- VELERO_BUCKET: "velero-bucket-test"
- VELERO_BUCKET_REGION: "us-east-1"
- VELERO_BUCKET_KEY: "replace-me-object-store-access-key"
- VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key"
- gitlab-database-secret:
- GITLAB_DB_PASSWORD: "replace-me-db-passwords"
- gitlab-object-store:
- ENDPOINT: "http://swf.objects.mtsi.bigbang.dev"
- ACCESS_KEY: "replace-me-object-store-access-key"
- SECRET_KEY: "replace-me-object-store-secret-key"
- gitlab:
- GITLAB_DB_NAME: "gitlabdb"
- GITLAB_DB_USERNAME: "postgres"
- GITLAB_DB_ENDPOINT: "gitlab-pg.mtsi.bigbang.dev"
- GITLAB_PAGES_ENABLED: "true"
- GITLAB_SIGNUP_ENABLED: "false"
- GITLAB_BACKUP_SCHEDULE: "0 3 * * *"
- GITLAB_BACKUP_EXTRA_ARGS: "--skip artifiacts,registry"
- BUCKET_SUFFIX: "-test"
- GITLAB_REDIS_ENDPOINT: "redis-master.dev-redis.svc.cluster.local"
- WEBSERVICE_REPLICAS: 3
- WEBSERVICE_WORKERS: 4
- WEBSERVICE_HPA:
- cpu:
- targetAverageValue: 1600m
- WEBSERVICE_RESOURCES:
- limits:
- cpu: 8000m
- memory: 8G
- requests:
- cpu: 4000m
- memory: 5G
- MIGRATIONS_RESOURCES:
- limits:
- cpu: 500m
- memory: 4G
- WORKHORSE_RESOURCES:
- limits:
- memory: 100M
- requests:
- cpu: 10m
- memory: 10M
- SIDEKIQ_REPLICAS: 3
- SIDEKIQ_HPA:
- cpu:
- targetAverageValue: 700m
- SIDEKIQ_RESOURCES:
- limits:
- cpu: 2000m
- memory: 4G
- requests:
- cpu: 1000m
- memory: 2G
- GITALY_RESOURCES:
- limits:
- cpu: 4000m
- memory: 15G
- requests:
- cpu: 4000m
- memory: 15G
- REGISTRY_REPLICAS: 2
- SHELL_REPLICAS: 2
- sonarqube-database-secret:
- SONARQUBE_DB_PASSWORD: "replace-me-db-passwords"
- sonarqube:
- # db config
- SONARQUBE_DB_NAME: "sonarqubedb"
- SONARQUBE_DB_USERNAME: "postgres"
- SONARQUBE_DB_ENDPOINT: "sonarqube-pg.mtsi.bigbang.dev"
- jira-database-secret:
- JIRA_DB_PASSWORD: "replace-me-db-passwords"
- jira:
- JIRA_DB_NAME: "jiradb"
- JIRA_DB_USERNAME: "postgres"
- JIRA_LOCAL_HOME_ENABLED: "true"
- JIRA_LOCAL_HOME_SIZE: "128Gi"
- JIRA_RWO_STORAGE_CLASS: "ceph-block"
- JIRA_DB_ENDPOINT: "jira-pg.mtsi.bigbang.dev"
- confluence-database-secret:
- CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords"
- confluence:
- CONFLUENCE_DB_NAME: "confluencedb"
- CONFLUENCE_DB_USERNAME: "postgres"
- CONFLUENCE_LOCAL_HOME_ENABLED: "true"
- CONFLUENCE_LOCAL_HOME_SIZE: "128Gi"
- CONFLUENCE_RWO_STORAGE_CLASS: "ceph-block"
- CONFLUENCE_DB_ENDPOINT: "confluence-pg.mtsi.bigbang.dev"
- mattermost:
- ACCESS_KEY: "replace-me-object-store-access-key"
- SECRET_KEY: "replace-me-object-store-secret-key"
- DB_PASSWORD: "replace-me-db-passwords"
- DB_USERNAME: "postgres"
- DB_NAME: "mattermostdb"
- DB_ENDPOINT: "mattermost-pg.mtsi.bigbang.dev"
- DB_OPTIONS: "?connect_timeout=10&sslmode=disable"
- OBJECT_STORE_SECURE: "false"
- OBJECT_STORE_ENDPOINT: "swf.objects.mtsi.bigbang.dev"
- OBJECT_STORE_BUCKET: "mattermost-bucket-test"
- nexus:
- NEXUS_DB_NAME: "nexusdb"
- NEXUS_DB_USERNAME: "postgres"
- NEXUS_DB_ENDPOINT: "nexus-pg.mtsi.bigbang.dev"
- POSTGRES_DB_PASSWORD: "replace-me-db-passwords"
- NEXUS_SSO_ENABLED: "false"
- NEXUS_SSO_IDP_ENTITY_ID: ""
- NEXUS_SSO_IDP_USERNAME_ATTRIBUTE: ""
- NEXUS_SSO_IDP_FIRSTNAME_ATTRIBUTE: ""
- NEXUS_SSO_IDP_LASTNAME_ATTRIBUTE: ""
- NEXUS_SSO_IDP_EMAIL_ATTRIBUTE: ""
- NEXUS_SSO_IDP_GROUPS_ATTRIBUTE: ""
- NEXUS_SSO_IDP_VALIDATE_RESPONSE_SIGNATURE: ""
- NEXUS_SSO_IDP_VALIDATE_ASSERTION_SIGNATURE: ""
- NEXUS_SSO_IDP_METADATA: ''
