UNCLASSIFIED - NO CUI

Skip to content

kiali update to 1.78.0-bb.5

mr-bot requested to merge update-kiali-tag-1.78.0-bb.5 into master

Package Merge Request

Package Changes

Kiali now includes istio Sidecar and ServiceEntry resources (when enabled) that, by default, deny all egress to non-mesh-internal endpoints.

A Sidecar resource has been added to the Kiali namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.

Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.

Package MR

For Issue

Closes big-bang/product/packages/kiali#80 (closed)

Upgrade Notices

N/A

Edited by Ryan Garcia

Merge request reports