Resolve "Create Istio authorization policies and Service Entry for mimir"

General MR

Summary

Make sure Mimir has correct Istio Auth Policies for access to minio and s3, and from alloy, prometheus, and grafana

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Linked Issue

#29 (closed)

Upgrade Notices

N/A

Closes #19 (closed)

added statusdoing teamObservability labels

assigned to @peter.sigur

added 5 commits

• eea51299...e2d7acd3 - 4 commits from branch main
• 929d8540 - adding authpolicies and supporting resources

Compare with previous version

added 1 commit

• 56675db0 - adding explicit policies for other monitoring namespace packages

Compare with previous version

added 1 commit

• e94150a9 - adding mimir minio auth policy

Compare with previous version

added 5 commits

• e94150a9...10ee8d2e - 2 commits from branch main
• f2fa804c - adding authpolicies and supporting resources
• 303e55ae - adding explicit policies for other monitoring namespace packages
• 72ced6ca - adding mimir minio auth policy

Compare with previous version

added 5 commits

• 72ced6ca...db75a5d2 - 2 commits from branch main
• a89401df - adding authpolicies and supporting resources
• 058aad4c - adding explicit policies for other monitoring namespace packages
• 04476c64 - adding mimir minio auth policy

Compare with previous version

added 1 commit

• 919f60b4 - updating values for auth policy

Compare with previous version

added 1 commit

• c7691d64 - fix selector labels and principals

Compare with previous version

added 7 commits

• c7691d64...d511b4c4 - 2 commits from branch main
• d57fd082 - adding authpolicies and supporting resources
• 32598ddd - adding explicit policies for other monitoring namespace packages
• e1244919 - adding mimir minio auth policy
• 469727df - updating values for auth policy
• 604a3406 - fix selector labels and principals

Compare with previous version

added 1 commit

• fe0da768 - update auth policy principals

Compare with previous version

added 1 commit

• 1f38369f - enabling minio auth policy

Compare with previous version

test deployed bigbang with following overrides:

domain: dev.bigbang.mil

flux:
  interval: 1m
  rollback:
    cleanupOnFail: false

monitoring:
  enabled: true
  values:
    networkPolicies:
      enabled: true

istio:
  enabled: true

kiali:
  enabled: true

addons:
  mimir:
    enabled: true
    git:
      tag: null
      branch: 19-create-istio-authorization-policies-and-service-entry-for-mimir
    values:
      mimir-distributed:
        minio:
          enabled: true
      istio:
        enabled: true
        hardened:
          enabled: true
      networkPolicies:
        enabled: true
  alloy:
    enabled: true
  minioOperator:
    enabled: true

kyverno:
  enabled: true

kyvernoPolicies:
  enabled: true
  # restrict-image-registries enforcement is in Audit mode / Remove the below after ironbank images are uploaded
  values:
    policies:
      restrict-image-registries:
        validationFailureAction: Audit

requested review from @kscheunemann, @zcallahan, @steven.donald, @kliu, @bjacksonfv, @piotr.machaj, and @blairbowden

marked this merge request as ready

added statusreview label and removed statusdoing label

This MR also should close this issue #29 (closed)

Reviewing

resolved all threads