Description
Warden, when enabled in user's namespace, should, by default, not reject istio proxy containers.
AC
list of allowed registries (trusted exceptions) for user-enabled should be configurable by additional helm override, i.e defaultUserAllowedRegistries
when rendering warden for kyma, europe-docker.pkg.dev/kyma-project/prod/external/istio should be used as a value for the override
when user defines his own custom allowed registries, warden should merge the user provided with those default ones
Reasons
Kyma users may want to enable istio sidecars in their namespaces or on the workloads directly.
This is a key feature of kyma's service mesh capability and it should be working out of the box w/o user having to change the warden config in his namespace
Description Warden, when enabled in user's namespace, should, by default, not reject istio proxy containers.
AC
defaultUserAllowedRegistrieseurope-docker.pkg.dev/kyma-project/prod/external/istioshould be used as a value for the overrideReasons Kyma users may want to enable istio sidecars in their namespaces or on the workloads directly. This is a key feature of kyma's service mesh capability and it should be working out of the box w/o user having to change the warden config in his namespace