Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

istio-system namespace label mismatch #36

Open
ghost opened this issue Feb 15, 2024 · 0 comments
Open

istio-system namespace label mismatch #36

ghost opened this issue Feb 15, 2024 · 0 comments

Comments

@ghost
Copy link

ghost commented Feb 15, 2024

Version

2.20.0

Overview

The istio-system namespace is created with a mismatched name label (istio-controlplane).

Subsequently, the Istio network policies in subcharts (ex: Nexus) use a label selector for a namespace name that doesn't exist.

This can cause confusion when attempting to deploy a subchart independently of umbrella Bigbang as one might do for development or a very narrow production environment -- really, anywhere that Istio is installed separately from Bigbang.

Proposed Solution(s)

Unifying the name and labeling of the istio-system namespace by changing the name, or the label would improve system clarity. Though, it's worth noting that changing the label would also mean changing the label selector in almost every downstream Istio ingress/egress network policy. Changing the name is also likely to cause some confusion in the near-term, but is probably the simplest option.

A potential alternative (and my preferred approach) would be to expose the label selector name in each subchart as an input value (something like .Values.istio.controlplane-namespace) to be templated in the policy. This could be implemented gradually by making the default value in each subchart istio-controlplane. Doing so would allow us to leave the namespace's name and label unchanged while still enabling flexibility for independent subchart deployments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Development

No branches or pull requests

0 participants