diff --git a/CODEOWNERS b/CODEOWNERS index aff49929..8c82e132 100644 --- a/CODEOWNERS +++ b/CODEOWNERS @@ -1 +1 @@ -* @anthonywendt @blancharda @jacobbmay +* @anthonywendt @jacobbmay @joehcq1 diff --git a/README.md b/README.md index b653caf0..9e176029 100644 --- a/README.md +++ b/README.md @@ -16,8 +16,8 @@ Once the below [Prerequisites](#prerequisites) are met, these are the steps to d ### Prerequisites **Tools**: -* [uds version v0.14.1](https://github.com/defenseunicorns/uds-cli/tree/v0.14.1) -- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.14.1/uds-cli_v0.14.1_Linux_amd64` +* [uds version v0.16.0](https://github.com/defenseunicorns/uds-cli/tree/v0.16.0) +- `sudo curl -sL https://github.com/defenseunicorns/uds-cli/releases/download/v0.16.0/uds-cli_v0.16.0_Linux_amd64` * (OPTIONAL) [kubectl](https://kubernetes.io/docs/tasks/tools/#kubectl) * (OPTIONAL) [helm](https://github.com/helm/helm) @@ -157,3 +157,20 @@ uds run --list uds run create-bundle ``` +To force terminate a namespace that is hanging, try this. This state is often brought about during development by deleting the metrics +server before everything else is gone. The namespaces then hang as they're unable to talk to it. + +```bash +kubectl proxy & # Only run this once +destroy-ns () { + NAMESPACE="${1}" + kubectl get namespace "${NAMESPACE}" -o json | jq '.spec = {"finalizers":[]}' > temp.json + curl -k -H "Content-Type: application/json" -X PUT --data-binary @temp.json 127.0.0.1:8001/api/v1/namespaces/$NAMESPACE/finalize +} + +# For every namespace you want to delete: +destroy-ns + +# So we don't dirty the git history +rm temp.json +``` \ No newline at end of file diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml index c35a896c..ffd0aa71 100644 --- a/bundles/uds-core-swf/uds-bundle.yaml +++ b/bundles/uds-core-swf/uds-bundle.yaml @@ -81,7 +81,7 @@ packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core - ref: 0.24.1-registry1 + ref: 0.27.2-registry1 overrides: grafana: grafana: @@ -135,20 +135,6 @@ packages: cpu: 1 memory: 2Gi values: - - path: initContainers - value: - - name: velero-plugin-for-aws - image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0 - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: /target - name: plugins - - name: velero-plugin-for-csi - image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1 - imagePullPolicy: IfNotPresent - volumeMounts: - - mountPath: /target - name: plugins - path: configuration.features value: EnableCSI - path: snapshotsEnabled @@ -236,10 +222,6 @@ packages: value: "ReadWriteMany" - path: "persistence.storageClassName" value: "nutanix-dynamicfile" - - path: extraVolumes - value: *extra-volumes - - path: extraVolumeMounts - value: *extra-volume-mounts variables: - name: KEYCLOAK_DB_USERNAME description: "keycloak database username" @@ -268,7 +250,7 @@ packages: cpu: 400m memory: 512Mi limits: - cpu: 1 + cpu: "1" memory: 2Gi loki: loki: @@ -566,42 +548,53 @@ packages: # repository: ghcr.io/defenseunicorns/packages/uds/sonarqube # ref: 8.0.3-uds.6-registry1 - # # Jira - # - name: jira-database-secret - # path: ../../build - # ref: 0.0.1 - - # - name: jira - # repository: ghcr.io/defenseunicorns/packages/uds/jira - # ref: 1.19.0-uds.0-registry1 - # overrides: - # jira: - # jira: - # variables: - # - name: JIRA_LOCAL_HOME_ENABLED - # path: "volumes.localHome.persistentVolumeClaim.create" - # description: "Local Home Toggle" - # default: "true" - # - name: JIRA_RWO_STORAGE_CLASS - # path: "volumes.localHome.persistentVolumeClaim.storageClassName" - # description: "RWO storage class name" - # - name: JIRA_LOCAL_HOME_SIZE - # path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage" - # description: "Storage size" - # default: "128Gi" - # # 1-2k users - # - name: JIRA_RESOURCE_CONFIG - # path: "jira.resources" - # default: - # container: - # requests: - # cpu: "100m" - # memory: "2Gi" - # limits: - # cpu: "8" - # memory: "16Gi" - # jvm: - # maxHeap: "4g" + - name: jira + repository: ghcr.io/defenseunicorns/packages/uds/jira + ref: 1.22.0-uds.0-registry1 + overrides: + jira: + uds-jira-config: + values: + - path: postgres.internal + value: false + - path: postgres.username + value: "###ZARF_VAR_JIRA_DB_USERNAME###" + - path: