fix(irc): remove namespace from istio ambient mode
Best Practices / Kube-score Analysis (push) Has been cancelled
Best Practices / Polaris Audit (push) Has been cancelled
Best Practices / Resource Usage Analysis (push) Has been cancelled
Best Practices / PR Summary Report (push) Has been cancelled
Best Practices / Polaris PR Review (push) Has been cancelled
Security Scan / Trivy Security Scan (push) Has been cancelled
Security Scan / Trivy PR Review (push) Has been cancelled
Security Scan / Checkov IaC Scan (push) Has been cancelled
Security Scan / Checkov PR Review (push) Has been cancelled
Validate Manifests / YAML Lint (push) Has been cancelled
Validate Manifests / Kustomize Build Test (push) Has been cancelled
Validate Manifests / Kubernetes Schema Validation (push) Has been cancelled
Best Practices / Kube-score Analysis (push) Has been cancelled
Best Practices / Polaris Audit (push) Has been cancelled
Best Practices / Resource Usage Analysis (push) Has been cancelled
Best Practices / PR Summary Report (push) Has been cancelled
Best Practices / Polaris PR Review (push) Has been cancelled
Security Scan / Trivy Security Scan (push) Has been cancelled
Security Scan / Trivy PR Review (push) Has been cancelled
Security Scan / Checkov IaC Scan (push) Has been cancelled
Security Scan / Checkov PR Review (push) Has been cancelled
Validate Manifests / YAML Lint (push) Has been cancelled
Validate Manifests / Kustomize Build Test (push) Has been cancelled
Validate Manifests / Kubernetes Schema Validation (push) Has been cancelled
Drop the istio.io/dataplane-mode label and the AuthorizationPolicies for thelounge and znc. Gateway was returning upstream connect errors when traffic transited ztunnel; reverting the namespace to non-mesh restores reachability. CiliumNetworkPolicies remain for egress filtering.
This commit is contained in:
@@ -2,5 +2,3 @@ apiVersion: v1
|
||||
kind: Namespace
|
||||
metadata:
|
||||
name: irc
|
||||
labels:
|
||||
istio.io/dataplane-mode: ambient
|
||||
|
||||
@@ -1,15 +0,0 @@
|
||||
apiVersion: security.istio.io/v1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
name: thelounge
|
||||
namespace: irc
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: thelounge
|
||||
action: ALLOW
|
||||
rules:
|
||||
- from:
|
||||
- source:
|
||||
namespaces:
|
||||
- gateway-system
|
||||
@@ -4,6 +4,5 @@ resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
- httproute.yaml
|
||||
- authorizationpolicy.yaml
|
||||
- ciliumnetworkpolicy.yaml
|
||||
- config.yaml
|
||||
|
||||
@@ -1,19 +0,0 @@
|
||||
apiVersion: security.istio.io/v1
|
||||
kind: AuthorizationPolicy
|
||||
metadata:
|
||||
name: znc
|
||||
namespace: irc
|
||||
spec:
|
||||
selector:
|
||||
matchLabels:
|
||||
app.kubernetes.io/name: znc
|
||||
action: ALLOW
|
||||
rules:
|
||||
- from:
|
||||
- source:
|
||||
namespaces:
|
||||
- irc
|
||||
- to:
|
||||
- operation:
|
||||
ports:
|
||||
- "6501"
|
||||
@@ -3,5 +3,4 @@ kind: Kustomization
|
||||
resources:
|
||||
- statefulset.yaml
|
||||
- service.yaml
|
||||
- authorizationpolicy.yaml
|
||||
- ciliumnetworkpolicy.yaml
|
||||
|
||||
Reference in New Issue
Block a user