From bc6ea3de0eadaf2468f420275ebc2b1f0b3bddb2 Mon Sep 17 00:00:00 2001 From: Anthony Date: Wed, 10 Jul 2024 17:34:11 +0000 Subject: [PATCH 1/5] chore: update uds core to 0.23.0 --- bundles/uds-core-swf/uds-bundle.yaml | 6 +++--- config/uds-config.yaml | 1 + docs/packages-and-dependencies.md | 12 ++++++------ packages/init/zarf.yaml | 8 ++++---- 4 files changed, 14 insertions(+), 13 deletions(-) diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml index 9489ab43..cb51b8a3 100644 --- a/bundles/uds-core-swf/uds-bundle.yaml +++ b/bundles/uds-core-swf/uds-bundle.yaml @@ -46,7 +46,7 @@ packages: - name: core repository: ghcr.io/defenseunicorns/packages/uds/core - ref: 0.22.1-registry1 + ref: 0.23.0-registry1 overrides: grafana: grafana: @@ -98,13 +98,13 @@ packages: - path: initContainers value: - name: velero-plugin-for-aws - image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2 + image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /target name: plugins - name: velero-plugin-for-csi - image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0 + image: registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1 imagePullPolicy: IfNotPresent volumeMounts: - mountPath: /target diff --git a/config/uds-config.yaml b/config/uds-config.yaml index b5cd05b2..60db35a5 100644 --- a/config/uds-config.yaml +++ b/config/uds-config.yaml @@ -21,6 +21,7 @@ variables: REGISTRY_HPA_ENABLE: true REGISTRY_PVC_ACCESS_MODE: ReadWriteMany REGISTRY_PVC_ENABLED: true + REGISTRY_PVC_SIZE: 128Gi REGISTRY_STORAGE_CLASS: "nutanix-dynamicfile" PRISM_ENDPOINT: "PRISM element IP address" PRISM_USERNAME: "csi-user-prism-element-user" diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index 2f5333c7..702811e0 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -40,7 +40,7 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc |----|----|----|----| | [Nutanix CSI Driver Init](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v0.35.0 | v2.6.8 | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages | | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment | -| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.22.1 | N/A | [DESCRIPTION BELOW](#UDS-Core) | +| [uds-core](https://github.com/defenseunicorns/uds-core) | 0.23.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) | | [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.2 | 7.0.12 | A key-value store used as a data backend for several applications in the stack | | [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.0.2-uds.0-registry1 | 17.0.2 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 17.0.0-uds.0-registry1 | v17.0.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed | @@ -55,14 +55,14 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | Package | Version | Description | |----|----|----| -| [Istio](https://istio.io/latest/) | 1.22.1 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster | +| [Istio](https://istio.io/latest/) | 1.22.2 | A package detailing the configuration of the deployed service mesh -- used by the operator to apply the desired state in the cluster | | [Loki](https://grafana.com/oss/loki/) | 2.9.6 | A Grafana product for aggregating and querying log data | -| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 2.9.6 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki | +| [Promtail](https://grafana.com/docs/loki/latest/send-data/promtail/) | 3.1.0 | A logging daemon installed on each cluster node to capture logs from the host and all cluster workload processes. Logs are shipped to Loki | | [Prometheus](https://prometheus.io/) | 2.52.0 | A product for storing and querying time series based data such as system performance metrics (CPU/MEM usage) | -| [Grafana](https://github.com/grafana/grafana) | 10.4.2 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | -| [Neuvector](https://www.suse.com/neuvector/) | 5.3.2 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection | +| [Grafana](https://github.com/grafana/grafana) | 11.1.0 | A Grafana product to provide a frontend interface to display and query performance information from Prometheus, log data from Loki, and request tracing information from Tempo | +| [Neuvector](https://www.suse.com/neuvector/) | 5.3.3 | A kubernetes security suite that provides CVE scanning for hosts and images, as well as runtime security monitoring and protection | | [Velero](https://repo1.dso.mil/big-bang/product/packages/velero) | 1.13.2 | A tool for orchistrating backups of cluster state and storage | | [Authservice](https://github.com/istio-ecosystem/authservice) | 0.5.3 | A tool for simplifying and automating auth workflows via Istio integration | | [Metrics Server](https://github.com/kubernetes-sigs/metrics-server) | 0.7.1 | A container metrics aggregation and exporter for kubernetes | -| [Pepr](https://pepr.dev/) | 0.31.1 | Declarative automation for managing deployments and security policy enorcement | +| [Pepr](https://pepr.dev/) | 0.32.6 | Declarative automation for managing deployments and security policy enorcement | | [Keycloak](https://github.com/defenseunicorns/uds-core) | 24.0.5 | An identity and access management (IDAM) tool used to authenticate users for access to applications | diff --git a/packages/init/zarf.yaml b/packages/init/zarf.yaml index cf4762fb..f7ce8dc5 100644 --- a/packages/init/zarf.yaml +++ b/packages/init/zarf.yaml @@ -71,8 +71,8 @@ components: - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 - registry.k8s.io/sig-storage/csi-resizer:v1.9.2 - registry.k8s.io/sig-storage/livenessprobe:v2.11.0 - - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0 - - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2 + - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1 + - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0 - name: namespaces required: true @@ -133,8 +133,8 @@ components: - registry.k8s.io/sig-storage/csi-snapshotter:v6.3.2 - registry.k8s.io/sig-storage/csi-resizer:v1.9.2 - registry.k8s.io/sig-storage/livenessprobe:v2.11.0 - - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.0 - - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.9.2 + - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-csi:v0.7.1 + - registry1.dso.mil/ironbank/opensource/velero/velero-plugin-for-aws:v1.10.0 - "###ZARF_PKG_TMPL_REGISTRY_IMAGE_DOMAIN######ZARF_PKG_TMPL_REGISTRY_IMAGE###:###ZARF_PKG_TMPL_REGISTRY_IMAGE_TAG###" # Creates the pod+git mutating webhook From b0200d58555dfa42f46a7f04931735bd7f3b89ca Mon Sep 17 00:00:00 2001 From: ablanchard Date: Thu, 11 Jul 2024 16:07:23 -0700 Subject: [PATCH 2/5] bumping identity-config tag to match --- packages/keycloak-config-wrapper/init-job.yaml | 2 +- packages/keycloak-config-wrapper/zarf.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/packages/keycloak-config-wrapper/init-job.yaml b/packages/keycloak-config-wrapper/init-job.yaml index 05a45816..0c5597b9 100644 --- a/packages/keycloak-config-wrapper/init-job.yaml +++ b/packages/keycloak-config-wrapper/init-job.yaml @@ -14,7 +14,7 @@ spec: containers: - name: uds-config-sync # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver - image: ghcr.io/defenseunicorns/uds/identity-config:0.4.3 + image: ghcr.io/defenseunicorns/uds/identity-config:0.5.0 command: [ "sh", diff --git a/packages/keycloak-config-wrapper/zarf.yaml b/packages/keycloak-config-wrapper/zarf.yaml index 9d801055..921a5cfe 100644 --- a/packages/keycloak-config-wrapper/zarf.yaml +++ b/packages/keycloak-config-wrapper/zarf.yaml @@ -18,7 +18,7 @@ components: target: tmp_deploy/zarf.yaml images: # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver - - "ghcr.io/defenseunicorns/uds/identity-config:0.4.3" + - "ghcr.io/defenseunicorns/uds/identity-config:0.5.0" actions: onDeploy: before: From 581c004b57c2f517c97d57fd023e98a95cd937cf Mon Sep 17 00:00:00 2001 From: ablanchard Date: Thu, 11 Jul 2024 16:13:24 -0700 Subject: [PATCH 3/5] adding forgotten gitlab version updates to docs --- docs/packages-and-dependencies.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index 702811e0..05d6d145 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -41,8 +41,8 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | [Nutanix CSI Driver Init](https://portal.nutanix.com/page/documents/details?targetId=CSI-Volume-Driver-v2_6:CSI-Volume-Driver-v2_6) | v0.35.0 | v2.6.8 | A zarf component installed in the cluster for orchestrating further deployment of Zarf based packages | | [MetalLB](https://github.com/defenseunicorns/uds-capability-metallb) | 0.0.5 | v0.13.12 | Tool for providing load balancer capabilities for ingress into a Kubernetes deployment | | [uds-core](https://github.com/defenseunicorns/uds-core) | 0.23.0 | N/A | [DESCRIPTION BELOW](#UDS-Core) | -| [Redis](https://github.com/defenseunicorns/uds-package-dependencies) | 0.0.2 | 7.0.12 | A key-value store used as a data backend for several applications in the stack | -| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.0.2-uds.0-registry1 | 17.0.2 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | +| [Valkey](https://github.com/defenseunicorns/uds-package-valkey) | v7.2.5-uds.1-upstream | 7.2.5 | A