postgres.password + value: "###ZARF_VAR_JIRA_DB_PASSWORD###" + - path: custom # To setup custom egress rule to reach DB. + value: + - direction: Egress + port: 5432 + selector: + app.kubernetes.io/name: jira + remoteGenerated: Anywhere + description: "Egress to Postgres" + jira: + variables: + - name: JIRA_LOCAL_HOME_ENABLED + path: "volumes.localHome.persistentVolumeClaim.create" + description: "Local Home Toggle" + default: "true" + - name: JIRA_RWO_STORAGE_CLASS + path: "volumes.localHome.persistentVolumeClaim.storageClassName" + description: "RWO storage class name" + - name: JIRA_LOCAL_HOME_SIZE + path: "volumes.localHome.persistentVolumeClaim.resources.requests.storage" + description: "Storage size" + default: "128Gi" + # 1-2k users + - name: JIRA_RESOURCE_CONFIG + path: "jira.resources" + default: + container: + requests: + cpu: "100m" + memory: "2Gi" + limits: + cpu: "8" + memory: "16Gi" + jvm: + maxHeap: "6g" # # Confluence # - name: confluence-database-secret diff --git a/config/uds-config.yaml b/config/uds-config.yaml index 88d1523d..e17941f8 100644 --- a/config/uds-config.yaml +++ b/config/uds-config.yaml @@ -148,13 +148,10 @@ variables: SONARQUBE_DB_NAME: "sonarqubedb" SONARQUBE_DB_USERNAME: "postgres" SONARQUBE_DB_ENDPOINT: "sonarqube-pg.replace.with.db.url" - jira-database-secret: - JIRA_DB_PASSWORD: "replace-me-db-passwords" jira: JIRA_DB_NAME: "jiradb" JIRA_DB_USERNAME: "postgres" - JIRA_LOCAL_HOME_ENABLED: "true" - JIRA_LOCAL_HOME_SIZE: "128Gi" + JIRA_DB_PASSWORD: "replace-me-db-passwords" JIRA_DB_ENDPOINT: "jira-pg.replace.with.db.url" confluence-database-secret: CONFLUENCE_DB_PASSWORD: "replace-me-db-passwords" diff --git a/docs/database-creation-and-configuration.md b/docs/database-creation-and-configuration.md index dc09515d..e90aacc1 100644 --- a/docs/database-creation-and-configuration.md +++ b/docs/database-creation-and-configuration.md @@ -38,12 +38,11 @@ variables: ## Jira ```yaml variables: - jira-database-manifests: - JIRA_DB_EXTERNAL_NAME: "jira-pg.some.url" # Replace with domain entry for your database - JIRA_DB_PASSWORD: "replace-me-db-passwords" #Replace jira: - JIRA_DB_NAME: "jiradb" # Our example uses this database name - JIRA_DB_USERNAME: "postgres" # Our example uses this user + JIRA_DB_USERNAME: "postgres" + JIRA_DB_PASSWORD: "replace-me" + JIRA_DB_NAME: "jiradb" + JIRA_DB_ENDPOINT: "jira-pg.mtsi-dev.bigbang.dev" ``` ## Confluence diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index 3267b12e..0ec6c8ba 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -40,12 +40,12 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc |----|----|----|----| | [Nutanix CSI Driver Init](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v0.36.1 | v2.6.8 | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages | | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment | -| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.24.1 | N/A | [DESCRIPTION BELOW](#UDS-Core) | +| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.27.2 | N/A | [DESCRIPTION BELOW](#UDS-Core) | | [Valkey](https://github.com/defenseunicorns/uds-package-valkey) | v7.2.5-uds.2-upstream | 7.2.5 | A key-value store used as a data backend for several applications in the stack | | [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.1.2-uds.0-registry1 | 17.1.2 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 17.0.0-uds.0-registry1 | v17.0.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed | | [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images | -| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization | +| [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.22.0-uds.0-registry1 | 10.0.1 | A collaboration tool used for team management and task organization | | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information | | [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.7.2-uds.0-registry1 | 9.7.2 | An instance of Mattermost, a self-hosted chat and collaboration platform | | [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.69.0-uds.0-registry1 | 3.69.0-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts | @@ -57,15 +57,15 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | Package | Version | Description | |----|----|----| -| [Istio](https://istio.io/latest/) | 1.22.2 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster | -| [Loki](https://grafana.com/oss/loki/) | 2.9.6 | A Grafana product for aggregating and querying log data | -| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 3.1.0 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki | -| [Prometheus](https://prometheus.io/) | 2.52.0 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) | -| [Grafana](https://github.com/grafana/grafana) | 11.1.