feat: authz policies
General MR
Summary
The ingress gateway istio authorization policy templating doesn't currently remove the /
from the name which causes the minio helmrelease to fail when istio.hardened is enabled. Also adds a policy allowing traffic from minio namespace.
Relevant logs/screenshots
Same error occurs on minio and minio-operator:
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal HelmChartCreated 14m helm-controller Created HelmChart/bigbang/bigbang-minio-operator with SourceRef 'GitRepository/bigbang/minio-operator'
Warning InstallFailed 3m8s (x10 over 13m) helm-controller Helm install failed for release minio-operator/minio-operator-minio-operator with chart minio-operator@5.0.11-bb.1: Unable to continue with install: could not get information about the resource AuthorizationPolicy "istio-system/public-ingressgateway-authz-policy" in namespace "minio-operator": invalid resource name "istio-system/public-ingressgateway-authz-policy": [may not contain '/']
Linked Issue
Upgrade Notices
N/A
Closes #45 (closed)