Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat!: add netpols and monitoring #81

Merged
merged 8 commits into from
May 16, 2024
Merged

feat!: add netpols and monitoring #81

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
aad1c4d
feat: add netpols and monitoring
zachariahmiller May 11, 2024
753c761
add kubeapi egress back to runner namespace
zachariahmiller May 13, 2024
4de7a53
add kubeapi to sandbox
zachariahmiller May 13, 2024
f6cc29d
update remotePodLabel remoteSelector in sandbox cr
zachariahmiller May 13, 2024
29f84a0
remove extra netpols add review suggestions
zachariahmiller May 15, 2024
da717de
update label values to be string
zachariahmiller May 15, 2024
aaffdc5
remove default svc account, fix added job pod label for netpol
zachariahmiller May 15, 2024
8ea0cbc
Apply suggestions from code review
zachariahmiller May 16, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
47 changes: 47 additions & 0 deletions chart/templates/uds-package-sandbox.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
apiVersion: uds.dev/v1alpha1
kind: Package
metadata:
name: gitlab-runner-sandbox
namespace: {{ .Values.runnerNamespace }}
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
spec:
network:
allow:
- direction: Egress
remoteNamespace: gitlab
remoteSelector:
app: webservice
port: 8181

- direction: Ingress
remoteGenerated: IntraNamespace

- direction: Egress
remoteGenerated: IntraNamespace
zachariahmiller marked this conversation as resolved.
Show resolved Hide resolved

- direction: Egress
remoteNamespace: gitlab-runner
remoteSelector:
app: gitlab-runner
Racer159 marked this conversation as resolved.
Show resolved Hide resolved

- direction: Ingress
remoteNamespace: gitlab-runner
remoteSelector:
app: gitlab-runner

- direction: Egress
Racer159 marked this conversation as resolved.
Show resolved Hide resolved
remoteGenerated: KubeAPI

zachariahmiller marked this conversation as resolved.
Show resolved Hide resolved
{{- range .Values.customSandbox }}
- direction: {{ .direction }}
selector:
{{ .selector | toYaml | nindent 10 }}
{{- if not .remoteGenerated }}
remoteNamespace: {{ .remoteNamespace }}
remoteSelector:
{{ .remoteSelector | toYaml | nindent 10 }}
port: {{ .port }}
{{- else }}
remoteGenerated: {{ .remoteGenerated }}
{{- end }}
description: {{ .description }}
{{- end }}
33 changes: 28 additions & 5 deletions chart/templates/uds-package.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,20 @@ metadata:
name: gitlab-runner
namespace: {{ .Release.Namespace }}
spec:
monitor:
- selector:
app: gitlab-runner
targetPort: 9252
portName: metrics
description: Metrics

network:
allow:
- direction: Egress
podLabels:
selector:
app: gitlab-runner
remoteNamespace: gitlab
remotePodLabels:
remoteSelector:
app: webservice
port: 8181

Expand All @@ -23,9 +30,25 @@ spec:
- direction: Egress
podLabels:
app: gitlab-runner
remoteNamespace: {{ .Values.runnerNamespace }}
remoteGenerated: KubeAPI

- direction: Egress
podLabels:
selector:
app: gitlab-runner
remoteGenerated: KubeAPI
remoteNamespace: {{ .Values.runnerNamespace }}

# Custom rules for unanticipated scenarios
{{- range .Values.custom }}
- direction: {{ .direction }}
selector:
{{ .selector | toYaml | nindent 10 }}
{{- if not .remoteGenerated }}
remoteNamespace: {{ .remoteNamespace }}
remoteSelector:
{{ .remoteSelector | toYaml | nindent 10 }}
port: {{ .port }}
{{- else }}
remoteGenerated: {{ .remoteGenerated }}
{{- end }}
description: {{ .description }}
{{- end }}
8 changes: 8 additions & 0 deletions chart/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,9 @@
runnerNamespace: "gitlab-runner-sandbox"
custom: []
# - direction: Egress
# remoteGenerated: Anywhere
# description: "Egress from to external GitLab"
customSandbox: []
# - direction: Egress
# remoteGenerated: Anywhere
# description: "Egress from to external GitLab"
10 changes: 5 additions & 5 deletions tasks.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
includes:
- dependencies: ./tasks/dependencies.yaml
- test: ./tasks/test.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/setup.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml
- lint: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/lint.yaml
- pull: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/pull.yaml
- deploy: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/deploy.yaml
- setup: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/setup.yaml

tasks:
- name: default
Expand Down
4 changes: 2 additions & 2 deletions tasks/publish.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
includes:
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/create.yaml
- publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.0/tasks/publish.yaml
- create: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/create.yaml
- publish: https://raw.githubusercontent.com/defenseunicorns/uds-common/v0.4.2/tasks/publish.yaml

tasks:
- name: package
Expand Down