Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restore Istio PeerAuthentications (with strict mode) #12760

Merged
merged 7 commits into from Dec 2, 2021
Merged

Restore Istio PeerAuthentications (with strict mode) #12760

merged 7 commits into from Dec 2, 2021

Conversation

skhalash
Copy link
Contributor

@skhalash skhalash commented Dec 1, 2021
edited by a-thaler

Description

Changes proposed in this pull request:

  • This PR removes PeerAuthentication resources, which became unneeded after making Prometheus scrape the corresponding targets via HTTPS. However, when testing Kyma 1 to Kyma 2 upgrades using the Reconciler we found out that the TLS-scraped targets are down. The reason for that is the left-over PeerAuthentication resources with permissive mTLS mode set (Reconciler does not remove deleted resources when upgrading Kyma). In order to circumvent this problem, it was decided to restore the PeerAuthentication resources (with strict mode instead of permissive).

Related issue(s)

Fixes #12743

@skhalash skhalash added the area/monitoring Issues or PRs related to the monitoring module (deprecated) label Dec 1, 2021
@skhalash skhalash self-assigned this Dec 1, 2021
@skhalash skhalash requested a review from a user December 1, 2021 10:06
@kyma-bot kyma-bot added the size/L Denotes a PR that changes 100-499 lines, ignoring generated files. label Dec 1, 2021
@skhalash skhalash added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 1, 2021
@skhalash
Copy link
Contributor Author

skhalash commented Dec 1, 2021

/retest

1 similar comment
@skhalash
Copy link
Contributor Author

skhalash commented Dec 1, 2021

/retest

@kyma-bot kyma-bot added the lgtm Looks good to me! label Dec 1, 2021
@skhalash skhalash removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Dec 1, 2021
@a-thaler
Copy link
Contributor

a-thaler commented Dec 2, 2021

/test pre-main-kyma-integration-k3d-central-app-connectivity-compass

@skhalash
Copy link
Contributor Author

skhalash commented Dec 2, 2021

/retest

wozniakjan
wozniakjan approved these changes Dec 2, 2021
View reviewed changes
Copy link
Contributor

@wozniakjan wozniakjan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

giving blind lgtm, it was explained to me that this is putting istio configuration back that was temporarily disabled.
/lgtm

@kyma-bot kyma-bot merged commit 43f8231 into kyma-project:main Dec 2, 2021
@skhalash skhalash deleted the restore-peer-authentication branch December 2, 2021 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@k15r k15r k15r approved these changes

@chrkl chrkl chrkl approved these changes

@wozniakjan wozniakjan wozniakjan approved these changes

@veichtj veichtj veichtj approved these changes

@a-thaler a-thaler Awaiting requested review from a-thaler

@adamwalach adamwalach Awaiting requested review from adamwalach

@clebs clebs Awaiting requested review from clebs

@cnvergence cnvergence Awaiting requested review from cnvergence

@dariusztutaj dariusztutaj Awaiting requested review from dariusztutaj

@jeremyharisch jeremyharisch Awaiting requested review from jeremyharisch

@ksputo ksputo Awaiting requested review from ksputo

@lilitgh lilitgh Awaiting requested review from lilitgh

@lindnerby lindnerby Awaiting requested review from lindnerby

@marcobebway marcobebway Awaiting requested review from marcobebway

@mfaizanse mfaizanse Awaiting requested review from mfaizanse

@mjakobczyk mjakobczyk Awaiting requested review from mjakobczyk

@nachtmaar nachtmaar Awaiting requested review from nachtmaar

@piotrkpc piotrkpc Awaiting requested review from piotrkpc

@piotrmiskiewicz piotrmiskiewicz Awaiting requested review from piotrmiskiewicz

@PK85 PK85 Awaiting requested review from PK85

@pxsalehi pxsalehi Awaiting requested review from pxsalehi

@rakesh-garimella rakesh-garimella Awaiting requested review from rakesh-garimella

@sayanh sayanh Awaiting requested review from sayanh

@shorim shorim Awaiting requested review from shorim

@strekm strekm Awaiting requested review from strekm

@suleymanakbas91 suleymanakbas91 Awaiting requested review from suleymanakbas91

@szwedm szwedm Awaiting requested review from szwedm

@Tomasz-Smelcerz-SAP Tomasz-Smelcerz-SAP Awaiting requested review from Tomasz-Smelcerz-SAP

@voigt voigt Awaiting requested review from voigt

@werdes72 werdes72 Awaiting requested review from werdes72

Assignees

@k15r k15r

@chrkl chrkl

@wozniakjan wozniakjan

@skhalash skhalash

@veichtj veichtj

Labels
area/monitoring Issues or PRs related to the monitoring module (deprecated) lgtm Looks good to me! size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Prometheus targets down on upgraded kyma2 cluster
7 participants
@skhalash @a-thaler @k15r @chrkl @wozniakjan @veichtj @kyma-bot