Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add netpols/UDS Package CR for istio and pepr #103

Open
mjnagel opened this issue Jan 16, 2024 · 1 comment · May be fixed by #239
Open

Add netpols/UDS Package CR for istio and pepr #103

mjnagel opened this issue Jan 16, 2024 · 1 comment · May be fixed by #239
Assignees
@TristanHoladay
Labels
enhancement New feature or request

Comments

@mjnagel
Copy link
Contributor

mjnagel commented Jan 16, 2024

Is your feature request related to a problem? Please describe.

#66 introduced the new operator to UDS Core but does not include UDS Package CRs for istio or pepr components. While the ordering of deployment may make these more difficult it seems wise to include network policies (and other future benefits of the CR) for each of these.

Describe the solution you'd like

Ideally the istio charts and pepr itself deploy with their own UDS Package CRs. One thing we need to be careful to avoid is blocking/impacting the operator's ability to perform all necessary tasks.

Possibly we could deploy the CRD before all other components (similar to how prometheus CRDs are handled). Alternatively we could deploy Pepr before istio and most of the timing should work out.

Describe alternatives you've considered

  1. Network policies and any other necessary objects could be created/deployed "manually" rather than via the operator. While this would work and sidestep the timing considerations it feels strange to not leverage the operator's benefits.
  2. Leave these unprotected with no network policies. While this is the easiest answer I do think its at least worth exploring what network policies would work for istio/pepr and seeing if they have any tangible benefits before dismissing it entirely.
@mjnagel mjnagel added the enhancement New feature or request label Jan 16, 2024
@TristanHoladay TristanHoladay self-assigned this Mar 1, 2024
@TristanHoladay
Copy link
Contributor

Spoke with Barrett from the Pepr team about the use case of adding a chart programatically to the generated pepr module zarf.yaml. Conclusion was that it's not a good fit for Pepr to handle this. We could always write a script do this but probably not worth it just to keep from declaring two pepr packages in the standard package zarf.yaml.

@TristanHoladay TristanHoladay linked a pull request Mar 8, 2024 that will close this issue
Draft
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@TristanHoladay TristanHoladay

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

chore: uds cr for istio and pepr defenseunicorns/uds-core
2 participants
@mjnagel @TristanHoladay