From ed8b9e338a42395fec6f4d0d097f6bbcb2d0f971 Mon Sep 17 00:00:00 2001
From: donggyu <cho4036@gmail.com>
Date: Thu, 2 Nov 2023 13:13:51 +0900
Subject: [PATCH 1/4] minor modification for skb installation

---
 tks-admin-tools/base/resources.yaml | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/tks-admin-tools/base/resources.yaml b/tks-admin-tools/base/resources.yaml
index abb5ef6..8f5b1b2 100644
--- a/tks-admin-tools/base/resources.yaml
+++ b/tks-admin-tools/base/resources.yaml
@@ -28,10 +28,6 @@ spec:
       enabled: true
       ingressClassName: nginx  # tunable
       hostname: TO_BE_FIXED
-      annotations:
-        nginx.ingress.kubernetes.io/proxy-buffer-size: 20k
-        acme.cert-manager.io/http01-edit-in-place: "true"
-        cert-manager.io/cluster-issuer: http0issuer
       tls: true
       selfSigned: false
     cache:

From 2f95c4e371cbbe62443d73145d2cde5d4a7df9b2 Mon Sep 17 00:00:00 2001
From: sungil <si.im@sk.com>
Date: Thu, 10 Aug 2023 01:46:10 +0000
Subject: [PATCH 2/4] kube-prometheus-operator: bumpup due to update function
 for status

---
 lma/base/resources.yaml | 22 +++++++++-------------
 1 file changed, 9 insertions(+), 13 deletions(-)

diff --git a/lma/base/resources.yaml b/lma/base/resources.yaml
index e7ac50f..8ebde07 100644
--- a/lma/base/resources.yaml
+++ b/lma/base/resources.yaml
@@ -10,7 +10,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: kube-prometheus-stack
-    version: 44.3.1
+    version: 48.3.1
     origin: https://prometheus-community.github.io/helm-charts
   helmVersion: v3
   releaseName: prometheus-operator-crds
@@ -29,7 +29,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: kube-prometheus-stack
-    version: 44.3.1
+    version: 48.3.1
     origin: https://prometheus-community.github.io/helm-charts
   releaseName: prometheus-operator
   targetNamespace: lma
@@ -71,29 +71,25 @@ spec:
       enabled: true
       image:
         repository: tks/prometheus-operator
-        tag: v0.52.0
+        tag: v0.66.0
       admissionWebhooks:
         patch:
           image:
             repository: tks/kube-webhook-certgen
-            tag: v1.0
+            tag: v20221220-controller-v1.5.1-58-g787ea74b6
       prometheusConfigReloader:
         image:
           repository: tks/prometheus-config-reloader
-          tag: v0.52.0
+          tag: v0.66.0
       thanosImage:
         repository: tks/thanos
-        tag: v0.30.2
+        tag: v0.31.0
       nodeSelector: {}  # TO_BE_FIXED
       createCustomResource: true
       cleanupCustomResource: true
       cleanupCustomResourceBeforeInstall: true
     prometheus:
       enabled: false
-      prometheusSpec:
-        image:
-          repository: tks/prometheus
-          tag: v2.31.1
   wait: true
 ---
 apiVersion: helm.fluxcd.io/v1
@@ -108,7 +104,7 @@ spec:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
     name: kube-prometheus-stack
-    version: 44.3.1
+    version: 48.3.1
     origin: https://prometheus-community.github.io/helm-charts
   releaseName: prometheus
   targetNamespace: lma
@@ -123,7 +119,7 @@ spec:
       alertmanagerSpec:
         image:
           repository: tks/alertmanager
-          tag: v0.23.0
+          tag: v0.25.0
         nodeSelector: {} # TO_BE_FIXED
         retention: TO_BE_FIXED
 
@@ -238,7 +234,7 @@ spec:
       prometheusSpec:
         image:
           repository: tks/prometheus
-          tag: v2.31.1
+          tag: v2.45.0
         retention: TO_BE_FIXED
         storageSpec:
           volumeClaimTemplate:

From 929be3166a2a9775a3a25d535600eecb3a55ae4b Mon Sep 17 00:00:00 2001
From: donggyu <cho4036@gmail.com>
Date: Thu, 2 Nov 2023 10:33:53 +0900
Subject: [PATCH 3/4] support kiali & gatekeeper for jaeger sso

