Dependency Bumps
- rotisserie/eris has been upgraded to v0.5.4.
- solo-io/solo-kit has been upgraded to v0.34.2.
Helm Changes
- Add helm flags for setting log level on sds container
.Values.global.glooMtls.sds.logLevel
and setting log level on istio-proxy containerglobal.glooMtls.istioProxy.logLevel
. (#9006)
Fixes
- Update to allow deletion of secrets when warnings or errors are present.
When the deletion of a secret is validated, the validating admission webhook removes the secret from the current snapshot, runs translations and looks for errors. Previously, the secret would not be deleted if there were errors, or if there were warnings and theignore_warnings
setting was set asfalse
. This casues issues when trying to delete secrets that are unrelated to the warnings or errors.
The new behavior is to collect all the artifacts of the valdiation process, rerun validation against the original snapshot, and compare the artifacts from that process to the artifacts previously collected. If the artifacts are the same, the secret did not degrade the system and the deletion is allowed. If the artifacts are different, the secret is not deleted and errors are returned.
Because this is a backport, the new behavior is disabled by default in order not to alter existing behavior. This feature can be turned on by setting theDISABLE_VALIDATION_AGAINST_PREVIOUS_STATE
environment variable tofalse
in thegloo
deployment. A dedicated helm value has not been added, and the environment variable can be set usinggloo.gloo.deployment.customEnv
(#8931)