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | -| [Neuvector](https://www.suse.com/neuvector/) | 5.3.3 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection | -| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.2 | A tool for orchistrating backups of cluster state and storage | -| [Authservice](https://github.com/istio-ecosystem/authservice) | 1.0.1 | A tool for simplifying and automating auth workflows via Istio integration | -| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.1 | A container metrics aggregation and exporter for kubernetes | -| [Pepr](https://pepr.dev/) | 0.32.7 | Declarative automation for managing deployments and security policy enorcement | -| [Keycloak](https://github.com/defenseunicorns/uds-core) | 24.0.5 | An identity and access management (IDAM) tool used to authenticate users for access to applications | -| [uds-identity-config]() | v0.5.1 | UDS Identity (Keycloak) Config image used by UDS Identity | +| [Istio](https://istio.io/latest/) | 1.23.1 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster | +| [Loki](https://grafana.com/oss/loki/) | 3.1.1 | A Grafana product for aggregating and querying log data | +| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 3.1.1 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki | +| [Prometheus](https://prometheus.io/) | 2.54.1 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) | +| [Grafana](https://github.com/grafana/grafana) | 11.2.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | +| [Neuvector](https://www.suse.com/neuvector/) | 5.3.4 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection | +| [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.14.1 | A tool for orchistrating backups of cluster state and storage | +| [Authservice](https://github.com/istio-ecosystem/authservice) | 1.0.2 | A tool for simplifying and automating auth workflows via Istio integration | +| [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.2 | A container metrics aggregation and exporter for kubernetes | +| [Pepr](https://pepr.dev/) | 0.36.0 | Declarative automation for managing deployments and security policy enorcement | +| [Keycloak](https://github.com/defenseunicorns/uds-core) | 25.0.6 | An identity and access management (IDAM) tool used to authenticate users for access to applications | +| [uds-identity-config]() | v0.6.3 | UDS Identity (Keycloak) Config image used by UDS Identity | diff --git a/packages/databases/jira/secret/secret.yaml b/packages/databases/jira/secret/secret.yaml deleted file mode 100644 index 583548ad..00000000 --- a/packages/databases/jira/secret/secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: jira-postgres - namespace: jira -type: kubernetes.io/opaque -stringData: - password: "###ZARF_VAR_JIRA_DB_PASSWORD###" diff --git a/packages/databases/jira/secret/zarf.yaml b/packages/databases/jira/secret/zarf.yaml deleted file mode 100644 index 4586c9f5..00000000 --- a/packages/databases/jira/secret/zarf.yaml +++ /dev/null @@ -1,19 +0,0 @@ -# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json -kind: ZarfPackageConfig -metadata: - name: jira-database-secret - version: "0.0.1" - architecture: amd64 - -variables: - - name: JIRA_DB_PASSWORD - default: "replace-me" - -components: - - name: jira-postgres-secret - required: true - manifests: - - name: jira-postgres-secret - namespace: jira - files: - - secret.yaml diff --git a/packages/keycloak-config-wrapper/zarf.yaml b/packages/keycloak-config-wrapper/zarf.yaml index 6a0e2204..92170686 100644 --- a/packages/keycloak-config-wrapper/zarf.yaml +++ b/packages/keycloak-config-wrapper/zarf.yaml @@ -26,10 +26,6 @@ components: - cmd: | ./zarf tools kubectl delete job -n keycloak identity-config-loader 