Merge branch '721-twistlock-update' into 'master'

Bump Twistlock for defenders NP template & values Closes #721 See merge request platform-one/big-bang/bigbang!887

Merge branch '721-twistlock-update' into 'master'
6cb190a1 · Ryan Garcia · 8c9ea09a · 3bfd75bc · 6cb190a1 · 6cb190a1
Commit 6cb190a1 authored 3 years ago by Ryan Garcia
--- a/chart/templates/twistlock/values.yaml
+++ b/chart/templates/twistlock/values.yaml
@@ -23,6 +23,7 @@ networkPolicies:
    {{- $gateway := default "public" .Values.twistlock.ingress.gateway }}
    {{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
    {{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
+  nodeCidr: {{ .Values.networkPolicies.nodeCidr }}

 istio:
  enabled: {{ .Values.istio.enabled }}

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -101,6 +101,10 @@ networkPolicies:
  # Must be an IP CIDR range (x.x.x.x/x - ideally with /32 for the specific IP of a single endpoint, broader range for multiple masters/endpoints)
  # Used by package NetworkPolicies to allow Kube API access
  controlPlaneCidr: 0.0.0.0/0
+  # -- Node CIDR, defaults to allowing "10.0.0.0/8" "172.16.0.0/12" "192.168.0.0/16" "100.64.0.0/10" networks.
+  # use `kubectl get nodes -owide` and review the `INTERNAL-IP` column to derive CIDR range.
+  # Must be an IP CIDR range (x.x.x.x/x - ideally a /16 or /24 to include multiple IPs)
+  nodeCidr: ""

 # ----------------------------------------------------------------------------------------------------------------------
 # Istio
@@ -443,7 +447,7 @@ twistlock:
  git:
    repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
    path: "./chart"
-    tag: "0.0.8-bb.1"
+    tag: "0.0.9-bb.0"

  # -- Flux reconciliation overrides specifically for the Twistlock Package
  flux: {}