UNCLASSIFIED - NO CUI

Currently supported Big Bang Version is 3.6.0

The Iron Bank Pipeline is rotating the certificates used to sign images at 03Sept2025 2300 UTC. Images built after this time will only be signed with the new certificate. See how to verify Iron Bank images with certificates here.

Kiali - Add Istio Operatorless Network Policy support

Description:

Adds support to package for Istio Operatorless Network Policy dynamic values. Istio Operatorless dynamic values only get applied when Istio3 is enabled in the Big Bang umbrella.
If no IstioNamespaaceSelector values are found the value defaults to the defualt operator deployment value: istio-controlplane.

Add Dynamic values for Istio Operatorless:

Identify the Ingress/Egress policies in the linked table with hardcoded namespace selector labels.
For Egress policies replace hardcoded namespaceSelector labels app.kubernetes.io/name: istio-controlplane with:

{{- if .Values.networkPolicies.istioNamespaceSelector }}
app.kubernetes.io/name: {{ .Values.networkPolicies.istioNamespaceSelector.egress }}
{{- else }}
app.kubernetes.io/name: "istio-controlplane"
{{- end }}

For Ingress policies replace hardcoded namespaceSelector labels app.kubernetes.io/name: istio-controlplane values with the following:

{{- if .Values.networkPolicies.istioNamespaceSelector }}
app.kubernetes.io/name: {{ .Values.networkPolicies.istioNamespaceSelector.ingress }}
{{- else }}
app.kubernetes.io/name: "istio-controlplane"
{{- end }}

Testing Validation:

Create k3d dev cluster and deploy Big Bang with the package enabled and pointed to the MR branch.
Validate there are no deployment issues.
For deployments using Istio Operator confirm that package network policies listed in table still have the istio-control namespace selector label applied

Edited Feb 07, 2025 by Luis Gomez

UNCLASSIFIED - NO CUI