remove legacy stuff

Julius von Kohout (Corporate Development) · Julius von Kohout (Corporate Development) · commit 16acf493fdfa · 2023-05-09T10:45:02.000+02:00
diff --git a/common/istio-1-16/istio-install/base/kustomization.yaml b/common/istio-1-16/istio-install/base/kustomization.yaml
@@ -14,7 +14,4 @@ patchesStrategicMerge:
 - patches/service.yaml
 - patches/istio-configmap-disable-tracing.yaml
 - patches/disable-debugging.yaml
-# Disable this patch until we upgrade to kustomize to v4+ 
-# see https://github.com/kubeflow/manifests/issues/2325#issuecomment-1323909056
-# - patches/remove-pdb.yaml
-
+- patches/remove-pdb.yaml
diff --git a/common/istio-cni-1-16/kustomization.yaml b/common/istio-cni-1-16/kustomization.yaml
@@ -7,41 +7,8 @@
 #tar xzf istio.tar.gz
 #istio-${ISTIO_TAG}/bin/istioctl manifest generate --set values.pilot.autoscaleMin=1 --set values.gateways.istio-ingressgateway.autoscaleMin=1 --set components.cni.enabled=true --set components.cni.namespace=kube-system --set components.cni.tag=${ISTIO_TAG} --set values.global.proxy.resources.requests.cpu=10m --set tag=${ISTIO_TAG} > istio.yaml
 #rm -rf istio-${ISTIO_TAG} istio.tar.gz
-
-# sadly there is a bug such that the busybox image is not configurable in a proper way
-
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
-
 resources:
 - namespace.yaml
-- istio.yaml
-
-patchesStrategicMerge:
-# Pentest enahncement: check port 15010 & 8080 in istiod: According to https://istio.io/latest/docs/ops/best-practices/security/#control-plane port 15010 is not that problematic (only resource discovery). Other parts of the documentation also say | 15010 | GRPC | XDS and CA services (Plaintext, only for secure networks) | We have a secure network layer and only XDS is served. Port 8080 is not listed in the service and even if it would be somehow reachable by IP it only "offers read access". Nevertheless we set ENABLE_DEBUG_ON_HTTP=false do disable it entirely.
-- |-
-  apiVersion: apps/v1
-  kind: Deployment
-  metadata:
-    name: istiod
-    namespace: istio-system
-  spec:
-    template:
-      spec:
-        containers:
-        - name: discovery
-          env:
-          - name: ENABLE_DEBUG_ON_HTTP
-            value: 'false'
-# https://github.com/kubeflow/manifests/issues/2285
-- |-
-  apiVersion: v1
-  kind: Service
-  metadata:
-    name: istio-ingressgateway
-    namespace: istio-system
-  spec:
-    type: ClusterIP
-
-
-
+- istio.yaml
diff --git a/common/podsecuritypolicies/kustomization.yaml b/common/podsecuritypolicies/kustomization.yaml
@@ -6,4 +6,3 @@ resources:
 - restricted/kubeflow-restricted-psp.yaml
 - restricted/kubeflow-restricted-clusterrole.yaml
 - restricted/kubeflow-restricted-clusterrole-rolebinding.yaml
-
