Swap ingress to ingress-nginx + cert-manager (LE), drop Big Bang VirtualService

[dhilgaertner]

Context

The OCI SaaS deployment uses commercial K8s (OKE), ingress-nginx, and cert-manager + Let's Encrypt. Big Bang is not a target anymore. The current templates/bigbang/virtualservice.yaml and any Istio-assumed defaults are dead code in the new stack.

The public load balancer is pass-through TLS to ingress-nginx; Corveil itself handles OIDC auth. No oauth2-proxy or Istio RequestAuthentication is required.

Goal

Ingress via standard K8s Ingress with cert-manager annotations; Big Bang overlay removed.

Work items

• Update templates/ingress.yaml:
  • ingressClassName: nginx (from values).
  • cert-manager.io/cluster-issuer: letsencrypt-prod annotation (from values).
  • Host(s) from ingress.hosts values.
• Delete templates/bigbang/virtualservice.yaml and the bigbang/ directory.
• Remove Istio-specific values / defaults from values.yaml.
• Keep templates/networkpolicy.yaml — still useful on OCI.
• Document the change in UPGRADING.md (new file or a section in README) for any downstream deployer still on Big Bang.

Acceptance

• helm template . no longer renders any VirtualService / PeerAuthentication / DestinationRule.
• helm install into a kind cluster with ingress-nginx + cert-manager produces a ready Ingress with a valid LE cert (staging issuer OK for the test).

Key files

• templates/ingress.yaml
• templates/bigbang/virtualservice.yaml (delete)
• values.yaml
• README.md / UPGRADING.md