- NEXUS_SSO_REALM: "[]"
- NEXUS_SSO_ROLE: "[]"
diff --git a/config/dev-cluster/uds-config.yaml b/config/uds-config.yaml
similarity index 74%
rename from config/dev-cluster/uds-config.yaml
rename to config/uds-config.yaml
index 4eea009b..5beed83a 100644
--- a/config/dev-cluster/uds-config.yaml
+++ b/config/uds-config.yaml
@@ -1,17 +1,16 @@
options:
log_level: info
shared:
- DOMAIN: mtsi-dev.bigbang.dev
+ DOMAIN: replace.with.your.domain
variables:
init:
- # TODO - remove this if/when functionality is restored upstream
REGISTRY_HPA_ENABLE: false
CEPH_OSD_MEM_REQUESTS: "4Gi"
CEPH_OSD_MEM_LIMITS: "4Gi"
ENABLE_CEPH_TOOLBOX: "true"
metallb:
# Replace with a valid IP address range
- IP_ADDRESS_POOL: "10.0.120.50-10.0.120.59"
+ IP_ADDRESS_POOL: "10.0.0.10-10.0.0.20"
core:
# CERT values must be base64 encoded
ADMIN_TLS_CERT: replace-me-cert
@@ -21,27 +20,35 @@ variables:
KEYCLOAK_DB_USERNAME: "postgres"
KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords"
KEYCLOAK_DB_NAME: "keycloakdb"
- KEYCLOAK_DB_ENDPOINT: "keycloak-pg.mtsi-dev.bigbang.dev"
- VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev"
- VELERO_BUCKET: "velero-bucket-dev"
+ KEYCLOAK_DB_ENDPOINT: "keycloak-pg.replace.with.db.url"
+ KEYCLOAK_INSECURE_ADMIN_PASSWORD_GENERATION: true
+ LOKI_CHUNKS_BUCKET: "loki-chunks-bucket"
+ LOKI_RULER_BUCKET: "loki-ruler-bucket"
+ LOKI_ADMIN_BUCKET: "loki-admin-bucket"
+ LOKI_S3_ENDPOINT: "http://replace.with.object.store.url"
+ LOKI_S3_REGION: "us-east-1"
+ LOKI_S3_ACCESS_KEY_ID: "replace-me-object-store-access-key"
+ LOKI_S3_SECRET_ACCESS_KEY: "replace-me-object-store-secret-key"
+ VELERO_BUCKET_PROVIDER_URL: "http://replace.with.object.store.url"
+ VELERO_BUCKET: "velero-bucket"
VELERO_BUCKET_REGION: "us-east-1"
VELERO_BUCKET_KEY: "replace-me-object-store-access-key"
VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key"
gitlab-database-secret:
GITLAB_DB_PASSWORD: "replace-me-db-passwords"
gitlab-object-store:
- ENDPOINT: "http://swf.objects.mtsi.bigbang.dev"
+ ENDPOINT: "http://replace.with.object.store.url"
ACCESS_KEY: "replace-me-object-store-access-key"
SECRET_KEY: "replace-me-object-store-secret-key"
gitlab:
GITLAB_DB_NAME: "gitlabdb"
GITLAB_DB_USERNAME: "postgres"
- GITLAB_DB_ENDPOINT: "gitlab-pg.mtsi-dev.bigbang.dev"
+ GITLAB_DB_ENDPOINT: "gitlab-pg.replace.with.db.url"
GITLAB_PAGES_ENABLED: "true"
GITLAB_SIGNUP_ENABLED: "false"
GITLAB_BACKUP_SCHEDULE: "0 3 * * *"
GITLAB_BACKUP_EXTRA_ARGS: "--skip artifiacts,registry"
- BUCKET_SUFFIX: "-dev"
+ BUCKET_SUFFIX: ""
GITLAB_REDIS_ENDPOINT: "redis-master.dev-redis.svc.cluster.local"
WEBSERVICE_REPLICAS: 3
WEBSERVICE_WORKERS: 4
@@ -91,7 +98,7 @@ variables:
# db config
SONARQUBE_DB_NAME: "sonarqubedb"
SONARQUBE_DB_USERNAME: "postgres"
- SONARQUBE_DB_ENDPOINT: "sonarqube-pg.mtsi-dev.bigbang.dev"
+ SONARQUBE_DB_ENDPOINT: "sonarqube-pg.replace.with.db.url"
jira-database-secret:
JIRA_DB_PASSWORD: "replace-me-db-passwords"
jira:
@@ -100,7 +107,7 @@ variables:
JIRA_LOCAL_HOME_ENABLED: "true"
JIRA_LOCAL_HOME_SIZE: "128Gi"
JIRA_RWO_STORAGE_CLASS: "ceph-block"
- JIRA_DB_ENDPOINT: "jira-pg.mtsi-dev.bigbang.dev"
+ JIRA_DB_ENDPOINT: "jira-pg.replace.with.db.url"
confluence-database-secret:
CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords"
confluence:
@@ -109,23 +116,23 @@ variables:
CONFLUENCE_LOCAL_HOME_ENABLED: "true"
CONFLUENCE_LOCAL_HOME_SIZE: "128Gi"
CONFLUENCE_RWO_STORAGE_CLASS: "ceph-block"
- CONFLUENCE_DB_ENDPOINT: "confluence-pg.mtsi-dev.bigbang.dev"
+ CONFLUENCE_DB_ENDPOINT: "confluence-pg.replace.with.db.url"
mattermost:
ACCESS_KEY: "replace-me-object-store-access-key"
SECRET_KEY: "replace-me-object-store-secret-key"
DB_PASSWORD: "replace-me-db-passwords"
DB_USERNAME: "postgres"
DB_NAME: "mattermostdb"
- DB_ENDPOINT: "mattermost-pg.mtsi-dev.bigbang.dev"
+ DB_ENDPOINT: "mattermost-pg.replace.with.db.url"
DB_OPTIONS: "?connect_timeout=10&sslmode=disable"
OBJECT_STORE_SECURE: "false"
- OBJECT_STORE_ENDPOINT: "swf.objects.mtsi.bigbang.dev"
- OBJECT_STORE_BUCKET: "mattermost-bucket-dev"
+ OBJECT_STORE_ENDPOINT: "replace.with.object.store.url"
+ OBJECT_STORE_BUCKET: "mattermost-bucket"
nexus:
NEXUS_DB_NAME: "nexusdb"
NEXUS_DB_USERNAME: "postgres"
- NEXUS_DB_ENDPOINT: "nexus-pg.mtsi-dev.bigbang.dev"
- POSTGRES_DB_PASSWORD: "replace-me-db-passwords"
+ NEXUS_DB_ENDPOINT: "nexus-pg.replace.with.db.url"
+ NEXUS_DB_PASSWORD: "replace-me-db-passwords"
NEXUS_SSO_ENABLED: "false"
NEXUS_SSO_IDP_ENTITY_ID: ""
NEXUS_SSO_IDP_USERNAME_ATTRIBUTE: ""
diff --git a/docs/database-creation-and-configuration.md b/docs/database-creation-and-configuration.md
index 281b1bac..dc09515d 100644
--- a/docs/database-creation-and-configuration.md
+++ b/docs/database-creation-and-configuration.md
@@ -5,7 +5,7 @@ You will need databases created and configured for use by these capabilities in
```yaml
variables:
keycloak-database-manifests:
- KEYCLOAK_DB_EXTERNAL_NAME: "keycloak-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ KEYCLOAK_DB_EXTERNAL_NAME: "keycloak-pg.some.url" # Replace with domain entry for your database
uds-idam:
KEYCLOAK_DB_USERNAME: "postgres" # Our example uses this user
KEYCLOAK_DB_PASSWORD: "replace-me-db-passwords" # Replace
@@ -17,7 +17,7 @@ variables:
```yaml
variables:
gitlab-database-manifests:
- GITLAB_DB_EXTERNAL_NAME: "gitlab-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ GITLAB_DB_EXTERNAL_NAME: "gitlab-pg.some.url" # Replace with domain entry for your database
GITLAB_DB_PASSWORD: "replace-me-db-passwords" # Replace
gitlab:
GITLAB_DB_NAME: "gitlabdb" # Our example uses this database name
@@ -28,7 +28,7 @@ variables:
```yaml
variables:
sonarqube-database-manifests:
- SONARQUBE_DB_EXTERNAL_NAME: "sonarqube-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ SONARQUBE_DB_EXTERNAL_NAME: "sonarqube-pg.some.url" # Replace with domain entry for your database
SONARQUBE_DB_PASSWORD: "replace-me-db-passwords" # Replace
sonarqube:
SONARQUBE_DB_NAME: "sonarqubedb" # Our example uses this database name
@@ -39,7 +39,7 @@ variables:
```yaml
variables:
jira-database-manifests:
- JIRA_DB_EXTERNAL_NAME: "jira-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ JIRA_DB_EXTERNAL_NAME: "jira-pg.some.url" # Replace with domain entry for your database
JIRA_DB_PASSWORD: "replace-me-db-passwords" #Replace
jira:
JIRA_DB_NAME: "jiradb" # Our example uses this database name
@@ -50,7 +50,7 @@ variables:
```yaml
variables:
confluence-database-manifests:
- CONFLUENCE_DB_EXTERNAL_NAME: "confluence-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ CONFLUENCE_DB_EXTERNAL_NAME: "confluence-pg.some.url" # Replace with domain entry for your database
CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords" # Replace
confluence:
CONFLUENCE_DB_NAME: "confluencedb" # Our example uses this database name
@@ -61,7 +61,7 @@ variables:
```yaml
variables:
mattermost-database-manifests:
- MATTERMOST_DB_EXTERNAL_NAME: "mattermost-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ MATTERMOST_DB_EXTERNAL_NAME: "mattermost-pg.some.url" # Replace with domain entry for your database
MATTERMOST_DB_PASSWORD: "replace-me-db-passwords" # Replace
MATTERMOST_DB_USERNAME: "postgres" # Our example uses this user
MATTERMOST_DB_NAME: "mattermostdb" # Our example uses this database name
@@ -71,7 +71,7 @@ variables:
```yaml
variables:
nexus-database-manifests:
- NEXUS_DB_EXTERNAL_NAME: "nexus-pg.mtsi-dev.bigbang.dev" # Replace with domain entry for your database
+ NEXUS_DB_EXTERNAL_NAME: "nexus-pg.some.url" # Replace with domain entry for your database
NEXUS_DB_PASSWORD: "replace-me-db-passwords" # Replace
nexus:
NEXUS_DB_NAME: "nexusdb" # Our example uses this database name
diff --git a/docs/object-store-creation-and-configuration.md b/docs/object-store-creation-and-configuration.md
index c2ebfd36..baf1af48 100644
--- a/docs/object-store-creation-and-configuration.md
+++ b/docs/object-store-creation-and-configuration.md
@@ -7,12 +7,12 @@ You will to create and configure the bucket you are going to use for Velero
### config
```yaml
variables:
- dubbd-rke2:
- VELERO_BUCKET_PROVIDER_URL: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for your object store
- VELERO_BUCKET: "velero-bucket" # Configure the appropriate name of your bucket
- VELERO_BUCKET_REGION: "us-east-1" # Replace with appropriate region. Nutanix expects this to be us-east-1
- VELERO_BUCKET_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
- VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key" # Replace with secret key to your object store
+ core:
+ VELERO_BUCKET_PROVIDER_URL: "http://replace.with.object.store.url"
+ VELERO_BUCKET: "velero-bucket"
+ VELERO_BUCKET_REGION: "us-east-1"
+ VELERO_BUCKET_KEY: "replace-me-object-store-access-key"
+ VELERO_BUCKET_KEY_SECRET: "replace-me-object-store-secret-key"
```
## Gitlab
@@ -37,9 +37,9 @@ You will need these buckets created in your object store. If you choose to confi
```yaml
variables:
gitlab-object-store:
- ENDPOINT: "http://swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
- ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
- SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
+ ENDPOINT: "http://replace.with.object.store.url"
+ ACCESS_KEY: "replace-me-object-store-access-key"
+ SECRET_KEY: "replace-me-object-store-secret-key"
gitlab:
BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
```
@@ -54,26 +54,10 @@ You will need this bucket created in your object store. If you choose to configu
```yaml
variables:
- mattermost-object-store:
- ACCESS_KEY: "replace-me-object-store-access-key" # Replace with access key to your object store
- SECRET_KEY: "replace-me-object-store-secret-key" # Replace with secret key to your object store
- # Replace CA_CERT with your object store cert that you need to trust
- CA_CERT: |
- -----BEGIN CERTIFICATE-----
- replace-me-ca-cert-to-trust
- -----END CERTIFICATE-----
mattermost:
- MATTERMOST_BUCKET_SUFFIX: "" # You can choose to add a suffix to the end of every bucket name if desired or needed.
