Merge branch 'main' into 797-decompose-istio-oscal-into-oscal-and-val…

…idations
defenseunicorns · Oct 16, 2024 · 3f9eeb3 · 3f9eeb3
2 parents 80acb7e + d3f03b4
commit 3f9eeb3
Show file tree

Hide file tree

Showing 403 changed files with 5,254 additions and 1,124 deletions.
diff --git a/.codespellrc b/.codespellrc
@@ -1,5 +1,5 @@
 # Lint Codespell configurations
 [codespell]
 skip = .codespellrc,.git,node_modules,build,dist,*.zst,CHANGELOG.md
-ignore-words-list = NotIn,AKS
+ignore-words-list = NotIn,AKS,LICENS
 enable-colors =
diff --git a/.github/actions/debug-output/action.yaml b/.github/actions/debug-output/action.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: debug-output
 description: "Print out basic debug info for a k8s cluster"
 

diff --git a/.github/actions/lint-check/action.yaml b/.github/actions/lint-check/action.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: lint-check
 description: "Check Project for Linting Errors"
 
@@ -12,7 +15,7 @@ runs:
       uses: Homebrew/actions/setup-homebrew@master
     - name: Install UDS CLI
       # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/uds@0.16.0
+      run: brew install defenseunicorns/tap/uds@0.17.0
       shell: bash
     - name: Run Formatting Checks
       run: uds run lint-check --no-progress

diff --git a/.github/actions/notify-lula/action.yaml b/.github/actions/notify-lula/action.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: Notify Lula
 description: "Comment on PR to notify Lula Team"
 

diff --git a/.github/actions/save-logs/action.yaml b/.github/actions/save-logs/action.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 name: save-logs
 description: "Save debug logs"
 
@@ -34,7 +37,7 @@ runs:
         sudo chown $USER /tmp/uds-*.log || echo ""
       shell: bash
 
-    - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+    - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
       with:
         name: debug-log${{ inputs.suffix }}
         path: |

diff --git a/.github/actions/setup/action.yaml b/.github/actions/setup/action.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 # action.yml
 name: "Setup Environment"
 description: "UDS Environment Setup"
@@ -28,13 +31,11 @@ runs:
       # renovate: datasource=github-tags depName=k3d-io/k3d versioning=semver
       run: curl -s https://raw.githubusercontent.com/k3d-io/k3d/main/install.sh | TAG=v5.7.4 bash
 
-    - name: Set up Homebrew
-      uses: Homebrew/actions/setup-homebrew@master
-
     - name: Install UDS CLI
-      shell: bash
-      # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
-      run: brew install defenseunicorns/tap/[email protected]
+      uses: defenseunicorns/setup-uds@b987a32bac3baeb67bfb08f5e1544e2f9076ee8a # v1.0.0
+      with:
+        # renovate: datasource=github-tags depName=defenseunicorns/uds-cli versioning=semver
+        version: v0.17.0
 
     - name: Install Lula
       uses: defenseunicorns/lula-action/setup@badad8c4b1570095f57e66ffd62664847698a3b9 # v0.0.1
@@ -52,7 +53,7 @@ runs:
 
     - name: Chainguard Login
       if: ${{ inputs.chainguardIdentity != '' }}
-      uses: chainguard-dev/setup-chainctl@f52718d822dc73d21a04ef2082822c4a203163b3 # v0.2.2
+      uses: chainguard-dev/setup-chainctl@598499528905f95b94e62e4831cf42035e768933 # v0.2.3
       with:
         identity: ${{ inputs.chainguardIdentity }}
 

diff --git a/.github/bundles/uds-bundle.yaml → .github/bundles/eks/uds-bundle.yaml b/.github/bundles/uds-bundle.yaml → .github/bundles/eks/uds-bundle.yaml
@@ -1,20 +1,23 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 kind: UDSBundle
 metadata:
   name: uds-core-eks-nightly
   description: A UDS bundle for deploying EKS and UDS Core
   # x-release-please-start-version
-  version: "0.27.3"
+  version: "0.29.0"
   # x-release-please-end
 
 packages:
   - name: init
     repository: ghcr.io/zarf-dev/packages/init
-    ref: v0.40.1
+    ref: v0.41.0
 
