feat: re-enable jira (#184)

CODEOWNERS

@@ -1 +1 @@
-* @anthonywendt @blancharda @jacobbmay
+* @anthonywendt @jacobbmay @joehcq1

README.md

@@ -16,8 +16,8 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d
 
 ### Prerequisites
 **Tools**:
-* [uds version v0.14.1](https://github.com/defenseunicorns/uds-cli/tree/v0.14.1)
-- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.14.1/uds-cli_v0.14.1_Linux_amd64`
+* [uds version v0.16.0](https://github.com/defenseunicorns/uds-cli/tree/v0.16.0)
+- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.16.0/uds-cli_v0.16.0_Linux_amd64`
 * (OPTIONAL) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl)
 * (OPTIONAL) [helm](https://github.com/helm/helm)
 
@@ -157,3 +157,20 @@ uds run --list
 uds run create-bundle
 ```
 
+To force terminate a namespace that is hanging, try this. This state is often brought about during development by deleting the metrics
+server before everything else is gone. The namespaces then hang as they're unable to talk to it.
+
+```bash
+kubectl proxy & # Only run this once
+destroy-ns () {
+  NAMESPACE="${1}"
+  kubectl get namespace "${NAMESPACE}" -o json | jq '.spec = {"finalizers":[]}' > temp.json
+  curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize
+}
+
+# For every namespace you want to delete:
+destroy-ns <namespace>
+
+# So we don't dirty the git history
+rm temp.json
+```

bundles/uds-core-swf/uds-bundle.yaml

@@ -81,7 +81,7 @@ packages:
 
   - name: core
     repository: ghcr.io/defenseunicorns/packages/uds/core
-    ref: 0.24.1-registry1
+    ref: 0.27.2-registry1
     overrides:
       grafana:
         grafana:
@@ -135,20 +135,6 @@ packages:
                   cpu: 1
                   memory: 2Gi
           values:
-            - path: initContainers
-              value:
-                - name: velero-plugin-for-aws
-                  image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0
-                  imagePullPolicy: IfNotPresent
-                  volumeMounts:
-                    - mountPath: /target
-                      name: plugins
-                - name: velero-plugin-for-csi
-                  image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1
-                  imagePullPolicy: IfNotPresent
-                  volumeMounts:
-                    - mountPath: /target
-                      name: plugins
             - path: configuration.features
               value: EnableCSI
             - path: snapshotsEnabled
@@ -236,10 +222,6 @@ packages:
               value: "ReadWriteMany"
             - path: "persistence.storageClassName"
               value: "nutanix-dynamicfile"
-            - path: extraVolumes
-              value: *extra-volumes
-            - path: extraVolumeMounts
-              value: *extra-volume-mounts
           variables:
             - name: KEYCLOAK_DB_USERNAME
               description: "keycloak database username"
@@ -268,7 +250,7 @@ packages:
                   cpu: 400m
                   memory: 512Mi
                 limits:
-                  cpu: 1
+                  cpu: "1"
                   memory: 2Gi
       loki:
         loki:
@@ -566,42 +548,53 @@ packages:
   #   repository: ghcr.io/defenseunicorns/packages/uds/sonarqube
   #   ref: 8.0.3-uds.6-registry1
 
-  # # Jira
-  # - name: jira-database-secret
-  #   path: ../../build
-  #   ref: 0.0.1
-
-  # - name: jira
-  #   repository: ghcr.io/defenseunicorns/packages/uds/jira
-  #   ref: 1.19.0-uds.0-registry1
-  #   overrides:
-  #     jira:
-  #       jira:
-  #         variables:
-  #           - name: JIRA_LOCAL_HOME_ENABLED
-  #             path: "volumes.localHome.persistentVolumeClaim.create"
-  #             description: "Local Home Toggle"
-  #             default: "true"
-  #           - name: JIRA_RWO_STORAGE_CLASS
-  #             path: "volumes.localHome.persistentVolumeClaim.storageClassName"
-  #             description: "RWO storage class name"
-  #           - name: JIRA_LOCAL_HOME_SIZE
-  #             path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage"
-  #             description: "Storage size"
-  #             default: "128Gi"
-  #             # 1-2k users
-  #           - name: JIRA_RESOURCE_CONFIG
-  #             path: "jira.resources"
-  #             default:
-  #               container:
-  #                 requests:
-  #                   cpu: "100m"
-  #                   memory: "2Gi"
-  #                 limits:
-  #                   cpu: "8"
-  #                   memory: "16Gi"
-  #               jvm:
-  #                 maxHeap: "4g"
+  - name: jira
+    repository: ghcr.io/defenseunicorns/packages/uds/jira
+    ref: 1.22.0-uds.0-registry1
+    overrides:
+      jira:
+        uds-jira-config:
+          values:
+            - path: postgres.internal
+              value: false
+            - path: postgres.username
+              value: "###ZARF_VAR_JIRA_DB_USERNAME###"
+            - path: postgres.password
+              value: "###ZARF_VAR_JIRA_DB_PASSWORD###"
+            - path: custom  # To setup custom egress rule to reach DB.
+              value:
+                - direction: Egress
+                  port: 5432
+                  selector:
+                    app.kubernetes.io/name: jira
+                  remoteGenerated: Anywhere
+                  description: "Egress to Postgres"
+        jira:
+          variables:
+            - name: JIRA_LOCAL_HOME_ENABLED
+              path: "volumes.localHome.persistentVolumeClaim.create"
+              description: "Local Home Toggle"
+              default: "true"
+            - name: JIRA_RWO_STORAGE_CLASS
+              path: "volumes.localHome.persistentVolumeClaim.storageClassName"
+              description: "RWO storage class name"
+            - name: JIRA_LOCAL_HOME_SIZE
+              path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage"
+              description: "Storage size"
+              default: "128Gi"
+              # 1-2k users
+            - name: JIRA_RESOURCE_CONFIG
+              path: "jira.resources"
+              default:
+                container:
+                  requests:
+                    cpu: "100m"
+                    memory: "2Gi"
+                  limits:
+                    cpu: "8"
+                    memory: "16Gi"
+                jvm:
+                  maxHeap: "6g"
 
   # # Confluence
   # - name: confluence-database-secret

config/uds-config.yaml

@@ -148,13 +148,10 @@ variables:
     SONARQUBE_DB_NAME: "sonarqubedb"
     SONARQUBE_DB_USERNAME: "postgres"
     SONARQUBE_DB_ENDPOINT: "sonarqube-pg.replace.with.db.url"
-  jira-database-secret:
-    JIRA_DB_PASSWORD: "replace-me-db-passwords"
   jira:
     JIRA_DB_NAME: "jiradb"
     JIRA_DB_USERNAME: "postgres"
-    JIRA_LOCAL_HOME_ENABLED: "true"
-    JIRA_LOCAL_HOME_SIZE: "128Gi"
+    JIRA_DB_PASSWORD: "replace-me-db-passwords"
     JIRA_DB_ENDPOINT: "jira-pg.replace.with.db.url"
   confluence-database-secret:
     CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords"

docs/database-creation-and-configuration.md

@@ -38,12 +38,11 @@ variables:
 ## Jira
 ```yaml
 variables:
-  jira-database-manifests:
-    JIRA_DB_EXTERNAL_NAME: "jira-pg.some.url" # Replace with domain entry for your database
-    JIRA_DB_PASSWORD: "replace-me-db-passwords" #Replace
   jira:
-    JIRA_DB_NAME: "jiradb" # Our example uses this database name
-    JIRA_DB_USERNAME: "postgres" # Our example uses this user
+    JIRA_DB_USERNAME: "postgres"
+    JIRA_DB_PASSWORD: "replace-me"
+    JIRA_DB_NAME: "jiradb"
+    JIRA_DB_ENDPOINT: "jira-pg.mtsi-dev.bigbang.dev"
 ```
 
 ## Confluence

docs/packages-and-dependencies.md

@@ -40,12 +40,12 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 |----|----|----|----|
 | [Nutanix CSI Driver Init](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v0.36.1 | v2.6.8 | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages |
 | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment |
-| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.24.1 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
+| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.27.2 | N/A | [DESCRIPTION BELOW](#UDS-Core) |
 | [Valkey](https://github.com/defenseunicorns/uds-package-valkey) | v7.2.5-uds.2-upstream | 7.2.5 | A key-value store used as a data backend for several applications in the stack |
 | [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.1.2-uds.0-registry1 | 17.1.2 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software |
 | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 17.0.0-uds.0-registry1 | v17.0.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed |
 | [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images |
-| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization |
+| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.22.0-uds.0-registry1 | 10.0.1 | A collaboration tool used for team management and task organization |
 | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information |
 | [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.7.2-uds.0-registry1 | 9.7.2 | An instance of Mattermost, a self-hosted chat and collaboration platform |
 | [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.69.0-uds.0-registry1 | 3.69.0-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts |
@@ -57,15 +57,15 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc
 
 | Package | Version | Description |
 |----|----|----|
-| [Istio](https://istio.io/latest/) | 1.22.2 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster |
-| [Loki](https://grafana.com/oss/loki/) | 2.9.6 | A Grafana product for aggregating and querying log data |
-| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 3.1.0 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki |
-| [Prometheus](https://prometheus.io/) | 2.52.0 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) |
-| [Grafana](https://github.com/grafana/grafana) | 11.1.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo |
-| [Neuvector](https://www.suse.com/neuvector/) | 5.3.3 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection |
-| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.2 | A tool for orchistrating backups of cluster state and storage |
-| [Authservice](https://github.com/istio-ecosystem/authservice) | 1.0.1 | A tool for simplifying and automating auth workflows via Istio integration |
-| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.1 | A container metrics aggregation and exporter for kubernetes |
-| [Pepr](https://pepr.dev/) | 0.32.7 | Declarative automation for managing deployments and security policy enorcement |
-| [Keycloak](https://github.com/defenseunicorns/uds-core) | 24.0.5 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
-| [uds-identity-config]() | v0.5.1 | UDS Identity (Keycloak) Config image used by UDS Identity |
+| [Istio](https://istio.io/latest/) | 1.23.1 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster |
