Thanks for taking the time to contribute to Big Bang!
If you are coming from repo1.dso.mil
and have an account at login.dso.mil
, please keep reading. If you are coming from or looking for the project on Github and wanting to make a Pull Request without a dso.mil
account, please see the last section External Github Contributions.
Table of Contents:
Big Bang is designed in such a way as to be as easily deployed locally as it is in production. In fact, most contributions begin locally.
Per the charter, all Big Bang packages will leverage container images from IronBank. In order to pull these images, ImagePullSecrets must be provided to Big Bang. To obtain access to these images, follow the guides provided in this document. These steps should NOT be used for production since the API keys for a user are only valid when the user is logged into Registry1
- Register for a free Iron Bank account Here.
- Log into the Iron Bank Registry, in the top right click your Username and then User Profile to get access to your CLI secret/API keys.
- When installing BigBang, set the Helm Values
registryCredentials.username
andregistryCredentials.password
to match your Registry1 username and API token.
Follow the steps below to get a local Kubernetes cluster for Big Bang using k3d.
# Create a local k3d cluster with the appropriate port forwards (tested on version 5.4.1).
k3d cluster create --k3s-arg "--no-deploy=metrics-server,traefik@server:*" -p 80:80@loadbalancer -p 443:443@loadbalancer
For development, it is quicker to test changes without having to push to Git. To do this, we can bypass Flux2 and deploy Big Bang directly with its Helm chart.
Start by creating myvalues.yaml
to configure your local Big Bang. The Big Bang template repository contains a starter development values.yaml.
Configure myvalues.yaml
to suit your needs.
# Deploy the latest fluxv2 with Iron Bank images
# For development, you can use flux from the internet using 'flux install`
# Be aware, the internet version is likely newer than the Iron Bank version
./scripts/install_flux.sh
# Apply a local version of the Big Bang chart
# NOTE: This is the alternative to deploying a HelmRelease and having flux manage it, we use a local copy to avoid having to commit every change
helm upgrade -i bigbang chart -n bigbang --create-namespace -f myvalues.yaml
# It may take Big Bang up to 10 minutes to recognize your changes and start to deploy them. This is based on the flux `interval` value set for polling. You can force Big Bang to immediately check for changes by running the ./scripts/sync.sh script.
./scripts/sync.sh
For more extensive development, use the Development Guide.
Development changes should be tested using a full GitOps environment. The Big Bang environment template should be replicated, either on a branch or new repository, to start your deployment. Follow the instructions in the template's readme and in the Big Bang docs for configuration.
Follow the Big Bang documentation for testing a full deployment of Big Bang.
To ease with local development, the TLD dev.bigbang.mil
is maintained by the Platform One team with the CNAME record:
CNAME: *.dev.bigbang.mil -> cluster.local
All routable endpoints BigBang deploys will use the TLD of bigbang.dev
by default. It is expected that consumers modify this appropriately for their environment.
Follow instructions in the Big Bang encryption guide for how to encrypt and decrypt secrets.
The merge request process is provided as an overview of the pipeline stages required to get a commit merged.
Follow instruction in CI-Workflow for specific details on the pipeline stages.
-
To report a cybersecurity concern, follow this link.
-
Never push secrets or certificates into our repository.
-
Big Bang does not recommend using internal databases for production deployments. Please look into having external databases, each application will have guides to deploy production system.
-
For questions on CVEs and remediation, email Andrew Vu Big Bang Cyber Lead ([email protected]) or message on MatterMost IL4 (andrew.vu.9) for more information.
- Fork this repository, develop, and test your changes. (if you do not have permissions to fork the repository, You can download the repo as a tar.gz file and upload to your own repo in your Gitlab instance instead)
- Submit a pull request.
- Keep an eye out for comments. From bots and maintainers to ensure CI is passing and issues or suggestions are addressed.
- Pipelines which must pass will run on runners from
repo1.dso.mil
and a bot will comment the status and information from the pipeline. - Any change to a Big Bang package chart requires a version bump following semver principles. See Documentation Changes and Versioning below
- Big Bang Package Issues which need to be included in the Big Bang Umbrella chart are not complete when the package PR is merged so please do not close issues. A new tag will automatically get created on
repo1.dso.mil
along with an MR into the Big Bang Umbrella as part of the CI process. This repo1 MR is reviewed the Big Bang Product team to merge on the Gitlab side, upon which the issue will be closed. - Changes to the Big Bang Umbrella get released separately according to our Release Schedule outlined in the README.
Once changes have been merged, all subsequent automation will run on repo1.dso.mil
with changes getting published back to Github.
If your changes are to documentation or guides/images and not code, templates or variables then a kind::docs
label will need to be added and will not kick off and wait for CI testing to complete.
Big Bang package chart version
should follow semver.
Charts should start at 1.0.0
unless they are based off an upstream chart (shown in chart/Kptfile) in which case a bug fix would increment the bb.X
suffix.
Big Bang umbrella MRs will not need the version in chart/Chart.yaml
edited via Pull Requests.
The readme of each Big Bang package chart can be re-generated with the following command: https://repo1.dso.mil/big-bang/product/packages/gluon/-/blob/master/docs/bb-package-readme.md.
Big Bang umbrella MRs will not need the main README.md edited via Pull Requests.