Draft: Reconfigure the Vault deployment to use Istio in pre
What
Reconfigure the Vault deployment to use Istio in pre.
The healthchecks continue working after enabling the Istio sidecar because they use an exec instead of HTTP probes.
We might want to disable TLS in Vault to rely on Istio's mTLS only instead.
Still very much a work in progress.
TODO:
-
add custom ServiceMonitor for custom TLS settings (https://istio.io/latest/docs/ops/integrations/prometheus/#tls-settings) -
enable Istio injection for the Vault snapshot job -
adjust health/live probes?
Why
Originally part of https://gitlab.com/gitlab-com/gl-infra/reliability/-/issues/23980
Edited by Pierre Guinoiseau