Skip to content

deploy misev2 #3860

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
katherinelc321 wants to merge 2 commits into
base: main
Choose a base branch
from
Open

deploy misev2 #3860

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
5e080d8
deploy misev2
katherinelc321 Jan 22, 2026
7a0ea22
fix tests
katherinelc321 Jan 22, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
92 changes: 92 additions & 0 deletions istio/deploy/charts/mise/templates/deployment-misev2.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,92 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: misev2
namespace: '{{ .Values.namespace }}'
spec:
replicas: 2
selector:
matchLabels:
app: misev2
version: v2
template:
metadata:
labels:
app: misev2
version: v2
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: '{{ if eq (int .Values.deployment.zoneCount) 0 }}kubernetes.azure.com/agentpool{{ else }}topology.kubernetes.io/zone{{ end }}'
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: misev2
version: v2
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: misev2
version: v2
containers:
- name: misev2
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digestv2 }}"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /healthz
port: 8080
readinessProbe:
httpGet:
path: /readyz
port: 8080
env:
- name: Mise__Authentication__Authority
value: "{{ .Values.audit.adInstance }}{{ .Values.audit.tenantId }}/v2.0"
- name: Mise__Authentication__ClientId
value: "{{ .Values.audit.clientId }}"
- name: Mise__Authentication__Audience
value: "{{ .Values.audit.audience }}"
- name: Mise__InboundPolicies__Enabled
value: "true"
- name: Mise__InboundPolicies__0__Label
value: "{{ .Values.armPolicy.label }}"
- name: Mise__InboundPolicies__0__Authority
value: "{{ .Values.armPolicy.authority }}"
- name: Mise__InboundPolicies__0__Protocols__0
value: "PoP"
- name: Mise__InboundPolicies__0__Authentication__ValidAudiences__0
value: "{{ .Values.armPolicy.audience }}"
- name: Mise__InboundPolicies__0__Authentication__ValidApplicationIds__0
value: "{{ .Values.armPolicy.applicationId }}"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateTs
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateM
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateU
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateP
value: "true"
- name: Mise__InboundPolicies__1__Label
value: "{{ .Values.genevaActionsPolicy.label }}"
- name: Mise__InboundPolicies__1__Authority
value: "{{ .Values.genevaActionsPolicy.authority }}"
- name: Mise__InboundPolicies__1__Protocols__0
value: "Bearer"
- name: Mise__InboundPolicies__1__Authentication__ValidAudiences__0
value: "{{ .Values.genevaActionsPolicy.audience }}"
- name: Mise__InboundPolicies__1__Authentication__ValidApplicationIds__0
value: "{{ .Values.genevaActionsPolicy.applicationId }}"
- name: Mise__Logging__LogLevel__Default
value: "Information"
- name: AllowedHosts
value: "*"
- name: Kestrel__Endpoints__Http__Url
value: "http://0.0.0.0:8080"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "{{ .Values.tracing.address }}"
- name: OTEL_TRACES_EXPORTER
value: "{{ .Values.tracing.exporter }}"
1 change: 1 addition & 0 deletions istio/deploy/charts/mise/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ image:
registry: ""
repository: ""
digest: ""
digestv2: ""
tracing:
address: ""
exporter: ""
Expand Down
94 changes: 94 additions & 0 deletions istio/testdata/zz_fixture_TestHelmTemplate_istio_mise_enabled.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -154,6 +154,100 @@ spec:
path: /stats/prometheus
port: http-envoy-prom
---
# Source: istio/charts/mise/templates/deployment-misev2.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: misev2
namespace: 'mise'
spec:
replicas: 2
selector:
matchLabels:
app: misev2
version: v2
template:
metadata:
labels:
app: misev2
version: v2
spec:
topologySpreadConstraints:
- maxSkew: 1
topologyKey: 'topology.kubernetes.io/zone'
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: misev2
version: v2
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: ScheduleAnyway
labelSelector:
matchLabels:
app: misev2
version: v2
containers:
- name: misev2
image: "{{ .Values.image.registry }}/{{ .Values.image.repository }}@{{ .Values.image.digestv2 }}"
ports:
- containerPort: 8080
livenessProbe:
httpGet:
path: /healthz
port: 8080
readinessProbe:
httpGet:
path: /readyz
port: 8080
env:
- name: Mise__Authentication__Authority
value: "https://login.microsoftonline.com/33e01921-4d64-4f8c-a055-5bdaffd5e33d/v2.0"
- name: Mise__Authentication__ClientId
value: "b3cb2fab-15cb-4583-ad06-f91da9bfe2d1"
- name: Mise__Authentication__Audience
value: "api://b3cb2fab-15cb-4583-ad06-f91da9bfe2d1"
- name: Mise__InboundPolicies__Enabled
value: "true"
- name: Mise__InboundPolicies__0__Label
value: "ARM Policy"
- name: Mise__InboundPolicies__0__Authority
value: "https://login.microsoftonline.com/33e01921-4d64-4f8c-a055-5bdaffd5e33d"
- name: Mise__InboundPolicies__0__Protocols__0
value: "PoP"
- name: Mise__InboundPolicies__0__Authentication__ValidAudiences__0
value: 'https://management.azure.com'
- name: Mise__InboundPolicies__0__Authentication__ValidApplicationIds__0
value: 'e2c2ff5c-e5b4-4e79-8c3e-1da8c48461e7'
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateTs
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateM
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateU
value: "true"
- name: Mise__InboundPolicies__0__Validation__SignedHttpRequest__ValidateP
value: "true"
- name: Mise__InboundPolicies__1__Label
value: "Geneva Actions"
- name: Mise__InboundPolicies__1__Authority
value: "https://sts.windows.net/__tenantId__/"
- name: Mise__InboundPolicies__1__Protocols__0
value: "Bearer"
- name: Mise__InboundPolicies__1__Authentication__ValidAudiences__0
value: 'https://management.azure.com'
- name: Mise__InboundPolicies__1__Authentication__ValidApplicationIds__0
value: "__genevaActionsAppId__"
- name: Mise__Logging__LogLevel__Default
value: "Information"
- name: AllowedHosts
value: "*"
- name: Kestrel__Endpoints__Http__Url
value: "http://0.0.0.0:8080"
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "{{ .Values.tracing.address }}"
- name: OTEL_TRACES_EXPORTER
value: "{{ .Values.tracing.exporter }}"
---
# Source: istio/templates/mise.serviceentry.yml
apiVersion: networking.istio.io/v1
kind: ServiceEntry
Expand Down
1 change: 1 addition & 0 deletions istio/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ mise:
registry: "{{ .acr.svc.name }}.azurecr.io"
repository: "{{ .mise.image.repository }}"
digest: "{{ .mise.image.digest }}"
digestv2: "{{ .mise.image.digestv2 }}"
audit:
adInstance: "https://{{ .mise.arm.authorityFQDN }}/"
clientId: "{{ .firstPartyAppClientId }}"
Expand Down
Loading