Merge branch '2209-fixing-monitoring-ns-hardening-consistency' into 'master'

Resolve "Fixing Monitoring NS hardening consistency" Closes #2209 See merge request !4667

Merge branch '2209-fixing-monitoring-ns-hardening-consistency' into 'master'
08b48c1e · Andrew Shoell · 042d973c · 8203f165 · 08b48c1e · 08b48c1e
Commit 08b48c1e authored 8 months ago by Andrew Shoell
--- a/chart/templates/anchore/values.yaml
+++ b/chart/templates/anchore/values.yaml
@@ -11,6 +11,11 @@ openshift: {{ .Values.openshift }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.anchore.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.anchore) "enabled")) }}
  ui:
    gateways:

--- a/chart/templates/argocd/values.yaml
+++ b/chart/templates/argocd/values.yaml
@@ -143,6 +143,11 @@ repoServer:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.argocd.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ dig "istio" "injection" "enabled" .Values.addons.argocd }}
  argocd:
    gateways:

--- a/chart/templates/authservice/values.yaml
+++ b/chart/templates/authservice/values.yaml
@@ -5,7 +5,7 @@
 {{- define "bigbang.defaults.authservice" -}}
 # hostname is deprecated and replaced with domain. But if hostname exists then use it.
 {{- $domainName := default .Values.domain .Values.hostname }}
-{{- $authServiceHardened := or 
+{{- $authServiceHardened := or
    (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
    (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
    (dig "hardened" "enabled" false .Values.istio.values)

--- a/chart/templates/cluster-auditor/values.yaml
+++ b/chart/templates/cluster-auditor/values.yaml
@@ -24,6 +24,11 @@ annotations:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.clusterAuditor.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}

 openshift: {{ .Values.openshift }}
 {{- end -}}
--- a/chart/templates/eck-operator/values.yaml
+++ b/chart/templates/eck-operator/values.yaml
@@ -22,6 +22,16 @@ openshift: {{ .Values.openshift }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+      (dig "istio" "hardened" "enabled" false .Values.grafana.values)
+      (dig "istio" "hardened" "enabled" false .Values.loki.values)
+      (dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
+      (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
+    }}

 monitoring:
  enabled: {{ .Values.monitoring.enabled }}

--- a/chart/templates/elasticsearch-kibana/values.yaml
+++ b/chart/templates/elasticsearch-kibana/values.yaml
@@ -15,11 +15,15 @@ imagePullPolicy: {{ .Values.imagePullPolicy }}
 istio:
  enabled: {{ .Values.istio.enabled }}
  hardened:
-    {{- if or (dig "istio" "hardened" "enabled" false .Values.loki.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values) }}
-    enabled: true
-    {{- else }}
-    enabled: false
-    {{- end }}
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+      (dig "istio" "hardened" "enabled" false .Values.grafana.values)
+      (dig "istio" "hardened" "enabled" false .Values.loki.values)
+      (dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
+      (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
+    }}
  kibana:
    gateways:
    - istio-system/{{ default "public" .Values.elasticsearchKibana.ingress.gateway }}

--- a/chart/templates/external-secrets/values.yaml
+++ b/chart/templates/external-secrets/values.yaml
@@ -21,6 +21,11 @@ annotations:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.externalSecrets.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}

 openshift: {{ .Values.openshift }}
 {{- end -}}
--- a/chart/templates/fluentbit/values.yaml
+++ b/chart/templates/fluentbit/values.yaml
@@ -142,6 +142,11 @@ networkPolicies:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.fluentbit.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}

 openShift:
  enabled: {{ .Values.openshift }}

--- a/chart/templates/fortify/values.yaml
+++ b/chart/templates/fortify/values.yaml
@@ -17,6 +17,11 @@ domain: {{ .Values.domain }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.fortify.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  fortify:
    gateways:
    - istio-system/{{ default "public" .Values.addons.fortify.ingress.gateway }}

--- a/chart/templates/gitlab-runner/values.yaml
+++ b/chart/templates/gitlab-runner/values.yaml
@@ -11,6 +11,12 @@ imagePullSecrets:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.gitlab.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.gitlabRunner.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ dig "istio" "injection" "enabled" .Values.addons.gitlabRunner }}



--- a/chart/templates/gitlab/values.yaml
+++ b/chart/templates/gitlab/values.yaml
@@ -17,6 +17,12 @@ openshift: {{ .Values.openshift }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.gitlab.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.gitlabRunner.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ dig "istio" "injection" "enabled" .Values.addons.gitlab }}
  gitlab:
    gateways:

--- a/chart/templates/grafana/values.yaml
+++ b/chart/templates/grafana/values.yaml
@@ -36,11 +36,15 @@ istio:
  {{- $grafanaInjection := dig "istio" "injection" "enabled" .Values.grafana }}
  enabled: {{ .Values.istio.enabled }}
  hardened:
-    {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) (dig "istio" "hardened" "enabled" false .Values.loki.values) }}
-    enabled: true
-    {{- else }}
-    enabled: false
-    {{- end }}
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+      (dig "istio" "hardened" "enabled" false .Values.grafana.values)
+      (dig "istio" "hardened" "enabled" false .Values.loki.values)
+      (dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
+      (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
+    }}
  grafana:
    enabled: true
    gateways:

--- a/chart/templates/haproxy/values.yaml
+++ b/chart/templates/haproxy/values.yaml
@@ -102,5 +102,16 @@ containerPorts:
  http: 8080
 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.haproxy.values)
+      (dig "istio" "hardened" "enabled" false .Values.monitoring.values)
+      (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+      (dig "istio" "hardened" "enabled" false .Values.grafana.values)
+      (dig "istio" "hardened" "enabled" false .Values.loki.values)
+      (dig "istio" "hardened" "enabled" false .Values.eckOperator.values)
+      (dig "istio" "hardened" "enabled" false .Values.elasticsearchKibana.values)
+    }}
 openshift: {{ .Values.openshift }}  
 {{- end -}}
--- a/chart/templates/harbor/values.yaml
+++ b/chart/templates/harbor/values.yaml
@@ -17,6 +17,11 @@ domain: {{ .Values.domain }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.harbor.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ dig "istio" "injection" "enabled" .Values.addons.harbor }}
  harbor:
    gateways:

--- a/chart/templates/holocron/values.yaml
+++ b/chart/templates/holocron/values.yaml
@@ -176,6 +176,11 @@ postgresql:

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.holocron.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: enabled
  holocron:
    gateways:

--- a/chart/templates/istio-operator/values.yaml
+++ b/chart/templates/istio-operator/values.yaml
@@ -16,4 +16,4 @@ networkPolicies:
  controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
 monitoring:
  enabled: {{ .Values.monitoring.enabled }}
-{{- end -}}
\ No newline at end of file
+{{- end -}}
--- a/chart/templates/istio/values.yaml
+++ b/chart/templates/istio/values.yaml
@@ -81,13 +81,6 @@ values:
    jwksResolverExtraRootCA: {{ default (dig "certificateAuthority" "cert" "" .Values.sso) .Values.sso.certificate_authority | quote }}
 {{- end }}

-hardened:
-  {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) (dig "istio" "hardened" "enabled" false .Values.loki.values) }}
-  enabled: true
-  {{- else}}
-  enabled: false
-  {{- end }}
-
 {{- if .Values.istio.ingressGateways }}
 ingressGateways:
  istio-ingressgateway:

--- a/chart/templates/jaeger/values.yaml
+++ b/chart/templates/jaeger/values.yaml
@@ -16,6 +16,11 @@ domain: {{ $domainName }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.jaeger.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  jaeger:
    enabled: {{ .Values.istio.enabled }}
    gateways:

--- a/chart/templates/keycloak/values.yaml
+++ b/chart/templates/keycloak/values.yaml
@@ -22,6 +22,11 @@ openshift: {{ .Values.openshift }}

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.addons.keycloak.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
  injection: {{ dig "istio" "injection" "enabled" .Values.addons.keycloak }}
  keycloak:
    enabled: true

--- a/chart/templates/kiali/values.yaml
+++ b/chart/templates/kiali/values.yaml
@@ -15,6 +15,10 @@ image:
 istio:
  enabled: {{ .Values.istio.enabled }}
  hardened:
+    enabled: {{ or
+      (dig "istio" "hardened" "enabled" false .Values.kiali.values)
+      (dig "hardened" "enabled" false .Values.istio.values)
+    }}
    monitoring:
      enabled: {{ .Values.monitoring.enabled }}
  kiali: