Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[1.17] fix: allows setting Istio CA_ADDR independently #9897

Merged
merged 2 commits into from
Aug 14, 2024
Merged

[1.17] fix: allows setting Istio CA_ADDR independently #9897

merged 2 commits into from
Aug 14, 2024

Conversation

sam-heilbron
Copy link
Contributor

@sam-heilbron sam-heilbron commented Aug 14, 2024
edited
Loading

Description

https://istio.io/latest/docs/reference/commands/pilot-agent/

The Istio documentation indicates that CA_ADDR defaults to the PROXY_CONFIG discovery address. Though it should be possible to specify a CA_ADDR that is unrelated to the discovery address.

However, Gloo helm forces these two separate fields to be aligned as it is driven from a single helm value.

This change introduces an istioSpiffeCertProviderAddress property resolving the problem. The default is kept as istioDiscoveryAddress to ensure backward compatibility.

Context

Backport of: #9756

Interesting decisions

Testing steps

  • I relied on the automated testing that was introduced in the original PR

Notes for reviewers

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have made corresponding changes to the documentation
  • I have added tests that prove my fix is effective or that my feature works

@jlourenc @sam-heilbron
fix: allows setting Istio CA_ADDR independently (#9756)
d0fa406 
* fix: allows setting Istio CA_ADDR independently

https://istio.io/latest/docs/reference/commands/pilot-agent/

The Istio documentation indicates that CA_ADDR defaults to the
PROXY_CONFIG discovery address. Though it should be possible to specify
a CA_ADDR that is unrelated to the discovery address.

However, Gloo helm forces these two separate fields to be aligned as it
is driven from a single helm value.

This change introduces an `istioSpiffeCertProviderAddress` property
resolving the problem. The default is kept as `istioDiscoveryAddress` to
ensure backward compatibility.

* docs: add property documentation + issue link

* move changelog to beta15 folder

* helm_test: fix compile issues, resolve some deprecated function calls

---------

Co-authored-by: Sam Heilbron <samheilbron@gmail.com>
@sam-heilbron sam-heilbron requested a review from a team as a code owner August 14, 2024 17:51
@solo-changelog-bot
Copy link

Issues linked to changelog:
#9855

@github-actions github-actions bot added the keep pr updated signals bulldozer to keep pr up to date with base branch label Aug 14, 2024
@soloio-bulldozer soloio-bulldozer bot merged commit e3eac32 into v1.17.x Aug 14, 2024
18 checks passed
@soloio-bulldozer soloio-bulldozer bot deleted the backport/v1.17.x/istio-ca-address branch August 14, 2024 19:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@npolshakova npolshakova npolshakova approved these changes

@ashishb-solo ashishb-solo ashishb-solo approved these changes

Assignees
No one assigned
Labels
keep pr updated signals bulldozer to keep pr up to date with base branch
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@sam-heilbron @npolshakova @ashishb-solo @jlourenc