diff --git a/chart/templates/twistlock/gitrepository.yaml b/chart/templates/twistlock/gitrepository.yaml
index 1a9f23be4fca7d8284a8d214961c3aa8d9e3c6bc..2333e78747e391cbb11aa2eae0832163b1f42048 100644
--- a/chart/templates/twistlock/gitrepository.yaml
+++ b/chart/templates/twistlock/gitrepository.yaml
@@ -14,5 +14,6 @@ spec:
ref:
{{- include "validRef" .Values.twistlock.git | nindent 4 }}
{{ include "gitIgnore" . }}
+ !/chart/scripts/*.sh
{{- include "gitCreds" . | nindent 2 }}
{{- end }}
diff --git a/chart/templates/twistlock/values.yaml b/chart/templates/twistlock/values.yaml
index d4c2310eb147652d0aaf5b9e204b65f37f6135df..181e9bb926b598dfbad5541ab5b3395e70ee9179 100644
--- a/chart/templates/twistlock/values.yaml
+++ b/chart/templates/twistlock/values.yaml
@@ -4,15 +4,12 @@
{{- define "bigbang.defaults.twistlock" -}}
# hostname is deprecated and replaced with domain. But if hostname exists then use it.
-{{- $domainName := default .Values.domain .Values.hostname }}
-hostname: {{ $domainName }}
-domain: {{ $domainName }}
+domain: {{ default .Values.domain .Values.hostname }}
openshift: {{ .Values.openshift }}
-prometheus:
- servicemonitor:
- enabled: {{ .Values.monitoring.enabled }}
+monitoring:
+ enabled: {{ .Values.monitoring.enabled }}
imagePullSecrets:
- name: private-registry
@@ -23,6 +20,7 @@ networkPolicies:
{{- $gateway := default "public" .Values.twistlock.ingress.gateway }}
{{- $default := dict "app" (dig "gateways" $gateway "ingressGateway" nil .Values.istio) "istio" nil }}
{{- toYaml (dig "values" "gateways" $gateway "selector" $default .Values.istio) | nindent 4 }}
+ controlPlaneCidr: {{ .Values.networkPolicies.controlPlaneCidr }}
nodeCidr: {{ .Values.networkPolicies.nodeCidr }}
istio:
diff --git a/chart/values.yaml b/chart/values.yaml
index 22b3e2d6ce7527241b1587fd46613e44bcf3d15f..c0fa778d923e6cd51db159d140384a6c17e653bb 100644
--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -639,7 +639,7 @@ twistlock:
git:
repo: https://repo1.dso.mil/platform-one/big-bang/apps/security-tools/twistlock.git
path: "./chart"
- tag: "0.6.0-bb.0"
+ tag: "0.7.0-bb.0"
# -- Flux reconciliation overrides specifically for the Twistlock Package
flux: {}
diff --git a/tests/test-values.yaml b/tests/test-values.yaml
index b8a5199b74033e09f560423de91e2699da0d515c..8915ac4a4f9b9918d6d746109ee38f1cd6c64115 100644
--- a/tests/test-values.yaml
+++ b/tests/test-values.yaml
@@ -162,6 +162,7 @@ gatekeeper:
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
- logging/loki-cypress-test
+ - twistlock/twistlock-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
@@ -257,6 +258,7 @@ gatekeeper:
- monitoring/kube-prometheus-stack-cypress-test
- vault/vault-cypress-test
- logging/loki-cypress-test
+ - twistlock/twistlock-cypress-test
# Allow kyverno test vectors for Helm test
- default/restrict-host-path-mount-.?
- default/restrict-host-path-write-.?
@@ -365,6 +367,7 @@ kyvernopolicies:
- monitoring
- vault
- logging
+ - twistlock
names:
- "*-cypress-test*"
parameters:
@@ -385,6 +388,7 @@ kyvernopolicies:
- monitoring
- vault
- logging
+ - twistlock
names:
- "*-cypress-test*"
parameters:
@@ -420,6 +424,7 @@ kyvernopolicies:
- monitoring
- vault
- logging
+ - twistlock
names:
- "*-cypress-test*"
update-image-pull-policy:
@@ -496,17 +501,17 @@ loki:
strategy: scalable
values:
global:
- createGlobalConfig: true
+ createGlobalConfig: true
existingSecretForConfig: "loki-config"
loki-simple-scalable:
write:
replicas: 1
persistence:
size: 2Gi
- resources:
+ resources:
limits:
cpu: 200m
- memory: 400Mi
+ memory: 400Mi
requests:
cpu: 200m
memory: 400Mi
@@ -514,10 +519,10 @@ loki:
replicas: 1
persistence:
size: 2Gi
- resources:
+ resources:
limits:
cpu: 200m
- memory: 400Mi
+ memory: 400Mi
requests:
cpu: 200m
memory: 400Mi