feat: allow creation of wildcard cert from values.yaml intead of externally provided

CHANGELOG.md

@@ -8,6 +8,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 
 * Added Kubernetes labels to all objects created by umbrella
 * Add OIDC integration for Grafana
+* Allow creation of wildcard cert for istio ingress to be passed to BigBang chart
 
 ## [1.0.6]
 

chart/ingress-certs.yaml

+istio:
+  ingress:
+    key: |
+      -----BEGIN PRIVATE KEY-----
+      MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC/D0ec03HNoIEK
+      y1b58HynHMpf/ozsUmnQ5PRBlxMuf7kwMICaBpAwIiyKf8a34sBg3xv1KXe5hUlf
+      0aOXhK3LRg3VMhRw0Q8bLwc3qaUViqqa3niYqsOjg3bTiTM/oQZDyN09oFJTvG2T
+      +bcpX6IdIu3elsXQL7iETtl6e3MKF+NrLh/nDXGh89suBxFmkKqlYi8OYgxa0smK
+      rRQdapRaCfdYwfhYUmpzP64YIkjBnjlHa+QM901iSC/p21Iog3iGM1VyeGKCjd3a
+      g9mm+es0MXVtvTR9nPJtVgfDN8izmdbEkKYcxsGuy9EWFkqzNpSRmIBAFmRE0RZa
+      khStc/5jAgMBAAECggEAXJb7DXUq4Yu2/ZQtQlLZFeNN79dcU+pcfW93L5IXKaGc
+      DU50BDDKD4mALF5f3x10PX3h/p1p9+4v8M+XiAY0cx4v9fGfFk06FOJljQQZjKb2
+      prbJmrKmvMco/rquq1dNwevFy+e1/f6C3ANYUCSYW6ZhwE0w8AMwWG4d1s2cona6
+      y+2dCBDmPPeZMAi6fV52G5YRULGkkfZTc9OJnx4Mivtuf8sjahNLnaLgL+kscf0s
+      amWpMqQ++EpXSj/bb1pNxqtQmm9bn9gxX8WWwUCVrZTpV4gmaoekhAU1H0CDglmH
+      7ByeMYlVYZ40SPhTzWTqQJGQg/seSJBOHTm59vLygQKBgQDhEHpQ5QofK902RrH6
+      Nuoui8WUS4w8y3X+jJ/6WC7Wlp94H29+ag7Z9BOMw7ReKlICCwUYLpKO9oeTHKT/
+      LmIDq03Leduj34K5t/BHcMfwpGMabPRDgWM5r0rJUNxIGtqTpJmOEOHCB+yXRiTO
+      GJtuDmmL8Vkrh0S6xck7D2tHrwKBgQDZUkBwjtylRoRYflZspGwp3e5ECmNf2GYp
+      9ZypaycDNDK06av0Jk+DNKQ3XFmRpID56lyUN4fPV/ICphPYE+C88J5rXAvdmG/7
+      1UTZN68FaObNrwH2H1H5pdlCiaezIPXcjOfr9Fyf3q+W3mo54bnIc3uuXNTu8QSA
+      W1S4uahtjQKBgQDg9hp872M9oxebH/DYHLnZSqZ0Q0tqnShVBnUFw80Vezrs0+ca
+      4aH0o25DHn8UPJL6Lc+qyyp9Mdhz6IbX9qHL7xd0klpDo67EOiI3FnkThQz2Jf/F
+      1fe7egZz0ZpNjGH8f+NoyGEQE+Gdl2REiP4bdNZ1JgmuY6gEVJx+pzvhSwKBgQCU
+      ZDOYKBTFzibkfi/pM0SgOehOEYHVml/4WrvEe2RCLcxJ+BzwM5CrmLBhFPAcIOXo
+      wHzCwEA99mFMKbb3Hmug1/R0fn+jqkkc/n1qjTk3Sm//FncSZkSFYRe+9VvLVsBK
+      /vQGC++LQnVHYUvLhjRjiWd0ofLLzUszkimBkVROqQKBgQDbF8zopHsx9esG56wa
+      swAacYfmfqS6d2WOGdMVX4lLBm6i8AXjsUPDM7uCPgFYNME8nabnCUUUUp/ay9K9
+      y0MSGIBODQBuG3oQh50WFrMS9DS81CeN6Pw0OfyJbcVipfzR91enLVrtu2VHR6k/
+      yaBUIExh8TljUL3lXmmsogyTtA==
+      -----END PRIVATE KEY-----
+    cert: |
+      -----BEGIN CERTIFICATE-----
+      MIIFbjCCBFagAwIBAgISAw26hxsmWVkOG9m/gVhtkSG5MA0GCSqGSIb3DQEBCwUA
+      MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
+      EwJSMzAeFw0yMTAxMTYwMDQwNDNaFw0yMTA0MTYwMDQwNDNaMBwxGjAYBgNVBAMM
+      ESouZGV2LmJpZ2JhbmcuZGV2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
+      AQEAvw9HnNNxzaCBCstW+fB8pxzKX/6M7FJp0OT0QZcTLn+5MDCAmgaQMCIsin/G
+      t+LAYN8b9Sl3uYVJX9Gjl4Sty0YN1TIUcNEPGy8HN6mlFYqqmt54mKrDo4N204kz
+      P6EGQ8jdPaBSU7xtk/m3KV+iHSLt3pbF0C+4hE7ZentzChfjay4f5w1xofPbLgcR
+      ZpCqpWIvDmIMWtLJiq0UHWqUWgn3WMH4WFJqcz+uGCJIwZ45R2vkDPdNYkgv6dtS
+      KIN4hjNVcnhigo3d2oPZpvnrNDF1bb00fZzybVYHwzfIs5nWxJCmHMbBrsvRFhZK
+      szaUkZiAQBZkRNEWWpIUrXP+YwIDAQABo4ICkjCCAo4wDgYDVR0PAQH/BAQDAgWg
+      MB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAMBgNVHRMBAf8EAjAAMB0G
+      A1UdDgQWBBTrbZ6+wAuQ0OIBbN8V8hXbLkufuDAfBgNVHSMEGDAWgBQULrMXt1hW
+      y65QCUDmH6+dixTCxjBVBggrBgEFBQcBAQRJMEcwIQYIKwYBBQUHMAGGFWh0dHA6
+      Ly9yMy5vLmxlbmNyLm9yZzAiBggrBgEFBQcwAoYWaHR0cDovL3IzLmkubGVuY3Iu
+      b3JnLzBjBgNVHREEXDBagg0qLmJpZ2JhbmcuZGV2ghUqLmRlZmF1bHQuYmlnYmFu
+      Zy5kZXaCESouZGV2LmJpZ2JhbmcuZGV2ghIqLnRlc3QuYmlnYmFuZy5kZXaCC2Jp
+      Z2JhbmcuZGV2MEwGA1UdIARFMEMwCAYGZ4EMAQIBMDcGCysGAQQBgt8TAQEBMCgw
+      JgYIKwYBBQUHAgEWGmh0dHA6Ly9jcHMubGV0c2VuY3J5cHQub3JnMIIBAwYKKwYB
+      BAHWeQIEAgSB9ASB8QDvAHYARJRlLrDuzq/EQAfYqP4owNrmgr7YyzG1P9MzlrW2
+      gagAAAF3CNoNOwAABAMARzBFAiBCxBHYF5SXNE+UcCZRftFb+5XE+Onj8HtC4atE
+      kNm6qQIhANFpOLxz2e3JwrwHKdadcBDwc+Q2xLPYKJHpyQUVMJboAHUA9lyUL9F3
+      MCIUVBgIMJRWjuNNExkzv98MLyALzE7xZOMAAAF3CNoNGgAABAMARjBEAiADpTYm
+      547TFUjhV83thTmZWJWsYZRzsZMeo7EamHedBgIgf92OPEoJGOGTmMUHR5nmEIgv
+      OU/BA5PVyEYOrHL42mYwDQYJKoZIhvcNAQELBQADggEBAAqLJb4kCmqtYUeWIFJH
+      gpqpYN2twKos3CxVSJoWz3keU40t21/IrqziZkFffoGOTtuBzaX8xsPPz1Vpp+4G
+      WKHVZLb46ykDFPGL9+GaoUKOscxqdWHyN1abH5QFq7lYlH6AyJJ7qIj7RYIJRYIr
+      XuDGFpw7pxzM/laud/mZP9rztG3xbcFxxuYxCTqB53PUnMF1VfXAgsGz9l8Z91VU
+      KQQxckFwe2xunlB6HqUg3ahJOHNdDLuFPz6WS35Eyl+xf2gXFW1jYpxOJRpzsxp9
+      aVIrak3GIa7QgCav++5tue++YM2TqrWqq9GM1ixPG7HRCIbGYh31Hs462qlLOIAn
+      PKE=
+      -----END CERTIFICATE-----
+      -----BEGIN CERTIFICATE-----
+      MIIEZTCCA02gAwIBAgIQQAF1BIMUpMghjISpDBbN3zANBgkqhkiG9w0BAQsFADA/
+      MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
+      DkRTVCBSb290IENBIFgzMB4XDTIwMTAwNzE5MjE0MFoXDTIxMDkyOTE5MjE0MFow
+      MjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxCzAJBgNVBAMT
+      AlIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuwIVKMz2oJTTDxLs
+      jVWSw/iC8ZmmekKIp10mqrUrucVMsa+Oa/l1yKPXD0eUFFU1V4yeqKI5GfWCPEKp
+      Tm71O8Mu243AsFzzWTjn7c9p8FoLG77AlCQlh/o3cbMT5xys4Zvv2+Q7RVJFlqnB
+      U840yFLuta7tj95gcOKlVKu2bQ6XpUA0ayvTvGbrZjR8+muLj1cpmfgwF126cm/7
+      gcWt0oZYPRfH5wm78Sv3htzB2nFd1EbjzK0lwYi8YGd1ZrPxGPeiXOZT/zqItkel
+      /xMY6pgJdz+dU/nPAeX1pnAXFK9jpP+Zs5Od3FOnBv5IhR2haa4ldbsTzFID9e1R
+      oYvbFQIDAQABo4IBaDCCAWQwEgYDVR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8E
+      BAMCAYYwSwYIKwYBBQUHAQEEPzA9MDsGCCsGAQUFBzAChi9odHRwOi8vYXBwcy5p
+      ZGVudHJ1c3QuY29tL3Jvb3RzL2RzdHJvb3RjYXgzLnA3YzAfBgNVHSMEGDAWgBTE
+      p7Gkeyxx+tvhS5B1/8QVYIWJEDBUBgNVHSAETTBLMAgGBmeBDAECATA/BgsrBgEE
+      AYLfEwEBATAwMC4GCCsGAQUFBwIBFiJodHRwOi8vY3BzLnJvb3QteDEubGV0c2Vu
+      Y3J5cHQub3JnMDwGA1UdHwQ1MDMwMaAvoC2GK2h0dHA6Ly9jcmwuaWRlbnRydXN0
+      LmNvbS9EU1RST09UQ0FYM0NSTC5jcmwwHQYDVR0OBBYEFBQusxe3WFbLrlAJQOYf
+      r52LFMLGMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBgkqhkiG9w0B
+      AQsFAAOCAQEA2UzgyfWEiDcx27sT4rP8i2tiEmxYt0l+PAK3qB8oYevO4C5z70kH
+      ejWEHx2taPDY/laBL21/WKZuNTYQHHPD5b1tXgHXbnL7KqC401dk5VvCadTQsvd8
+      S8MXjohyc9z9/G2948kLjmE6Flh9dDYrVYA9x2O+hEPGOaEOa1eePynBgPayvUfL
+      qjBstzLhWVQLGAkXXmNs+5ZnPBxzDJOLxhF2JIbeQAcH5H0tZrUlo5ZYyOqA7s9p
+      O5b85o3AM/OJ+CktFBQtfvBhcJVd9wvlwPsk+uyOy2HI7mNxKKgsBTt375teA2Tw
+      UdHkhVNcsAKX1H7GNNLOEADksd86wuoXvg==
+      -----END CERTIFICATE-----

chart/templates/istio/controlplane/namespace.yaml

@@ -22,4 +22,20 @@ type: kubernetes.io/dockerconfigjson
 data:
   .dockerconfigjson: {{ template "imagePullSecret" . }}
 {{- end }}
+---
+{{- if and .Values.istio.ingress.key .Values.istio.ingress.cert }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: wildcard-cert
+  namespace: istio-system
+  labels:
+    app.kubernetes.io/name: istio-controlplane
+    app.kubernetes.io/component: "core"
+    {{- include "commonLabels" . | nindent 4}}
+type: kubernetes.io/tls
+data:
+  tls.crt: {{ .Values.istio.ingress.cert | b64enc }}
+  tls.key: {{ .Values.istio.ingress.key | b64enc}}
+{{- end }}
 {{- end }}
\ No newline at end of file

chart/values.yaml

@@ -76,6 +76,9 @@ istio:
     repo: https://repo1.dso.mil/platform-one/big-bang/apps/core/istio-controlplane.git
     path: "./chart"
     tag: "1.7.3-bb.7"
+  ingress:
+    key: ""
+    cert: ""
   sso:
     enabled: false
     kiali: