UNCLASSIFIED - NO CUI

Skip to content

feat: authz policies

Michael Mendez requested to merge 45-istio-authorization-policies into main

General MR

Summary

The ingress gateway istio authorization policy templating doesn't currently remove the / from the name which causes the minio helmrelease to fail when istio.hardened is enabled. Also adds a policy allowing traffic from minio namespace.

Relevant logs/screenshots

Same error occurs on minio and minio-operator:

Events:
  Type     Reason            Age                  From             Message
  ----     ------            ----                 ----             -------
  Normal   HelmChartCreated  14m                  helm-controller  Created HelmChart/bigbang/bigbang-minio-operator with SourceRef 'GitRepository/bigbang/minio-operator'
  Warning  InstallFailed     3m8s (x10 over 13m)  helm-controller  Helm install failed for release minio-operator/minio-operator-minio-operator with chart minio-operator@5.0.11-bb.1: Unable to continue with install: could not get information about the resource AuthorizationPolicy "istio-system/public-ingressgateway-authz-policy" in namespace "minio-operator": invalid resource name "istio-system/public-ingressgateway-authz-policy": [may not contain '/']

Linked Issue

issue

Upgrade Notices

N/A

Closes #45 (closed)

Merge request reports