2>/dev/null || true - # Check deploy system arch - - cmd: if [ "$(uname -m)" != "x86_64" ]; then echo "this package architecture is amd64, but the target system has a different architecture. These architectures must be the same" && exit 1; fi - description: Check that the host architecture matches the package architecture - maxRetries: 0 after: - cmd: | # wait for the job to start diff --git a/packages/nutanix-csi/zarf.yaml b/packages/nutanix-csi/zarf.yaml index 7a27a06e..99ff7b94 100644 --- a/packages/nutanix-csi/zarf.yaml +++ b/packages/nutanix-csi/zarf.yaml @@ -79,6 +79,6 @@ components: actions: onDeploy: before: - - description: Delete Storage Classes - cmd: ./zarf tools kubectl delete sc nutanix-dynamicfile --ignore-not-found=true - cmd: ./zarf tools kubectl delete sc nutanix-volume --ignore-not-found=true + - description: Delete Storage Classes # We do not want this to fail if they're not there so || true + cmd: uds zarf tools kubectl delete sc nutanix-dynamicfile || true + cmd: uds zarf tools kubectl delete sc nutanix-volume || true diff --git a/tasks.yaml b/tasks.yaml index b00dc3a0..6d2db593 100644 --- a/tasks.yaml +++ b/tasks.yaml @@ -3,6 +3,12 @@ includes: - deploy: ./tasks/deploy.yaml tasks: + - name: dev + description: The create-deploy dev loop + actions: + - task: create-bundle + - task: deploy-dev + ################ # Create ################ @@ -47,7 +53,7 @@ tasks: actions: - task: deploy:deploy-published with: - config-dir: ./scratch/configs/test + config_dir: ./scratch/configs/test #### Clean #### - name: clean diff --git a/tasks/create.yaml b/tasks/create.yaml index 00400883..8330ea5e 100644 --- a/tasks/create.yaml +++ b/tasks/create.yaml @@ -8,7 +8,7 @@ tasks: - name: build-dir description: Create build directory actions: - - cmd: mkdir build -p + - cmd: mkdir -p build # Bundles - name: bundle @@ -23,7 +23,6 @@ tasks: actions: - cmd: ./uds zarf package create ./packages/databases/confluence/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - cmd: ./uds zarf package create ./packages/databases/gitlab/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - - cmd: ./uds zarf package create ./packages/databases/jira/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - cmd: ./uds zarf package create ./packages/databases/sonarqube/secret --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build - name: keycloak-config-wrapper-package diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml index a6cbdc3d..7531eedf 100644 --- a/tasks/deploy.yaml +++ b/tasks/deploy.yaml @@ -4,7 +4,7 @@ variables: default: "amd64" - name: DEPLOY_IMAGE description: "Container image to use to run uds deploy in" - default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.34" + default: "ghcr.io/defenseunicorns/build-harness/build-harness:2.0.39" - name: BUNDLE_VERSION description: "Version of the bundle to deploy" # x-release-please-start-version @@ -20,10 +20,10 @@ tasks: - name: deploy-bundle description: Deploy bundle based on configured input build and config directories inputs: - build-dir: + build_dir: default: ./build description: Input for the path to the build directory containing the uds bundle to deploy - config-dir: + config_dir: default: ./scratch/configs/dev description: Input for the path to the directory containing the uds-config.yaml to use for deploying the bundle actions: @@ -32,8 +32,8 @@ tasks: - name: deploy-published description: Deploy published oci of bundle from ghcr inputs: - config-dir: + config_dir: default: ./scratch/configs/dev description: Input for the path to the directory containing the uds-config.yaml to use for deploying the bundle actions: - - cmd: docker run --rm -e BUNDLE_VERSION=${BUNDLE_VERSION} -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -v /tmp:/tmp -v ${INPUT_CONFIG_DIR}:/configs ${DEPLOY_IMAGE} bash -c 'uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:${BUNDLE_VERSION} --confirm' + - cmd: docker run --rm -e BUNDLE_VERSION=${BUNDLE_VERSION} -e UDS_CONFIG=/configs/uds-config.yaml -e KUBECONFIG=/configs/kubeconfig -v /tmp:/tmp -v ${{ .inputs.config_dir }}:/configs ${DEPLOY_IMAGE} bash -c 'uds deploy oci://ghcr.io/defenseunicorns/uds-bundle/software-factory-nutanix:${BUNDLE_VERSION} --confirm'