fix(templates): configured authpol to only create if not already created
General MR
Summary
This MR adds logic to prevent creating the gateway's default authorization policy if it already exists.
Relevant logs/screenshots
Before:
❯ kubectl get events -n bigbang -o json | jq --arg since "$(date -d '60 seconds ago' -u +%Y-%m-%dT%H:%M:%SZ)" '.items[] | select(.reason == "DriftDetected") | select(.lastTimestamp >= $since) | {type: .type, reason: .reason, object: .involvedObject.name, message: .message, time: .lastTimestamp}'
{
"type": "Warning",
"reason": "DriftDetected",
"object": "passthrough-ingressgateway",
"message": "Cluster state of release istio-gateway/passthrough-ingressgateway.v5 has drifted from the desired state:\nAuthorizationPolicy/istio-gateway/allow-ingress-gateway-authz-policy changed (0 additions, 2 changes, 0 removals)\nPeerAuthentication/istio-gateway/default-istio-gateway changed (0 additions, 2 changes, 0 removals)",
"time": "2025-06-09T14:33:57Z"
}
{
"type": "Warning",
"reason": "DriftDetected",
"object": "public-ingressgateway",
"message": "Cluster state of release istio-gateway/public-ingressgateway.v3 has drifted from the desired state:\nAuthorizationPolicy/istio-gateway/allow-ingress-gateway-authz-policy changed (0 additions, 2 changes, 0 removals)\nPeerAuthentication/istio-gateway/default-istio-gateway changed (0 additions, 2 changes, 0 removals)",
"time": "2025-06-09T14:34:07Z"
}
After
❯ kubectl get events -n bigbang -o json | jq --arg since "$(date -d '60 seconds ago' -u +%Y-%m-%dT%H:%M:%SZ)" '.items[] | select(.reason == "DriftDetected") | select(.lastTimestamp >= $since) | {type: .type, reason: .reason, object: .involvedObject.name, message: .message, time: .lastTimestamp}'Linked Issue
Related to #49 (closed)
Related to #48 (closed)
Upgrade Notices
N/A
Edited by Zach Callahan