IstioGw + AppGw permission update
All Submissions:
- [YES] Have you added an explanation of what your changes do and why you'd like us to include them? YES
- [YES] I have updated the documentation accordingly. - YES
- [YES] My code follows the code style of this project. - YES
Current Behavior or Linked Issues
- This is related to the process to migrate from AGIC to Istio Gw + AppGw
- Created module for appgw for istio, which does not ignore rules created and will follow those.
- Refactored
main.tfcode and use one single file for all the istio-appgw related resources for convenience to read. - Will leave as for now AGIC, until we had feedback from customers about appgw change.
- Fixed integration tests
- Raised ubuntu version for pipelines (Tested in glab and dev environments already)
- Static istio ip address for load balancer (should match the helm-charts-azure), choose based on available ip addresses space. 10.10.255.253
Does this introduce a breaking change?
- [NO]
This introduces a new feature, however, on end users they might need to change their DNS hostnames to the new provisioned istio App GW in order to start using that.
Eventually we need to create another MR which will deprecate appgw controlled by agic.
The istio ip address can be overwritten by terraform var files or by terraform env vars, or variable group if used in azure devops
Other information
- Current cert-job which is in helm-charts-azure does not work as expected and uses the spn instead of msi.
- We change behavior of cert job to use instead msi to get authenticated and apply changes in the appgw.
Ref #236 (closed)