Resolve "Replace "istio-controlplane" with "istio-system" in chart/templates/bigbang/network-policies/allow-istiod-egress.yaml"
General MR
Summary
-
The
allow-passthrough-ingressgateway-istiod-egressandallow-public-ingressgateway-istiod-egressnetwork policies are getting rendered with the legacy istio operator match labels:
-
To resolve this the
istioNamespaceSelectornamed templated needs to be added to chart/templates/istio-gateway/values.yaml in BB umbrella, and the package schema needs to be updated. The proposed BB level changes are captured in thefix-istio-gateway-netpolsBB branch, and will be added to the ensuing BB MR.
Relevant logs/screenshots
Tested changes in k3d dev cluster with all core packages:
~ % kubectl get networkpolicy -n istio-gateway \
-o="custom-columns=NETWORK POLICY:.metadata.name,EGRESS:.spec.egress[].to[].namespaceSelector,PolicyTypes:.spec.policyTypes" \
| grep "name:istio-gateway\|name:istio-system\|istio-controlplane\|POLICY"
NETWORK POLICY EGRESS PolicyTypes
allow-passthrough-ingressgateway-istiod-egress map[matchLabels:map[app.kubernetes.io/name:istio-system]] [Egress]
allow-public-ingressgateway-istiod-egress map[matchLabels:map[app.kubernetes.io/name:istio-system]] [Egress]
~ %
~ % kubectl get helmrelease -A
NAMESPACE NAME AGE READY STATUS
bigbang alloy 59m True Helm install succeeded for release alloy/alloy.v1 with chart k8s-monitoring@3.0.2-bb.0
bigbang authservice 59m True Helm install succeeded for release authservice/authservice-authservice.v1 with chart authservice@1.0.4-bb.3
bigbang bbctl 59m True Helm install succeeded for release bbctl/bbctl-bbctl.v1 with chart bbctl@2.1.0-bb.1
bigbang grafana 59m True Helm install succeeded for release monitoring/monitoring-grafana.v1 with chart grafana@9.2.10-bb.0
bigbang istio-crds 59m True Helm install succeeded for release istio-system/istio-crds.v1 with chart istio-crds@1.26.2-bb.0
bigbang istiod 59m True Helm install succeeded for release istio-system/istiod.v1 with chart istiod@1.26.2-bb.0
bigbang kiali 59m True Helm install succeeded for release kiali/kiali-kiali.v1 with chart kiali@2.12.0-bb.0
bigbang kyverno 59m True Helm install succeeded for release kyverno/kyverno-kyverno.v1 with chart kyverno@3.4.4-bb.0
bigbang kyverno-policies 59m True Helm install succeeded for release kyverno/kyverno-kyverno-policies.v1 with chart kyverno-policies@3.3.4-bb.10
bigbang kyverno-reporter 59m True Helm install succeeded for release kyverno-reporter/kyverno-reporter-kyverno-reporter.v1 with chart kyverno-reporter@3.1.4-bb.0
bigbang loki 59m True Helm install succeeded for release logging/logging-loki.v1 with chart loki@6.30.1-bb.3
bigbang minio-operator 59m True Helm install succeeded for release minio-operator/minio-operator-minio-operator.v1 with chart minio-operator@7.1.1-bb.0
bigbang monitoring 59m True Helm install succeeded for release monitoring/monitoring-monitoring.v1 with chart monitoring@75.6.1-bb.1
bigbang neuvector 59m True Helm upgrade succeeded for release neuvector/neuvector-neuvector.v2 with chart neuvector@2.8.6-bb.0
bigbang passthrough-ingressgateway 59m True Helm install succeeded for release istio-gateway/passthrough-ingressgateway.v1 with chart gateway@1.26.2-bb.1
bigbang prometheus-operator-crds 59m True Helm install succeeded for release monitoring/prometheus-operator-crds.v1 with chart prometheus-operator-crds@21.0.0-bb.0
bigbang public-ingressgateway 59m True Helm install succeeded for release istio-gateway/public-ingressgateway.v1 with chart gateway@1.26.2-bb.1
bigbang tempo 59m True Helm install succeeded for release tempo/tempo-tempo.v1 with chart tempo@1.21.1-bb.2Linked Issue
Upgrade Notices
"N/A"
Related to #58 (closed)
Edited by Luis Gomez