- MATTERMOST_FILE_STORE_ENDPOINT: "swf.objects.mtsi.bigbang.dev" # Replace with domain entry for you object store
- # Volume used to mount the CA_CERT you need to trust from your object store
- MATTERMOST_VOLUMES: |
- - name: ca-cert
- secret:
- secretName: ca-secret
- defaultMode: 0644
- # Volume mount used to mount the CA_CERT you need to trust from your object store
- MATTERMOST_VOLUME_MOUNTS: |
- - name: ca-cert
- mountPath: /etc/ssl/certs
- readOnly: true
+ ACCESS_KEY: "replace-me-object-store-access-key"
+ SECRET_KEY: "replace-me-object-store-secret-key"
+ OBJECT_STORE_SECURE: "false"
+ OBJECT_STORE_ENDPOINT: "replace.with.object.store.url"
+ OBJECT_STORE_BUCKET: "mattermost-bucket"
```
diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md
index 017f24f0..c0d7c799 100644
--- a/docs/packages-and-dependencies.md
+++ b/docs/packages-and-dependencies.md
@@ -10,10 +10,7 @@ This list covers tools which would be required on a developer machine in order t
| Tool | Version | Description |
|----|----|----|
| [terraform](https://github.com/hashicorp/terraform) | v1.6.4 | An Infrastructure As Code (IAC) tool for managing the deployment of virtual resources (VMs, databases, object storage) within Nutanix |
-| [kubectl](https://github.com/kubernetes/kubectl) | v1.28.4 | Kubernetes management utility and CLI used by cluster admins to interact directly with a Kubernetes cluster |
-| [helm](https://github.com/helm/helm) | v3.13.2 | Kubernetes package manager CLI used to review the status of deployments in the cluster |
-| [Zarf](https://github.com/defenseunicorns/zarf) | v0.32.1 | A custom tool for packaging and delivering software components (such as gitlab) across an airgap |
-| [UDS](https://github.com/defenseunicorns/uds-cli) | v0.7.0 | A custom tool for automating and simplifying the management of multiple Zarf deployments in one environment |
+| [UDS](https://github.com/defenseunicorns/uds-cli) | v0.10.3 | A custom tool for automating and simplifying the management of multiple Zarf deployments in one environment |
## Operating System Package Installs
This list covers tools and packages installed in the Operating System of the virtual machines allocated to run Kubernetes. This list is obviously not exhaustive, but instead covers what is being added to the base STIG'd image.
