Integrated bb-common
General MR
Summary
- Updated gluon to 0.9.8
- Integrated bb-common and replaced static resources with dynamically generated bb-common resources
Relevant logs/screenshots
Before Integration:
kubectl get ap -n bbctl
NAME ACTION AGE
allow-intranamespace-bctl ALLOW 50mkubectl get se -n bbctl
NAME HOSTS LOCATION RESOLUTION AGE
cypress-service-entries-bbctl ["registry.npmjs.org","download.cypress.io","cdn.cypress.io","repo1.dso.mil","grafana.dev.bigbang.mil"] MESH_EXTERNAL DNS 50mAfter Integration:
kubectl get netpol -n bbctl
NAME POD-SELECTOR AGE
allow-egress-from-bbctl-bigbang-policy-to-kubeapi app.kubernetes.io/name=bbctl-bigbang-policy 131m
allow-egress-from-bbctl-bigbang-preflight-to-kubeapi app.kubernetes.io/name=bbctl-bigbang-preflight 131m
allow-egress-from-bbctl-bigbang-status-to-kubeapi app.kubernetes.io/name=bbctl-bigbang-status 131m
allow-egress-from-bbctl-bigbang-updater-to-bigbang-releases app.kubernetes.io/name=bbctl-bigbang-updater 4m56s
allow-egress-from-bbctl-bigbang-updater-to-kubeapi app.kubernetes.io/name=bbctl-bigbang-updater 131m
allow-egress-from-bbctl-bigbang-updater-to-private-registry app.kubernetes.io/name=bbctl-bigbang-updater 17m
allow-egress-from-bbctl-bigbang-violations-to-kubeapi app.kubernetes.io/name=bbctl-bigbang-violations 131m
default-egress-allow-all-in-ns <none> 131m
default-egress-allow-istiod <none> 131m
default-egress-allow-kube-dns <none> 131m
default-egress-deny-all <none> 131m
default-ingress-allow-all-in-ns <none> 131m
default-ingress-allow-prometheus-to-istio-sidecar <none> 131m
default-ingress-deny-all <none> 131mkubectl get ap -n bbctl
NAME ACTION AGE
default-authz-allow-all-in-ns ALLOW 7m57s
default-authz-allow-nothing 7m57skubectl get se -n bbctl
NAME HOSTS LOCATION RESOLUTION AGE
bbctl-external ["repo1.dso.mil","registry1.dso.mil","umbrella-bigbang-releases.s3-us-gov-west-1.amazonaws.com"] MESH_EXTERNAL DNS 130m
bbctl-tests-external ["grafana.dev.bigbang.mil"] MESH_EXTERNAL DNS 130mkubectl get pa -n bbctl
NAME MODE AGE
default-peer-auth STRICT 8m10sManually ran all pods, validated they all completed without issue, and verified istio-proxy logs were clean on all:
kubectl get po -n bbctl
NAME READY STATUS RESTARTS AGE
bbctl-bbctl-bigbang-policy-29514000-dvkff 0/2 Completed 0 47m
bbctl-bbctl-bigbang-policy-manual-cqpbz 0/2 Completed 0 17s
bbctl-bbctl-bigbang-preflight-29514000-52h4h 0/2 Completed 0 47m
bbctl-bbctl-bigbang-preflight-manual-nwk64 0/2 Completed 0 16s
bbctl-bbctl-bigbang-status-29514000-nk69t 0/2 Completed 0 47m
bbctl-bbctl-bigbang-status-manual-ln7bc 0/2 Completed 0 16s
bbctl-bbctl-bigbang-updater-29514000-q7f7x 0/2 Completed 0 47m
bbctl-bbctl-bigbang-updater-manual-ndxhf 0/2 Completed 0 16s
bbctl-bbctl-bigbang-violations-29514000-6q8tf 0/2 Completed 0 47m
bbctl-bbctl-bigbang-violations-manual-66pbm 0/2 Completed 0 15sValidated Dashboards:
Note: Metrics-Server addon was crashing causing Metrics to show up as red; This was showing the same prior to the upgrade/changes
Linked Issue
Upgrade Notices
BBCTL is now leveraging our bb-common integration for network policies and all istio-related resources. Please refer to this blog post for additional information on the integration.
As part of the integration a new package level definition has been created called private-registry which enables outbound access to external registries for the bbctl-bigbang-updater cronjob. By default this definition is already set up to allow it to repo1.dso.mil and registry1.dso.mil so no action is needed if these are the only registries in use.
Umbrella Branch
bbctl-bb-common