Skip to content

Fix ip ranges policy and remove istio/grafana

Arturo Hernandez [EPAM] requested to merge fix-policy/ip-ranges into master

Infrastructure Submissions:

  • [YES] Have you added an explanation of what your changes do and why you'd like us to include them?
  • [YES] I have updated the documentation accordingly.
  • [NA] I have added tests to cover my changes.
  • [YES] All new and existing tests passed.
  • [NO] I have formatted the terraform code.

Current Behavior or Linked Issues

  • Currently there were 2 policies which were not compliant, the ip range not defined which can be solved by using 0.0.0.0/0 defined in the AKS control plane, this will still allow all ip ranges to reach AKS control plane.
  • Grafana for istio mesh visivility does not comply with current policy Deny Privilege Escalation, this is getting installed at istio controller level, therefore to fix this we either need to change controller behavior in istio or use another approach to install Kiali, as for now, marking Kiali as disabled.

Does this introduce a breaking change?

  • [NO] Just Disable Kiali in Istio Mesh.

Other information

Updated docs

Merge request reports