Azure
diff --git a/‎admin/zz_fixture_TestHelmTemplate_dev_westus3_svc_1_admin_api.yaml‎
Lines changed: 16 additions & 0 deletions b/‎admin/zz_fixture_TestHelmTemplate_dev_westus3_svc_1_admin_api.yaml‎
Lines changed: 16 additions & 0 deletions
diff --git a/‎config/config.schema.json‎
Lines changed: 4 additions & 0 deletions b/‎config/config.schema.json‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎config/config.yaml‎
Lines changed: 6 additions & 1 deletion b/‎config/config.yaml‎
Lines changed: 6 additions & 1 deletion
diff --git a/‎config/rendered/dev/cspr/westus3.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/cspr/westus3.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎config/rendered/dev/dev/westus3.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/dev/westus3.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎config/rendered/dev/perf/westus3.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/perf/westus3.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎config/rendered/dev/pers/westus3.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/pers/westus3.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎config/rendered/dev/prow/westus3.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/prow/westus3.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎config/rendered/dev/swft/uksouth.yaml‎
Lines changed: 4 additions & 1 deletion b/‎config/rendered/dev/swft/uksouth.yaml‎
Lines changed: 4 additions & 1 deletion
diff --git a/‎dev-infrastructure/configurations/mise-identity-lookup.tmpl.bicepparam‎
Lines changed: 1 addition & 1 deletion b/‎dev-infrastructure/configurations/mise-identity-lookup.tmpl.bicepparam‎
Lines changed: 1 addition & 1 deletion
@@ -232,6 +232,22 @@ spec:
       tenantID: '__tenantId__'
   serviceAccountName: 'admin-api'
 ---
+# Source: ARO HCP Admin API/templates/ext-authz.authorizationpolicy.yaml
+apiVersion: security.istio.io/v1beta1
+kind: AuthorizationPolicy
+metadata:
+  name: ext-authz
+  namespace: 'aro-hcp-admin-api'
+spec:
+  action: CUSTOM
+  provider:
+    name: ext-authz
+  rules:
+  - to:
+    - operation:
+        paths: ["/*"]
+        notPaths: ["/metrics"]
+---
 # Source: ARO HCP Admin API/templates/admin.httproute.yaml
 apiVersion: gateway.networking.k8s.io/v1
 kind: HTTPRoute
 
@@ -2197,6 +2197,9 @@
         "image": {
           "$ref": "#/definitions/containerImage"
         },
+        "imageV2": {
+          "$ref": "#/definitions/containerImage"
+        },
         "tracing": {
           "$ref": "#/definitions/tracing",
           "description": "Tracing configuration for OTLP traces."
@@ -2205,6 +2208,7 @@
       "required": [
         "deploy",
         "image",
+        "imageV2",
         "arm",
         "genevaActions",
         "sessiongate",
 
@@ -764,6 +764,9 @@ defaults:
       policyLabel: "Session Gate"
       authorityFQDN: "{{ .ev2.entra.fqdn.sts }}"
       audience: "6dae42f8-4368-4678-94ff-3960e28e3630"
+    imageV2:
+      repository: "mise-1p-container-image"
+      digest: ""
     image:
       repository: "mise-1p-container-image"
       digest: ""
@@ -1079,9 +1082,11 @@ clouds:
         globalCertificatesDomain: hcp-global.osadev.cloud
       # Mise
       mise:
-        deploy: false
+        deploy: true
         arm:
           applicationId: "e2c2ff5c-e5b4-4e79-8c3e-1da8c48461e7"
+        imageV2:
+          digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b # 2.0.1-azurelinux3.0-distroless
         image:
           digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe # 1.41.0-azurelinux3.0-distroless
       # 1P app
 
@@ -684,14 +684,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -684,14 +684,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -684,14 +684,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -686,14 +686,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -686,14 +686,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -686,14 +686,17 @@ mise:
     authorityFQDN: login.microsoftonline.com
     policyLabel: ARM Policy
     tenantId: 33e01921-4d64-4f8c-a055-5bdaffd5e33d
-  deploy: false
+  deploy: true
   genevaActions:
     audienceFQDN: management.azure.com
     authorityFQDN: sts.windows.net
     policyLabel: Geneva Actions
   image:
     digest: sha256:40b9813f4d56d96efec48a441ff90680ede2ad5891d1384eb66420462a9dc0fe
     repository: mise-1p-container-image
+  imageV2:
+    digest: sha256:14a32d793b79c47b0b8a79342ef428d29078987686dfca66e41e3810e8e75e2b
+    repository: mise-1p-container-image
   sessiongate:
     audience: 6dae42f8-4368-4678-94ff-3960e28e3630
     authorityFQDN: sts.windows.net
 
@@ -1,4 +1,4 @@
 using '../templates/entra-app-lookup.bicep'
 
 param applicationName = '{{ .mise.applicationName }}'
-param manage = {{ .mise.deploy }}
+param manage = false