key-value store used as a data backend for several applications in the stack | +| [Gitlab](https://github.com/defenseunicorns/uds-package-gitlab) | v17.1.1-uds.1-registry1 | 17.1.1 | A source control management tool used in the software development lifecycle for storing, updating, building and deploying custom software | | [Gitlab Runner](https://github.com/defenseunicorns/uds-package-gitlab-runner) | 17.0.0-uds.0-registry1 | v17.0.0 | A counterpart to Gitlab (above) in which automated software builds, tests and deployments are executed | | [Sonarqube](https://github.com/defenseunicorns/uds-package-sonarqube) | 8.0.3-uds.6-registry1 | 9.9.3-community | A code inspection tool used during automated pipelines to evaluate security considerations of custom software and packaged images | | [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization | From ac6f8e1fa0a190df4bcf4517f477aa12e2a968cc Mon Sep 17 00:00:00 2001 From: ablanchard Date: Thu, 11 Jul 2024 16:18:05 -0700 Subject: [PATCH 4/5] adding forgotten ca trust management versions to table --- docs/packages-and-dependencies.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index 05d6d145..1f67aefa 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -49,6 +49,8 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information | | [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.7.2-uds.0-registry1 | 9.7.2 | An instance of Mattermost, a self-hosted chat and collaboration platform | | [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.68.0-uds.3-registry1 | 3.68.1-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts | +| [cert-manager](https://cert-manager.io/) | 0.0.1 | 1.14.5 | Tool for automating management of in-cluster certificates | +| [trust-manager](https://cert-manager.io/docs/trust/trust-manager/) | 0.0.1 | v0.11.0 | Tool for automating creation and distribution of CA trust bundles | ## UDS Core UDS Core is a collection of tools that provide administrative capabilities such as deployment automation, centralized logging, monitoring, alerting and runtime security to a kubernetes cluster. The following applications and tools are installed: From 39ba132d9fdfd5d918e223800dc37186ba6d6f89 Mon Sep 17 00:00:00 2001 From: Anthony Date: Fri, 12 Jul 2024 18:13:53 +0000 Subject: [PATCH 5/5] chore: Nexus upgrade to 3.69.0-uds.0 --- bundles/uds-core-swf/uds-bundle.yaml | 6 +++--- docs/packages-and-dependencies.md | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml index f8915553..5d8c6c35 100644 --- a/bundles/uds-core-swf/uds-bundle.yaml +++ b/bundles/uds-core-swf/uds-bundle.yaml @@ -54,7 +54,7 @@ packages: - name: software-factory-namespaces path: ../../build ref: 1.0.0 - + - name: trust-manager path: ../../build ref: 0.0.1 @@ -523,7 +523,7 @@ packages: value: *extra-volumes - path: volumeMounts value: *extra-volume-mounts - + ### TODO - uncomment to replace functionality post MVP # # Sonarqube @@ -669,7 +669,7 @@ packages: # Nexus - name: nexus repository: ghcr.io/defenseunicorns/packages/uds/nexus - ref: 3.68.0-uds.3-registry1 + ref: 3.69.0-uds.0-registry1 overrides: nexus: nexus: diff --git a/docs/packages-and-dependencies.md b/docs/packages-and-dependencies.md index 1f67aefa..bbdcdec7 100644 --- a/docs/packages-and-dependencies.md +++ b/docs/packages-and-dependencies.md @@ -48,7 +48,7 @@ The UDS Software Factory Bundle (SWF) is a collection of Zarf packages which inc | [Jira](https://github.com/defenseunicorns/uds-package-jira) | 1.19.0-uds.0-registry1 | 9.15.1 | A collaboration tool used for team management and task organization | | [Confluence](https://github.com/defenseunicorns/uds-package-confluence) | 1.18.0-uds.0-registry1 | 8.8.0 | A knowledge management tool used by teams to organize information | | [Mattermost](https://github.com/defenseunicorns/uds-package-mattermost) | 9.7.2-uds.0-registry1 | 9.7.2 | An instance of Mattermost, a self-hosted chat and collaboration platform | -| [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.68.0-uds.3-registry1 | 3.68.1-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts | +| [Nexus](https://github.com/defenseunicorns/uds-package-nexus) | 3.69.0-uds.0-registry1 | 3.69.0-02 | An artifact repository used for storing compiled application libraries, packages, images and other such artifacts | | [cert-manager](https://cert-manager.io/) | 0.0.1 | 1.14.5 | Tool for automating management of in-cluster certificates | | [trust-manager](https://cert-manager.io/docs/trust/trust-manager/) | 0.0.1 | v0.11.0 | Tool for automating creation and distribution of CA trust bundles |