Updated logic to use correct value from package
General MR
Summary
- Updated logic for Redis network policies in ArgoCD to reference correct value when internal Redis is enabled
Relevant logs/screenshots
Prior to Changes:
kubectl get netpol -n argocd
NAME POD-SELECTOR AGE
allow-egress-from-any-pod-to-ns-tempo-pod-tempo-tcp-port-9411 <none> 19m
allow-egress-from-argocd-application-controller-to-kubeapi app.kubernetes.io/name=argocd-application-controller 19m
allow-egress-from-argocd-applicationset-controller-to-kubeapi app.kubernetes.io/name=argocd-applicationset-controller 19m
allow-egress-from-argocd-dex-server-to-kubeapi app.kubernetes.io/name=argocd-dex-server 19m
allow-egress-from-argocd-notifications-controller-to-kubeapi app.kubernetes.io/name=argocd-notifications-controller 19m
allow-egress-from-argocd-repo-server-to-anywhere-tcp-port-443 app.kubernetes.io/name=argocd-repo-server 19m
allow-egress-from-argocd-server-to-kubeapi app.kubernetes.io/name=argocd-server 19m
allow-egress-from-argocd-upgrade-job-to-kubeapi app.kubernetes.io/name=argocd-upgrade-job 19m
allow-ingress-to-argocd-8080-from-ns-istio-gateway-pod-public-ingressgateway app.kubernetes.io/name=argocd-server 19m
allow-ingress-to-argocd-application-controller-tcp-port-8082-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-application-controller 19m
allow-ingress-to-argocd-repo-server-tcp-port-8084-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-repo-server 19m
allow-ingress-to-argocd-server-tcp-port-8083-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-server 19m
default-egress-allow-all-in-ns <none> 19m
default-egress-allow-istiod <none> 19m
default-egress-allow-kube-dns <none> 19m
default-egress-deny-all <none> 19m
default-ingress-allow-all-in-ns <none> 19m
default-ingress-allow-prometheus-to-istio-sidecar <none> 19m
default-ingress-deny-all <none> 19mAfter Changes:
kubectl get netpol -n argocd
NAME POD-SELECTOR AGE
allow-egress-from-any-pod-to-ns-tempo-pod-tempo-tcp-port-9411 <none> 22m
allow-egress-from-argocd-application-controller-to-kubeapi app.kubernetes.io/name=argocd-application-controller 22m
allow-egress-from-argocd-applicationset-controller-to-kubeapi app.kubernetes.io/name=argocd-applicationset-controller 22m
allow-egress-from-argocd-dex-server-to-kubeapi app.kubernetes.io/name=argocd-dex-server 22m
allow-egress-from-argocd-notifications-controller-to-kubeapi app.kubernetes.io/name=argocd-notifications-controller 22m
allow-egress-from-argocd-repo-server-to-anywhere-tcp-port-443 app.kubernetes.io/name=argocd-repo-server 22m
allow-egress-from-argocd-server-to-kubeapi app.kubernetes.io/name=argocd-server 22m
allow-egress-from-argocd-upgrade-job-to-kubeapi app.kubernetes.io/name=argocd-upgrade-job 22m
allow-ingress-to-argocd-8080-from-ns-istio-gateway-pod-public-ingressgateway app.kubernetes.io/name=argocd-server 22m
allow-ingress-to-argocd-application-controller-tcp-port-8082-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-application-controller 22m
allow-ingress-to-argocd-repo-server-tcp-port-8084-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-repo-server 22m
allow-ingress-to-argocd-server-tcp-port-8083-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=argocd-server 22m
allow-ingress-to-redis-bb-tcp-port-6379-from-ns-monitoring-pod-grafana app.kubernetes.io/name=redis-bb 94s
allow-ingress-to-redis-bb-tcp-port-9121-from-ns-monitoring-pod-prometheus app.kubernetes.io/name=redis-bb 94s
default-egress-allow-all-in-ns <none> 22m
default-egress-allow-istiod <none> 22m
default-egress-allow-kube-dns <none> 22m
default-egress-deny-all <none> 22m
default-ingress-allow-all-in-ns <none> 22m
default-ingress-allow-prometheus-to-istio-sidecar <none> 22m
default-ingress-deny-all <none> 22mLinked Issue
Closes issue
Upgrade Notices
N/A
Edited by Andrew Shoell