Changelog💣
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
[1.15.0-bb.0] - 2022-09-17💣
Changed💣
- ironbank/opensource/istio/install-cni updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/pilot updated from 1.14.3 to 1.15.0
- ironbank/opensource/istio/proxyv2 updated from 1.14.3 to 1.15.0
- ironbank/tetrate/istio/install-cni updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/istioctl updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/pilot updated from 1.13.5 to 1.14.3
- ironbank/tetrate/istio/proxyv2 updated from 1.13.5 to 1.14.3
[1.14.3-bb.4]💣
Changed💣
- Adds env variable to values which can be used during deployment to modify istio k8s env settings
[1.14.3-bb.3]💣
Changed💣
- Drop all capabilities + nonroot for hook job
[1.14.3-bb.2]💣
Changed💣
- Added Openshift DNS to networkpolicy egress
[1.14.3-bb.1]💣
Changed💣
- Removed legacy fluentd exception
[1.14.3-bb.0]💣
Changed💣
- Updated to 1.14.3 images
[1.14.2-bb.2]💣
Added💣
- Moved dashboards from monitoring chart into Istio
[1.14.2-bb.1]💣
Added💣
- Added minPRotocolVersion: TLSV1_2
[1.14.2-bb.0]💣
Changed💣
- Updated chart to
1.14.2-bb.0
version - Updated images to
1.14.2
- Updated app version to 1.14.2 in
Chart.yaml
[1.13.5-bb.2]💣
Added💣
- Added support for egress gateways via values
[1.13.5-bb.1]💣
Changed💣
- Updated TID images to
1.13.5
[1.13.5-bb.0]💣
Changed💣
- Updated chart to
1.13.5-bb.0
version - Updated images to
1.13.5
- Updated app version to 1.13.5 in
Chart.yaml
[1.13.4-bb.4]💣
Changed💣
- Update the OSCAL component definition for Istio to include additional NIST 800-53 mappings and explanations.
[1.13.4-bb.3]💣
Added💣
- Added tolerations to Jobs
[1.13.4-bb.2]💣
Changed💣
- Updated BB base image to 2.0.0
[1.13.4-bb.1]💣
Changed💣
- Updated BB base image to 1.17.0
[1.13.4-bb.0]💣
Changed💣
- Updated chart to
1.13.4-bb.0
version - Updated images to
1.13.4
- Updated app version to 1.13.4 in
Chart.yaml
[1.13.2-bb.1]💣
Changed💣
- fix pod selector for NetworkPolicy
[1.13.2-bb.0]💣
Changed💣
- Updated chart to
1.13.2-bb.0
version - Updated app version to 1.13.2 in
Chart.yaml
[1.13.1-bb.3]💣
Changed💣
- Added TID support
[1.13.1-bb.2]💣
Changed💣
- Added Kiali ingress policy for version scraping
[1.13.1-bb.1]💣
Changed💣
- Added
values.defaultRevision
to support deployment of validatingWebhook - https://github.com/istio/istio/pull/35694
[1.13.1-bb.0]💣
Changed💣
- Updated chart to
1.13.1-bb.0
version - Updated app version to 1.13.1 in
Chart.yaml
[1.11.5-bb.2]💣
Changed💣
- Updated
renovate.json
to track images intests/images.txt
- fixed typos in
oscal-component.yaml
[1.11.5-bb.1]💣
Changed💣
- Update Chart.yaml to follow new standardization for release automation
[1.11.5-bb.0]💣
Changed💣
- Updated to 1.11.5
[1.11.3-bb.2]💣
Added💣
- Istio OSCAL component for NIST 800-53 controls
[1.11.3-bb.1]💣
Changed💣
- Fix envoyfilter handling of DNS names with
-
[1.11.3-bb.0]💣
Changed💣
- Updated Istio to 1.11.3
Added💣
tests/images.txt
for use in package release to include theinstall-cni
image- Revision support for SSO egress NP
[1.11.2-bb.4]💣
Added💣
- A Helm post-install hook so a HelmRelease properly reflects IstioOperator status.
[1.11.2-bb.3]💣
Changed💣
- Introduces the
revision
value in support of Istio canary upgrades. When specified, the revision value is appended to resources names.
[1.11.2-bb.2]💣
Fixed💣
- Changed misdirected request envoy filter to work with non-standard ports
[1.11.2-bb.1]💣
Added💣
- Added autoHttpRedirect value to control the automatic generation of http to https redirects in the gateways
Changed💣
- Changed to using the hosts defined in servers.hosts instead of using * for the automatic generation of http to https redirects in the gateways
[1.11.2-bb.0]💣
Changed💣
- Update to Istio 1.11.2
[1.10.4-bb.3]💣
Changed💣
- Added networkpolicy to allow egress to sso
[1.10.4-bb.2]💣
Changed💣
- Added authservice as extension provider
[1.10.4-bb.1]💣
Changed💣
- Update Istio proxy and proxy init pods to be in compliance with opa gatekeeper.
[1.10.4-bb.0]💣
Changed💣
- Update to Istio 1.10.4
[1.10.3-bb.1]💣
Changed💣
- Add envoyfilter to remove server response header to prevent information disclosure
[1.10.3-bb.0]💣
Changed💣
- Update to Istio 1.10.3
[1.9.7-bb.1]💣
Added💣
- Default configuration to hold application start until istio proxy is ready
[1.9.7-bb.0]💣
Changed💣
- Update to Istio 1.9.7
[1.8.4-bb.6]💣
Changed💣
- BREAKING
ingressGateway
deprecated in favor of creatingingressGateways
in a uniform manner - BREAKING
gateway
deprecated in favor of creatinggateways
in a uniform manner
[1.8.4-bb.5]💣
Fixed💣
- Kube API egress allowed for all pods, not just istiod
[1.8.4-bb.4]💣
Added💣
- Kube API egress networkpolicy
[1.8.4-bb.3]💣
Added💣
- Added network policies for istio
[1.8.4-bb.2]💣
Fixed💣
- fixed bug with indentation when providing resources to istio ingressgateways
[1.8.4-bb.1]💣
Fixed💣
- updated dsop.io registry hostname to dso.mil
[1.7.3-bb.1]💣
Added💣
- Top level “sso” values designation. This will enable an haproxy package installation in the desired namespace (sso.namespace: istio-addons-sso) that in conjunction with authservice package will place an SSO gate in front of Kiali+Jaeger UIs.
- Top level “ingress” values designation. This will control configuration for the virtualservices created. Leave empty with sso.enabled = false to have the virtualservices go straight to the kiali/jaeger UIs. Leave empty with sso.enabled = true to place the haproxy+authservice injection in front of kiali/tracing. Fill in with your own service/port if customizing the installation/services.
- New Jaeger+Kiali VirtualServices pointing to the haproxy installation will be installed when “sso.enabled: true”
- sso.selector variable sets the label that will be applied to the authservice EnvoyFilter placing the SSO page in front of the regular UIs. Must match the selector for “authservice.selector.key/value”.
Changed💣
- Jaeger+Kiali VirtualServices pointing directly to the UIs will be skipped when “sso.enabled: true”
- Jaeger+Kiali VirtualServices pull in their configs from the “ingress” designation so VirtualServices can be customized.
Last update:
2022-09-28 by Micah Nagel