   - name: core
-    path: ../../build/
+    path: ../../../build
     # x-release-please-start-version
-    ref: 0.27.3
+    ref: 0.29.0
     # x-release-please-end
     optionalComponents:
       - metrics-server
@@ -25,7 +28,7 @@ packages:
             - name: VELERO_USE_SECRET
               description: "Toggle use secret off to use IRSA."
               path: credentials.useSecret
-            - name: VELERO_IRSA_ANNOTATION
+            - name: VELERO_IRSA_ROLE_ARN
               description: "IRSA ARN annotation to use for Velero"
               path: serviceAccount.server.annotations.eks\.amazonaws\.com/role-arn
       loki:
@@ -50,6 +53,29 @@ packages:
             - name: LOKI_S3_REGION
               description: "The S3 region"
               path: loki.storage.s3.region
-            - name: LOKI_IRSA_ANNOTATION
+            - name: LOKI_IRSA_ROLE_ARN
               description: "The irsa role annotation"
               path: serviceAccount.annotations.eks\.amazonaws\.com/role-arn
+      grafana:
+        grafana:
+          variables:
+            - name: GRAFANA_HA
+              description: Enable HA Grafana
+              path: autoscaling.enabled
+        uds-grafana-config:
+          variables:
+            - name: GRAFANA_PG_HOST
+              description: Grafana postgresql host
+              path: postgresql.host
+            - name: GRAFANA_PG_PORT
+              description: Grafana postgresql port
+              path: postgresql.port
+            - name: GRAFANA_PG_DATABASE
+              description: Grafana postgresql database
+              path: postgresql.database
+            - name: GRAFANA_PG_PASSWORD
+              description: Grafana postgresql password
+              path: postgresql.password
+            - name: GRAFANA_PG_USER
+              description: Grafana postgresql username
+              path: postgresql.user
diff --git a/.github/bundles/eks/uds-config.yaml b/.github/bundles/eks/uds-config.yaml
@@ -0,0 +1,27 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+# Overwritten by ci-iac-aws package
+options:
+  architecture: amd64
+
+variables:
+  core:
+    loki_chunks_bucket: ${ZARF_VAR_LOKI_S3_BUCKET}
+    loki_ruler_bucket: ${ZARF_VAR_LOKI_S3_BUCKET}
+    loki_admin_bucket: ${ZARF_VAR_LOKI_S3_BUCKET}
+    loki_s3_region: ${ZARF_VAR_LOKI_S3_AWS_REGION}
+    loki_irsa_role_arn: ${ZARF_VAR_LOKI_S3_ROLE_ARN}
+    velero_use_secret: false
+    velero_irsa_role_arn: "${ZARF_VAR_VELERO_S3_ROLE_ARN}"
+    velero_bucket: ${ZARF_VAR_VELERO_S3_BUCKET}
+    velero_bucket_region: ${ZARF_VAR_VELERO_S3_AWS_REGION}
+    velero_bucket_provider_url: ""
+    velero_bucket_credential_name: ""
+    velero_bucket_credential_key: ""
+    grafana_ha: true
+    grafana_pg_host: ${ZARF_VAR_GRAFANA_PG_HOST}
+    grafana_pg_port: ${ZARF_VAR_GRAFANA_PG_PORT}
+    grafana_pg_database: ${ZARF_VAR_GRAFANA_PG_DATABASE}
+    grafana_pg_password: ${ZARF_VAR_GRAFANA_PG_PASSWORD}
+    grafana_pg_user: ${ZARF_VAR_GRAFANA_PG_USER}
diff --git a/.github/bundles/rke2/uds-bundle.yaml b/.github/bundles/rke2/uds-bundle.yaml
@@ -0,0 +1,81 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
+kind: UDSBundle
+metadata:
+  name: uds-core-rke2-nightly
+  description: A UDS bundle for deploying RKE2 and UDS Core
+  # x-release-please-start-version
+  version: "0.29.0"
+  # x-release-please-end
+
+packages:
+  - name: pod-identity-webhook
