diff --git a/.github/workflows/publish-bundle-eksd.yaml b/.github/workflows/publish-bundle-eksd.yaml index 7d9e6f21..6c929b89 100644 --- a/.github/workflows/publish-bundle-eksd.yaml +++ b/.github/workflows/publish-bundle-eksd.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: token: ${{ secrets.PAT }} repository: ${{ github.repository }} @@ -23,14 +23,14 @@ jobs: uses: ./.github/actions/setup - name: Login to Registry1 - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: registry1.dso.mil username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - name: Init zarf cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: "~/.zarf-cache" key: zarf-cache @@ -46,7 +46,7 @@ jobs: df -h - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/publish-bundle-rke2.yaml b/.github/workflows/publish-bundle-rke2.yaml index a1fc7603..9e0e192c 100644 --- a/.github/workflows/publish-bundle-rke2.yaml +++ b/.github/workflows/publish-bundle-rke2.yaml @@ -13,7 +13,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout repository - uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4 + uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4 with: token: ${{ secrets.PAT }} repository: ${{ github.repository }} @@ -23,14 +23,14 @@ jobs: uses: ./.github/actions/setup - name: Login to Registry1 - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: registry1.dso.mil username: ${{ secrets.IRON_BANK_ROBOT_USERNAME }} password: ${{ secrets.IRON_BANK_ROBOT_PASSWORD }} - name: Init zarf cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 + uses: actions/cache@3624ceb22c1c5a301c8db4169662070a689d9ea8 # v4 with: path: "~/.zarf-cache" key: zarf-cache @@ -46,7 +46,7 @@ jobs: df -h - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3 + uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3 with: registry: ghcr.io username: ${{ github.actor }} diff --git a/bundles/eksd/uds-bundle.yaml b/bundles/eksd/uds-bundle.yaml index a7eb906b..023df14b 100644 --- a/bundles/eksd/uds-bundle.yaml +++ b/bundles/eksd/uds-bundle.yaml @@ -1,4 +1,4 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.13.1/uds.schema.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.17.0/uds.schema.json kind: UDSBundle metadata: name: software-factory-nutanix-eksd @@ -87,7 +87,7 @@ packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core - ref: 0.28.0-registry1 + ref: 0.29.0-registry1 optionalComponents: - metrics-server overrides: @@ -419,7 +419,7 @@ packages: - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 17.2.7-uds.2-registry1 + ref: 17.2.9-uds.0-registry1 overrides: gitlab: uds-gitlab-config: @@ -549,7 +549,7 @@ packages: - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 10.6.0-uds.1-registry1 + ref: 10.7.0-uds.0-registry1 overrides: sonarqube: uds-sonarqube-config: @@ -661,7 +661,7 @@ packages: # Mattermost - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 10.0.0-uds.0-registry1 + ref: 10.0.0-uds.1-registry1 overrides: mattermost: mattermost-enterprise-edition: diff --git a/bundles/rke2/uds-bundle.yaml b/bundles/rke2/uds-bundle.yaml index c79666be..e8cae210 100644 --- a/bundles/rke2/uds-bundle.yaml +++ b/bundles/rke2/uds-bundle.yaml @@ -1,4 +1,4 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.13.1/uds.schema.json +# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/uds-cli/v0.17.0/uds.schema.json kind: UDSBundle metadata: name: software-factory-nutanix-rke2 @@ -85,7 +85,7 @@ packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core - ref: 0.28.0-registry1 + ref: 0.29.0-registry1 optionalComponents: - metrics-server overrides: @@ -420,7 +420,7 @@ packages: - name: gitlab repository: ghcr.io/defenseunicorns/packages/uds/gitlab - ref: 17.2.7-uds.2-registry1 + ref: 17.2.9-uds.0-registry1 overrides: gitlab: uds-gitlab-config: @@ -550,7 +550,7 @@ packages: - name: sonarqube repository: ghcr.io/defenseunicorns/packages/uds/sonarqube - ref: 10.6.0-uds.1-registry1 + ref: 10.7.0-uds.0-registry1 overrides: sonarqube: uds-sonarqube-config: @@ -676,7 +676,7 @@ packages: # Mattermost - name: mattermost repository: ghcr.io/defenseunicorns/packages/uds/mattermost - ref: 10.0.0-uds.0-registry1 + ref: 10.0.0-uds.1-registry1 overrides: mattermost: mattermost-enterprise-edition: diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index e1723fb4..6d2edfd6 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -42,17 +42,17 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | [Zarf Init](https://github.com/zarf-dev/zarf/pkgs/container/packages%2Finit) | v0.39.0 | v0.39.0 | Zarf Init Package used to initialize zarf in the cluster | | [Nutanix CSI](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v3.0.0 | v3.0.0 | Nutanix CSI package | | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment | -| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.28.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) | +| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.29.