feat(helm): optional Istio resources (Sidecar egress, ServiceEntries, JWT authn/authz)#2240
feat(helm): optional Istio resources (Sidecar egress, ServiceEntries, JWT authn/authz)#2240elihai-risk wants to merge 1 commit into
Conversation
… JWT authn/authz) Add a generic, fully value-driven istio block (all disabled by default): - Sidecar: restrict egress for the chart's pods (workloadSelector, egressHosts, outboundTrafficPolicy) - the allow-list agents need under REGISTRY_ONLY meshes - ServiceEntries: register external hosts (LLM providers, OAuth issuers, databases) in the mesh registry, TLS or raw TCP - RequestAuthentication + AuthorizationPolicy: JWT validation and access rules, jwtRules/rules passed through verbatim Nothing is opinionated: no defaults beyond Istio's own, selectors and hosts fully user-supplied, sidecar injection stays via podAnnotations. Includes helm-unittest coverage (4 tests). Signed-off-by: Elihai Blomberg <elihai.blomberg@riskified.com>
There was a problem hiding this comment.
Pull request overview
Note
Copilot couldn't run its full agentic review because no GitHub Actions runner was available. Make sure your repository has a runner available to run Copilot's review, or add a copilot-setup-steps.yml file specifying one with the runs-on attribute. See the docs for more details.
Adds an optional, fully value-driven istio configuration block to the Helm chart (disabled by default) to support Istio meshes requiring controlled egress and JWT auth policies.
Changes:
- Introduces
istiovalues for Sidecar egress restriction, ServiceEntries, and JWT RequestAuthentication/AuthorizationPolicy. - Adds
templates/istio.yamlto render the optional Istio CRs based on values. - Adds helm-unittest coverage validating “default off” and basic render behavior for each resource type.
Reviewed changes
Copilot reviewed 3 out of 3 changed files in this pull request and generated 8 comments.
| File | Description |
|---|---|
| helm/kagent/values.yaml | Documents and defines the new istio values block (default-disabled). |
| helm/kagent/templates/istio.yaml | Implements rendering for Sidecar, ServiceEntry, RequestAuthentication, AuthorizationPolicy. |
| helm/kagent/tests/istio_test.yaml | Adds helm-unittest cases for default behavior and enabled resources. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| values.yaml. | ||
| */}} | ||
| {{- if .Values.istio.sidecar.enabled }} | ||
| apiVersion: networking.istio.io/v1 |
| {{- end }} | ||
| {{- range .Values.istio.serviceEntries }} | ||
| --- | ||
| apiVersion: networking.istio.io/v1 |
| {{- end }} | ||
| {{- if .Values.istio.requestAuthentication.enabled }} | ||
| --- | ||
| apiVersion: security.istio.io/v1 |
| {{- end }} | ||
| {{- if .Values.istio.authorizationPolicy.enabled }} | ||
| --- | ||
| apiVersion: security.istio.io/v1 |
| apiVersion: networking.istio.io/v1 | ||
| kind: ServiceEntry | ||
| metadata: | ||
| name: {{ include "kagent.fullname" $ }}-{{ .name }} |
| hosts: | ||
| {{- toYaml .hosts | nindent 4 }} | ||
| location: {{ .location | default "MESH_EXTERNAL" }} | ||
| resolution: {{ .resolution | default "DNS" }} | ||
| ports: | ||
| {{- toYaml .ports | nindent 4 }} |
| action: {{ .Values.istio.authorizationPolicy.action | default "ALLOW" }} | ||
| rules: | ||
| {{- toYaml .Values.istio.authorizationPolicy.rules | nindent 4 }} |
| jwtRules: | ||
| {{- toYaml .Values.istio.requestAuthentication.jwtRules | nindent 4 }} |
|
Hey there, I really appreciate the PR but frankly I think this is too specific for the core kagent helm chart, this could be a good use case for extraObjects as proposed in #2174 |
|
Fair call — |
What
A generic, fully value-driven
istioblock (everything disabled by default):Sidecar— restrict egress for the chart's pods (workloadSelector,egressHosts,outboundTrafficPolicy). This is the allow-list agent pods need underREGISTRY_ONLYmeshes.ServiceEntrylist — register the external hosts agents actually reach (LLM providers, OAuth issuers, databases) in the mesh registry; TLS or raw TCP ports.RequestAuthentication+AuthorizationPolicy— JWT validation / access rules on selected workloads, withjwtRules/rulespassed through verbatim.Why
Agents are exactly the workload you want egress-fenced: they execute model-driven tool calls, so meshes running
REGISTRY_ONLYneed ServiceEntries for every LLM/OAuth/DB host and a Sidecar allow-list — today that all has to live in a wrapper chart. We run kagent 0.9.11 on EKS + Istio with this shape in production (LiteLLM + Okta + Postgres egress).Nothing here is opinionated: no hosts or issuers are pre-filled, selectors are user-supplied, and sidecar injection itself stays where it already works (
podAnnotations). Orgs not on Istio see zero change.Notes
🤖 Generated with Claude Code