+    repository: ghcr.io/defenseunicorns/packages/uds/pod-identity-webhook
+    ref: 0.3.1-upstream
+
+  - name: init
+    repository: ghcr.io/zarf-dev/packages/init
+    ref: v0.41.0
+    overrides:
+      zarf-registry:
+        docker-registry:
+          variables:
+            - path: affinity.custom
+              name: REGISTRY_AFFINITY_CUSTOM_UDS
+            - path: persistence.accessMode
+              name: REGISTRY_PVC_ACCESS_MODE
+              default: ReadWriteMany
+      zarf-seed-registry:
+        docker-registry:
+          variables:
+            - path: affinity.custom
+              name: REGISTRY_AFFINITY_CUSTOM_UDS
+            - path: persistence.accessMode
+              name: REGISTRY_PVC_ACCESS_MODE
+              default: ReadWriteMany
+
+  - name: core
+    path: ../../../build
+    # x-release-please-start-version
+    ref: 0.29.0
+    # x-release-please-end
+    optionalComponents:
+      - metrics-server
+    overrides:
+      velero:
+        velero:
+          variables:
+            - name: VELERO_USE_SECRET
+              description: "Toggle use secret off to use IRSA."
+              path: credentials.useSecret
+            - name: VELERO_IRSA_ROLE_ARN
+              description: "IRSA ARN annotation to use for Velero"
+              path: serviceAccount.server.annotations.irsa/role-arn
+      loki:
+        loki:
+          values:
+            - path: loki.storage.s3.endpoint
+              value: ""
+            - path: loki.storage.s3.secretAccessKey
+              value: ""
+            - path: loki.storage.s3.accessKeyId
+              value: ""
+            - path: global.dnsService
+              value: rke2-coredns-rke2-coredns
+          variables:
+            - name: LOKI_CHUNKS_BUCKET
+              description: "The object storage bucket for Loki chunks"
+              path: loki.storage.bucketNames.chunks
+            - name: LOKI_RULER_BUCKET
+              description: "The object storage bucket for Loki ruler"
+              path: loki.storage.bucketNames.ruler
+            - name: LOKI_ADMIN_BUCKET
+              description: "The object storage bucket for Loki admin"
+              path: loki.storage.bucketNames.admin
+            - name: LOKI_S3_REGION
+              description: "The S3 region"
+              path: loki.storage.s3.region
+            - name: LOKI_IRSA_ROLE_ARN
+              description: "The irsa role annotation"
+              path: serviceAccount.annotations.irsa/role-arn
diff --git a/.github/bundles/uds-config.yaml → .github/bundles/rke2/uds-config.yaml b/.github/bundles/uds-config.yaml → .github/bundles/rke2/uds-config.yaml
@@ -1,3 +1,6 @@
+# Copyright 2024 Defense Unicorns
+# SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
+
 # Overwritten by ci-iac-aws package
 options:
   architecture: amd64
@@ -8,9 +11,9 @@ variables:
     loki_ruler_bucket: ${ZARF_VAR_LOKI_S3_BUCKET}
     loki_admin_bucket: ${ZARF_VAR_LOKI_S3_BUCKET}
     loki_s3_region: ${ZARF_VAR_LOKI_S3_AWS_REGION}
-    loki_irsa_annotation: ${ZARF_VAR_LOKI_S3_ROLE_ARN}
+    loki_irsa_role_arn: ${ZARF_VAR_LOKI_S3_ROLE_ARN}
     velero_use_secret: false
-    velero_irsa_annotation: "${ZARF_VAR_VELERO_S3_ROLE_ARN}"
+    velero_irsa_role_arn: "${ZARF_VAR_VELERO_S3_ROLE_ARN}"
     velero_bucket: ${ZARF_VAR_VELERO_S3_BUCKET}
     velero_bucket_region: ${ZARF_VAR_VELERO_S3_AWS_REGION}
     velero_bucket_provider_url: ""