From 7d496fdc8426c34fde04dc3689bcd0a56893a4ba Mon Sep 17 00:00:00 2001 From: William Walker Date: Tue, 16 May 2023 20:21:57 -0500 Subject: [PATCH] Add Big Bang YOLO mode support (#1681) ## Description Add Big Bang YOLO mode support ## Related Issue Addresses #1670 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [x] New feature (non-breaking change which adds functionality) - [ ] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/zarf/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr --- examples/big-bang-yolo-mode/README.md | 26 ++++ .../config/credentials.yaml | 5 + .../big-bang-yolo-mode/config/ingress.yaml | 128 ++++++++++++++++++ .../big-bang-yolo-mode/config/kyverno.yaml | 27 ++++ examples/big-bang-yolo-mode/config/loki.yaml | 15 ++ .../secrets/private-registry.yaml | 18 +++ examples/big-bang-yolo-mode/zarf.yaml | 42 ++++++ src/extensions/bigbang/bigbang.go | 72 ++++++---- src/pkg/packager/create.go | 2 +- src/pkg/packager/extensions.go | 4 +- 10 files changed, 306 insertions(+), 33 deletions(-) create mode 100644 examples/big-bang-yolo-mode/README.md create mode 100644 examples/big-bang-yolo-mode/config/credentials.yaml create mode 100644 examples/big-bang-yolo-mode/config/ingress.yaml create mode 100644 examples/big-bang-yolo-mode/config/kyverno.yaml create mode 100644 examples/big-bang-yolo-mode/config/loki.yaml create mode 100644 examples/big-bang-yolo-mode/secrets/private-registry.yaml create mode 100644 examples/big-bang-yolo-mode/zarf.yaml diff --git a/examples/big-bang-yolo-mode/README.md b/examples/big-bang-yolo-mode/README.md new file mode 100644 index 0000000000..432498164f --- /dev/null +++ b/examples/big-bang-yolo-mode/README.md @@ -0,0 +1,26 @@ +# Big Bang (YOLO Mode) + +This package deploys [Big Bang](https://repo1.dso.mil/platform-one/big-bang/bigbang) using the Zarf `bigbang` extension with YOLO mode enabled. You can learn about YOLO mode [here](https://docs.zarf.dev/docs/faq#what-is-yolo-mode-and-why-would-i-use-it). An example of this configuration is below: + +```yaml +components: + - name: flux-private-registry + required: true + manifests: + - name: private-registry + namespace: flux-system + files: + - secrets/private-registry.yaml + - name: bigbang + required: true + extensions: + bigbang: + version: 2.0.0 + valuesFiles: + - config/credentials.yaml + - config/ingress.yaml + - config/kyverno.yaml + - config/loki.yaml +``` + +The `provision-flux-credentials` component is required to create the necessary secret to pull flux images from [registry1.dso.mil](https://registry1.dso.mil). In the provided `zarf.yaml` for this example, we demonstrate providing account credentials via Zarf Variables, although there are other ways to populate the data in `private-registry.yaml`. diff --git a/examples/big-bang-yolo-mode/config/credentials.yaml b/examples/big-bang-yolo-mode/config/credentials.yaml new file mode 100644 index 0000000000..abe2178e0e --- /dev/null +++ b/examples/big-bang-yolo-mode/config/credentials.yaml @@ -0,0 +1,5 @@ +registryCredentials: + registry: registry1.dso.mil + username: "###ZARF_VAR_REGISTRY1_USERNAME###" + password: "###ZARF_VAR_REGISTRY1_CLI_SECRET###" + email: "" \ No newline at end of file diff --git a/examples/big-bang-yolo-mode/config/ingress.yaml b/examples/big-bang-yolo-mode/config/ingress.yaml new file mode 100644 index 0000000000..b1a42ec6b2 --- /dev/null +++ b/examples/big-bang-yolo-mode/config/ingress.yaml @@ -0,0 +1,128 @@ +# Configure Istio +domain: "bigbang.dev" + +istio: + gateways: + public: + tls: # certs for *.bigbang.dev + key: | + -----BEGIN PRIVATE KEY----- + MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDDvKUzWiZucm6/ + 8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRSZq2ziIQl9y98 + 8TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa5kxmjn752Rf0 + jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJorIU1n4qLYAezn + TvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn4yP6iWUymfQU + vHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t/WSeaKsyQSoZ + Wr99DWxpAgMBAAECggEAAW8ARsACSAzOgtlfmgo8Cpw9gUiYnn/l5P8O4+OT5uQp + 1RCytFGBYqwuej9zpffK1k+qNgZp8V0+G8wod6/xfH8Zggr4ZhsVTVirmEhtEaPD + Jf2i1oRNbbD48yknyApU2Y2WQaoJhArzAfeHDI34db83KqR8x+ZC0X7NAjgvr5zS + b0OfY2tht4oxEWh2m67FzlFgF+cWyszRYyfvHfOFBqLesuCnSfMoOzmbT3SlnxHo + 6GSa1e/kCJVzFJNb74BZTIH0w6Ar/a0QG829VXivqj8lRENU/1xUI2JhNz4RdH7F + 6MeiwQbq4pWjHfh4djuzQFIwOgCnSNRnNuNywOVuAQKBgQDjleEI1XFQawXmHtHu + 6GMhbgptRoSUyutDDdo2MHGvDbxDOIsczIBjxCuYAM47nmGMuWbDJUN+2VQAX32J + WZagRxWikxnEqv3B7No7tLSQ42rRo/tDBrZPCCuS9u/ZJM4o7MCa/VzTtbicGOCh + bTIoTeEtT2piIdkrjHFGGlYOLQKBgQDcLNFHrSJCkHfCoz75+zytfYan+2dIxuV/ + MlnrT8XHt33cst4ZwoIQbsE6mv7J4CJqOgUYDvoJpioLV3InUACDxXd+bVY7RwxP + j25pXzYL++RctVO3IEOCmFkwlq0fNFdrOn8Y/cnRTwd2e60n08rCKgJS8KhEAaO0 + QvVmAHw4rQKBgQDL7hCAnunzuoLFqpZI8tlpKjaTpp3EynO3WSFQb2ZfCvrIbVFS + U/kz7KN3iDlEeO5GcBeiA7EQaGN6FhbiTXHIWwoK7K8paGMMM1V2LL2kGvQruDm8 + 3LXd6Z9KCJXxSKanS0ZnW2KjnnE3Bp+6ZqOMNATzWfckydnUyPrza0PzXQKBgEYS + 1YCUb8Tzqcn+nrp85XDp9INeFh8pfj0fT1L/DpljouEs5Fcaer60ITd/wPuLJCje + 0mQ30AhmJBd7+07bvW4y2LcaIUm4cQiZQ7CxpsfloWaIJ16vHA1iY3B9ZBf8Vp4/ + /dd8XlEJb/ybnB6C35MwP5EaGtOaGfnzHZsbKG35AoGAWm9tpqhuldQ3MCvoAr5Q + b42JLSKqwpvVjQDiFZPI/0wZTo3WkWm9Rd7CAACheb8S70K1r/JIzsmIcnj0v4xs + sfd+R35UE+m8MExbDP4lKFParmvi2/UZfb3VFNMmMPTV6AEIBl6N4PmhHMZOsIRs + H4RxbE+FpmsMAUCpdrzvFkc= + -----END PRIVATE KEY----- + cert: | + -----BEGIN CERTIFICATE----- + MIIFHzCCBAegAwIBAgISA5mpYS+M8wSuhJbgCNVoGbYiMA0GCSqGSIb3DQEBCwUA + MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD + EwJSMzAeFw0yMzAyMjQxMzU1MzBaFw0yMzA1MjUxMzU1MjlaMBgxFjAUBgNVBAMM + DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDD + vKUzWiZucm6/8D2Nx4KVe8t6uHtARpw112f4yGv7xKcOJkbxLbVtor8pj/HS5tRS + Zq2ziIQl9y988TVAOBezgzPPMDxOqDeyHl5gAtqzpK/eSPmueZIhR88BH2+SMYqa + 5kxmjn752Rf0jVeCrVdQ5MD9rqA00oQi/zO+gQQoz6QSuiEQ2pSKYB3gv9oIoJor + IU1n4qLYAeznTvFwjmKWPPhRdyslpcAi1rVO+mVX3Y2DKU/CfpWNFVVT+H788Srn + 4yP6iWUymfQUvHOXII1erMnES2H9BDffumrRf3m3IpgueQ3vPhB8ftjFZozURj2t + /WSeaKsyQSoZWr99DWxpAgMBAAGjggJHMIICQzAOBgNVHQ8BAf8EBAMCBaAwHQYD + VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O + BBYEFFWw8Antpeyt5+/J//sIHTWkf8MtMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ + QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz + Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv + MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw + NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j + cnlwdC5vcmcwggEDBgorBgEEAdZ5AgQCBIH0BIHxAO8AdQB6MoxU2LcttiDqOOBS + HumEFnAyE4VNO9IrwTpXo1LrUgAAAYaD7AyTAAAEAwBGMEQCIG1jzmcfMv+DNdJh + 8gYpo44sgsASNEF8CjWCyHFhvITiAiASh+KhZXLaFXKsKF99fd6CTnKX30nOz2UR + NfSnXwW5JwB2AOg+0No+9QY1MudXKLyJa8kD08vREWvs62nhd31tBr1uAAABhoPs + DHAAAAQDAEcwRQIhALnaITI/ItM9FxxA0hc2VAVJ5xk36/FZtjMJyDAx2dmHAiAT + hnn8YDRB/fPRnv8PUOcubqK2mNwMRCk5wQBjQGYanTANBgkqhkiG9w0BAQsFAAOC + AQEAeviZDlTw9bzxF9vIZ1F+ijIQmnma6CD32eIEQmD/tIpOeayxuRiNFzIt/ixo + uC0/hKcC+JbVb7ZJOT9woPDce+g3gbA2i390yf3av3EP7sptV90rTM8gLPAdtHxo + RW14cSGmGFmaBRhr7ZbaSumztWcqgOF5orBq26wkhPT5bmqn7YX1W/H7/OMjP1Z+ + fQTfgFnfkBtzg1Ib4z3SHIPTqo2kAN3cF+b8AxrUKlk0STwesX2mR9h9jUKTapGg + Y36zDlKTOI3edM22AZDSmrIiR2LV1qGBDoxrsJmnK/Ci3t0KjwzJz45tyzenk8kO + imbt/HYVhe8WfukQ/kQdlhsHCw== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw + TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh + cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw + WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg + RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK + AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP + R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx + sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm + NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg + Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG + /kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC + AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB + Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA + FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw + AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw + Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB + gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W + PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl + ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz + CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm + lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4 + avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2 + yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O + yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids + hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+ + HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv + MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX + nLRbwHOoq7hHwg== + -----END CERTIFICATE----- + -----BEGIN CERTIFICATE----- + MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/ + MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT + DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow + TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh + cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB + AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC + ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL + wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D + LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK + 4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5 + bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y + sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ + Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4 + FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc + SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql + PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND + TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw + SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1 + c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx + +tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB + ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu + b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E + U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu + MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC + 5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW + 9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG + WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O + he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC + Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5 + -----END CERTIFICATE----- diff --git a/examples/big-bang-yolo-mode/config/kyverno.yaml b/examples/big-bang-yolo-mode/config/kyverno.yaml new file mode 100644 index 0000000000..0270d2975f --- /dev/null +++ b/examples/big-bang-yolo-mode/config/kyverno.yaml @@ -0,0 +1,27 @@ +# Use Kyverno instead of Gatekeeper +gatekeeper: + enabled: false +clusterAuditor: + enabled: false +kyverno: + enabled: true +kyvernoPolicies: + enabled: true + values: + policies: + disallow-shared-subpath-volume-writes: + validationFailureAction: audit + restrict-host-ports: + validationFailureAction: audit + restrict-capabilities: + validationFailureAction: audit + restrict-image-registries: + validationFailureAction: audit + disallow-host-namespaces: + validationFailureAction: audit + disallow-privileged-containers: + validationFailureAction: audit + require-non-root-user: + validationFailureAction: audit + restrict-host-path-mount-pv: + validationFailureAction: audit diff --git a/examples/big-bang-yolo-mode/config/loki.yaml b/examples/big-bang-yolo-mode/config/loki.yaml new file mode 100644 index 0000000000..8a85cfd658 --- /dev/null +++ b/examples/big-bang-yolo-mode/config/loki.yaml @@ -0,0 +1,15 @@ +# Use Loki instead of EFK +elasticsearchKibana: + enabled: false + +eckOperator: + enabled: false + +fluentbit: + enabled: false + +loki: + enabled: true + +promtail: + enabled: true diff --git a/examples/big-bang-yolo-mode/secrets/private-registry.yaml b/examples/big-bang-yolo-mode/secrets/private-registry.yaml new file mode 100644 index 0000000000..11f1449e1c --- /dev/null +++ b/examples/big-bang-yolo-mode/secrets/private-registry.yaml @@ -0,0 +1,18 @@ +apiVersion: v1 +kind: Secret +metadata: + name: private-registry + namespace: flux-system +type: kubernetes.io/dockerconfigjson +stringData: + .dockerconfigjson: |- + { + "auths": { + "registry1.dso.mil": { + "username": "###ZARF_VAR_REGISTRY1_USERNAME###", + "password": "###ZARF_VAR_REGISTRY1_CLI_SECRET###", + "email": "", + "auth": "###ZARF_VAR_REGISTRY1_AUTH###" + } + } + } diff --git a/examples/big-bang-yolo-mode/zarf.yaml b/examples/big-bang-yolo-mode/zarf.yaml new file mode 100644 index 0000000000..b3ce7a4e8e --- /dev/null +++ b/examples/big-bang-yolo-mode/zarf.yaml @@ -0,0 +1,42 @@ +kind: ZarfPackageConfig + +metadata: + name: yolo-big-bang + description: "Deploy Big Bang Core in YOLO mode" + version: 2.0.0 + url: https://p1.dso.mil/products/big-bang + architecture: amd64 + yolo: true + +variables: + - name: REGISTRY1_USERNAME + description: "The username for pulling images from registry1.dso.mil" + required: true + prompt: true + - name: REGISTRY1_CLI_SECRET + description: "The CLI secret for pulling images from registry1.dso.mil" + required: true + prompt: true + - name: REGISTRY1_AUTH + description: "A base64 encoded concatenation of 'REGISTRY1_USERNAME:REGISTRY1_CLI_SECRET'" + required: true + prompt: true + +components: + - name: flux-private-registry + required: true + manifests: + - name: private-registry + namespace: flux-system + files: + - secrets/private-registry.yaml + - name: bigbang + required: true + extensions: + bigbang: + version: 2.0.0 + valuesFiles: + - config/credentials.yaml + - config/ingress.yaml + - config/kyverno.yaml + - config/loki.yaml diff --git a/src/extensions/bigbang/bigbang.go b/src/extensions/bigbang/bigbang.go index bbbb24b0f9..2880d82ac7 100644 --- a/src/extensions/bigbang/bigbang.go +++ b/src/extensions/bigbang/bigbang.go @@ -34,7 +34,7 @@ var tenMins = metav1.Duration{ // Run Mutates a component that should deploy Big Bang to a set of manifests // that contain the flux deployment of Big Bang -func Run(tmpPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { +func Run(YOLO bool, tmpPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { var err error if err := utils.CreateDirectory(tmpPaths.Temp, 0700); err != nil { return c, fmt.Errorf("unable to component temp directory: %w", err) @@ -72,8 +72,10 @@ func Run(tmpPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfCompon // Add the flux manifests to the list of manifests to be pulled down by Zarf. manifests = append(manifests, fluxManifest) - // Add the images to the list of images to be pulled down by Zarf. - c.Images = append(c.Images, images...) + if !YOLO { + // Add the images to the list of images to be pulled down by Zarf. + c.Images = append(c.Images, images...) + } } // Configure helm to pull down the Big Bang chart. @@ -107,16 +109,19 @@ func Run(tmpPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfCompon } // Add the Big Bang repo to the list of repos to be pulled down by Zarf. - bbRepo := fmt.Sprintf("%s@%s", cfg.Repo, cfg.Version) - c.Repos = append(c.Repos, bbRepo) - + if !YOLO { + bbRepo := fmt.Sprintf("%s@%s", cfg.Repo, cfg.Version) + c.Repos = append(c.Repos, bbRepo) + } // Parse the template for GitRepository objects and add them to the list of repos to be pulled down by Zarf. gitRepos, hrDependencies, hrValues, err := findBBResources(template) if err != nil { return c, fmt.Errorf("unable to find Big Bang resources: %w", err) } - for _, gitRepo := range gitRepos { - c.Repos = append(c.Repos, gitRepo) + if !YOLO { + for _, gitRepo := range gitRepos { + c.Repos = append(c.Repos, gitRepo) + } } // Generate a list of HelmReleases that need to be deployed in order. @@ -200,24 +205,26 @@ func Run(tmpPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfCompon }) // Select the images needed to support the repos for this configuration of Big Bang. - for _, hr := range