UNCLASSIFIED - NO CUI

Skip to content
Snippets Groups Projects

EK Istio mTLS STRICT

Merged EK Istio mTLS STRICT
issue-1013-efk into main
All threads resolved!
Merged Ronnie Webb requested to merge issue-1013-efk into main
All threads resolved!

For https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/1013

NOTE: Uses a podSelector rather than enforcing on the whole namespace since logging is a shared namespace.

Edited by Micah Nagel

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Micah Nagel
  • Micah Nagel
  • Micah Nagel
  • Micah Nagel
    • Micah Nagel
      Micah Nagel @micah.nagel ·
      Contributor
      Resolved by Micah Nagel

      Adding some more general things:

      • We should have two separate peer auth files, completely separated by pod selector (i.e. one for elastic and one for kibana)
      • Any exceptions to the STRICT mode should go inside of those same files as portLevelMtls sections
      • All portLevelMtls exceptions should be wrapped in a conditional on mtls.mode set to STRICT rather than putting that conditional around the entire file
  • Micah Nagel added statusdoing label and removed statusreview label

    added statusdoing label and removed statusreview label

  • Micah Nagel added disable-ci label

    added disable-ci label

  • Micah Nagel assigned to @micah.nagel

    assigned to @micah.nagel

  • Micah Nagel assigned to @ronwebb

    assigned to @ronwebb

  • Micah Nagel added 2 commits

    added 2 commits

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel resolved all threads

    resolved all threads

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel changed title from Issue 1013 efk to EK Istio mTLS STRICT

    changed title from Issue 1013 efk to EK Istio mTLS STRICT

  • Micah Nagel changed the description

    changed the description

  • Micah Nagel marked this merge request as draft

    marked this merge request as draft

  • Micah Nagel removed statusdoing label

    removed statusdoing label

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    • b7d2bfc7 - comment documenting exclusion

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel marked this merge request as ready

    marked this merge request as ready

  • Micah Nagel removed disable-ci label

    removed disable-ci label

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel added 1 commit

    added 1 commit

    Compare with previous version

  • Micah Nagel
    Micah Nagel @micah.nagel ·
    Contributor

    Everything seemed to check out. Note that I put a conditional around the script test because BB CI will fail on it since the test pod is not istio injected. We could resolve that in the future with a change to gluon, but for now this was a simple hack to make it happy.

    See BB MR with all 3 package changes: https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/1537

  • Micah Nagel added statusreview label

    added statusreview label

  • Ryan Garcia approved this merge request

    approved this merge request

  • Ryan Garcia merged

    merged

  • Ryan Garcia mentioned in commit 171c30a4

    mentioned in commit 171c30a4

    • Please register or sign in to reply

    UNCLASSIFIED - NO CUI