+| [Loki](https://grafana.com/oss/loki/) | 3.1.1 | A Grafana product for aggregating and querying log data |
+| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 3.1.1 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki |
+| [Prometheus](https://prometheus.io/) | 2.54.1 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) |
+| [Grafana](https://github.com/grafana/grafana) | 11.2.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo |
+| [Neuvector](https://www.suse.com/neuvector/) | 5.3.4 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection |
+| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.14.1 | A tool for orchistrating backups of cluster state and storage |
+| [Authservice](https://github.com/istio-ecosystem/authservice) | 1.0.2 | A tool for simplifying and automating auth workflows via Istio integration |
+| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.2 | A container metrics aggregation and exporter for kubernetes |
+| [Pepr](https://pepr.dev/) | 0.36.0 | Declarative automation for managing deployments and security policy enorcement |
+| [Keycloak](https://github.com/defenseunicorns/uds-core) | 25.0.6 | An identity and access management (IDAM) tool used to authenticate users for access to applications |
+| [uds-identity-config]() | v0.6.3 | UDS Identity (Keycloak) Config image used by UDS Identity |

packages/keycloak-config-wrapper/zarf.yaml

@@ -26,10 +26,6 @@ components:
           - cmd: |
               ./zarf tools kubectl delete job -n keycloak identity-config-loader 2>/dev/null || true
 
-          # Check deploy system arch
-          - cmd: if [ "$(uname -m)" != "x86_64" ]; then echo "this package architecture is amd64, but the target system has a different architecture. These architectures must be the same" && exit 1; fi
-            description: Check that the host architecture matches the package architecture
-            maxRetries: 0
         after:
           - cmd: |
               # wait for the job to start

packages/nutanix-csi/zarf.yaml

@@ -79,6 +79,6 @@ components:
     actions:
       onDeploy:
         before:
-          - description: Delete Storage Classes
-            cmd: ./zarf tools kubectl delete sc nutanix-dynamicfile --ignore-not-found=true
-            cmd: ./zarf tools kubectl delete sc nutanix-volume --ignore-not-found=true
+          - description: Delete Storage Classes  # We do not want this to fail if they're not there so || true
+            cmd: uds zarf tools kubectl delete sc nutanix-dynamicfile || true
+            cmd: uds zarf tools kubectl delete sc nutanix-volume || true

tasks.yaml

@@ -3,6 +3,12 @@ includes:
   - deploy: ./tasks/deploy.yaml
 
 tasks:
+  - name: dev
+    description: The create-deploy dev loop
+    actions:
+      - task: create-bundle
+      - task: deploy-dev
+
   ################
   #  Create
   ################
@@ -47,7 +53,7 @@ tasks:
     actions:
       - task: deploy:deploy-published
         with:
-          config-dir: ./scratch/configs/test
+          config_dir: ./scratch/configs/test
 
   #### Clean ####
   - name: clean

tasks/create.yaml

@@ -8,7 +8,7 @@ tasks:
   - name: build-dir
     description: Create build directory
     actions:
-      - cmd: mkdir build -p
+      - cmd: mkdir -p build
 
   # Bundles
   - name: bundle
@@ -23,7 +23,6 @@ tasks:
     actions:
       - cmd: ./uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
       - cmd: ./uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
-      - cmd: ./uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
       - cmd: ./uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
 
   - name: keycloak-config-wrapper-package

tasks/deploy.yaml

@@ -4,7 +4,7 @@ variables:
     default: "amd64"
   - name: DEPLOY_IMAGE
     description: "Container image to use to run uds deploy in"
-    default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.34"
+    default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.39"
   - name: BUNDLE_VERSION
     description: "Version of the bundle to deploy"
     # x-release-please-start-version
@@ -20,10 +20,10 @@ tasks:
   - name: deploy-bundle
     description: Deploy bundle based on configured input build and config directories
     inputs:
-      build-dir:
+      build_dir:
         default: ./build
         description: Input for the path to the build directory containing the uds bundle to deploy
-      config-dir:
+      config_dir:
         default: ./scratch/configs/dev
         description: Input for the path to the directory containing the uds-config.yaml to use for deploying the bundle
     actions:
@@ -32,8 +32,8 @@ tasks:
   - name: deploy-published
     description: Deploy published oci of bundle from ghcr
     inputs:
-      config-dir:
+      config_dir:
         default: ./scratch/configs/dev
         description: Input for the path to the directory containing the uds-config.yaml to use for deploying the bundle
     actions:
-      - cmd: docker run --rm -e BUNDLE_VERSION=${BUNDLE_VERSION} -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -v /tmp:/tmp -v ${INPUT_CONFIG_DIR}:/configs ${DEPLOY_IMAGE} bash -c 'uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:${BUNDLE_VERSION} --confirm'
+      - cmd: docker run --rm -e BUNDLE_VERSION=${BUNDLE_VERSION} -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -v /tmp:/tmp -v ${{ .inputs.config_dir }}:/configs ${DEPLOY_IMAGE} bash -c 'uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:${BUNDLE_VERSION} --confirm'