UNCLASSIFIED - NO CUI

Skip to content

Draft: Bb 1931 net pol update

Matt Vasquez requested to merge bb-1931-net-pol-update into main

General MR

Summary

The BB level value of networkPolicies.controlPlaneCidr passes down to app netpols via default values per app in their respective BB template subdirectories, but gitlab-runner is missing this default value

Also, the associated network policy includes a rule to allow all traffic to the gitlab namespace, but all other applications have a dedicated kube-api egress and this one should as well, as the current multi-element rule allows all traffic to the gitlab namespace or the default cidr (0.0.0.0/0 if not configured directly in the gitlab runner values).

Suggested action is to fix the gitlab runner BB level values, break the netpol into its own dedicated kube api netpol and create a new netpol for gitlab-runner > gitlab communication. (Include any relevant logs/screenshots)

Linked Issue

issue

Upgrade Notices

N/A

Edited by Matt Vasquez

Merge request reports

Loading