Integrate bb-common for network and authorization policies; update changelog...
General MR
Summary
Integrate bb-common
Relevant logs/screenshots
Netpols before
NAME POD-SELECTOR AGE
egress-default-deny-gitlab-runner <none> 38m
egress-dns-gitlab-runner <none> 38m
egress-in-namespace-gitlab-runner <none> 38m
egress-istiod-gitlab-runner <none> 38m
egress-runner-jobs <none> 38m
egress-runner-to-gitlab-gitlab-runner app=gitlab-runner 38m
egress-runner-to-kube-api-gitlab-runner app=gitlab-runner 38m
egress-test-gitlab-runner helm-test=enabled 38m
ingress-default-deny-gitlab-runner <none> 38m
ingress-in-namespace-gitlab-runner <none> 38m
ingress-monitoring-runner-gitlab-runner app=gitlab-runner 38m
test-gitlab-runners-allow-egress app=gitlab-runner-gitlab-runner 38m
Netpols after
NAME POD-SELECTOR AGE
allow-egress-from-gitlab-runner-to-kubeapi app.kubernetes.io/name=gitlab-runner 16m
allow-egress-from-gitlab-runner-to-ns-gitlab-any-pod-any-port app.kubernetes.io/name=gitlab-runner 16m
allow-ingress-to-gitlab-runner-port-9252-from-monitoring app.kubernetes.io/name=gitlab-runner 16m
default-egress-allow-all-in-ns <none> 16m
default-egress-allow-istiod <none> 16m
default-egress-allow-kube-dns <none> 16m
default-egress-deny-all <none> 16m
default-ingress-allow-all-in-ns <none> 16m
default-ingress-allow-prometheus-to-istio-sidecar <none> 16m
default-ingress-deny-all <none> 16m
egress-runner-jobs <none> 116m
Working service monitor
Linked Issue
Upgrade Notices
GitLab Runner is now leveraging our bb-common integration for network policies and all Istio-related resources. Please refer to this blog post (https://docs-bigbang.dso.mil/latest/blog/streamlining-integration-with-bb-common/) for additional information on the integration.
Umbrella branch
195-gitlab-runner-bb-common
Edited by Dax McDonald