Improve bb-common configuration for fortify
General MR
Summary
- Introduced .gitignore to exclude Helm test outputs, macOS files, IDEs, and temporary files.
- Updated changelog with changes including restructuring NetworkPolicies and adding external MySQL support.
- Removed allow-all-egress network policy and related configurations.
- Added new keystore-job network policy for egress definitions.
Relevant logs/screenshots
Netpols after bb-common
NAME POD-SELECTOR AGE
allow-egress-from-keystore-job-to-kubeapi job=keystore-generator 22m
allow-ingress-to-fortify-8080-from-ns-istio-gateway-pod-public-ingressgateway app.kubernetes.io/component=webapp,app.kubernetes.io/name=fortify-ssc 22m
default-egress-allow-all-in-ns <none> 22m
default-egress-allow-istiod <none> 22m
default-egress-allow-kube-dns <none> 22m
default-egress-deny-all <none> 22m
default-ingress-allow-all-in-ns <none> 22m
default-ingress-allow-prometheus-to-istio-sidecar <none> 22m
default-ingress-deny-all <none> 22m
fortify-mysql app.kubernetes.io/instance=fortify,app.kubernetes.io/managed-by=Helm,app.kubernetes.io/name=mysql,app.kubernetes.io/version=8.0.36,helm.sh/chart=mysql-9.19.0 22mLinked Issue
Upgrade Notices
"TBD"
Umbrella branch
review-fortify
Edited by Dax McDonald