Resolve "Update Gitlab"
All threads resolved!
All threads resolved!
Summary
Update the gitlab addon tag to the latest Gitlab package release tag
- network policy to allow sso egress
- turn off ingress in subcharts by default
Closes #483 (closed)
Edited by kevin.wilder
Merge request reports
Activity
changed milestone to %1.10.0
added gitlab label
added statusreview label
requested review from @micah.nagel
requested review from @ryan.j.garcia
Resolved by Micah NagelHey @kevin.wilder, couple things I'm seeing with the Gitlab NPs (and my bad for not bringing these up earlier)...they mostly revolve around having podSelectors for some of these policies:
- Istio ingress: We should be able to put a podselector on this for just "two" labels (the webservice and registry pods). As is, istio ingress is enabled for everything in the Gitlab NS when it should only be needed for one or two pods where we have VS set up.
- "Everywhere" Egress: Again, should be able to put a podselector for just whatever "backend" pods actually need the minio/postgres connection. Same thing here where as is, every pod in ns has that egress when likely only a couple "backend" pods need it (this one I'm not 100% on and if you look into it and all the pods need that egress then that's the best we can do)
- SSO Egress: Same thing here, I'm guessing this egress is only needed for a webservice pod or similar?
Hope these make sense, basically looking to make these policies as robust as the monitoring one you have, where we only enable ingress for the specific pod that is exposing the metrics.
- Last reply by Micah Nagel
removed statusreview label
added statusreview label
mentioned in commit 551dade5
Please register or sign in to reply