From 89e9f6cd7824693166b91d0d8a5e52c3824027f5 Mon Sep 17 00:00:00 2001 From: Yisheng Cai Date: Sun, 22 Oct 2023 11:23:46 +0800 Subject: [PATCH 1/2] Make mtls mode permissive for Istio migration --- charts/sn-platform/templates/broker/broker-cluster.yaml | 4 ++++ .../templates/istio/default-peerauthentication.yaml | 4 ++++ charts/sn-platform/values.yaml | 1 + 3 files changed, 9 insertions(+) diff --git a/charts/sn-platform/templates/broker/broker-cluster.yaml b/charts/sn-platform/templates/broker/broker-cluster.yaml index 540947630..32297656a 100644 --- a/charts/sn-platform/templates/broker/broker-cluster.yaml +++ b/charts/sn-platform/templates/broker/broker-cluster.yaml @@ -171,6 +171,10 @@ spec: {{- if and .Values.istio.enabled .Values.ingress.broker.enabled }} istio: enabled: true + {{- if .Values.istio.migration }} + mtls: + mode: permissive + {{- end }} gateway: selector: {{- include "pulsar.istio.gateway.selector" . | indent 8 }} diff --git a/charts/sn-platform/templates/istio/default-peerauthentication.yaml b/charts/sn-platform/templates/istio/default-peerauthentication.yaml index 5fb5a110b..0bca0c86f 100644 --- a/charts/sn-platform/templates/istio/default-peerauthentication.yaml +++ b/charts/sn-platform/templates/istio/default-peerauthentication.yaml @@ -25,5 +25,9 @@ metadata: namespace: {{ template "pulsar.namespace" . }} spec: mtls: +{{- if .Values.istio.migration }} + mode: PERMISSIVE +{{- else }} mode: STRICT {{- end }} +{{- end }} diff --git a/charts/sn-platform/values.yaml b/charts/sn-platform/values.yaml index f5ba881f2..ab3c29dac 100644 --- a/charts/sn-platform/values.yaml +++ b/charts/sn-platform/values.yaml @@ -2454,6 +2454,7 @@ custom_metric_server: istio: enabled: false + migration: false # istio labels used to inject sidecars if it's not `sidecar.istio.io/inject: "true"` labels: {} # If you're using the prometheus in this chart, please keep mergeMetrics disabled. From d3d14a335e0d8423dd90b67021d40f35d7c88a32 Mon Sep 17 00:00:00 2001 From: Yisheng Cai Date: Tue, 24 Oct 2023 22:24:37 +0800 Subject: [PATCH 2/2] Apply to slim --- charts/sn-platform-slim/templates/broker/broker-cluster.yaml | 4 ++++ .../templates/istio/default-peerauthentication.yaml | 4 ++++ charts/sn-platform-slim/values.yaml | 1 + 3 files changed, 9 insertions(+) diff --git a/charts/sn-platform-slim/templates/broker/broker-cluster.yaml b/charts/sn-platform-slim/templates/broker/broker-cluster.yaml index ff910f501..4c952fd06 100644 --- a/charts/sn-platform-slim/templates/broker/broker-cluster.yaml +++ b/charts/sn-platform-slim/templates/broker/broker-cluster.yaml @@ -167,6 +167,10 @@ spec: {{- if and .Values.istio.enabled .Values.ingress.broker.enabled }} istio: enabled: true + {{- if .Values.istio.migration }} + mtls: + mode: permissive + {{- end }} gateway: selector: {{- include "pulsar.istio.gateway.selector" . | indent 8 }} diff --git a/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml b/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml index 5fb5a110b..0bca0c86f 100644 --- a/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml +++ b/charts/sn-platform-slim/templates/istio/default-peerauthentication.yaml @@ -25,5 +25,9 @@ metadata: namespace: {{ template "pulsar.namespace" . }} spec: mtls: +{{- if .Values.istio.migration }} + mode: PERMISSIVE +{{- else }} mode: STRICT {{- end }} +{{- end }} diff --git a/charts/sn-platform-slim/values.yaml b/charts/sn-platform-slim/values.yaml index e86f6442c..bd482acab 100644 --- a/charts/sn-platform-slim/values.yaml +++ b/charts/sn-platform-slim/values.yaml @@ -2092,6 +2092,7 @@ extraResources: [] istio: enabled: false + migration: false # istio labels used to inject sidecars if it's not `sidecar.istio.io/inject: "true"` labels: {} # If you're using the prometheus in this chart, please keep mergeMetrics disabled.