-
Spike
-
Resolution: Done
-
Undefined
-
None
-
None
-
Sprint 52, Sprint 53, Sprint 54, Sprint 55, Sprint 56, Sprint 57, Sprint 58 - week 1
In a cluster-wide install
- only one SMCP can exist per cluster
- there are no ServiceMeshMemberRolls/ServiceMeshMembers
- istiod watches all namespaces
The outcome of this issue should be a design document that answers the following questions:
- what permissions does a user need to create a cluster-wide install of Service Mesh?
- how do we need to isolate the control plane to make sure we don't leak permissions to unprivileged users?
- how do we ensure cluster-wide installs and multi-tenant installs of Service Mesh never exist on the same cluster?
- what are the implications for federation?
- how will auto-inject work in a cluster-wide install?
- how will we manage the helm charts around this? special charts for multi-tenant vs cluster-wide?
- are there implications for addons, ie prometheus, kiali, jaeger?
Timebox: 5 days
- causes
-
OSSM-2133 Cluster Wide - Validate Istiod watches are cluster-scoped
-
- Closed
-
- mentioned on
