bundles/k3d-standard/uds-bundle.yaml

# Copyright 2024 Defense Unicorns
# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial

kind: UDSBundle
metadata:
  name: k3d-core-demo
  description: A UDS bundle for deploying the standard UDS Core package on a development cluster
  # x-release-please-start-version
  version: "0.34.1"
  # x-release-please-end

packages:
  - name: uds-k3d-dev
    repository: ghcr.io/defenseunicorns/packages/uds-k3d
    ref: 0.12.0
    overrides:
      uds-dev-stack:
        minio:
          variables:
            - name: BUCKETS
              description: "Set Minio Buckets"
              path: buckets
            - name: SVCACCTS
              description: "Minio Service Accounts"
              path: svcaccts
            - name: USERS
              description: "Minio Users"
              path: users
            - name: POLICIES
              description: "Minio policies"
              path: policies

  - name: init
    repository: ghcr.io/zarf-dev/packages/init
    ref: v0.46.0

  - name: core
    path: ../../build/
    # x-release-please-start-version
    ref: 0.34.1
    # x-release-please-end
    optionalComponents:
      - istio-passthrough-gateway
      - metrics-server
    overrides:
      pepr-uds-core:
        module:
          variables:
            - name: PEPR_WATCHER_MEMORY_REQUEST
              description: "Memory requests for the pepr watcher pod"
              path: "watcher.resources.requests.memory"
              default: "256Mi"
            - name: PEPR_ADMISSION_MEMORY_REQUEST
              description: "Memory requests for the pepr admission pods"
              path: "admission.resources.requests.memory"
              default: "256Mi"
            - name: PEPR_WATCHER_CPU_REQUEST
              description: "CPU requests for the pepr watcher pod"
              path: "watcher.resources.requests.cpu"
              default: "200m"
            - name: PEPR_ADMISSION_CPU_REQUEST
              description: "CPU requests for the pepr admission pods"
              path: "admission.resources.requests.cpu"
              default: "200m"
      loki:
        loki:
          variables:
            - name: LOKI_CHUNKS_BUCKET
              description: "The object storage bucket for Loki chunks"
              path: loki.storage.bucketNames.chunks
            - name: LOKI_RULER_BUCKET
              description: "The object storage bucket for Loki ruler"
              path: loki.storage.bucketNames.ruler
            - name: LOKI_ADMIN_BUCKET
              description: "The object storage bucket for Loki admin"
              path: loki.storage.bucketNames.admin
            - name: LOKI_S3_ENDPOINT
              description: "The S3 endpoint"
              path: loki.storage.s3.endpoint
            - name: LOKI_S3_REGION
              description: "The S3 region"
              path: loki.storage.s3.region
            - name: LOKI_S3_ACCESS_KEY_ID
              description: "The S3 Access Key ID"
              path: loki.storage.s3.accessKeyId
            - name: LOKI_S3_SECRET_ACCESS_KEY
              path: loki.storage.s3.secretAccessKey
              description: "The S3 Secret Access Key"
            - name: LOKI_WRITE_REPLICAS
              path: write.replicas
              description: "Loki write replicas"
              default: "1"
            - name: LOKI_READ_REPLICAS
              path: read.replicas
              description: "Loki read replicas"
              default: "1"
            - name: LOKI_BACKEND_REPLICAS
              path: backend.replicas
              description: "Loki backend replicas"
              default: "1"
      istio-admin-gateway:
        uds-istio-config:
          variables:
            - name: ADMIN_TLS_CERT
              description: "The TLS cert for the admin gateway (must be base64 encoded)"
              path: tls.cert
            - name: ADMIN_TLS_KEY
              description: "The TLS key for the admin gateway (must be base64 encoded)"
              path: tls.key
            - name: ADMIN_TLS1_2_SUPPORT
              description: "Add support for TLS 1.2 on this gateway"
              path: tls.supportTLSV1_2
      istio-tenant-gateway:
        uds-istio-config:
          variables:
            - name: TENANT_TLS_CERT
              description: "The TLS cert for the tenant gateway (must be base64 encoded)"
              path: tls.cert
            - name: TENANT_TLS_KEY
              description: "The TLS key for the tenant gateway (must be base64 encoded)"
              path: tls.key
            - name: TENANT_TLS1_2_SUPPORT
              description: "Add support for TLS 1.2 on this gateway"
              path: tls.supportTLSV1_2
        gateway:
          variables:
            - name: TENANT_SERVICE_PORTS
              description: "The ports that are exposed from the tenant gateway LoadBalancer (useful for non-HTTP(S) traffic)"
              path: "service.ports"
      keycloak:
        keycloak:
          variables:
            - name: INSECURE_ADMIN_PASSWORD_GENERATION
              description: "Generate an insecure admin password for dev/test"
              path: insecureAdminPasswordGeneration.enabled
            - name: KEYCLOAK_HA
              description: "Enable Keycloak HA"
              path: autoscaling.enabled
            - name: KEYCLOAK_PG_USERNAME
              description: "Keycloak Postgres username"
              path: postgresql.username
            - name: KEYCLOAK_PG_PASSWORD
              description: "Keycloak Postgres password"
              path: postgresql.password
            - name: KEYCLOAK_PG_DATABASE
              description: "Keycloak Postgres database"
              path: postgresql.database
            - name: KEYCLOAK_PG_HOST
              description: "Keycloak Postgres host"
              path: postgresql.host
            - name: KEYCLOAK_DEVMODE
              description: "Enables Keycloak dev mode"
              path: devMode
          values:
            - path: realmInitEnv
              value:
                GOOGLE_IDP_ENABLED: true
                GOOGLE_IDP_ID: "C01881u7t"
                GOOGLE_IDP_SIGNING_CERT: "MIIDdDCCAlygAwIBAgIGAXkza8/+MA0GCSqGSIb3DQEBCwUAMHsxFDASBgNVBAoTC0dvb2dsZSBJbmMuMRYwFAYDVQQHEw1Nb3VudGFpbiBWaWV3MQ8wDQYDVQQDEwZHb29nbGUxGDAWBgNVBAsTD0dvb2dsZSBGb3IgV29yazELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWEwHhcNMjEwNTAzMTgwOTMzWhcNMjYwNTAyMTgwOTMzWjB7MRQwEgYDVQQKEwtHb29nbGUgSW5jLjEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEPMA0GA1UEAxMGR29vZ2xlMRgwFgYDVQQLEw9Hb29nbGUgRm9yIFdvcmsxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu9en1CO4EriCJ5jzss6TqUmtYMXXRBfsSkdnhVvMx0fYOegxy0d8DouUEEITlPW+YPBG1T72kiV9KGtKVw90ff4Y+siNDNrME81w4K3Zjo6VukvATfD05lVzh9JyO0VxdzBpdRXSJqBOVLo38cwVbyTcX5Nk/nHENjDSN7as3UvbXa7eT4Xswy1GARGAZ3MAaLTZn1+Cctn0MDKniQOS6QDryYgKWz8ko/H4T9XCxgjHJVsL6obezaPZF+pibyyVPCuePssuxUbFHF6yiP5rCfAsK6VTv/8pbYGauGpYHDgnM941RtN2ThltORgi+P9i9wQ8VRBQpEm1RvDXOqJ7OwIDAQABMA0GCSqGSIb3DQEBCwUAA4IBAQB5L26tpco6EgVunmZYBAFiFE+Dhqwvy4J1iKuXApaKhqabeKJ8kBv/pJBnZl7CRF5Pv8dLfhNoNm2BsXbpH91/rhDj9zl/Imkc5ttVGbXbKSBpUaduwBZpsVIX0xCugNPflHFz9kf/zsGWb3X6wO/2eNewj3fr8jNRC/KWQ7otcdqwYbe1BO4yo6FjAIs5L+wCQcc2JjRWgBon4wL25ccX3nH8aMHl4/gz5trKwPqH0/lYcScJmMSRPzHbmd62LlmZE9eWEwuYJ+h8fssTZA9JTMXvkPhg05w2snaM9XdSuXIRo4UtqGpMQC0KRMmwDHbVSluX63wn7iSZD4TGHZGa"
                GOOGLE_IDP_NAME_ID_FORMAT: "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
                GOOGLE_IDP_CORE_ENTITY_ID: "https://sso.uds.dev/realms/uds"
                GOOGLE_IDP_ADMIN_GROUP: "uds-core-dev-admin"
                GOOGLE_IDP_AUDITOR_GROUP: "uds-core-dev-auditor"
      grafana:
        grafana:
          variables:
            - name: GRAFANA_HA
              description: Enable HA Grafana
              path: autoscaling.enabled
        uds-grafana-config:
          variables:
            - name: GRAFANA_PG_HOST
              description: Grafana postgresql host
              path: postgresql.host
            - name: GRAFANA_PG_PORT
              description: Grafana postgresql port
              path: postgresql.port
            - name: GRAFANA_PG_DATABASE
              description: Grafana postgresql database
              path: postgresql.database
            - name: GRAFANA_PG_PASSWORD
              description: Grafana postgresql password
              path: postgresql.password
            - name: GRAFANA_PG_USER
              description: Grafana postgresql username
              path: postgresql.user
            - name: GRAFANA_PG_SSL_MODE
              description: Grafana postgresql SSL mode
              path: postgresql.ssl_mode