New Example - Istio with separately loaded TLS cert

.pre-commit-config.yaml

@@ -3,7 +3,7 @@ repos:
     rev: v4.0.1
     hooks:
       - id: check-added-large-files
-        args: ['--maxkb=1024']
+        args: ["--maxkb=1024"]
       - id: check-merge-conflict
       - id: detect-aws-credentials
         args:
@@ -12,7 +12,8 @@ repos:
         exclude: |
           (?x)^(
             examples/big-bang/template/bigbang/values.yaml|
-            examples/software-factory/template/bigbang/values.yaml
+            examples/software-factory/template/bigbang/values.yaml|
+            examples/istio-with-separate-cert/files/bigbangdev.key
           )$
       - id: end-of-file-fixer
         exclude: "^examples/big-bang/template/bigbang/vendor/.*$"
@@ -28,13 +29,13 @@ repos:
     rev: v0.4.0
     hooks:
       - id: go-fmt
-## Normally we wouldn't need to do a local hook but we need to modify the shell script that gets run to first change directories into the `cli` folder
+  ## Normally we wouldn't need to do a local hook but we need to modify the shell script that gets run to first change directories into the `cli` folder
   - repo: local
     hooks:
       - id: golangci-lint
         name: golangci-lint
         entry: hooks/run-golangci-lint.sh
-        types: [ go ]
+        types: [go]
         language: script
         pass_filenames: false
         description: "Runs `golangci-lint`, requires https://github.com/golangci/golangci-lint"

examples/Makefile

@@ -62,6 +62,18 @@ package-examples: package-example-big-bang package-example-software-factory pack
 package-example-big-bang: ## Create the Big Bang Core example
 	cd big-bang && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/
 
+.PHONY: generate-bigbang-dev-cert
+generate-bigbang-dev-cert: ## Download the TLS cert and key for the *.bigbang.dev domain
+	@mkdir -p istio-with-separate-cert/files
+	@curl -s https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml | yq .istio.gateways.public.tls.key > istio-with-separate-cert/files/bigbangdev.key
+	@curl -s https://repo1.dso.mil/platform-one/big-bang/bigbang/-/raw/master/chart/ingress-certs.yaml | yq .istio.gateways.public.tls.cert > istio-with-separate-cert/files/bigbangdev.cert
+
+.PHONY: package-example-istio-with-separate-cert
+package-example-istio-with-separate-cert: ## Create the example of Istio with a separate TLS cert
+	@cd istio-with-separate-cert && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/
+	@cp istio-with-separate-cert/files/bigbangdev.cert sync/bigbangdev.cert
+	@cp istio-with-separate-cert/files/bigbangdev.key sync/bigbangdev.key
+
 .PHONY: package-example-softare-factory
 package-example-software-factory: ## Create the Big Bang Software Factory example
 	cd software-factory && kustomize build template/bigbang > manifests/bigbang/bigbang-generated.yaml && kustomize build template/flux > manifests/flux/flux-generated.yaml && $(ZARF_BIN) package create --confirm && mv zarf-package-* ../sync/

examples/big-bang/README.md

@@ -15,7 +15,7 @@ This example shows a deployment of [Big Bang Core](https://repo1.dso.mil/platfor
 ## Prerequisites
 
 1. Install [Vagrant](https://www.vagrantup.com/)
-2. Install `make`
+1. Install `make`
 1. Install `sha256sum` (on Mac it's `brew install coreutils`)
 
 ## Instructions

examples/istio-with-separate-cert/README.md

@@ -0,0 +1,105 @@
+# Example: Big Bang's Istio with a separately loaded cert
+
+This example deploys Big Bang's Istio, but without an ingress cert. It is applicable in use cases where you want to have a freely distributable zarf package, but your ingress cert is private and can't be distributed in the same way that you want the Zarf package to be.
+
+## Known Issues
+
+The same known issues that are documented in [the Big Bang example](../big-bang/README.md#known-issues) apply here as well, except for the Elasticsearch stuff since we have EFK turned off.
+
+## Prerequisites
+
+1. Install [Vagrant](https://www.vagrantup.com/)
+1. Install `make`
+1. Install `sha256sum` (on Mac it's `brew install coreutils`)
+1. [Logged into registry1.dso.mil](https://github.com/defenseunicorns/zarf/blob/master/docs/ironbank.md#2-configure-zarf-the-use-em)
+
+## Instructions
+
+### Pull down the code and binaries
+
+```shell
+# clone the binaries
+git clone https://github.com/defenseunicorns/zarf.git
+
+# change to the examples folder
+cd zarf/examples
+
+# Download the latest release of Zarf and the Init Package to the 'examples/sync' folder
+make fetch-release
+```
+
+> NOTE:
+>
+> If you have any issues with `make fetch-release` you can try `make build-release` instead. It will build the files instead of downloading them. You'll need Golang installed.
+
+### Build the deploy package
+
+```shell
+# Create the deploy package and move it to the 'examples/sync' folder. It will also create a kubernets manifest with the '*.bigbang.dev' cert that you can use later in the example.
+make package-example-istio-with-separate-cert
+```
+
+### Start the Vagrant VM
+
+```shell
+# Start the VM. You'll be dropped into a shell in the VM as the Root user
+make vm-init
+```
+
+> NOTE:
+>
+> All subsequent commands should be happening INSIDE the Vagrant VM
+
+### Initialize Zarf
+
+```shell
+# Initialize Zarf
+./zarf init --confirm --components k3s,gitops-service
+
+# (Optional) Inspect the results
+./zarf tools k9s
+```
+
+### Deploy the package
+
+```shell
+# Deploy Big Bang
+./zarf package deploy --confirm zarf-package-example-istio-with-separate-cert.tar.zst
+
+# (Optional) Inspect the results
+./zarf tools k9s
+```
+
+### Delete buggy EnvoyFilter
+
+Wait until Istio is running, then delete this EnvoyFilter. It doesn't work correctly due to a bug.
+
+```shell
+# Delete this EnvoyFilter, it is bugged. Will be fixed when we update to a later version of Big Bang
+kubectl delete -n istio-system envoyfilter/misdirected-request
+```
+
+### Deploy the TLS cert
+
+First, go to [https://kiali.bigbang.dev:8443](https://kiali.bigbang.dev:8443) just to see that it doesn't work, because Istio doesn't have a TLS cert to use.
+
+```shell
+# Create the cert
+kubectl create secret tls public-cert-actual -n istio-system --cert bigbangdev.cert --key bigbangdev.key
+```
+
+Then, try going back to [https://kiali.bigbang.dev:8443](https://kiali.bigbang.dev:8443). It should work this time.
+
+### Clean Up
+
+```shell
+# Inside the VM
+exit
+
+# On the host
+make vm-destroy
+```
+
+## Notes for Maintainers
+
+- The `*.bigbang.dev` cert expires every 90 days. To regenerate the latest one run `cd examples && make generate-bigbang-dev-cert`. Requires `curl` and [`yq`](https://github.com/mikefarah/yq/).

examples/istio-with-separate-cert/files/bigbangdev.cert

@@ -0,0 +1,91 @@
+-----BEGIN CERTIFICATE-----
+MIIFITCCBAmgAwIBAgISA1hqVGx/bDttGRuAMooDtZ7HMA0GCSqGSIb3DQEBCwUA
+MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+EwJSMzAeFw0yMTEyMTUxMjQzNTJaFw0yMjAzMTUxMjQzNTFaMBgxFjAUBgNVBAMM
+DSouYmlnYmFuZy5kZXYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDW
+f1Mu3PzeB7cLKMFYUoImy+bX6aXyV1d1gDCgxvXmIkY2EMFG0yL4fqRSMExgmmTV
+BJmDcJixBr36m14t6g39FX0n0XEnB4BvxyARFnbyecB7EUQ6AGCzUTbAW16pgQC2
+SKuIm7qjygdSUObgPfXqkUDshARZo1Q6OEFBZgn2R/lISg3wNlxlIp8BSCgLEE5m
+hAJZX9OzfVXCzJTxXtl9IUSQwuE9ANGb0AP10xdp9gR2uyAyYXgW+d0/GTKGzJTr
+kcy5x39XXIuYddOg7dQ7lSb6VqtFXaDvnrHao1Pn/W/UG8bmGM0uDRqLdvllxp9B
+j2UlHD2W9v+COLtxxaubAgMBAAGjggJJMIICRTAOBgNVHQ8BAf8EBAMCBaAwHQYD
+VR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0O
+BBYEFHsbOtfZyKFt+IqMnsHIDBHcv89oMB8GA1UdIwQYMBaAFBQusxe3WFbLrlAJ
+QOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0cDovL3Iz
+Lm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5jci5vcmcv
+MBgGA1UdEQQRMA+CDSouYmlnYmFuZy5kZXYwTAYDVR0gBEUwQzAIBgZngQwBAgEw
+NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
+cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDfpV6raIJPH2yt7rhf
+Tj5a6s2iEqRqXo47EsAgRFwqcwAAAX2+VcfaAAAEAwBIMEYCIQDPwjYC5CixLXKp
+NytLx3H1gd0D3t0sCwCs8zpF++OQEwIhAOYj8nLjKWayunsZiUSBow5Tp30iNJqA
+HAl00ztr1ei/AHYAKXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF9
+vlXH1AAABAMARzBFAiAb6uSCWFwa3boOPrG7LyOc2nKMU9w/QedWI/Il6wJOmQIh
+AIyhqQskxeMJZjj6v1RxPY4Y4gRDzaDql1PjnXYMDLeFMA0GCSqGSIb3DQEBCwUA
+A4IBAQBsIx5S6YTk8wdnvKWos7lzsHq8+RxJ6spK5JoWRTLaOIPZKPIruNudyt4D
+tbGTeiYqh1hP8uoWea8tE8yBoENAner05Wh+CyMlIoULF71lOLryRVokVYYCo/NT
+HiOX4RzgX3WVeve39AU6xMCmVnRLfTHS+5kGJ+cP7rAStsMKpiiG5JM4gkNSrP/T
+f++rEw1H742L5bTkbxV8K+KULhT7y1zDSgkPkG0iQgYdzWJgqrpkFM+mtcpWbKv5
+ygOJ3+D9VAyfiWjSNJ90HwswN+6uYzJsilkqBfCuew8F3sDQCJdxgRWDaSv8/iEy
+44zB6B3HDGNd7ZJkym49I12FSnnx
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFFjCCAv6gAwIBAgIRAJErCErPDBinU/bWLiWnX1owDQYJKoZIhvcNAQELBQAw
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwHhcNMjAwOTA0MDAwMDAw
+WhcNMjUwOTE1MTYwMDAwWjAyMQswCQYDVQQGEwJVUzEWMBQGA1UEChMNTGV0J3Mg
+RW5jcnlwdDELMAkGA1UEAxMCUjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
+AoIBAQC7AhUozPaglNMPEuyNVZLD+ILxmaZ6QoinXSaqtSu5xUyxr45r+XXIo9cP
+R5QUVTVXjJ6oojkZ9YI8QqlObvU7wy7bjcCwXPNZOOftz2nwWgsbvsCUJCWH+jdx
+sxPnHKzhm+/b5DtFUkWWqcFTzjTIUu61ru2P3mBw4qVUq7ZtDpelQDRrK9O8Zutm
+NHz6a4uPVymZ+DAXXbpyb/uBxa3Shlg9F8fnCbvxK/eG3MHacV3URuPMrSXBiLxg
+Z3Vms/EY96Jc5lP/Ooi2R6X/ExjqmAl3P51T+c8B5fWmcBcUr2Ok/5mzk53cU6cG
+/kiFHaFpriV1uxPMUgP17VGhi9sVAgMBAAGjggEIMIIBBDAOBgNVHQ8BAf8EBAMC
+AYYwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMBIGA1UdEwEB/wQIMAYB
+Af8CAQAwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYfr52LFMLGMB8GA1UdIwQYMBaA
+FHm0WeZ7tuXkAXOACIjIGlj26ZtuMDIGCCsGAQUFBwEBBCYwJDAiBggrBgEFBQcw
+AoYWaHR0cDovL3gxLmkubGVuY3Iub3JnLzAnBgNVHR8EIDAeMBygGqAYhhZodHRw
+Oi8veDEuYy5sZW5jci5vcmcvMCIGA1UdIAQbMBkwCAYGZ4EMAQIBMA0GCysGAQQB
+gt8TAQEBMA0GCSqGSIb3DQEBCwUAA4ICAQCFyk5HPqP3hUSFvNVneLKYY611TR6W
+PTNlclQtgaDqw+34IL9fzLdwALduO/ZelN7kIJ+m74uyA+eitRY8kc607TkC53wl
+ikfmZW4/RvTZ8M6UK+5UzhK8jCdLuMGYL6KvzXGRSgi3yLgjewQtCPkIVz6D2QQz
+CkcheAmCJ8MqyJu5zlzyZMjAvnnAT45tRAxekrsu94sQ4egdRCnbWSDtY7kh+BIm
+lJNXoB1lBMEKIq4QDUOXoRgffuDghje1WrG9ML+Hbisq/yFOGwXD9RiX8F6sw6W4
+avAuvDszue5L3sz85K+EC4Y/wFVDNvZo4TYXao6Z0f+lQKc0t8DQYzk1OXVu8rp2
+yJMC6alLbBfODALZvYH7n7do1AZls4I9d1P4jnkDrQoxB3UqQ9hVl3LEKQ73xF1O
+yK5GhDDX8oVfGKF5u+decIsH4YaTw7mP3GFxJSqv3+0lUFJoi5Lc5da149p90Ids
+hCExroL1+7mryIkXPeFM5TgO9r0rvZaBFOvV2z0gp35Z0+L4WPlbuEjN/lxPFin+
+HlUjr8gRsI3qfJOQFy/9rKIJR0Y/8Omwt/8oTWgy1mdeHmmjk7j1nYsvC9JSQ6Zv
+MldlTTKB3zhThV1+XWYp6rjd5JW1zbVWEkLNxE7GJThEUG3szgBVGP7pSWTUTsqX
+nLRbwHOoq7hHwg==
+-----END CERTIFICATE-----
+-----BEGIN CERTIFICATE-----
+MIIFYDCCBEigAwIBAgIQQAF3ITfU6UK47naqPGQKtzANBgkqhkiG9w0BAQsFADA/
+MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+DkRTVCBSb290IENBIFgzMB4XDTIxMDEyMDE5MTQwM1oXDTI0MDkzMDE4MTQwM1ow
+TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
+cmNoIEdyb3VwMRUwEwYDVQQDEwxJU1JHIFJvb3QgWDEwggIiMA0GCSqGSIb3DQEB
+AQUAA4ICDwAwggIKAoICAQCt6CRz9BQ385ueK1coHIe+3LffOJCMbjzmV6B493XC
+ov71am72AE8o295ohmxEk7axY/0UEmu/H9LqMZshftEzPLpI9d1537O4/xLxIZpL
+wYqGcWlKZmZsj348cL+tKSIG8+TA5oCu4kuPt5l+lAOf00eXfJlII1PoOK5PCm+D
+LtFJV4yAdLbaL9A4jXsDcCEbdfIwPPqPrt3aY6vrFk/CjhFLfs8L6P+1dy70sntK
+4EwSJQxwjQMpoOFTJOwT2e4ZvxCzSow/iaNhUd6shweU9GNx7C7ib1uYgeGJXDR5
+bHbvO5BieebbpJovJsXQEOEO3tkQjhb7t/eo98flAgeYjzYIlefiN5YNNnWe+w5y
+sR2bvAP5SQXYgd0FtCrWQemsAXaVCg/Y39W9Eh81LygXbNKYwagJZHduRze6zqxZ
+Xmidf3LWicUGQSk+WT7dJvUkyRGnWqNMQB9GoZm1pzpRboY7nn1ypxIFeFntPlF4
+FQsDj43QLwWyPntKHEtzBRL8xurgUBN8Q5N0s8p0544fAQjQMNRbcTa0B7rBMDBc
+SLeCO5imfWCKoqMpgsy6vYMEG6KDA0Gh1gXxG8K28Kh8hjtGqEgqiNx2mna/H2ql
+PRmP6zjzZN7IKw0KKP/32+IVQtQi0Cdd4Xn+GOdwiK1O5tmLOsbdJ1Fu/7xk9TND
+TwIDAQABo4IBRjCCAUIwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYw
+SwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5pZGVudHJ1
+c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTEp7Gkeyxx
++tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEEAYLfEwEB
+ATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2VuY3J5cHQu
+b3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0LmNvbS9E
+U1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFHm0WeZ7tuXkAXOACIjIGlj26Ztu
+MA0GCSqGSIb3DQEBCwUAA4IBAQAKcwBslm7/DlLQrt2M51oGrS+o44+/yQoDFVDC
+5WxCu2+b9LRPwkSICHXM6webFGJueN7sJ7o5XPWioW5WlHAQU7G75K/QosMrAdSW
+9MUgNTP52GE24HGNtLi1qoJFlcDyqSMo59ahy2cI2qBDLKobkx/J3vWraV0T9VuG
+WCLKTVXkcGdtwlfFRjlBz4pYg1htmf5X6DYO8A4jqv2Il9DjXA6USbW1FzXSLr9O
+he8Y4IWS6wY7bCkjCWDcRQJMEhg76fsO3txE+FiYruq9RUWhiF1myv4Q6W+CyBFC
+Dfvp7OOGAN6dEOM4+qR9sdjoSYKEBpsr6GtPAQw4dy753ec5
+-----END CERTIFICATE-----

examples/istio-with-separate-cert/files/bigbangdev.key

@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQDWf1Mu3PzeB7cL
+KMFYUoImy+bX6aXyV1d1gDCgxvXmIkY2EMFG0yL4fqRSMExgmmTVBJmDcJixBr36
+m14t6g39FX0n0XEnB4BvxyARFnbyecB7EUQ6AGCzUTbAW16pgQC2SKuIm7qjygdS
+UObgPfXqkUDshARZo1Q6OEFBZgn2R/lISg3wNlxlIp8BSCgLEE5mhAJZX9OzfVXC
+zJTxXtl9IUSQwuE9ANGb0AP10xdp9gR2uyAyYXgW+d0/GTKGzJTrkcy5x39XXIuY
+ddOg7dQ7lSb6VqtFXaDvnrHao1Pn/W/UG8bmGM0uDRqLdvllxp9Bj2UlHD2W9v+C
+OLtxxaubAgMBAAECggEBALaCAfJHADWfVOT+2XxgP/Po3NNsL9IC9Ry6ZSX4BHS7
+RwhruzibIA9WGlUAWYx88jy6PDC1loZSGUXp+vmQRDTKmwJNWD0ASg1R3fwMJEtu
+wxMz/txnQ+BvwulrFSGe7U8siB+leeoxVYd55Oh6cAsVaquULOtkaJ9dDFEsFF/j
+ENySaIXqpuEG457xLL/uCfmUd7SaLhS8FbmwadvYphQK6huVpVFbBhRzLbTRFGI/
+S/kpZ9cdBIxmoZTSy1l2mveCEpgdqMbqsdLQLijYUM5ZWjW+VA+4sgmY0/oPW3Mx
+M6gQUu7TQeIZFmtl05UAOICm4FjqezBmaiihjsLr3JkCgYEA78V53BvgXNvN9zzr
+sn3/WDBhYxZQiGacVvirk42rT/mPr3o9tqI4pxsN3ZK3pTvBoNbRI2UrfjgAQ/+J
+OVuwaheXKeTdDiSWc3suddkfAHAHECD+FZ9iSIH8t8h+sVlf7HvTe5on+JGhi2nK
+26zWv5FBjBFBgFMyXikaSQBpK20CgYEA5QPs4L1YF7HskrIeN75sbQUgNL1t+Q0H
+SkOpfTZ/VbnT+92lKkdWPxmXabZLZrTYxw9/ZswrW+SgIc95kbLOiwiV46PVca/Z
+fLdSBZcKqV0GWnehuh0ClhiNDJA4ZXNDucu5ZP7eWVvO/Xh3SNvhAZtFidvRuO52
+bCT7W3j5hicCgYEA4pm+BjBuRTQSnpN7qW/8j2sBzvR63b4kCOnwtX2RJv8TNWMQ
+yfbcFcmyu/H6D3W/E/ORKaNmjF3+mkT5ejTWMB3lZdl+tOwNKEyFZyjwbKhzdGHJ
+38OGzkHTBhm86n0t88A+6TSSjA+OHcS4zA230spDqU1xmwaFtomf5tg1jK0CgYAs
+pgRDmIaZMAYIX5OGmKh45LvvrFLJcGHQd7qOf9Z5dx4+B2tQ/9FvweSEJpcyseVl
+gb774qg9ZShXDyULY8niz0yxsdpGLNuA9hiWoGjithEsCBDOwSMk8iplnaRxGvTE
+P1SovQvKbhy/zAGtgbivYH9BLksH++24jck3fzFelwKBgQCbTi5jgcNO5UZc0zct
+BboFbBykE1LlVOWGBB9aQ6FcKmj42DZOav4M87Yajh+2GvvgeijGvGj0xdhaWEMD
+/G+OLmLlXucuzb+BAxO8jgIoQhh4gVEFOuFaXrBoQT5sMuTJDnYzxLnLXOKlMf4K
+Uq/W3NP3fz/2PMW2GS19TX7EQQ==
+-----END PRIVATE KEY-----

examples/istio-with-separate-cert/kustomizations/bigbang/git-secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+kind: Secret
+type: Opaque
+metadata:
+  name: zarf-git-secret
+  namespace: bigbang
+stringData:
+  username: "zarf-git-user"
+  password: "###ZARF_GIT_AUTH_PUSH###"

examples/istio-with-separate-cert/kustomizations/bigbang/kustomization.yaml

@@ -0,0 +1,24 @@
+bases:
+  - git::https://repo1.dso.mil/platform-one/big-bang/bigbang.git/base?ref=tags/1.17.0
+
+configMapGenerator:
+  - name: common
+    namespace: bigbang
+    behavior: merge
+    files:
+      - values.yaml
+
+resources:
+  - git-secret.yaml
+
+patchesStrategicMerge:
+  - |-
+    apiVersion: source.toolkit.fluxcd.io/v1beta1
+    kind: GitRepository
+    metadata:
+      name: bigbang
+      namespace: bigbang
+    spec:
+      url: http://zarf-gitea-http.zarf.svc.cluster.local:3000/zarf-git-user/mirror__repo1.dso.mil__platform-one__big-bang__bigbang.git
+      secretRef:
+        name: zarf-git-secret