Resolve "Implement Istio Authorization Policies"
General MR
Summary
Add Istio Authorization Policies
Relevant logs/screenshots
n/a
Linked Issue
Upgrade Notices
This requires an upgrade to K8s 1.29 for native sidecars. This gets rid of the istio-proxy container and instead builds it into the existing container. This allows jobs to exit gracefully (rather than staying alive forever because istio-proxy won't exit), and allows init containers to run because envoy is built into each of them rather than coming up after init containers would run. This requires .Values.values.pilot.env
contains {"ENABLE_NATIVE_SIDECARS": true}
, so if you are currently passing values there, make sure to add this to them.
Edited by Andrew Shoell