Add Operatorless support to core package Network Policies (Parent)
Description:
Currently ingress and Egress core package network policies have hardcoded namespaceSelector labels that only work with Istio Operator Deployments. This issue will track adding support for Istio Operatorless namespaceSelector labels that are dynamically passed from the Big Bang umbrella chart when istio3 (operatorless) is enabled.
Packages containing Network Policies with hardcoded Istio Operator labels
Package network policy paths: /chart/templates/bigbang/networkpolicies/*.yaml
| Package | Config Name | Type | Hardcode Item |
|---|---|---|---|
| ArgoCD | allow-istio.yaml | Ingress/Egress | nsSelector label |
| Authservice | egress-istiod.yaml | Egress | nsSelector label |
| Authservice | istio-haproxy.yaml | Ingress | nsSelector label |
| Grafana | egress-istio-d.yaml | Egress | nsSelector label |
| Grafana | ingress-istio.yaml | Ingress | nsSelector label |
| Kiali | egress-istiod.yml | Egress | nsSelector label |
| Kiali | ingress-istio-ingressgateway.yml | Ingress | nsSelector label |
| Keycloak | egress-istiod.yaml | Egress | nsSelector/podSelector |
| Keycloak | ingress-istio.yaml | Ingress | nsSelector/podSelector |
| Kyverno Reporter | egress-istiod.yaml | Egress | nsSelector label |
| Monitoring | egress-istio-d.yaml | Egress | nsSelector label |
| Monitoring | ingress-istio.yaml | Ingress | nsSelector label |
| Tempo | egress-istio-d.yaml | Egress | nsSelector label |
Completed Core Packages:
-
AuthService -
Grafana -
Istiod -
Istio Gateway -
Kiali -
Keycloak -
Kyverno Reporter -
Loki -
Monitoring -
Neuvector -
Promtail -
Tempo
Status as of 2025-02-14:
11 Completed, 1 in Review
Edited by Luis Gomez