@@ -41,32 +38,31 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
| Name | Package Version (internal) | Application Version | Description |
|----|----|----|----|
-| [Rook Ceph Zarf Init](https://github.com/defenseunicorns/uds-capability-rook-ceph/pkgs/container/uds-capability%2Frook-ceph%2Finit) | v0.31.4-0.1.2 | N/A | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
+| [Rook Ceph Zarf Init](https://github.com/defenseunicorns/uds-capability-rook-ceph/pkgs/container/uds-capability%2Frook-ceph%2Finit) | v0.32.6-0.2.5 | N/A | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
| [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb/tree/v0.0.4) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
-| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.12.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
-| [Keycloak](https://github.com/defenseunicorns/uds-idam) | 0.2.0 | 21.1.1 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
+| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.18.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
| [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.1 | 7.0.12 | A key-value store used as a data backend for several applications in the stack |
-| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | 16.8.1-uds.2-registry1 | 16.8.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
-| [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 16.8.0-uds.0-registry1 | v16.8.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
-| [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.4-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
-| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.17.0-uds.1-registry1 | 9.12.0 | A collaboration tool used for team management and task organization |
-| [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.17.0-uds.1-registry1 | 8.7.1 | A knowledge management tool used by teams to organize information |
-| [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.4.1-uds.2-registry1 | 9.4.2 | An instance of Mattermost, a self-hosted chat and collaboration platform |
-| [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.64.0-uds.1-registry1 | 3.64.0-03 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
+| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | 16.10.1-uds.1-registry1 | 16.10.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
+| [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 16.10.0-uds.0-registry1 | v16.8.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
+| [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
+| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.17.2-uds.0-registry1 | 9.12.4 | A collaboration tool used for team management and task organization |
+| [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information |
+| [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.6.1-uds.0-registry1 | 9.6.1 | An instance of Mattermost, a self-hosted chat and collaboration platform |
+| [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.66.0-uds.1-registry1 | 3.66.0-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
## UDS Core
UDS Core is a collection of tools that provide administrative capabilities such as deployment automation, centralized logging, monitoring, alerting and runtime security to a kubernetes cluster. The following applications and tools are installed:
| Package | Version | Description |
|----|----|----|
-| [Flux](https://github.com/fluxcd/flux2/releases) | 2.2.2 | A GitOps based manager for scheduling deployments in the cluster (NOTE: will be removed soon) |
| [Istio](https://istio.io/latest/) | 1.20.3 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster |
-| [Loki](https://grafana.com/oss/loki/) | 2.9.4 | A Grafana product for aggregating and querying log data |
+| [Loki](https://grafana.com/oss/loki/) | 2.9.6 | A Grafana product for aggregating and querying log data |
| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 2.9.2 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki |
-| [Prometheus](https://prometheus.io/) | 2.49.1 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) |
-| [Grafana](https://github.com/grafana/grafana) | 10.3.1 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo |
-| [Neuvector](https://www.suse.com/neuvector/) | 5.2.2 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection |
-| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | TBD | A tool for orchistrating backups of cluster state and storage |
+| [Prometheus](https://prometheus.io/) | 2.51.0 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) |
+| [Grafana](https://github.com/grafana/grafana) | 10.4.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo |
+| [Neuvector](https://www.suse.com/neuvector/) | 5.3.0 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection |
+| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.1 | A tool for orchistrating backups of cluster state and storage |
| [Authservice](https://github.com/istio-ecosystem/authservice) | 0.5.3 | A tool for simplifying and automating auth workflows via Istio integration |
-| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.6.4 | A container metrics aggregation and exporter for kubernetes |
-| [Pepr](https://pepr.dev/) | 0.25.0 | Declarative automation for managing deployments and security policy enorcement |
+| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.0 | A container metrics aggregation and exporter for kubernetes |
+| [Pepr](https://pepr.dev/) | 0.28.6 | Declarative automation for managing deployments and security policy enorcement |
+| [Keycloak](https://github.com/defenseunicorns/uds-core) | 23.0.4 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
diff --git a/tasks.yaml b/tasks.yaml
index b27376ea..7326c1b2 100644
--- a/tasks.yaml
+++ b/tasks.yaml
@@ -1,6 +1,5 @@
includes:
- create: ./tasks/create.yaml
- - deploy: ./tasks/deploy.yaml
tasks:
################
@@ -16,17 +15,6 @@ tasks:
- task: create:additional-manifests-package
- task: create:bundle
- ################
- # Deploy
- ################
- - name: deploy-bundle-to-dev
- actions:
- - task: deploy:bundle-to-dev
-
- - name: deploy-bundle-to-test
- actions:
- - task: deploy:bundle-to-test
-
#### Clean ####
- name: clean
actions:
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
deleted file mode 100644
index 69d5a5bb..00000000
--- a/tasks/deploy.yaml
+++ /dev/null
@@ -1,10 +0,0 @@
-tasks:
- - name: bundle-to-dev
- description: Deploy UDS Core version of the bundle to dev
- actions:
- - cmd: UDS_CONFIG=./config/dev-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm
-
- - name: bundle-to-test
- description: Deploy UDS Core version of the bundle to test
- actions:
- - cmd: UDS_CONFIG=./config/test-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm