Dynamic NS selector labels for Istio Operatorless Network Policies

Package Merge Request

Package Changes

• Added a helper.tpl template for passing dynamic Istio Gateway namespaceSelector values, which can be applied in ingress/egress package network policies.
• The dynamic labels are depedenant on istio or istio3 being enabled in BB umbrella chart.
• Tested passing the dynamic nameSpaceselector value to the Kiali package.

Package MR

N/A

For Issue

big-bang/apps/sandbox/istio-gateway#23

Upgrade Notices

N/A

assigned to @lgomez2

changed the description

added statusdoing teamService Mesh labels

added istio label

changed title from Draft: Istio sandbox netpol values to Draft: Dynamic NS selector labels for Istio Operatorless Network Policies

added 1 commit

• cd8e9dce - Testing istio3 namespace selector label

Compare with previous version

mentioned in issue big-bang/apps/sandbox/istio-gateway#23

changed the description

Testing with Kiali

1. Checkout the istio-sandbox-netpol-values BB umbrella branch
2. Create a k3d dev cluster with the follwing command: /bigbang/docs/assets/scripts/developer/k3d-dev-istio3.sh -m
3. Create the registry-value.yaml, and populate with your registry credentials
4. Create the istio3-overides.yaml and populate with the following settings:

######### Istio3 Overrides #############
networkPolicies:
  enabled: false

istio:
  enabled: false

istioOperator:
  enabled: false
  
istio3:
  enabled: true
  git:
    branch: "main"
    tag: null

istioGatewayPublic:
  enabled: true
  git:
    branch: "main"
    tag: null

istioGatewayPassthrough:
  enabled: true 
  git:
    branch: "main"
    tag: null

######### Additional Overrides ###########

kiali:
  enabled: true
  git:
    branch: "kiali-istio3-netpol"
    tag: null

monitoring:
  enabled: true
  git:
    branch: "istio-operatorless-network-policies"
    tag: null

grafana:
  enabled: true

kyverno:
  enabled: false

kyvernoPolicies:
  enabled: false

kyvernoReporter:
  enabled: false

neuvector:
  enabled: false

tempo:
  enabled: false

loki:
  enabled: false

promtail:
  enabled: false

addons:
  minio:
    enabled: false

  minioOperator:
    enabled: false

1. Replace the placeholders with your local pathing and run command.

BB deployment command:

BIGBANG_REPO_DIR="<your-local-path>/bigbang"
helm upgrade -i bigbang $BIGBANG_REPO_DIR/chart -n bigbang --create-namespace \
-f https://repo1.dso.mil/big-bang/bigbang/-/raw/istio-sandbox/chart/values.yaml \
-f https://repo1.dso.mil/big-bang/bigbang/-/raw/istio-sandbox/tests/test-values.yaml \
-f https://repo1.dso.mil/big-bang/bigbang/-/raw/istio-sandbox/chart/ingress-certs.yaml \
-f <your-local-path>\registry-value.yaml
-f <your-local-path>\istio3-overides.yaml \
--set networkPolicies.enabled=true

mentioned in merge request big-bang/product/packages/kiali!281 (merged)

requested review from @jimmy.bourque

requested review from @kipten

marked this merge request as ready

added 1 commit

• 287e285c - Added egress values in the helpers.tpl istioNamespaceSelector

Compare with previous version

changed the description

Dynamic namespaceSelector labels now working with ingress and egress Netpols. Tested functionality with Kiali and Monitoring: big-bang/apps/sandbox/istio-gateway#23 (comment 2931403)

mentioned in merge request big-bang/product/packages/monitoring!408 (merged)

Code changes look good; Validated multiple different scenarios and all work as expected.

approved this merge request

mentioned in commit 2f789782

merged

mentioned in merge request big-bang/product/packages/keycloak!280 (merged)

mentioned in merge request big-bang/product/packages/kyverno-reporter!141 (closed)

mentioned in merge request big-bang/product/packages/grafana!178 (merged)

mentioned in merge request big-bang/product/packages/kyverno-reporter!142 (merged)

changed milestone to %2.46.0

mentioned in merge request big-bang/customers/template!120 (merged)