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) | | [Valkey](https://github.com/defenseunicorns/uds-package-valkey) | v7.2.6-uds.0-upstream | 7.2.6 | A key-value store used as a data backend for several applications in the stack | -| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.2.7-uds.2-registry1 | 17.2.7 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | +| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.2.9-uds.0-registry1 | 17.2.9 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 17.1.0-uds.1-registry1 | v17.1.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed | -| [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 10.6.0-uds.1-registry1 | 10.6.0-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images | +| [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 10.7.0-uds.0-registry1 | 10.7.0-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images | | [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.22.0-uds.0-registry1 | 10.0.1 | A collaboration tool used for team management and task organization |s | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.20.0-uds.4-registry1 | 9.0.3 | A knowledge management tool used by teams to organize information | -| [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 10.0.0-uds.0-registry1 | 10.0.0 | An instance of Mattermost, a self-hosted chat and collaboration platform | +| [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 10.0.0-uds.1-registry1 | 10.0.0 | An instance of Mattermost, a self-hosted chat and collaboration platform | | [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.72.0-uds.0-registry1 | 3.72.0 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts | -| [cert-manager](https://cert-manager.io/) | 0.0.1 | 1.14.5 | Tool for automating management of in-cluster certificates | -| [trust-manager](https://cert-manager.io/docs/trust/trust-manager/) | 0.0.1 | v0.11.0 | Tool for automating creation and distribution of CA trust bundles | +| [cert-manager](https://cert-manager.io/) | 0.0.1 | 1.16.1 | Tool for automating management of in-cluster certificates | +| [trust-manager](https://cert-manager.io/docs/trust/trust-manager/) | 0.0.1 | v0.12.0 | Tool for automating creation and distribution of CA trust bundles | ## UDS Core UDS Core is a collection of tools that provide administrative capabilities such as deployment automation, centralized logging, monitoring, alerting and runtime security to a kubernetes cluster. The following applications and tools are installed: @@ -60,14 +60,14 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | Package | Version | Description | |----|----|----| | [Istio](https://istio.io/latest/) | 1.23.2 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster | -| [Loki](https://grafana.com/oss/loki/) | 3.1.1 | A Grafana product for aggregating and querying log data | +| [Loki](https://grafana.com/oss/loki/) | 3.2.0 | A Grafana product for aggregating and querying log data | | [Vector](https://vector.dev/) | 0.41.1 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki | | [Prometheus](https://prometheus.io/) | 2.54.1 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) | -| [Grafana](https://github.com/grafana/grafana) | 11.2.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | +| [Grafana](https://github.com/grafana/grafana) | 11.2.2 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | | [Neuvector](https://www.suse.com/neuvector/) | 5.3.4 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection | | [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.14.1 | A tool for orchistrating backups of cluster state and storage | | [Authservice](https://github.com/istio-ecosystem/authservice) | 1.0.2 | A tool for simplifying and automating auth workflows via Istio integration | | [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.2 | A container metrics aggregation and exporter for kubernetes | -| [Pepr](https://pepr.dev/) | 0.36.0 | Declarative automation for managing deployments and security policy enorcement | +| [Pepr](https://pepr.dev/) | 0.37.2 | Declarative automation for managing deployments and security policy enorcement | | [Keycloak](https://github.com/defenseunicorns/uds-core) | 25.0.6 | An identity and access management (IDAM) tool used to authenticate users for access to applications | | [uds-identity-config]() | v0.6.3 | UDS Identity (Keycloak) Config image used by UDS Identity | diff --git a/packages/cert-manager/zarf.yaml b/packages/cert-manager/zarf.yaml index 997891a6..2ff32ff0 100644 --- a/packages/cert-manager/zarf.yaml +++ b/packages/cert-manager/zarf.yaml @@ -11,16 +11,16 @@ components: required: true images: - quay.io/jetstack/cert-manager-package-debian:20210119.0 - - quay.io/jetstack/cert-manager-controller:v1.14.5 - - quay.io/jetstack/cert-manager-webhook:v1.14.5 - - quay.io/jetstack/cert-manager-cainjector:v1.14.5 - - quay.io/jetstack/cert-manager-acmesolver:v1.14.5 - - quay.io/jetstack/cert-manager-startupapicheck:v1.14.5 + - quay.io/jetstack/cert-manager-controller:v1.16.1 + - quay.io/jetstack/cert-manager-webhook:v1.16.1 + - quay.io/jetstack/cert-manager-cainjector:v1.16.1 + - quay.io/jetstack/cert-manager-acmesolver:v1.16.1 + - quay.io/jetstack/cert-manager-startupapicheck:v1.16.1 - name: cert-manager required: true charts: - name: cert-manager - version: 1.14.5 + version: v1.16.1 namespace: cert-manager url: https://charts.jetstack.io/ valuesFiles: diff --git a/packages/nutanix-csi/values/nutanix-storage-values.yaml b/packages/nutanix-csi/values/nutanix-storage-values.yaml index ce764408..dc0ffcf1 100644 --- a/packages/nutanix-csi/values/nutanix-storage-values.yaml +++ b/packages/nutanix-csi/values/nutanix-storage-values.yaml @@ -107,23 +107,23 @@ precheck: sidecars: registrar: - image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1 + image: registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 provisioner: - image: registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 + image: registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 imageLegacy: registry.k8s.io/sig-storage/csi-provisioner:v2.2.2 attacher: - image: registry.k8s.io/sig-storage/csi-attacher:v4.4.3 + image: registry.k8s.io/sig-storage/csi-attacher:v4.7.0 snapshotter: - image: registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 + image: registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 imageBeta: registry.k8s.io/sig-storage/csi-snapshotter:v3.0.3 # set it to true, if external-snapshotter sidecar should be deployed along with controller. deploy: true resizer: - image: registry.k8s.io/sig-storage/csi-resizer:v1.11.2 + image: registry.k8s.io/sig-storage/csi-resizer:v1.12.0 livenessprobe: - image: registry.k8s.io/sig-storage/livenessprobe:v2.13.1 + image: registry.k8s.io/sig-storage/livenessprobe:v2.14.0 healthmonitor: - image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + image: registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 # Used for deployment test in kind cluster # diff --git a/packages/nutanix-csi/zarf.yaml b/packages/nutanix-csi/zarf.yaml index 01d91ea9..b3f05502 100644 --- a/packages/nutanix-csi/zarf.yaml +++ b/packages/nutanix-csi/zarf.yaml @@ -34,19 +34,19 @@ components: required: true description: Push nutanix images to the zarf registry images: - - registry.k8s.io/sig-storage/snapshot-controller:v6.3.2 - - registry.k8s.io/sig-storage/snapshot-validation-webhook:v6.3.2 + - registry.k8s.io/sig-storage/snapshot-controller:v8.1.0 + - registry.k8s.io/sig-storage/snapshot-validation-webhook:v8.1.0 - docker.io/nutanix/ntnx-csi:3.0.0 - docker.io/nutanix/ntnx-csi-precheck:3.0.0 - - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.11.1 - - registry.k8s.io/sig-storage/csi-provisioner:v5.0.1 - - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 - - registry.k8s.io/sig-storage/csi-attacher:v4.4.3 - - registry.k8s.io/sig-storage/csi-resizer:v1.11.2 - - registry.k8s.io/sig-storage/livenessprobe:v2.13.1 - - registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.10.0 + - registry.k8s.io/sig-storage/csi-node-driver-registrar:v2.12.0 + - registry.k8s.io/sig-storage/csi-provisioner:v5.1.0 + - registry.k8s.io/sig-storage/csi-snapshotter:v8.1.0 + - registry.k8s.io/sig-storage/csi-attacher:v4.7.0 + - registry.k8s.io/sig-storage/csi-resizer:v1.12.0 + - registry.k8s.io/sig-storage/livenessprobe:v2.14.0 + - registry.k8s.io/sig-storage/csi-external-health-monitor-controller:v0.13.0 - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1 - - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0 + - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.1 - name: nutanix-csi-snapshot required: false diff --git a/packages/trust-manager/zarf.yaml b/packages/trust-manager/zarf.yaml index 509d6215..1d748389 100644 --- a/packages/trust-manager/zarf.yaml +++ b/packages/trust-manager/zarf.yaml @@ -10,18 +10,18 @@ components: - name: trust-manager-images required: true images: - - quay.io/jetstack/trust-manager:v0.11.0 + - quay.io/jetstack/trust-manager:v0.12.0 - quay.io/jetstack/cert-manager-package-debian:20210119.0 - - quay.io/jetstack/cert-manager-controller:v1.14.5 - - quay.io/jetstack/cert-manager-webhook:v1.14.5 - - quay.io/jetstack/cert-manager-cainjector:v1.14.5 - - quay.io/jetstack/cert-manager-acmesolver:v1.14.5 - - quay.io/jetstack/cert-manager-startupapicheck:v1.14.5 + - quay.io/jetstack/cert-manager-controller:v1.16.1 + - quay.io/jetstack/cert-manager-webhook:v1.16.1 + - quay.io/jetstack/cert-manager-cainjector:v1.16.1 + - quay.io/jetstack/cert-manager-acmesolver:v1.16.1 + - quay.io/jetstack/cert-manager-startupapicheck:v1.16.1 - name: trust-manager required: true charts: - name: trust-manager - version: 0.11.0 + version: v0.12.0 namespace: trust-manager url: https://charts.jetstack.io/ valuesFiles: diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index 740b2e18..92a54dad 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -4,7 +4,7 @@ variables: default: "amd64" - name: DEPLOY_IMAGE description: "Container image to use to run uds deploy in" - default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.40" + default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.42" - name: BUNDLE_VERSION description: "Version of the bundle to deploy" # x-release-please-start-version