Updates wait command to wait until all X/Y over Y in the 'READY' column report with X==Y
Adds a Pod Security Policy deployed only when ICP is detected. Ideally we'd do this by testing if the cluster was lacking NET_ADMIN for the namespace, but I can't figure out how to do that, so this is simpler for now.
Rewrites the Cert generation to build a self-signed CA, and then generate a Key & CSR, then use the CA to sign off on the CSR generating a Cert signed by the CA with a matching Key. (This is needed to allow Chrome 58+ to even consider talking to the site).
Tested a few times against ICP with Istio+Helm with success.
First pass..
Updates wait command to wait until all X/Y over Y in the 'READY' column report with X==Y
Adds a Pod Security Policy deployed only when ICP is detected. Ideally we'd do this by testing if the cluster was lacking NET_ADMIN for the namespace, but I can't figure out how to do that, so this is simpler for now.
Rewrites the Cert generation to build a self-signed CA, and then generate a Key & CSR, then use the CA to sign off on the CSR generating a Cert signed by the CA with a matching Key. (This is needed to allow Chrome 58+ to even consider talking to the site).
Tested a few times against ICP with Istio+Helm with success.
This change is