Merge branch 'update-neuvector-tag-2.6.3-bb.13' into 'master'

neuvector update to 2.6.3-bb.13 Closes big-bang/product/packages/neuvector#82 See merge request !3991

Merge branch 'update-neuvector-tag-2.6.3-bb.13' into 'master'
606fc680 · Michael Martin · ac6ce18e · c79f8a79 · 606fc680 · 606fc680
Commit 606fc680 authored 1 year ago by Michael Martin
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -749,11 +749,11 @@ neuvector:
  git:
    repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
    path: "./chart"
-    tag: "2.6.3-bb.12"
+    tag: "2.6.3-bb.13"
  helmRepo:
    repoName: "registry1"
    chartName: "neuvector"
-    tag: "2.6.3-bb.12"
+    tag: "2.6.3-bb.13"
  # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
  ingress:

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -1122,6 +1122,46 @@ neuvector:
  values:
    k3s:
      enabled: true
+    istio:
+     enabled: true
+     hardened:
+       enabled: true
+       customServiceEntries:
+         - name: "allow-npm-for-cypress-tests"
+           enabled: true
+           spec:
+             hosts:
+               - 'registry.npmjs.org'
+               - 'download.cypress.io'
+               - 'cdn.cypress.io'
+             location: MESH_EXTERNAL
+             ports:
+               - number: 443
+                 protocol: TLS
+                 name: https
+             resolution: DNS
+         - name: "allow-repo1-for-cypress"
+           enabled: true
+           spec:
+             hosts:
+               - 'repo1.dso.mil'
+             location: MESH_EXTERNAL
+             ports:
+               - number: 443
+                 protocol: TLS
+                 name: https
+             resolution: DNS
+         - name: "allow-neuvector-for-cypress"
+           enabled: true
+           spec:
+             hosts:
+               - 'neuvector.bigbang.dev'
+             location: MESH_EXTERNAL
+             ports:
+               - number: 443
+                 protocol: TLS
+                 name: https
+             resolution: DNS
    bbtests:
      enabled: true
      cypress:
@@ -1135,16 +1175,62 @@ neuvector:
          limits:
            cpu: "2"
            memory: "1500M"
-    istio:
-      hardened:
-        enabled: true
 twistlock:
  enabled: false
  sso:
    enabled: false
    client_id: dev_00eb8904-5b88-4c68-ad67-cec0d2e07aa6_twistlock-saml
+  git:
+    tag: null
+    branch: "registry-only-sidecar-twistlock"
  values:
+    istio:
+      enabled: true
+      hardened:
+        enabled: true
+        customServiceEntries:
+          - name: "allow-npm-for-cypress-tests"
+            enabled: true
+            spec:
+              hosts:
+                - 'registry.npmjs.org'
+                - 'download.cypress.io'
+                - 'cdn.cypress.io'
+              location: MESH_EXTERNAL
+              exportTo:
+                - "."
+              ports:
+                - number: 443
+                  protocol: TLS
+                  name: https
+              resolution: DNS
+          - name: "allow-repo1-for-cypress"
+            enabled: true
+            spec:
+              hosts:
+                - 'repo1.dso.mil'
+              location: MESH_EXTERNAL
+              exportTo:
+                - "."
+              ports:
+                - number: 443
+                  protocol: TLS
+                  name: https
+              resolution: DNS
+          - name: "allow-twistlock-for-cypress"
+            enabled: true
+            spec:
+              hosts:
+                - 'twistlock.bigbang.dev'
+              location: MESH_EXTERNAL
+              exportTo:
+                - "."
+              ports:
+                - number: 443
+                  protocol: TLS
+                  name: https
+              resolution: DNS
    console:
      persistence:
        size: 5Gi