neuvector update to 2.6.3-bb.13

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/neuvector/-/blob/2.6.3-bb.13/CHANGELOG.md

Package MR

big-bang/product/packages/neuvector!82 (merged)

For Issue

Closes big-bang/product/packages/neuvector#82 (closed)

Upgrade Notices

A Sidecar resource has been added to the Neuvector namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.

Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.

added botmr neuvector statusreview labels

assigned to @charden

changed the description

requested review from @ryan.j.garcia, @chris.oconnell, and @michaelmartin

removed statusreview label

added statusdoing label

added 9 commits

• f4c6a507 - Testing Istio whitelist egress for Twistlock MR - branch registry-only-sidecar-twistlock
• 11450f52 - Testing Istio whitelist egress for Neuvector MR - branch registry-only-sidecar-neuvector
• 64c8a0a8 - Testing Istio whitelist egress for Neuvector MR - fixing branch ref
• 36b03ade - Testing Istio whitelist egress for Twistlock MR - adding exportTo: to customServiceEntries
• a7f338ba - Testing Istio whitelist egress for Neuvector MR - adding exportTo: to customServiceEntries
• ba1c3c41 - Merge remote-tracking branch 'origin/master' into test-whitelist-neuvector-82
• 911d50ba - Merge branch 'test-whitelist-twistlock-139' into test-whitelist-neuvector-82
• 1ef2500a - Merge branch 'test-whitelist-neuvector-82' into update-neuvector-tag-2.6.3-bb.13
• 02d75775 - Merging BB pre mr-bot test branch

Compare with previous version

changed title from Draft: neuvector update to 2.6.3-bb.13 to Draft: DEBUG neuvector update to 2.6.3-bb.13

mentioned in merge request !3998 (merged)

changed the description

added 6 commits

• 02d75775...32b88bbd - 4 commits from branch master
• 0cf5410a - adding the test-package-against-bb doc
• ee945f61 - Merge remote-tracking branch 'origin/master' into update-neuvector-tag-2.6.3-bb.13

Compare with previous version

added 1 commit

• 3b12058a - troubleshooting mr-bot mr failure: moving branch back from main to test-whitelist-neuvector-82

Compare with previous version

added 1 commit

• 6626072a - troubleshooting mr-bot mr failure: moving branch back from package main and removing exportTo

Compare with previous version

added 1 commit

• dd2a2ce9 - troubleshooting mr-bot mr failure: removing redundant istio.hardened from twistlock test-values

Compare with previous version

marked this merge request as ready

changed title from Draft: DEBUG neuvector update to 2.6.3-bb.13 to neuvector update to 2.6.3-bb.13

added statusreview label and removed statusdoing label

changed the description

requested review from @ryan.thompson.44

@andrewshoell : You have been tagged in this merge request for the purpose of conducting secondary review.

changed milestone to %2.23.0

approved this merge request

merged

mentioned in commit 606fc680

mentioned in merge request big-bang/customers/template!76 (merged)