UNCLASSIFIED - NO CUI

Skip to content

thanos update to 13.2.2-bb.1

mr-bot requested to merge update-thanos-tag-13.2.2-bb.1 into master

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/thanos/-/blob/13.2.2-bb.1/CHANGELOG.md

Package MR

big-bang/product/packages/thanos!61 (merged)

For Issue

Closes Egress Whitelist - Thanos (#38) · Issues · Big Bang / Universe / Product / Thanos · GitLab (dso.mil)

Upgrade Notices

A Sidecar resource has been added to the Thanos namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.

Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.

Edited by Blane Staskiewicz

Merge request reports

UNCLASSIFIED - NO CUI