---
 service-mesh/base/resources.yaml   | 30 ++++++++++++++++++++++++++++++
 service-mesh/base/site-values.yaml | 13 ++++++++++++-
 2 files changed, 42 insertions(+), 1 deletion(-)

diff --git a/service-mesh/base/resources.yaml b/service-mesh/base/resources.yaml
index 8df5713..16a6d65 100644
--- a/service-mesh/base/resources.yaml
+++ b/service-mesh/base/resources.yaml
@@ -718,3 +718,33 @@ spec:
     optimization:
       interval: "5s"
   wait: true
+---
+apiVersion: helm.fluxcd.io/v1
+kind: HelmRelease
+metadata:
+  labels:
+    name: keycloak-gatekeeper
+  name: keycloak-gatekeeper
+spec:
+  helmVersion: v3
+  chart:
+    type: helmrepo
+    repository: https://harbor.taco-cat.xyz/chartrepo/tks
+    name: keycloak-gatekeeper
+    version: 0.1.39
+    origin: https://gogatekeeper.github.io/helm-gogatekeeper
+  releaseName: gatekeeper
+  targetNamespace: tks-msa
+  values:
+    image:
+      registry: harbor.taco-cat.xyz
+      repository: tks/gatekeeper
+    service:
+      type: LoadBalancer
+    config:
+      discovery-url: https://tks-console-dev.taco-cat.xyz/auth/realms/organization
+      upstream-url: http://jaeger-operator-jaeger-query.tks-msa.svc:16686
+      client-id: gatekeeper-jaeger
+      client-secret: secret
+  wait: true
+
diff --git a/service-mesh/base/site-values.yaml b/service-mesh/base/site-values.yaml
index ef7c8de..3cc4691 100644
--- a/service-mesh/base/site-values.yaml
+++ b/service-mesh/base/site-values.yaml
@@ -15,6 +15,9 @@ global:
     tks-egressgateway: enabled
   ingressGatewayLabel: istio-ingressgateway
   egressGatewayLabel: istio-egressgateway
+  keycloakIssuerUri: https://keycloak.com/auth/realms/oraganization
+  keycloakClientPrefix: client-prefix
+  gatekeeperSecret: gatekeeper-secret
 
 charts:
 - name: cert-manager
@@ -96,7 +99,7 @@ charts:
     global.hub: $(imageRepo)
     global.proxy.clusterDomain: $(clusterName)
     global.tracer.zipkin.address: jaeger-operator-jaeger-collector.$(namespace):9411
-    
+
 - name: istio-ingressgateway
   override:
     revision: ""
@@ -242,3 +245,11 @@ charts:
     namespace: tks-msa
     aggregation.interval: "15s"
     optimization.interval: "15s"
+
+- name: keycloak-gatekeeper
+  override:
+    config:
+      discovery-url: $(keycloakIssuerUri)
+      client-id: $(keycloakClientPrefix)-gatekeeper-jaeger
+      client-secret: $(gatekeeperSecret)
+

From ce23f655014750fce1acde5dd2c21d2c34f1274c Mon Sep 17 00:00:00 2001
From: donggyu <cho4036@gmail.com>
Date: Fri, 3 Nov 2023 10:50:20 +0900
Subject: [PATCH 4/4] minor fix. change app name

---
 service-mesh/base/resources.yaml   | 6 +++---
 service-mesh/base/site-values.yaml | 2 +-
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/service-mesh/base/resources.yaml b/service-mesh/base/resources.yaml
index 16a6d65..6d04499 100644
--- a/service-mesh/base/resources.yaml
+++ b/service-mesh/base/resources.yaml
@@ -723,14 +723,14 @@ apiVersion: helm.fluxcd.io/v1
 kind: HelmRelease
 metadata:
   labels:
-    name: keycloak-gatekeeper
-  name: keycloak-gatekeeper
+    name: gatekeeper
+  name: gatekeeper
 spec:
   helmVersion: v3
   chart:
     type: helmrepo
     repository: https://harbor.taco-cat.xyz/chartrepo/tks
-    name: keycloak-gatekeeper
+    name: gatekeeper
     version: 0.1.39
     origin: https://gogatekeeper.github.io/helm-gogatekeeper
   releaseName: gatekeeper
diff --git a/service-mesh/base/site-values.yaml b/service-mesh/base/site-values.yaml
index 3cc4691..324cc2f 100644
--- a/service-mesh/base/site-values.yaml
+++ b/service-mesh/base/site-values.yaml
@@ -246,7 +246,7 @@ charts:
     aggregation.interval: "15s"
     optimization.interval: "15s"
 
-- name: keycloak-gatekeeper
+- name: gatekeeper
   override:
     config:
       discovery-url: $(keycloakIssuerUri)