authservice update to 0.5.3-bb.29

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/authservice/-/blob/0.5.3-bb.29/CHANGELOG.md

Package MR

big-bang/product/packages/authservice!148 (merged)

For Issue

Closes (link to issue here)

Upgrade Notices

A Sidecar resource has been added to the Kiali namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.

Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.

Closes #87 (closed)

added authservice botmr statusreview labels

assigned to @project_2872_bot2

changed the description

requested review from @ryan.j.garcia, @chris.oconnell, and @michaelmartin

added 1 commit

• af770dc0 - enable istio.hardened by default in CI test.

Compare with previous version

added 1 commit

• e9abd15d - syntax fix

Compare with previous version

added 1 commit

• bc804808 - fix haproxy value too

Compare with previous version

added 1 commit

• 1cbc6340 - pass istio.enabled to authservice package

Compare with previous version

@chris.oconnell @ryan.j.garcia

I added a few fixes to this MR and tested some SSO sign ins. Looks good to me.

If you want to do some additional and merge in if it looks good.

approved this merge request

marked this merge request as ready

requested review from @ryan.thompson.44

@andrewshoell : You have been tagged in this merge request for the purpose of conducting secondary review.

changed milestone to %2.22.0

Can I get clarity on the role of HAProxy with Authservice? My impression was HAProxy is not used unless istio was disabled, is that correct? If that's the case, I don't believe we need to pass any configuration for istio to HAProxy.

lgtm, @seagren.tim i'm not sure, but i know it always deploys authorization policies as is right now, which tells me it has at least some way of interacting with istio

resolved all threads

added 1 commit

• 96ebcf37 - undo haproxy changes

Compare with previous version

added 1 commit

• 82609edf - move values and hardening fixes to different MR

Compare with previous version

I moved the changes I added over here: !3913 (merged)

This commit will be the original package version bump only

approved this merge request

enabled an automatic merge when the pipeline for 82609edf succeeds

merged

mentioned in commit 8e0db8ce