UNCLASSIFIED - NO CUI

Skip to content

Resolve "Istio injection for namespaces should be optional for all charts"

Package Merge Request

Changes

Update templating to make istio injection configurable for most namespaces. Certain apps remain explicitly disabled such as gatekeeper, kyverno and istio itself.

Default behavior should not change.

Sample templating and explanation:

istio-injection: {{ ternary "enabled" "disabled" (and .Values.istio.enabled (eq (dig "istio" "injection" "enabled" .Values.elasticsearchKibana) "enabled")) }}

The above checks that istio is enabled, as well as checking for the presence of istio.injection key within the respective package's values. If the key exists, it's value will checked against the string "enabled". If not, the default is "enabled". If istio is enabled and injection is enabled (or defaults to enabled due to being undefined), the namespace will be istio injected. If either of the former are false, the namespace will not be istio injected.

Tested each updated file with commands similar to these and validated expected output:

helm template ./chart -s templates/gitlab/namespace.yaml --set istio.enabled=true --set addons.gitlab.enabled=true --set addons.gitlab.istio.injection=enabled

helm template ./chart -s templates/gitlab/namespace.yaml --set istio.enabled=true --set addons.gitlab.enabled=true --set addons.gitlab.istio.injection=disabled

helm template ./chart -s templates/gitlab/namespace.yaml --set istio.enabled=false --set addons.gitlab.enabled=true --set addons.gitlab.istio.injection=enabled

helm template ./chart -s templates/gitlab/namespace.yaml --set istio.enabled=true --set addons.gitlab.enabled=true

Package MR

N/A

For Issue

Closes #1686 (closed)

Upgrade Notices

N/A

Edited by Samuel Sarnowski

Merge request reports