Disable Istio with Kyverno explicitly
General MR
Summary
- Update Kyverno configuration to disable Istio integration and add unit tests for namespace and values
Relevant logs/screenshots
Tested with kyverno release that contained bb-common 0.15.0
kubectl -n bigbang get secret bigbang-istiod-values -o jsonpath='{.data.defaults}' | base64 -d | yq | rg -B 3 -A 3 "ambient"
Output:
authservice:
enabled: false
istio:
ambient:
enabled: true
authorizationPolicies:
enabled: truekubectl get ns kyverno -o yaml | yq '.metadata.labels'
Output:
app.kubernetes.io/component: core
app.kubernetes.io/instance: bigbang
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: kyverno
app.kubernetes.io/part-of: bigbang
app.kubernetes.io/version: 3.24.0
helm.sh/chart: bigbang-3.24.0
istio-injection: disabled
istio.io/dataplane-mode: none
kubernetes.io/metadata.name: kyvernokubectl -n kyverno get authorizationpolicy
Output:kubectl -n bigbang get hr kyverno kyverno-policies kyverno-reporter
Output:
NAME AGE READY STATUS
kyverno 10m True Helm upgrade succeeded for release kyverno/kyverno-kyverno.v2 with chart kyverno@3.8.1-bb.0
kyverno-policies 10m True Helm upgrade succeeded for release kyverno/kyverno-kyverno-policies.v2 with chart kyverno-policies@3.3.4-bb.65
kyverno-reporter 10m True Helm install succeeded for release kyverno-reporter/kyverno-reporter-kyverno-reporter.v1 with chart kyverno-reporter@3.7.4-bb.0Linked Issue
Closes big-bang/product/packages/bb-common#90 (closed)
Upgrade Notices
"N/A"
Edited by Dax McDonald