Merge branch 'jb/neuvector-sso-ca' into 'master'

add support for sso.certificateAuthority to neuvector

See merge request !3075

chart/templates/neuvector/secret-ca.yaml

+{{- if and .Values.neuvector.enabled .Values.neuvector.sso.enabled (or .Values.sso.certificate_authority (dig "certificateAuthority" "cert" false .Values.sso)) }}
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ default (dig "certificateAuthority" "secretName" "" .Values.sso) .Values.sso.secretName }}
+  namespace: neuvector
+type: Opaque
+data:
+  ca.pem: {{ default (dig "certificateAuthority" "cert" "" .Values.sso) .Values.sso.certificate_authority | b64enc }}
+{{- end }}
\ No newline at end of file

chart/templates/neuvector/values.yaml

@@ -48,6 +48,11 @@ controller:
         default_role: {{ .Values.neuvector.sso.default_role }}
       {{- end }}
   {{- end }}
+  {{- if and .Values.neuvector.sso.enabled (or .Values.sso.certificate_authority (dig "certificateAuthority" "cert" false .Values.sso)) }}
+  sso:
+    certificateAuthority:
+      secretName: {{ default (dig "certificateAuthority" "secretName" "" .Values.sso) .Values.sso.secretName }}
+  {{- end }}
 {{- end }}
 
 monitor:

chart/values.yaml

@@ -736,11 +736,11 @@ neuvector:
   git:
     repo: https://repo1.dso.mil/big-bang/product/packages/neuvector.git
     path: "./chart"
-    tag: "2.4.5-bb.4"
+    tag: "2.4.5-bb.5"
   helmRepo:
     repoName: "registry1"
     chartName: "neuvector"
-    tag: "2.4.5-bb.4"
+    tag: "2.4.5-bb.5"
 
   # -- Redirect the package ingress to a specific Istio Gateway (listed in `istio.gateways`).  The default is "public".
   ingress:
@@ -748,7 +748,7 @@ neuvector:
 
   sso:
     # -- Toggle SSO for Neuvector on and off
-    enabled: true
+    enabled: false
 
     # -- OIDC Client ID to use for Neuvector
     client_id: ""