hrDependencies { - namespacedName := getNamespacedNameFromMeta(hr.Metadata) - gitRepo := gitRepos[hr.NamespacedSource] - values := hrValues[namespacedName] + if !YOLO { + for _, hr := range hrDependencies { + namespacedName := getNamespacedNameFromMeta(hr.Metadata) + gitRepo := gitRepos[hr.NamespacedSource] + values := hrValues[namespacedName] + + images, err := helm.FindImagesForChartRepo(gitRepo, "chart", values) + if err != nil { + return c, fmt.Errorf("unable to find images for chart repo: %w", err) + } - images, err := helm.FindImagesForChartRepo(gitRepo, "chart", values) - if err != nil { - return c, fmt.Errorf("unable to find images for chart repo: %w", err) + c.Images = append(c.Images, images...) } - c.Images = append(c.Images, images...) + // Make sure the list of images is unique. + c.Images = utils.Unique(c.Images) } - // Make sure the list of images is unique. - c.Images = utils.Unique(c.Images) - // Create the flux wrapper around Big Bang for deployment. - manifest, err := addBigBangManifests(tmpPaths.Temp, cfg) + manifest, err := addBigBangManifests(YOLO, tmpPaths.Temp, cfg) if err != nil { return c, err } @@ -358,7 +365,7 @@ func findBBResources(t string) (gitRepos map[string]string, helmReleaseDeps map[ } // addBigBangManifests creates the manifests component for deploying Big Bang. -func addBigBangManifests(manifestDir string, cfg *extensions.BigBang) (types.ZarfManifest, error) { +func addBigBangManifests(YOLO bool, manifestDir string, cfg *extensions.BigBang) (types.ZarfManifest, error) { // Create a manifest component that we add to the zarf package for bigbang. manifest := types.ZarfManifest{ Name: bb, @@ -386,16 +393,21 @@ func addBigBangManifests(manifestDir string, cfg *extensions.BigBang) (types.Zar return manifest, err } - // Create the zarf-credentials secret manifest. - if err := addManifest("bb-ext-zarf-credentials.yaml", manifestZarfCredentials(cfg.Version)); err != nil { - return manifest, err - } + var hrValues []fluxHelmCtrl.ValuesReference - // Create the list of values manifests starting with zarf-credentials. - hrValues := []fluxHelmCtrl.ValuesReference{{ - Kind: "Secret", - Name: "zarf-credentials", - }} + // If YOLO mode is enabled, do not include the zarf-credentials secret + if !YOLO { + // Create the zarf-credentials secret manifest. + if err := addManifest("bb-ext-zarf-credentials.yaml", manifestZarfCredentials(cfg.Version)); err != nil { + return manifest, err + } + + // Create the list of values manifests starting with zarf-credentials. + hrValues = []fluxHelmCtrl.ValuesReference{{ + Kind: "Secret", + Name: "zarf-credentials", + }} + } // Loop through the valuesFrom list and create a manifest for each. for _, path := range cfg.ValuesFiles { diff --git a/src/pkg/packager/create.go b/src/pkg/packager/create.go index 95c36b650c..8df6bb96e3 100755 --- a/src/pkg/packager/create.go +++ b/src/pkg/packager/create.go @@ -94,7 +94,7 @@ func (p *Packager) Create(baseDir string) error { } // Process any extensions. - p.cfg.Pkg.Components[i], err = p.processExtensions(componentPath, c) + p.cfg.Pkg.Components[i], err = p.processExtensions(p.cfg.Pkg.Metadata.YOLO, componentPath, c) if err != nil { return fmt.Errorf("unable to process extensions: %w", err) } diff --git a/src/pkg/packager/extensions.go b/src/pkg/packager/extensions.go index 9cb555c58c..db0b6fd694 100644 --- a/src/pkg/packager/extensions.go +++ b/src/pkg/packager/extensions.go @@ -12,12 +12,12 @@ import ( ) // Check for any extensions in use and runs the appropriate functions. -func (p *Packager) processExtensions(cPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { +func (p *Packager) processExtensions(YOLO bool, cPaths types.ComponentPaths, c types.ZarfComponent) (types.ZarfComponent, error) { var err error // Big Bang if c.Extensions.BigBang != nil { - if c, err = bigbang.Run(cPaths, c); err != nil { + if c, err = bigbang.Run(YOLO, cPaths, c); err != nil { return c, fmt.Errorf("unable to process bigbang extension: %w", err) } }