Fix Big Bang example to do GitOps correctly (#185)

Signed-off-by: Jeff McCoy <code@jeffm.us>

.pre-commit-config.yaml

@@ -10,8 +10,10 @@ repos:
       - id: detect-private-key
         exclude: "^examples/big-bang/template/bigbang/values.yaml$"
       - id: end-of-file-fixer
+        exclude: "^examples/big-bang/template/bigbang/vendor/.*$"
       - id: fix-byte-order-marker
       - id: trailing-whitespace
+        exclude: "^examples/big-bang/template/bigbang/vendor/.*$"
         args: [--markdown-linebreak-ext=md]
   - repo: https://github.com/sirosen/fix-smartquotes
     rev: 0.2.0

cli/internal/utils/auth.go

@@ -8,6 +8,7 @@ import (
 	"log"
 	"os"
 )
+
 // Login adds the given creds to the user's Docker config, usually located at $HOME/.docker/config.yaml. It does not try
 // to connect to the given registry, it just simply adds another entry to the config file.
 // This function was mostly adapted from https://github.com/google/go-containerregistry/blob/5c9c442d5d68cd96787559ebf6e984c7eb084913/cmd/crane/cmd/auth.go

examples/Makefile

@@ -56,9 +56,21 @@ vm-destroy: ## Cleanup plz
 .PHONY: package-examples
 package-examples: package-example-big-bang package-example-data-injection package-example-game package-example-gitops-data package-example-single-big-bang-package package-example-tiny-kafka package-example-postgres-operator ## Create zarf packages from all examples
 
+.PHONY: vendor-big-bang-base
+vendor-big-bang-base: ## Grab the bigbang base kustomization so we don't need to do funky things to let Flux grab it from a private repo
+	cd big-bang/template/bigbang/vendor && \
+	rm -rf bigbang && \
+	git init bigbang && \
+	cd bigbang && \
+	git remote add -f origin https://repo1.dso.mil/platform-one/big-bang/bigbang.git && \
+	git config core.sparseCheckout true && \
+	echo "base/" > .git/info/sparse-checkout && \
+	git checkout tags/1.17.0 -b tagbranch && \
+	rm -rf .git
+
 .PHONY: package-example-big-bang
-package-example-big-bang: ## Create the Big Bang Core example
-	cd big-bang && kustomize build template/bigbang > manifests/bigbang_generated.yaml && kustomize build template/flux > manifests/flux_generated.yaml && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/
+package-example-big-bang: vendor-big-bang-base ## Create the Big Bang Core example
+	cd big-bang && kustomize build template/bigbang/vendor/bigbang/base/flux > manifests/flux/flux_generated.yaml && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/
 
 .PHONY: package-example-data-injection
 package-example-data-injection: ## Create the Data Injection example

examples/big-bang/Makefile

@@ -0,0 +1,23 @@
+.DEFAULT_GOAL := help
+
+.PHONY: help
+help: ## Show a list of all targets
+	@grep -E '^[a-zA-Z0-9_-]+:.*?## .*$$' $(MAKEFILE_LIST) \
+	| sed -n 's/^\(.*\): \(.*\)##\(.*\)/\1:\3/p' \
+	| column -t -s ":"
+
+.PHONY: all
+all: ## Download the latest version of Zarf, build the deploy package, and start a VM with Vagrant
+	@cd .. && $(MAKE) clean fetch-release package-example-big-bang vm-init
+
+.PHONY: all-dev
+all-dev: ## Same as 'default', but build Zarf rather than downloading it
+	@cd .. && $(MAKE) clean build-release package-example-big-bang vm-init
+
+.PHONY: vm-init
+vm-init: ## Bring up the VM
+	@cd .. && $(MAKE) vm-init
+
+.PHONY: vm-destroy
+vm-destroy: ## Destroy the VM
+	@cd .. && $(MAKE) vm-destroy

examples/big-bang/README.md

@@ -8,19 +8,21 @@ Because the same cluster will be running both Traefik and Istio, Istio's Virtual
 
 1. Install [Vagrant](https://www.vagrantup.com/)
 2. Install `make` and `kustomize`
+1. Install `sha256sum` (on Mac it's `brew install coreutils`)
 
 ## Instructions
 
-1. From within the examples directory, Run: `make all`, which will download the latest built binaries, build all of the example packages, and launch a basic VM to run in. Alternatively, run `make all-dev` if you want to build the binaries using the current codebase instead of downloading them.
-5. Run: `sudo su` - Change user to root
-6. Run: `cd zarf-examples` - Change to the directory where the examples folder is mounted
-7. Run: `./zarf init --confirm --components management,gitops-service --host localhost` - Initialize Zarf, telling it to install the management component and gitops service and skip logging component (since BB has logging already) and tells Zarf to use `localhost` as the domain
-8. Wait a bit, run `k9s` to see pods come up. Don't move on until everything is running
-9. Run: `./zarf package deploy zarf-package-big-bang-core-demo.tar.zst --confirm` - Deploy Big Bang Core
-10. Wait several minutes. Run `k9s` to watch progress
-11. :warning: `kubectl delete -n istio-system envoyfilter/misdirected-request` (due to [this bug](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/802))
-12. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
-13. When you're done, run `make vm-destroy` to bring everything down
+1. `cd examples/big-bang`
+1. Run one of these two commands:
+   - `make all` - Download the latest version of Zarf, build the deploy package, and start a VM with Vagrant
+   - `make all-dev` - Build Zarf locally, build the deploy package, and start a VM with Vagrant
+1. Run: `./zarf init --confirm --components management,gitops-service --host localhost` - Initialize Zarf, telling it to install the management component and gitops service and skip logging component (since BB has logging already) and tells Zarf to use `localhost` as the domain. If you want to use interactive mode instead just run `./zarf init`.
+1. Wait a bit, run `k9s` to see pods come up. Don't move on until everything is running
+1. Run: `./zarf package deploy zarf-package-big-bang-core-demo.tar.zst --confirm` - Deploy Big Bang Core. If you want interactive mode instead just run `./zarf package deploy`, it will give you a picker to choose the package.
+1. Wait several minutes. Run `k9s` to watch progress
+1. :warning: `kubectl delete -n istio-system envoyfilter/misdirected-request` (due to [this bug](https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/802))
+1. Use a browser to visit the various services, available at https://*.bigbang.dev:9443
+1. When you're done, run `exit` to leave the VM then `make vm-destroy` to bring everything down
 
 ## Kubescape scan
 

examples/big-bang/manifests/big-bang/manifests.yaml

@@ -0,0 +1,101 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  labels:
+    owner: bigbang
+  name: bigbang
+---
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: zarf-git-secret
+  namespace: bigbang
+stringData:
+  username: "zarf-git-user"
+  password: "###ZARF_SECRET###"
+---
+apiVersion: source.toolkit.fluxcd.io/v1beta1
+kind: GitRepository
+metadata:
+  name: zarf
+  namespace: bigbang
+spec:
+  ignore: |
+    # exclude file extensions
+    /**/*.md
+    /**/*.txt
+    /**/*.sh
+  interval: 5m
+  url: http://stuart-gitea-http.git.svc.cluster.local:3000/zarf-git-user/mirror__github.com__defenseunicorns__zarf.git
+  secretRef:
+    name: zarf-git-secret
+  ref:
+    branch: master
+#    tag: 1.21.0
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1beta1
+kind: Kustomization
+metadata:
+  name: bigbang
+  namespace: bigbang
+spec:
+  interval: 5m
+  path: "./examples/big-bang/template/bigbang"
+  prune: true
+  sourceRef:
+    kind: GitRepository
+    name: zarf
+  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: bigbang
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: cluster-auditor
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: eck-operator
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: ek
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: fluent-bit
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: gatekeeper
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: istio
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: istio-operator
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: jaeger
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: kiali
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: monitoring
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      namespace: bigbang
+      name: twistlock
+  timeout: 60m
+  postBuild:
+    substitute:
+      zarf_secret: "###ZARF_SECRET###"

examples/big-bang/manifests/other_manifests.yaml → examples/big-bang/manifests/flux/regcred-secret.yaml

@@ -1,15 +1,5 @@
 apiVersion: v1
 kind: Secret
-type: Opaque
-metadata:
-  name: zarf-git-secret
-  namespace: bigbang
-stringData:
-  username: "zarf-git-user"
-  password: "###ZARF_SECRET###"
----
-apiVersion: v1
-kind: Secret
 type: kubernetes.io/dockerconfigjson
 metadata:
   name: private-registry

examples/big-bang/template/bigbang/kustomization.yaml

@@ -1,5 +1,5 @@
 bases:
-  - git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=1.17.0
+  - vendor/bigbang/base
 
 configMapGenerator:
   - name: common
@@ -9,13 +9,13 @@ configMapGenerator:
       - values.yaml
 
 patchesStrategicMerge:
-- |-
-  apiVersion: source.toolkit.fluxcd.io/v1beta1
-  kind: GitRepository
-  metadata:
-    name: bigbang
-    namespace: bigbang
-  spec:
-    url: http://stuart-gitea-http.git.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__bigbang.git
-    secretRef:
-      name: zarf-git-secret
+  - |-
+    apiVersion: source.toolkit.fluxcd.io/v1beta1
+    kind: GitRepository
+    metadata:
+      name: bigbang
+      namespace: bigbang
+    spec:
+      url: http://stuart-gitea-http.git.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__bigbang.git
+      secretRef:
+        name: zarf-git-secret

examples/big-bang/template/bigbang/values.yaml

@@ -3,7 +3,7 @@ domain: bigbang.dev
 registryCredentials:
   registry: "registry1.dso.mil"
   username: "zarf-git-user"
-  password: "###ZARF_SECRET###"
+  password: "${zarf_secret}"
 
 git:
   existingSecret: "zarf-git-secret"