Merge branch '1931-gitlab-runner-not-passing-control-plane-cidr' into 'main'

1931 gitlab runner not passing control plane cidr See merge request !158

Merge branch '1931-gitlab-runner-not-passing-control-plane-cidr' into 'main'
346ad3ca · Nigel Bazzeghin · cc64263a · adbbf4f9 · 346ad3ca · 346ad3ca
Commit 346ad3ca authored 10 months ago by Nigel Bazzeghin
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -2,6 +2,10 @@

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

+## [0.63.0-bb.10] - 2024-05-14
+### Changed
+- Refactored kubeapiPort to kubeAPIPort and added documentation for kubeAPIPort
+
 ## [0.63.0-bb.9] - 2024-05-14
 ### Changed
 - Updated grafana dashboards to work with both prometheus and thanos datasource's 

--- a/README.md
+++ b/README.md
 # gitlab-runner

-![Version: 0.63.0-bb.9](https://img.shields.io/badge/Version-0.63.0--bb.9-informational?style=flat-square) ![AppVersion: v16.10.0](https://img.shields.io/badge/AppVersion-v16.10.0-informational?style=flat-square)
+![Version: 0.63.0-bb.10](https://img.shields.io/badge/Version-0.63.0--bb.10-informational?style=flat-square) ![AppVersion: v16.10.0](https://img.shields.io/badge/AppVersion-v16.10.0-informational?style=flat-square)

 GitLab Runner

@@ -130,6 +130,7 @@ helm install gitlab-runner chart/
 | monitoring.enabled | bool | `false` |  |
 | networkPolicies.enabled | bool | `false` |  |
 | networkPolicies.controlPlaneCidr | string | `"0.0.0.0/0"` |  |
+| networkPolicies.kubeAPIPort | string | `""` | Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port The port where the Kubernetes API server listens for secure connections.  |
 | networkPolicies.additionalPolicies | list | `[]` |  |
 | autoRegister.enabled | bool | `false` |  |
 | bbtests.enabled | bool | `false` |  |

--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
 apiVersion: v2
 name: gitlab-runner
-version: 0.63.0-bb.9
+version: 0.63.0-bb.10
 appVersion: v16.10.0
 description: GitLab Runner
 keywords:

--- a/chart/templates/bigbang/networkpolicies/egress-runner-to-kube-api.yaml
+++ b/chart/templates/bigbang/networkpolicies/egress-runner-to-kube-api.yaml
@@ -7,7 +7,7 @@ metadata:
 spec:
  podSelector:
    matchLabels:
-      app: gitlab-runner
+      app: gitlab-runner   # runner needs to access kube-api to start jobs
  policyTypes:
    - Egress
  egress:
@@ -16,12 +16,13 @@ spec:
            cidr: {{ default "0.0.0.0/0" .Values.networkPolicies.controlPlaneCidr }}
            {{- if eq (default "0.0.0.0/0" .Values.networkPolicies.controlPlaneCidr) "0.0.0.0/0" }}
            except:
+            # Block requests to AWS cloud metadata IP
              - 169.254.169.254/32
            {{- end }}
    - ports:
-      {{- if .Values.networkPolicies.kubeapiPort }}
+      {{- if .Values.networkPolicies.kubeAPIPort }}
        - protocol: TCP
-          port: {{ .Values.networkPolicies.kubeapiPort }}
+          port: {{ .Values.networkPolicies.kubeAPIPort }}
      {{- else }}
        - protocol: TCP
          port: 443

--- a/chart/values.yaml
+++ b/chart/values.yaml
@@ -860,6 +860,9 @@ networkPolicies:
  enabled: false
  # See `kubectl cluster-info` and then resolve to IP
  controlPlaneCidr: 0.0.0.0/0
+  # -- Kube API Port, defaults to 443 and 6443 within the template but can be set to custom port
+  # The port where the Kubernetes API server listens for secure connections. 
+  kubeAPIPort: ""
  additionalPolicies: []
  # expected use case is to open egress for runner jobs
  # This is a dev example policy spec and CIDR 0.0.0.0/0 is unsafe for operational environments

--- a/tests/test-values.yml
+++ b/tests/test-values.yml
@@ -8,7 +8,7 @@ runners:
 networkPolicies:
  enabled: true
  controlPlaneCidr: 172.20.0.0/29
-  kubeapiPort: 6443
+  kubeAPIPort: 6443

 # Cypress testing values
 bbtests: