istio update to 1.21.2-bb.3

0be19508 · mr-bot · Michael Martin · 13556b83 · 0be19508 · 0be19508
Commit 0be19508 authored 9 months ago by mr-bot Committed by Michael Martin 9 months ago
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -18,7 +18,7 @@ maintainers:
    email: michaelmartin@seed-innovations.com
  - name: Chris O'Connell
    email: coconnell@bridgephase.com
-  - name: Andrew Schoell
+  - name: Andrew Shoell
    email: a.shoell@wearemetronome.com

 icon: https://p1.dso.mil/img/Big_Bang_Color_Logo_White_text.b04263b1.png
--- a/chart/templates/fortify/helmrelease.yaml
+++ b/chart/templates/fortify/helmrelease.yaml
@@ -56,15 +56,19 @@ spec:
      kind: Secret
      valuesKey: "overlays"

-  {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled }}
+  {{- if or .Values.istio.enabled .Values.kyvernoPolicies.enabled .Values.monitoring.enabled }}
  dependsOn:
-  {{- if .Values.istio.enabled }}
+    {{- if .Values.istio.enabled }}
    - name: istio
      namespace: {{ .Release.Namespace }}
-  {{- end }}
-  {{- if .Values.kyvernoPolicies.enabled }}
+    {{- end }}
+    {{- if .Values.kyvernoPolicies.enabled }}
    - name: kyverno-policies
      namespace: {{ .Release.Namespace }}
-  {{- end }}
+    {{- end }}
+    {{- if .Values.monitoring.enabled }}
+    - name: monitoring
+      namespace: {{ .Release.Namespace }}
+    {{- end }}
  {{- end }}
 {{- end }}
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -174,11 +174,11 @@ istio:
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/istio-controlplane.git
    path: "./chart"
-    tag: "1.21.2-bb.2"
+    tag: "1.21.2-bb.3"
  helmRepo:
    repoName: "registry1"
    chartName: "istio"
-    tag: "1.21.2-bb.2"
+    tag: "1.21.2-bb.3"
    # -- If the HelmRelease should verify the cosign signature of the HelmRepo (only relevant if Repo is OCI).  Set to 'false' to disable verification.
    # cosignVerify:

@@ -873,11 +873,11 @@ monitoring:
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/monitoring.git
    path: "./chart"
-    tag: "59.1.0-bb.0"
+    tag: "59.1.0-bb.1"
  helmRepo:
    repoName: "registry1"
    chartName: "monitoring"
-    tag: "59.1.0-bb.0"
+    tag: "59.1.0-bb.1"

  # -- Flux reconciliation overrides specifically for the Monitoring Package
  flux:
@@ -1083,11 +1083,11 @@ addons:
    git:
      repo: https://repo1.dso.mil/big-bang/product/packages/authservice.git
      path: "./chart"
-      tag: "1.0.1-bb.0"
+      tag: "1.0.1-bb.1"
    helmRepo:
      repoName: "registry1"
      chartName: "authservice"
-      tag: "1.0.1-bb.0"
+      tag: "1.0.1-bb.1"

    # -- Flux reconciliation overrides specifically for the Authservice Package
    flux: {}

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -42,10 +42,10 @@ sso:
    metadata: <md:EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata" xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" entityID="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda"><md:IDPSSODescriptor WantAuthnRequestsSigned="true" protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"><md:KeyDescriptor use="signing"><ds:KeyInfo><ds:KeyName>4CK69bW66HE2wph9VuBs0fTc1MaETSTpU1iflEkBHR4</ds:KeyName><ds:X509Data><ds:X509Certificate>MIICoTCCAYkCBgF/iYn0azANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwHhcNMjIwMzE0MTc0NDUzWhcNMzIwMzE0MTc0NjMzWjAUMRIwEAYDVQQDDAliYWJ5LXlvZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCoCX4G1TCnZlWXvCLH/z6m5y/6NMrUv1AYVVbTaQ9iUWLR+uD44v1exIHUywkgQV+cMhn+my+9ZihmRWfOJuBWV8CM5BfIh685YulKVQrcGlYWcB877SjJBZKxyXITz7GnNOJ8vvlK9tK8OncldUFrhR2BXaqw2zvG733CKlDtyujaWmd7kQge/p4okx4bV4VBLYMmsjrJ004uvMcU4DekCFlGmEh3p3FhZorMf+1xHfi5DaCD4iCYZqRgsWEb8/Zmsx0+qi56P9YWhz1j2GUfHw0At8Dq5h7hoMJtYJMvVXWxkmPNVHtaJMOHt8iiBO7/a6SkI6ddf9Jotp2i6XEvAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAJwSLJ0eybbeBYPvXnawqpy6JSXJ/MnnRvSGN9tXJ2+d/QXMOEPwJaAaOrvFtpUQxyPELJ8nU/Ukf7AL2zWltsCLiwtTrJkC+BpbZYkb1UsByveBS5wTPfiNkFzHeGg+MxBjiju2y04P4kEngXhQh4ZIUdi+WJjew721nJa/tjrMfnuEsMjxY/tWnzkk8xkGgaApZpGyaj1tOmVH4GR6CeBU6459m/GXmGH5TCGwT3EyfpZ189te+xV73WZR/r2nDlGuuy//w/P4JGHh4lcCwLfPcOOH30otcPAgctyX9Takk4MkVjva+b9S88sGaWPg075bxA2sysmkuqEOULjdXjU=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:ArtifactResolutionService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml/resolve" index="0"></md:ArtifactResolutionService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleLogoutService><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</md:NameIDFormat><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService><md:SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact" Location="https://keycloak.dev.bigbang.mil/auth/realms/baby-yoda/protocol/saml"></md:SingleSignOnService></md:IDPSSODescriptor></md:EntityDescriptor>

 flux:
-  timeout: 20m
+  timeout: 60m
  interval: 1m
  rollback:
-    timeout: 20m
+    timeout: 60m
    cleanupOnFail: false
  ## override cleanup on upgrade to allow artifacts to upload
  upgrade:
@@ -76,6 +76,8 @@ istio:
      dashboard:
        auth:
          strategy: "anonymous"
+    hardened:
+      enabled: true
    values:
      pilot:
        env:
@@ -1372,6 +1374,7 @@ addons:
                    protocol: HTTP
                    name: http
                resolution: DNS
+
  authservice:
    enabled: false
    chains: