UNCLASSIFIED - NO CUI

Snippets Groups Projects

Currently supported Big Bang Version is 2.51

Project 'platform-one/big-bang/bigbang' was moved to 'big-bang/bigbang'. Please update any links and bookmarks that may still have the old path.

Merged Chris Harden requested to merge registry-only-sidecar-tempo into main 1 year ago

All threads resolved!

General MR

Summary

This MR introduces a Sidecar and a set of ServiceEntries for Tempo when istio.enabled: true and istio.hardened.enabled: true. This is in support of big-bang&160.

Additionally, during testing it was discovered that the AuthorizationPolicy previously added was preventing Monitoring and Kiali from talking to Tempo, due to a conflict between .Values.sso.enabled && .Values.istio.hardened.enabled. This has been fixed.

Relevant logs/screenshots

(Include any relevant logs/screenshots)

Linked Issue

Upgrade Notices

A Sidecar resource has been added to the Tempo namespace that disallows egress to endpoints that are not part of the Istio service registry (a.k.a REGISTRY_ONLY). The outboundTrafficPolicy.mode in the Sidecar can be configured, however, to be something other than REGISTRY_ONLY if desired by setting istio.hardened.outboundTrafficPolicyMode. This provides a redundant layer of network security in addition to NetworkPolicies. This Sidecar is disabled by default but can be enabled by setting istio.enabled: true and istio.hardened.enabled: true.

Additionally, custom ServiceEntries can be created by populating the istio.hardened.customServiceEntries list.

Closes #48 (closed)

Activity

Chris Harden added kindfeature priority6 statusdoing teamService Mesh labels 1 year ago

added kindfeature priority6 statusdoing teamService Mesh labels
Chris Harden assigned to @charden 1 year ago

assigned to @charden
Chris Harden requested review from @seagren.tim 1 year ago

requested review from @seagren.tim
Chris Harden removed statusdoing label 1 year ago

removed statusdoing label
Chris Harden added statusreview label 1 year ago

added statusreview label
Chris Harden marked this merge request as ready 1 year ago

marked this merge request as ready
Tim Seagren @seagren.tim started a thread on an old version of the diff 1 year ago

Resolved 1 year ago by Chris Harden
Last reply by Tim Seagren 1 year ago

Tim Seagren @seagren.tim started a thread on an old version of the diff 1 year ago

Resolved 1 year ago by Chris Harden

Chris Harden added 1 commit 1 year ago

added 1 commit

c72a2fb1 - Thank you

Compare with previous version

Chris Harden resolved all threads 1 year ago

resolved all threads

Chris Harden added 1 commit 1 year ago

added 1 commit

53fe0f3f - TY

Compare with previous version

bigbang bot requested review from @jimmyungerman, @ryan.j.garcia, @piotr.machaj, @steven.donald, @daniel.dides, @staskiewicz.blane, @alieberman, and @dhilgaertner2 1 year ago

requested review from @jimmyungerman, @ryan.j.garcia, @piotr.machaj, @steven.donald, @daniel.dides, @staskiewicz.blane, @alieberman, and @dhilgaertner2

Blane Staskiewicz @staskiewicz.blane started a thread on an old version of the diff 1 year ago

Automatically resolved 1 year ago by Chris Harden

Chris Harden resolved all threads 1 year ago

resolved all threads

Chris Harden added 1 commit 1 year ago

added 1 commit

40693910 - Update CHANGELOG.md

Compare with previous version

Blane Staskiewicz approved this merge request 1 year ago

approved this merge request

Blane Staskiewicz enabled an automatic merge when the pipeline for succeeds 1 year ago

enabled an automatic merge when the pipeline for 40693910 succeeds

Blane Staskiewicz merged 1 year ago

merged

Blane Staskiewicz mentioned in commit 1 year ago

mentioned in commit bf7a13e2

Ghost User mentioned in merge request big-bang/bigbang!3891 (merged) 1 year ago

mentioned in merge request big-bang/bigbang!3891 (merged)

Please register or sign in to reply

UNCLASSIFIED - NO CUI