Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Istio 1.5 no longer generates secrets - Kiali needs to handle this by default #2440

Closed
jmazzitelli opened this issue Feb 24, 2020 · 0 comments
Closed
Assignees
Labels
bug

Comments

@jmazzitelli
Copy link
Contributor

@jmazzitelli jmazzitelli commented Feb 24, 2020

Re: istio/istio#21407

Istio 1.5 no longer generates secrets by default. Kiali needs this secret to obtain a cert for https by default when installed on K8s (like minikube).

By default, we should probably not expect the secret and just put Kiali behind http when on Kubernetes. This means those who want secure access (https) to the Kiali service should either (a) generate their own secret and tell Kiali about it via the Kiali CR's spec.identity setting or (b) put a Gateway or Ingress or something like that in front of Kiali.

When on OpenShift, we use a secret generated for us by OpenShift (so we are not reliant on Istio generating the secret). So we are still good with default behavior on OpenShift.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

1 participant
You can’t perform that action at this time.