From ee93aca3b8e0550d3e4e0f403996e2e615d8861c Mon Sep 17 00:00:00 2001
From: Chris Farhood <chris@farhood.org>
Date: Sun, 17 May 2026 08:13:26 -0400
Subject: [PATCH] fix(irc): remove namespace from istio ambient mode

Drop the istio.io/dataplane-mode label and the AuthorizationPolicies
for thelounge and znc. Gateway was returning upstream connect errors
when traffic transited ztunnel; reverting the namespace to non-mesh
restores reachability. CiliumNetworkPolicies remain for egress filtering.
---
 namespace.yaml                     |  2 --
 thelounge/authorizationpolicy.yaml | 15 ---------------
 thelounge/kustomization.yaml       |  1 -
 znc/authorizationpolicy.yaml       | 19 -------------------
 znc/kustomization.yaml             |  1 -
 5 files changed, 38 deletions(-)
 delete mode 100644 thelounge/authorizationpolicy.yaml
 delete mode 100644 znc/authorizationpolicy.yaml

diff --git a/namespace.yaml b/namespace.yaml
index 8deb5a1..fdbf70a 100644
--- a/namespace.yaml
+++ b/namespace.yaml
@@ -2,5 +2,3 @@ apiVersion: v1
 kind: Namespace
 metadata:
   name: irc
-  labels:
-    istio.io/dataplane-mode: ambient
diff --git a/thelounge/authorizationpolicy.yaml b/thelounge/authorizationpolicy.yaml
deleted file mode 100644
index ffefe90..0000000
--- a/thelounge/authorizationpolicy.yaml
+++ /dev/null
@@ -1,15 +0,0 @@
-apiVersion: security.istio.io/v1
-kind: AuthorizationPolicy
-metadata:
-  name: thelounge
-  namespace: irc
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: thelounge
-  action: ALLOW
-  rules:
-  - from:
-    - source:
-        namespaces:
-        - gateway-system
diff --git a/thelounge/kustomization.yaml b/thelounge/kustomization.yaml
index 9c1a21e..ff87268 100644
--- a/thelounge/kustomization.yaml
+++ b/thelounge/kustomization.yaml
@@ -4,6 +4,5 @@ resources:
   - statefulset.yaml
   - service.yaml
   - httproute.yaml
-  - authorizationpolicy.yaml
   - ciliumnetworkpolicy.yaml
   - config.yaml
diff --git a/znc/authorizationpolicy.yaml b/znc/authorizationpolicy.yaml
deleted file mode 100644
index 4658032..0000000
--- a/znc/authorizationpolicy.yaml
+++ /dev/null
@@ -1,19 +0,0 @@
-apiVersion: security.istio.io/v1
-kind: AuthorizationPolicy
-metadata:
-  name: znc
-  namespace: irc
-spec:
-  selector:
-    matchLabels:
-      app.kubernetes.io/name: znc
-  action: ALLOW
-  rules:
-  - from:
-    - source:
-        namespaces:
-        - irc
-  - to:
-    - operation:
-        ports:
-        - "6501"
diff --git a/znc/kustomization.yaml b/znc/kustomization.yaml
index a2f4802..858e6c9 100644
--- a/znc/kustomization.yaml
+++ b/znc/kustomization.yaml
@@ -3,5 +3,4 @@ kind: Kustomization
 resources:
   - statefulset.yaml
   - service.yaml
-  - authorizationpolicy.yaml
   - ciliumnetworkpolicy.yaml