Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Change Citadel namespace targeting rules (#15503)
Introduce new designated labels ca.istio.io/env and ca.istio.io/override. Check for presence of these options before creating secrets for a ServiceAccount, and ensure the Citadel instance is in the namespace designated in the label value or has override label set. The enableNamespacesByDefault option determines the default behavior in the case that these labels are not found. Added logic for retroactive creation and deletion of secrets in activated / deactivated namespaces.
- Loading branch information
1 parent
be7e0a3
commit 3ef5a60
Showing
5 changed files
with
325 additions
and
136 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.