From 6203426d3184d2168ca8132e049e59673849ae78 Mon Sep 17 00:00:00 2001 From: Yisheng Cai Date: Thu, 26 Oct 2023 08:42:48 +0800 Subject: [PATCH] Support Istio migration mode (#1116) * Make mtls mode permissive for Istio migration * Apply to slim (cherry picked from commit 1b38177b6e6c2305325f5d15c20e26d87a6d1b46) --- charts/sn-platform-slim/templates/broker/broker-cluster.yaml | 4 ++++ .../templates/istio/default-peerauthentication.yaml | 4 ++++ charts/sn-platform-slim/values.yaml | 1 + charts/sn-platform/templates/broker/broker-cluster.yaml | 4 ++++ .../templates/istio/default-peerauthentication.yaml | 4 ++++ charts/sn-platform/values.yaml | 1 + 6 files changed, 18 insertions(+) diff --git a/charts/sn-platform-slim/templates/broker/broker-cluster.yaml b/charts/sn-platform-slim/templates/broker/broker-cluster.yaml index ff910f501..4c952fd06 100644 --- a/charts/sn-platform-slim/templates/broker/broker-cluster.yaml +++ b/charts/sn-platform-slim/templates/broker/broker-cluster.yaml @@ -167,6 +167,10 @@ spec: {{- if and .Values.istio.enabled .Values.ingress.broker.enabled }} istio: enabled: true + {{- if .Values.istio.migration }} + mtls: + mode: permissive + {{- end }} gateway: selector: {{- include "pulsar.istio.gateway.selector" . | indent 8 }} diff --git a/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml b/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml index 5fb5a110b..0bca0c86f 100644 --- a/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml +++ b/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml @@ -25,5 +25,9 @@ metadata: namespace: {{ template "pulsar.namespace" . }} spec: mtls: +{{- if .Values.istio.migration }} + mode: PERMISSIVE +{{- else }} mode: STRICT {{- end }} +{{- end }} diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index e86f6442c..bd482acab 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -2092,6 +2092,7 @@ extraResources: [] istio: enabled: false + migration: false # istio labels used to inject sidecars if it's not `sidecar.istio.io/inject: "true"` labels: {} # If you're using the prometheus in this chart, please keep mergeMetrics disabled. diff --git a/charts/sn-platform/templates/broker/broker-cluster.yaml b/charts/sn-platform/templates/broker/broker-cluster.yaml index 540947630..32297656a 100644 --- a/charts/sn-platform/templates/broker/broker-cluster.yaml +++ b/charts/sn-platform/templates/broker/broker-cluster.yaml @@ -171,6 +171,10 @@ spec: {{- if and .Values.istio.enabled .Values.ingress.broker.enabled }} istio: enabled: true + {{- if .Values.istio.migration }} + mtls: + mode: permissive + {{- end }} gateway: selector: {{- include "pulsar.istio.gateway.selector" . | indent 8 }} diff --git a/charts/sn-platform/templates/istio/default-peerauthentication.yaml b/charts/sn-platform/templates/istio/default-peerauthentication.yaml index 5fb5a110b..0bca0c86f 100644 --- a/charts/sn-platform/templates/istio/default-peerauthentication.yaml +++ b/charts/sn-platform/templates/istio/default-peerauthentication.yaml @@ -25,5 +25,9 @@ metadata: namespace: {{ template "pulsar.namespace" . }} spec: mtls: +{{- if .Values.istio.migration }} + mode: PERMISSIVE +{{- else }} mode: STRICT {{- end }} +{{- end }} diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml index f5ba881f2..ab3c29dac 100644 --- a/charts/sn-platform/values.yaml +++ b/charts/sn-platform/values.yaml @@ -2454,6 +2454,7 @@ custom_metric_server: istio: enabled: false + migration: false # istio labels used to inject sidecars if it's not `sidecar.istio.io/inject: "true"` labels: {} # If you're using the prometheus in this chart, please keep mergeMetrics disabled.