Gloo Edge / Istio VirtualService Integration Problems

[edubonifs]

Gloo Edge Version

1.13.x (latest stable)

Kubernetes Version

None

Describe the bug

When installing Gloo Edge into a cluster with Istio, we are interfering with the short names of the CRD's Istio are using. I.e. vs or virtualservice .

Users are getting errors like, when expecting to get Istio virtual services: Error from server (Forbidden): virtualservices.gateway.solo.io "app" is forbidden: User "developer:margrethe.store-fremtind.no" cannot get resource "virtualservices" in API group "gateway.solo.io" in the namespace "a50503c-devns"

Gloo Edge CRD:
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
  creationTimestamp: null
  name: virtualservices.gateway.solo.io
spec:
  group: gateway.solo.io
  names:
    kind: VirtualService
    listKind: VirtualServiceList
    plural: virtualservices
    shortNames:
      - vs
      - gvs
    singular: virtualservice 

We have this FE that adds shortNames: https://github.com/solo-io/gloo/pull/5592

However, we still have vs as a short name which is causing as to get the whole CRD name

virtualservices.networking.istio.io

A workaround at the moment would be deleting the shortName:

yq -i 'del(.spec.names.shortNames[] | select(. == "vs"))' $HELM_DIR/output.yaml
yq -i 'del(.spec.names.singular | select(. == "virtualservice"))' $HELM_DIR/output.yaml
yq -i 'del(.spec.names.plural | select(. == "virtualservices"))' $HELM_DIR/output.yaml

However for upgrades the users would have to do this operation manually in helm.

Which would be the best approach for solving this?

Steps to reproduce the bug

Install Gloo Edge and Istio in the same cluster

Expected Behavior

Kubectl get vs only gets Gloo Edge VirtualServices but not Istio ones

Additional Context

No response

[github-actions[bot]]

This issue has been marked as stale because of no activity in the last 180 days. It will be closed in the next 180 days unless it is tagged "no stalebot" or other activity occurs.