Skip to main content
Version: 5.21.0

Big Bang

Big Bang is Department of Defense (DoD) Platform One's (P1's) open-source framework built from DoD hardened and approved packages. Big Bang deploys instances of a Development, Security, and Operations (DevSecOps) Platform for DoD commands that need to build and run mission applications (apps).

What is Big Bang?

Big Bang is a Helm chart used to deploy a DevSecOps Platform on a Kubernetes cluster. The DevSecOps Platform comprises application packages bundled as helm charts that leverage Iron Bank hardened container images.

The Big Bang Helm chart deploys Git repository and HelmRelease Custom Resources to a Kubernetes cluster running the Flux GitOps Operator. These can be seen using kubectl get gitrepository,helmrelease -n=bigbang. Flux then installs the helm charts defined by the Custom Resources into the cluster.

The Big Bang Helm chart has a values.yaml file that does two main things:

  • Defines which DevSecOps Platform packages/helm charts will be deployed

  • Defines what input parameters will be passed through to the chosen helm charts

To view various platform apps, visit Packages or Big Bang Release Page. These sites also offer:

  • Source code and other Big Bang assets per major and minor version releases

  • Release notes and change notes from major version releases

  • Packages organized in categories and by Big Bang release versions

For a code-based source of truth, you can check Big Bang's default values.yaml, and search for ([CTRL] + [F]), "repo:", to quickly iterate through the list of apps supported by the Big Bang team.

Big Bang Universe and Big Bang Universe Git Repo provide an interactive visual of all packages in Core, Addons, and Community, as described in Big Bang Documentation.

What Big Bang Isn't

Big Bang, by itself, is not intended to be an end-to-end secure Kubernetes cluster solution, but rather a reusable secure component/piece of a full solution.

A secure Kubernetes cluster solution will have multiple components that can each be swappable and, in some cases, considered optional, depending on the use case and risk tolerance.

The following are examples of potential components offered in a full end-to-end solution:

  • Ingress traffic protection

    • P1's Cloud Native Access Point (CNAP)

    • CNAP can be swapped with an equivalent or considered optional in an internet disconnected setup

  • Hardened Host OS

  • Hardened Kubernetes cluster

    • Big Bang assumes Bring Your Own Cluster (BYOC)

    • Big Bang team recommends that consumers interested in a full solution partner with Vendors of Kubernetes Distributions to satisfy the prerequisite of a Hardened Kubernetes Cluster

  • Hardened apps running on the cluster

    • Iron Bank provides hardened containers that help solve this component

    • Big Bang utilizes the hardened containers in Iron Bank

What is Big Bang-as-a-Service (BBaaS)?

BrainGu's BBaaS utilizes Structsure™, our automated no-vendor, lock-in platform, to create sustainable common software environments. Structsure leverages P1's Big Bang and a Continuous Authority to Operate (cATO) to enable operator-driven mission application development at the speed of relevance. Our platform will help you build a custom software factory for your specific mission needs to enable faster development and deployment of your mission applications.

Benefits of Using BBaaS

  • Compliant with the DoD DevSecOps Reference Architecture Design

  • Satisfies multiple requirements needed to achieve a cATO or ATO

  • Addresses left shift supply chain security concerns using hardened Iron Bank container images

  • Adds the following security benefits through GitOps (Big Bang leverages, and can be further extended, using GitOps):

    • Prevents configuration drift between the state of a live cluster and IaC/Configuration as Code (CaC) source of truth (out-of-band changes are limited when users are denied direct kubectl access and only allowed to deploy via git commits)

    • Creates an audit trail for Git repository based deployments

    • Lowers the burden of implementing new secure configurations by using reusable secure configurations

    • Auto updates by setting kustomization.yaml to 1.x.x; Big Bang follows semantic versioning per the Big Bang Documentation, and flux is smart enough to read x as the most recent version number

    • DoD software developers get a user experience of "single sign on (SSO) for free"; instead of developers coding SSO support ten times for ten apps, the complexity of SSO support is baked into the platform, and after an operations team correctly configures the platform's SSO settings, SSO will work for all apps hosted on the platform

    • Lowers the maintainability overhead involved in keeping the images of a DevSecOps Platform up-to-date; and maintains a secure posture over the long term which is achieved by pairing the GitOps pattern with the Umbrella Helm Chart Pattern