UNCLASSIFIED - NO CUI

Disable Istio with Kyverno explicitly

Dax McDonaldrequested to merge
90-kyverno-no-istio into master

General MR

Summary

  • Update Kyverno configuration to disable Istio integration and add unit tests for namespace and values

Relevant logs/screenshots

Tested with kyverno release that contained bb-common 0.15.0

kubectl -n bigbang get secret bigbang-istiod-values -o jsonpath='{.data.defaults}' | base64 -d | yq | rg -B 3 -A 3 "ambient"

Output:

authservice:
  enabled: false
istio:
  ambient:
    enabled: true
  authorizationPolicies:
    enabled: true
kubectl get ns kyverno -o yaml | yq '.metadata.labels'

Output:

app.kubernetes.io/component: core
app.kubernetes.io/instance: bigbang
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: bigbang
app.kubernetes.io/version: 3.24.0
helm.sh/chart: bigbang-3.24.0
istio-injection: disabled
istio.io/dataplane-mode: none
kubernetes.io/metadata.name: kyverno
kubectl -n kyverno get authorizationpolicy

Output:
kubectl -n bigbang get hr kyverno kyverno-policies kyverno-reporter

Output:

NAME               AGE   READY   STATUS
kyverno            10m   True    Helm upgrade succeeded for release kyverno/kyverno-kyverno.v2 with chart kyverno@3.8.1-bb.0
kyverno-policies   10m   True    Helm upgrade succeeded for release kyverno/kyverno-kyverno-policies.v2 with chart kyverno-policies@3.3.4-bb.65
kyverno-reporter   10m   True    Helm install succeeded for release kyverno-reporter/kyverno-reporter-kyverno-reporter.v1 with chart kyverno-reporter@3.7.4-bb.0

Linked Issue

Closes big-bang/product/packages/bb-common#90 (closed)

Upgrade Notices

"N/A"

Edited by Dax McDonald

Merge request reports

UNCLASSIFIED - NO CUI