Merged BB_AUTO_MR_TOKEN requested to merge update-istio-controlplane-tag-1.23.5-bb.1 into master 2 weeks ago

Package Merge Request

Package Changes

https://repo1.dso.mil/big-bang/product/packages/istio-controlplane/-/blob/1.23.5-bb.1/CHANGELOG.md

Package MR

big-bang/product/packages/istio-controlplane!339 (merged)

For Issue

Part of #1559 (closed)

Upgrade Notices

Classification banners

This version of the istio control plane includes a bundled EnvoyFilter that makes it simple to add classification banners to any of your workloads:

How to enable

The EnvoyFilter is deployed in the istio-system namespace so it's available cluster-wide. To enable the banner on a particular workload, it's as simple as adding the following label to the pod's metadata:

classification-banner.bigbang.dev/inject: "true"

This will add a classification banner at the default unclassified level.

Customization

The banner can be further configured with annotations on the workload:

Top and Bottom Banners

classification-banner.bigbang.dev/bottom-banner: "true"

Builtin Classification Levels

The EnvoyFilter includes built-in support for several common classification markings.

NOTE: All classification markings you see below are for demonstration purposes only. No classified material is included in these images.

classification-banner.bigbang.dev/classification-level: controlled

classification-banner.bigbang.dev/classification-level: secret

classification-banner.bigbang.dev/classification-level: top secret

classification-banner.bigbang.dev/classification-level: sci

Custom Classification Levels

If none of the built-in classification levels meet your needs, you can customize the classification text, text color, and background:

classification-banner.bigbang.dev/text: SUPER DUPER TOP SECRET
classification-banner.bigbang.dev/text-color: white
classification-banner.bigbang.dev/background: black

Custom HTML

If the default classification banner injection does not work correctly with your workload, you can also inject your own custom HTML tailored to the application:

classification-banner.bigbang.dev/custom-html: |
  <div style="position: absolute; inset: 0; width: 100svw; height: 100svh; z-index: 9999">
    <h1 style="font-size: 16rem">
      Hi Mom!
    </h1>
  </div>

Edited 2 weeks ago by Zach Callahan

Activity

**** added botmr istio statusdoing labels 2 weeks ago

added botmr istio statusdoing labels
**** assigned to @zcallahan 2 weeks ago

assigned to @zcallahan
**** changed the description 2 weeks ago

changed the description
**** requested review from @michaelmartin, @chris.oconnell, and @andrewshoell 2 weeks ago

requested review from @michaelmartin, @chris.oconnell, and @andrewshoell
Zach Callahan changed the description 2 weeks ago

changed the description
Zach Callahan mentioned in issue big-bang/pipeline-templates/pipeline-templates#641 2 weeks ago

mentioned in issue big-bang/pipeline-templates/pipeline-templates#641
Zach Callahan marked this merge request as ready 2 weeks ago

marked this merge request as ready
Zach Callahan added statusreview label and removed statusdoing label 2 weeks ago

added statusreview label and removed statusdoing label
Zach Callahan changed the description 2 weeks ago

changed the description
**** requested review from @chris1 and @troymobley 2 weeks ago

requested review from @chris1 and @troymobley
Michael Martin changed milestone to %2.50.0 2 weeks ago

changed milestone to %2.50.0
Michael Martin @michaelmartin · 2 weeks ago

Owner

did a quick test on a grafana install. looks good!
Michael Martin approved this merge request 2 weeks ago

approved this merge request
Michael Martin merged 2 weeks ago

merged
Michael Martin mentioned in commit 713bdd0a 2 weeks ago

mentioned in commit 713bdd0a
Zach Callahan mentioned in merge request big-bang/product/packages/istio-core!34 (merged) 2 weeks ago

mentioned in merge request big-bang/product/packages/istio-core!34 (merged)

Please register or sign in to reply

Admin message

istio update to 1.23.5-bb.1