Anchore metrics mtls

chart/templates/anchore/values.yaml

@@ -19,6 +19,17 @@ istio:
 
 monitoring:
   enabled: {{ .Values.monitoring.enabled }}
+  {{- if and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.anchore) "enabled") }}
+  {{- if (eq (dig "values" "istio" "mtls" "mode" "STRICT" .Values.addons.anchore) "STRICT") }}
+  serviceMonitor:
+    scheme: "https"
+    tlsConfig:
+      caFile: /etc/prom-certs/root-cert.pem
+      certFile: /etc/prom-certs/cert-chain.pem
+      keyFile: /etc/prom-certs/key.pem
+      insecureSkipVerify: true
+  {{- end }}
+  {{- end }}
 
 networkPolicies:
   enabled: {{ .Values.networkPolicies.enabled }}
@@ -122,6 +133,16 @@ ui-redis:
       selector:
         app.kubernetes.io/name: anchore-ui-redis
         app.kubernetes.io/instance: anchore
+      {{- if and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.addons.anchore) "enabled") }}
+      {{- if (eq (dig "values" "istio" "mtls" "mode" "STRICT" .Values.addons.anchore) "STRICT") }}
+      scheme: "https"
+      tlsConfig:
+        caFile: /etc/prom-certs/root-cert.pem
+        certFile: /etc/prom-certs/cert-chain.pem
+        keyFile: /etc/prom-certs/key.pem
+        insecureSkipVerify: true
+      {{- end }}
+      {{- end }}
     prometheusRule:
       enabled: true
       namespace: monitoring

chart/values.yaml

@@ -1145,7 +1145,7 @@ addons:
     git:
       repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/anchore-enterprise.git
       path: "./chart"
-      tag: "1.19.7-bb.2"
+      tag: "1.19.7-bb.3"
 
     # -- Flux reconciliation overrides specifically for the Anchore Package
     flux: