diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml index 1dcf5c2..4125e29 100644 --- a/bundle/uds-bundle.yaml +++ b/bundle/uds-bundle.yaml @@ -37,7 +37,7 @@ packages: rekor: uds-rekor-config: values: - - path: custom + - path: additionalNetworkAllow value: - direction: Egress remoteNamespace: istio-tenant-gateway @@ -66,7 +66,7 @@ packages: tsa: uds-tsa-config: values: - - path: custom + - path: additionalNetworkAllow value: - direction: Egress remoteNamespace: istio-tenant-gateway diff --git a/docs/configuration.md b/docs/configuration.md index c6736c4..f332df1 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -4,7 +4,7 @@ Sigstore's components in this package are configured through their upstream [Sig ## Networking -Network policies are controlled via the configuration charts in accordance with the [common patterns for networking within UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory/blob/main/docs/networking.md). Sigstore primarily interacts between its own components and with OIDC provides such as `sso.` and `gitlab.`. If you do have other use cases however you can configure additional network policies with the `custom` key for a given component. +Network policies are controlled via the configuration charts in accordance with the [common patterns for networking within UDS Software Factory](https://github.com/defenseunicorns/uds-software-factory/blob/main/docs/networking.md). Sigstore primarily interacts between its own components and with OIDC provides such as `sso.` and `gitlab.`. If you do have other use cases however you can configure additional network policies with the `additionalNetworkAllow` key for a given component. ## Certificates diff --git a/src/ctlog/chart/templates/uds-package.yaml b/src/ctlog/chart/templates/uds-package.yaml index b1703a2..42524bf 100644 --- a/src/ctlog/chart/templates/uds-package.yaml +++ b/src/ctlog/chart/templates/uds-package.yaml @@ -38,7 +38,7 @@ spec: app.kubernetes.io/name: fulcio # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/ctlog/chart/values.yaml b/src/ctlog/chart/values.yaml index 8600af9..c923287 100644 --- a/src/ctlog/chart/values.yaml +++ b/src/ctlog/chart/values.yaml @@ -1,7 +1,7 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] keyPassword: "" diff --git a/src/dev-openbao/chart/templates/uds-package.yaml b/src/dev-openbao/chart/templates/uds-package.yaml index e1ec5f5..fcaddca 100644 --- a/src/dev-openbao/chart/templates/uds-package.yaml +++ b/src/dev-openbao/chart/templates/uds-package.yaml @@ -23,7 +23,7 @@ spec: remoteGenerated: IntraNamespace # Custom rules for unanticipated scenarios - {{- range .Values.custom }} + {{- range .Values.custadditionalNetworkAllowom }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/dev-openbao/chart/values.yaml b/src/dev-openbao/chart/values.yaml index 696e4d3..32f5b92 100644 --- a/src/dev-openbao/chart/values.yaml +++ b/src/dev-openbao/chart/values.yaml @@ -1,4 +1,4 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] diff --git a/src/fulcio/chart/templates/uds-package.yaml b/src/fulcio/chart/templates/uds-package.yaml index e09bb72..9b7c607 100644 --- a/src/fulcio/chart/templates/uds-package.yaml +++ b/src/fulcio/chart/templates/uds-package.yaml @@ -72,7 +72,7 @@ spec: description: "UDS Tenant Gateway Services" # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/fulcio/chart/values.yaml b/src/fulcio/chart/values.yaml index 696e4d3..32f5b92 100644 --- a/src/fulcio/chart/values.yaml +++ b/src/fulcio/chart/values.yaml @@ -1,4 +1,4 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] diff --git a/src/rekor/chart/templates/uds-package.yaml b/src/rekor/chart/templates/uds-package.yaml index 216155b..74db403 100644 --- a/src/rekor/chart/templates/uds-package.yaml +++ b/src/rekor/chart/templates/uds-package.yaml @@ -38,7 +38,7 @@ spec: app.kubernetes.io/name: rekor # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/rekor/chart/values.yaml b/src/rekor/chart/values.yaml index 696e4d3..32f5b92 100644 --- a/src/rekor/chart/values.yaml +++ b/src/rekor/chart/values.yaml @@ -1,4 +1,4 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] diff --git a/src/trillian/chart/templates/uds-package.yaml b/src/trillian/chart/templates/uds-package.yaml index 954aba7..28957a0 100644 --- a/src/trillian/chart/templates/uds-package.yaml +++ b/src/trillian/chart/templates/uds-package.yaml @@ -27,7 +27,7 @@ spec: app.kubernetes.io/component: log-server # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/trillian/chart/values.yaml b/src/trillian/chart/values.yaml index 696e4d3..32f5b92 100644 --- a/src/trillian/chart/values.yaml +++ b/src/trillian/chart/values.yaml @@ -1,4 +1,4 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] diff --git a/src/tsa/chart/templates/uds-package.yaml b/src/tsa/chart/templates/uds-package.yaml index 06bc02d..8fd4110 100644 --- a/src/tsa/chart/templates/uds-package.yaml +++ b/src/tsa/chart/templates/uds-package.yaml @@ -28,7 +28,7 @@ spec: app.kubernetes.io/name: tsa # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/tsa/chart/values.yaml b/src/tsa/chart/values.yaml index 696e4d3..32f5b92 100644 --- a/src/tsa/chart/values.yaml +++ b/src/tsa/chart/values.yaml @@ -1,4 +1,4 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] diff --git a/src/tuf/chart/templates/uds-package.yaml b/src/tuf/chart/templates/uds-package.yaml index 20cd689..f0ef144 100644 --- a/src/tuf/chart/templates/uds-package.yaml +++ b/src/tuf/chart/templates/uds-package.yaml @@ -26,7 +26,7 @@ spec: remoteGenerated: KubeAPI # Custom rules to allow clients to connect - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/src/tuf/chart/values.yaml b/src/tuf/chart/values.yaml index bdecb19..3ec78c6 100644 --- a/src/tuf/chart/values.yaml +++ b/src/tuf/chart/values.yaml @@ -1,7 +1,7 @@ # Copyright 2024 Defense Unicorns # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial -custom: [] +additionalNetworkAllow: [] secrets: fulcio: |