making the istio hardening composite so it'll work better

6b741aa9 · Andrew Shoell · 3d4405f7 · 6b741aa9 · 6b741aa9 · 6b741aa9
Unverified Commit 6b741aa9 authored 8 months ago by Andrew Shoell
--- a/chart/templates/authservice/values.yaml
+++ b/chart/templates/authservice/values.yaml
@@ -8,6 +8,12 @@

 istio:
  enabled: {{ .Values.istio.enabled }}
+  hardened:
+    {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) }}
+    enabled: true
+    {{- else}}
+    enabled: false
+    {{- end }}

 image: 
  pullPolicy: {{ .Values.imagePullPolicy }}

--- a/chart/templates/grafana/values.yaml
+++ b/chart/templates/grafana/values.yaml
@@ -36,7 +36,7 @@ istio:
  {{- $grafanaInjection := dig "istio" "injection" "enabled" .Values.grafana }}
  enabled: {{ .Values.istio.enabled }}
  hardened:
-    {{- if or (dig "values" "istio" "hardened" "enabled" false .Values.monitoring) (dig "values" "istio" "hardened" "enabled" false .Values.grafana) }}
+    {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) }}
    enabled: true
    {{- else }}
    enabled: false

--- a/chart/templates/istio/values.yaml
+++ b/chart/templates/istio/values.yaml
@@ -81,6 +81,13 @@ values:
    jwksResolverExtraRootCA: {{ default (dig "certificateAuthority" "cert" "" .Values.sso) .Values.sso.certificate_authority | quote }}
 {{- end }}

+hardened:
+  {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) }}
+  enabled: true
+  {{- else}}
+  enabled: false
+  {{- end }}
+
 {{- if .Values.istio.ingressGateways }}
 ingressGateways:
  istio-ingressgateway:

--- a/chart/templates/monitoring/values.yaml
+++ b/chart/templates/monitoring/values.yaml
@@ -39,7 +39,7 @@ istio:
  {{- $monitoringInjection := dig "istio" "injection" "enabled" .Values.monitoring }}
  enabled: {{ .Values.istio.enabled }}
  hardened:
-    {{- if or (dig "values" "istio" "hardened" "enabled" false .Values.monitoring) (dig "values" "istio" "hardened" "enabled" false .Values.grafana) }}
+    {{- if or (dig "istio" "hardened" "enabled" false .Values.monitoring.values) (dig "istio" "hardened" "enabled" false .Values.addons.authservice.values) (dig "hardened" "enabled" false .Values.istio.values) (dig "istio" "hardened" "enabled" false .Values.grafana.values) }}
    enabled: true
    {{- else }}
    enabled: false

--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -72,6 +72,8 @@ istio:
        key: "" # Gets added via chart/ingress-certs.yaml
        cert: "" # Gets added via chart/ingress-certs.yaml
  values:
+    hardened:
+      enabled: true
    kiali:
      dashboard:
        auth: