[ACLs] listchecker and listentry CRDs not found in OCP 4.4

[saberkan]

When trying to create ACLs in whitelisting step, listchecker and listentry CRDs are not found.

Issue: $ oc apply -f lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml rule.config.istio.io/checktorecommendation created unable to recognize "lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml": no matches for kind "listchecker" in version "config.istio.io/v1alpha2" unable to recognize "lab-ossm/workshop/content/src/istiofiles/acl-whitelist.yml": no matches for kind "listentry" in version "config.istio.io/v1alpha2"

Excpecting: listchecker and listentry created. Or adapt acl-whitelist.yml according to any new CRDs ?

Environment: OCP 4.4

[saberkan]

Additional information:

• CRDs have evolved in istio 1.2+: https://raw.githubusercontent.com/istio/istio/release-1.6/samples/bookinfo/policy/mixer-rule-deny-whitelist.yaml
• The entire feature is deprecated: https://istio.io/docs/tasks/policy-enforcement/denial-and-list/#attribute-based-whitelists-or-blacklists

[thoraxe]

This workshop is not yet tested on 4.4 -- but this is a good find!

I'll leave this issue open for reference but we don't have a plan to update to 4.4 any time soon.

[brian-avery]

Thanks for the issue. Maistra/OSSM 1.1 is based on Istio 1.4, so it will be a while before the deprecation affects us. However, the CRD issue that you mentioned does affect us when using Maistra/OSSM 1.1. Note that this affects installations on any platform for Maistra/OSSM 1.1, not just OpenShift 4.4.