UNCLASSIFIED - NO CUI

Resolve "Istio Gateway Overwrites User Provided Certificate"

Jimmy Bourquerequested to merge
2661-istio-gateway-fix into master

General MR

Summary

Updating the value for credentialName so that it uses the customer provided value instead of being hardcoded to a specific pattern. If no value is provided, then it will default to its original behavior. This logic was also updated for the secret creation to ensure they remain in sync.

Relevant logs/screenshots

**Note: This issue is not specific to additional gateways, however, I tested using an additional gateway to show the updated logic doesn't change existing behavior for default gateways. See internal comment on MR for yaml used to test.

Output of gateway and secrets prior to change:

Public Gateway:

image

Additional Gateway (Main):

image

kubectl get secrets -n istio-system

0-main-cert        kubernetes.io/tls                2      2m16s
1-main-cert        kubernetes.io/tls                2      2m16s
istio-ca-secret    istio.io/ca-root                 5      5s
private-registry   kubernetes.io/dockerconfigjson   1      2m16s
public-cert        kubernetes.io/tls                2      2m16s

Output of gateway and secrets after change:

Public Gateway:

image

Additional Gateway (Main):

image

kubectl get secrets -n istio-system

cso-site-cert      kubernetes.io/tls                2      3m40s
istio-ca-secret    istio.io/ca-root                 5      88s
main-cert          kubernetes.io/tls                2      3m40s
private-registry   kubernetes.io/dockerconfigjson   1      3m40s
public-cert        kubernetes.io/tls                2      3m40s

Linked Issue

issue

Upgrade Notices

N/A

Edited by Jimmy Bourque

Merge request reports

UNCLASSIFIED - NO CUI