Updates (#114)

* Upgrade idam and dubbd * Update idam realm, gitlab, and sonarqube configs * Cleanup * Cleanup * Add more capabilities and upgrades * Update e2e tests to include new capabilities * Update README
defenseunicorns · Nov 3, 2023 · 69a5105 · 69a5105
1 parent 7dcc939
commit 69a5105
Show file tree

Hide file tree

Showing 16 changed files with 386 additions and 63 deletions.
diff --git a/Makefile b/Makefile
@@ -142,7 +142,7 @@ cluster/destroy: ## Destroy the k3d cluster
 ########################################################################
 
 .PHONY: build/all
-build/all: build build/zarf build/uds build/software-factory-namespaces build/idam-dns build/idam-realm build/idam-gitlab build/idam-sonarqube build/uds-bundle-software-factory ## Build everything
+build/all: build build/zarf build/uds build/software-factory-namespaces build/idam-dns build/idam-realm build/idam-postgres build/idam-gitlab build/idam-sonarqube build/uds-bundle-software-factory ## Build everything
 
 build: ## Create build directory
 	mkdir -p build
@@ -180,6 +180,9 @@ build/idam-dns: | build ## Build idam-dns package
 build/idam-realm: | build ## Build idam-realm package
 	cd build && ./zarf package create ../packages/idam-realm/ --confirm --output-directory .
 
+build/idam-postgres: | build ## Build idam-postgres package
+	cd build && ./zarf package create ../packages/idam-postgres/ --confirm --output-directory .
+
 build/uds-bundle-software-factory: | build ## Build the software factory
 	cd build && ./uds bundle create ../ --confirm
 	mv uds-bundle-software-factory-demo-*.tar.zst build/
@@ -189,6 +192,7 @@ build/uds-bundle-software-factory: | build ## Build the software factory
 ########################################################################
 
 deploy: ## Deploy the software factory package
+	cp uds-config.yaml ./build/
 	cd ./build && ./uds bundle deploy uds-bundle-software-factory-demo-*.tar.zst --confirm
 
 ########################################################################

diff --git a/README.md b/README.md
@@ -19,6 +19,10 @@ This is the early stages of a UDS Bundle we call the UDS Software Factory. This
 | [Gitlab](https://github.com/defenseunicorns/uds-capability-gitlab) | Alpha |
 | [Gitlab-Runner](https://github.com/defenseunicorns/uds-capability-gitlab-runner) | Alpha |
 | [SonarQube](https://github.com/defenseunicorns/uds-capability-sonarqube) | Alpha |
+| [Jira](https://github.com/defenseunicorns/uds-capability-jira) | Alpha |
+| [Confluence](https://github.com/defenseunicorns/uds-capability-confluence) | Alpha |
+| [Mattermost](https://github.com/defenseunicorns/uds-capability-mattermost-operator) | Alpha |
+| [Nexus](https://github.com/defenseunicorns/uds-capability-nexus) | Alpha |
 
 ## Prerequisites
 

diff --git a/packages/idam-gitlab/gitlab-sso-demo.json b/packages/idam-gitlab/gitlab-sso-demo.json
@@ -7,15 +7,15 @@
       "Gitlab"
     ],
     "response_type": "code",
-    "issuer": "https://keycloak.bigbang.dev/auth/realms/baby-yoda",
+    "issuer": "https://keycloak.###ZARF_VAR_DOMAIN###/auth/realms/baby-yoda",
     "client_auth_method": "query",
     "discovery": true,
     "uid_field": "preferred_username",
     "client_options": {
       "identifier": "dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_gitlab",
       "secret": "",
-      "redirect_uri": "https://gitlab.bigbang.dev/users/auth/openid_connect/callback",
-      "end_session_endpoint": "https://keycloak.bigbang.dev/auth/realms/baby-yoda/protocol/openid-connect/logout"
+      "redirect_uri": "https://gitlab.###ZARF_VAR_DOMAIN###/users/auth/openid_connect/callback",
+      "end_session_endpoint": "https://keycloak.###ZARF_VAR_DOMAIN###/auth/realms/baby-yoda/protocol/openid-connect/logout"
     }
   }
 }
diff --git a/packages/idam-gitlab/zarf.yaml b/packages/idam-gitlab/zarf.yaml
@@ -3,10 +3,12 @@ kind: ZarfPackageConfig
 metadata:
   name: software-factory-idam-gitlab
   description: "The IDAM/SSO manifest and variables for the GitLab Capability"
-  version: "1.0.0"
+  version: "1.0.1"
   architecture: amd64
 
 variables:
+  - name: DOMAIN
+    default: "test.dev"
   - name: GITLAB_SSO_JSON
     default: gitlab-sso-demo.json
     prompt: false

diff --git a/packages/idam-postgres/policy-exceptions/externalName.yaml b/packages/idam-postgres/policy-exceptions/externalName.yaml
@@ -0,0 +1,19 @@
+apiVersion: kyverno.io/v2alpha1
+kind: PolicyException
+metadata:
+  name: keycloak-postgres-external-names-exception
+  namespace: keycloak
+spec:
+  exceptions:
+  - policyName: restrict-external-names
+    ruleNames:
+    - external-names
+  match:
+    any:
+    - resources:
+        kinds:
+        - Service
+        namespaces:
+        - keycloak
+        names:
+        - keycloak-postgresql
diff --git a/packages/idam-postgres/policy-exceptions/registry.yaml b/packages/idam-postgres/policy-exceptions/registry.yaml
@@ -0,0 +1,20 @@
+apiVersion: kyverno.io/v2alpha1
+kind: PolicyException
+metadata:
+  name: keycloak-postgres-registry-exception
+  namespace: keycloak
+spec:
+  exceptions:
+  - policyName: restrict-image-registries
+    ruleNames:
+    - validate-registries
+    - autogen-validate-registries
+  match:
+    any:
+    - resources:
+        kinds:
+        - StatefulSet
+        namespaces:
+        - keycloak
+        names:
+        - postgresql
diff --git a/packages/idam-postgres/service.yaml b/packages/idam-postgres/service.yaml
@@ -0,0 +1,8 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: keycloak-postgresql
+  namespace: keycloak
+spec:
+  type: ExternalName
+  externalName: postgresql.keycloak.svc.cluster.local
diff --git a/packages/idam-postgres/values.yaml b/packages/idam-postgres/values.yaml
@@ -0,0 +1,3 @@
+auth:
+  username: kcadmin
+  database: keycloak
diff --git a/packages/idam-postgres/zarf.yaml b/packages/idam-postgres/zarf.yaml
@@ -0,0 +1,53 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/main/zarf.schema.json
+kind: ZarfPackageConfig
+metadata:
+  name: keycloak-postgres
+  version: "0.0.1"
+  architecture: amd64
+
+components:
+  - name: postgres-kyverno-exceptions
+    required: true
+    manifests:
+      - name: kyverno-exceptions
+        files:
+          - policy-exceptions/externalName.yaml
+          - policy-exceptions/registry.yaml
+  - name: postgres
+    required: true
+    charts:
+      - name: postgresql
+        version: 12.6.6
+        namespace: keycloak
+        url: https://charts.bitnami.com/bitnami
+        valuesFiles:
+          - "values.yaml"
+    images:
+      - docker.io/bitnami/postgresql:15.3.0-debian-11-r24
+    actions:
+      onDeploy:
+        after:
+          - wait:
+              cluster:
+                kind: Pod
+                name: postgresql-0
+                condition: Ready
+                namespace: keycloak
+  - name: postgres-secret
+    required: true
+    actions:
+      onDeploy:
+        before:
+          - cmd: kubectl get secret -n keycloak postgresql --template={{.data.password}} | base64 -d
+            mute: true
+            setVariables:
+              - name: KEYCLOAK_DB_PASSWORD
+                sensitive: true
+        after:
+          - cmd: kubectl create secret generic keycloak-postgres -n keycloak --from-literal=password=${ZARF_VAR_KEYCLOAK_DB_PASSWORD} --dry-run=client -o yaml | kubectl apply -f -
+  - name: postgres-service
+    required: true
+    manifests:
+      - name: service for keycloak
+        files:
+          - service.yaml