feat: support kubernetes gateway api#2965
Conversation
I can answer that question more clearly once I have solved the issue with token verification. It will likely involve adding an AuthorizationPolicy or modifying a common one, if we integrate it into the team-ns chart. |
ferruhcihan
left a comment
ferruhcihan
left a comment
There was a problem hiding this comment.
It appears that TTY might not need a ServiceEntry, whereas the Tekton Dashboard could require one. It would be great to confirm this, so we can make sure the configuration is correct for both.
Thanks for pointing out the missing entries. The ServiceEntry is only necessary for platform-internal traffic to find its way when using external host names. Missing some of them would likely go unnoticed in most cases, but for consistency I think it is better to have them in all cases. Therefore I added them. |
5 participants
📌 Summary
This PR migrates from Ingress-Nginx to the Kubernetes Gateway API using Istio as an ingress gateway.
🔍 Reviewer Notes
There are two related PRs, that need to be considered during tests:
The migration process is implemented but requires changes in the following PR to work correctly. This should be merged first:
For avoiding a race condition between the ConfigMap update and the operator already reconciling, deactivate it temporarily:
apl-operatorand scale down to0, so that it does not sync while you make the following changes:kubectl patch applications.argoproj.io -n argocd apl-operator-apl-operator --patch '[{"op": "remove", "path": "/spec/syncPolicy/automated"}]' --type=json kubectl scale --replicas=0 -n apl-operator deployment apl-operatorotomi/otomi-statusfielddeployingVersionto4.16.0:kubectl patch configmap otomi-status -n otomi --type merge -p '{"data":{"deployingVersion": "4.16.0"}}'APL-1595-2)apl-operatorback upThe following related PR has already been merged to reduce the diff of this one. It includes the CRD and a base chart for generic setup of Gateways:
🧹 Checklist