diff --git a/docs/reference/configuration/uds-optional-features.md b/docs/reference/configuration/uds-optional-features.md new file mode 100644 index 000000000..80477d4f3 --- /dev/null +++ b/docs/reference/configuration/uds-optional-features.md @@ -0,0 +1,31 @@ +--- +title: Optional Features +--- + +UDS Core adds features to support specific needs that we commonly see across deployments and/or to meet the constraints and controls required by environments. This document contains features we have identified that are conditionally required or requested in environments that are present in core, but must be opted-into to use. + +## Classification Banner (_EXPERIMENTAL_) + +UDS Core includes a configurable [EnvoyFilter](https://istio.io/latest/docs/reference/config/networking/envoy-filter/) that will add/inject classification banners into user interfaces exposed via the Istio gateways. This is fully configurable to any classification levels and can be applied to a set of hosts that you specify. Due to the wide variety of ways that user interfaces can be architected, this approach may not work across all applications and should be validated in a development or staging environment before adoption. For custom built applications, native handling of the banner within the application is often a better path. + +You can configure the classification banner with bundle overrides, such as the example below: + +```yaml +packages: + - name: uds-core + repository: ghcr.io/defenseunicorns/packages/uds/core + ref: x.x.x + overrides: + istio-controlplane: + uds-global-istio-config: + values: + - path: classificationBanner.text + value: "UNCLASSIFIED" # Possible values: UNCLASSIFIED, CUI, CONFIDENTIAL, SECRET, TOP SECRET, TOP SECRET//SCI, UNKNOWN + - path: classificationBanner.addFooter + value: true + - path: classificationBanner.enabledHosts + value: + - keycloak.admin.{{ .Values.domain }} # Note the support for helm templating + - sso.{{ .Values.domain }} + - grafana.admin.uds.dev +``` diff --git a/docs/reference/deployment/flavors.md b/docs/reference/deployment/flavors.md index 26349aa16..6f87bcb4b 100644 --- a/docs/reference/deployment/flavors.md +++ b/docs/reference/deployment/flavors.md @@ -14,7 +14,7 @@ Demo and dev bundles (`k3d-core-demo` and `k3d-core-slim-dev`) are only publishe | --------------------- | ---------------------------------------------- | -------------------------------------------------------------------------------------------------------------------- | | `registry1` | `ghcr.io/defenseunicorns/packages/uds` | [Ironbank](https://p1.dso.mil/services/iron-bank) - DoD hardened images (only supports amd64 architecture currently) | | `upstream` | `ghcr.io/defenseunicorns/packages/uds` | Various sources, typically DockerHub/GHCR/Quay, these are the default images used by helm charts | -| **ALPHA** `unicorn` | `ghcr.io/defenseunicorns/packages/private/uds` | Industry best images designed with security and minimalism in mind | +| `unicorn` | `ghcr.io/defenseunicorns/packages/private/uds` | Industry best images designed with security and minimalism in mind | :::note The `unicorn` flavored packages are only available in a private repository. These packages are available for all members of the Defense Unicorns organization/company, if you are outside the organization [contact us](https://www.defenseunicorns.com/contactus) if you are interested in using this flavor for your mission. diff --git a/src/istio/common/chart/values.yaml b/src/istio/common/chart/values.yaml index 5c6da4d45..5ea684278 100644 --- a/src/istio/common/chart/values.yaml +++ b/src/istio/common/chart/values.yaml @@ -10,4 +10,5 @@ classificationBanner: # - grafana.admin.uds.dev domain: "###ZARF_VAR_DOMAIN###" -adminDomain: '{{ "###ZARF_VAR_ADMIN_DOMAIN###" | default "admin.###ZARF_VAR_DOMAIN###" }}' +# Note: This does not handle an empty admin domain zarf var +adminDomain: "###ZARF_VAR_ADMIN_DOMAIN###"