UNCLASSIFIED - NO CUI

Skip to content

Resolve "Implement Istio Authorization Policies"

Andrew Shoell requested to merge 215-implement-istio-authorization-policies into main

General MR

Summary

Add Istio Authorization Policies

Relevant logs/screenshots

n/a

Linked Issue

#215 (closed)

gitlab-runner#69 (closed)

Upgrade Notices

This requires an upgrade to K8s 1.29 for native sidecars. This gets rid of the istio-proxy container and instead builds it into the existing container. This allows jobs to exit gracefully (rather than staying alive forever because istio-proxy won't exit), and allows init containers to run because envoy is built into each of them rather than coming up after init containers would run. This requires .Values.values.pilot.env contains {"ENABLE_NATIVE_SIDECARS": true}, so if you are currently passing values there, make sure to add this to them.

Edited by Andrew Shoell

Merge request reports