chore: upgraded istio images and using public keycloak config

src/istio/common/zarf.yaml

@@ -13,27 +13,27 @@ components:
     charts:
       - name: base
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         namespace: istio-system
       - name: uds-global-istio-config
         namespace: istio-system
         version: 0.1.0
         localPath: chart
       - name: istiod
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         namespace: istio-system
         valuesFiles:
           - "../values/base-istiod.yaml"
       - name: cni
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         namespace: istio-system
         valuesFiles:
           - "../values/base-cni.yaml" # values for k3s/k3d cni
       - name: ztunnel
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         namespace: istio-system
     actions:
       onDeploy:

src/istio/values/registry1-values.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.1-tetratefips-v0
+  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.2-tetratefips-v0
 global:
   proxy_init:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.2-tetratefips-v0"
   proxy:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.2-tetratefips-v0"

src/istio/values/registry1/cni.yaml

@@ -2,4 +2,4 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 cni:
-  image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.24.1
+  image: registry1.dso.mil/ironbank/opensource/istio/install-cni:1.24.2

src/istio/values/registry1/istiod.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.1-tetratefips-v0
+  image: registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.2-tetratefips-v0
 global:
   proxy_init:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.2-tetratefips-v0"
   proxy:
     # renovate: image=registry1.dso.mil/ironbank/tetrate/istio/proxyv2
-    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0"
+    image: "###ZARF_REGISTRY###/ironbank/tetrate/istio/proxyv2:1.24.2-tetratefips-v0"

src/istio/values/registry1/ztunnel.yaml

@@ -1,4 +1,4 @@
 # Copyright 2024 Defense Unicorns
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
-image: registry1.dso.mil/ironbank/tetrate/istio/ztunnel:1.24.1-tetratefips-v0
+image: registry1.dso.mil/ironbank/tetrate/istio/ztunnel:1.24.2-tetratefips-v0

src/istio/values/unicorn-values.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.1"
+  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.2"
 global:
   proxy_init:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.2"
   proxy:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.2"

src/istio/values/unicorn/cni.yaml

@@ -2,4 +2,4 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 cni:
-  image: cgr.dev/du-uds-defenseunicorns/istio-install-cni:1.24.1
+  image: cgr.dev/du-uds-defenseunicorns/istio-install-cni:1.24.2

src/istio/values/unicorn/istiod.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.1"
+  image: "cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.2"
 global:
   proxy_init:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.2"
   proxy:
     # renovate: image=cgr.dev/du-uds-defenseunicorns/istio-proxy-fips
-    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.1"
+    image: "###ZARF_REGISTRY###/du-uds-defenseunicorns/istio-proxy-fips:1.24.2"

src/istio/values/upstream-values.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "docker.io/istio/pilot:1.24.1-distroless"
+  image: "docker.io/istio/pilot:1.24.2-distroless"
 global:
   proxy_init:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.2-distroless"
   proxy:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.2-distroless"

src/istio/values/upstream/cni.yaml

@@ -2,4 +2,4 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 cni:
-  image: docker.io/istio/install-cni:1.24.1-distroless
+  image: docker.io/istio/install-cni:1.24.2-distroless

src/istio/values/upstream/istiod.yaml

@@ -2,11 +2,11 @@
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
 pilot:
-  image: "docker.io/istio/pilot:1.24.1-distroless"
+  image: "docker.io/istio/pilot:1.24.2-distroless"
 global:
   proxy_init:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.2-distroless"
   proxy:
     # renovate: image=docker.io/istio/proxyv2
-    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.1-distroless"
+    image: "###ZARF_REGISTRY###/istio/proxyv2:1.24.2-distroless"

src/istio/values/upstream/ztunnel.yaml

@@ -1,4 +1,4 @@
 # Copyright 2024 Defense Unicorns
 # SPDX-License-Identifier: AGPL-3.0-or-later OR LicenseRef-Defense-Unicorns-Commercial
 
-image: docker.io/istio/ztunnel:1.24.1-distroless
+image: docker.io/istio/ztunnel:1.24.2-distroless

src/istio/zarf.yaml

@@ -33,10 +33,10 @@ components:
         valuesFiles:
           - "values/upstream/ztunnel.yaml"
     images:
-      - "docker.io/istio/pilot:1.24.1-distroless"
-      - "docker.io/istio/proxyv2:1.24.1-distroless"
-      - "docker.io/istio/install-cni:1.24.1-distroless"
-      - "docker.io/istio/ztunnel:1.24.1-distroless"
+      - "docker.io/istio/pilot:1.24.2-distroless"
+      - "docker.io/istio/proxyv2:1.24.2-distroless"
+      - "docker.io/istio/install-cni:1.24.2-distroless"
+      - "docker.io/istio/ztunnel:1.24.2-distroless"
 
   - name: istio-controlplane
     required: true
@@ -55,11 +55,11 @@ components:
         valuesFiles:
           - "values/registry1/ztunnel.yaml"
     images:
-      - registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.24.1-tetratefips-v0
-      - registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.1-tetratefips-v0
-      - registry1.dso.mil/ironbank/tetrate/istio/ztunnel:1.24.1-tetratefips-v0
+      - registry1.dso.mil/ironbank/tetrate/istio/proxyv2:1.24.2-tetratefips-v0
+      - registry1.dso.mil/ironbank/tetrate/istio/pilot:1.24.2-tetratefips-v0
+      - registry1.dso.mil/ironbank/tetrate/istio/ztunnel:1.24.2-tetratefips-v0
       # Tetrate's install-cni image is out of date currently in Ironbank but could be swapped in when updated
-      - registry1.dso.mil/ironbank/opensource/istio/install-cni:1.24.1
+      - registry1.dso.mil/ironbank/opensource/istio/install-cni:1.24.2
       # - registry1.dso.mil/ironbank/tetrate/istio/install-cni:1.22.6-tetratefips-v0
 
   - name: istio-controlplane
@@ -79,20 +79,20 @@ components:
         valuesFiles:
           - "values/upstream/ztunnel.yaml"
     images:
-      - cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.1
-      - cgr.dev/du-uds-defenseunicorns/istio-proxy-fips:1.24.1
+      - cgr.dev/du-uds-defenseunicorns/istio-pilot-fips:1.24.2
+      - cgr.dev/du-uds-defenseunicorns/istio-proxy-fips:1.24.2
       # Chainguard's install-cni-fips is not working right now, issue submitted
-      - cgr.dev/du-uds-defenseunicorns/istio-install-cni:1.24.1
+      - cgr.dev/du-uds-defenseunicorns/istio-install-cni:1.24.2
       # Chainguard does not have the ztunnel image currently, but upstream is 0 CVE
       # It is not currently FIPS though, and the IB TID FIPS image is amd64 only
-      - docker.io/istio/ztunnel:1.24.1-distroless
+      - docker.io/istio/ztunnel:1.24.2-distroless
 
   - name: istio-admin-gateway
     required: true
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         releaseName: admin-ingressgateway
         namespace: istio-admin-gateway
       - name: uds-istio-config
@@ -107,7 +107,7 @@ components:
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         releaseName: tenant-ingressgateway
         namespace: istio-tenant-gateway
       - name: uds-istio-config
@@ -122,7 +122,7 @@ components:
     charts:
       - name: gateway
         url: https://istio-release.storage.googleapis.com/charts
-        version: 1.24.1
+        version: 1.24.2
         releaseName: passthrough-ingressgateway
         namespace: istio-passthrough-gateway
       - name: uds-istio-config

src/keycloak/chart/values.yaml

@@ -10,7 +10,7 @@ image:
   pullPolicy: IfNotPresent
 
 # renovate: datasource=github-tags depName=defenseunicorns/uds-identity-config versioning=semver
-configImage: uds-core-config:keycloak3 
+configImage: ghcr.io/sgettys/keycloak:ambient
 
 # The public domain name of the Keycloak server
 domain: "###ZARF_VAR_DOMAIN###"

src/keycloak/zarf.yaml

@@ -27,7 +27,7 @@ components:
           - "values/upstream-values.yaml"
     images:
       - quay.io/keycloak/keycloak:26.0.7
-      - uds-core-config:keycloak3
+      - ghcr.io/sgettys/keycloak:ambient
 
   - name: keycloak
     required: true
@@ -43,7 +43,7 @@ components:
           - "values/registry1-values.yaml"
     images:
       - registry1.dso.mil/ironbank/opensource/keycloak/keycloak:26.0.7
-      - uds-core-config:keycloak3
+      - ghcr.io/sgettys/keycloak:ambient
 
   - name: keycloak
     required: true
@@ -57,4 +57,4 @@ components:
           - "values/unicorn-values.yaml"
     images:
       - cgr.dev/du-uds-defenseunicorns/keycloak:26.0.7 # todo: switch to FIPS image
-      - uds-core-config:keycloak3
+      - ghcr.io/sgettys/keycloak:ambient