Resolve "Create networkpolicies for gitlab-runner" (!79) · Merge requests · Big Bang / Universe / Product / gitlab-runner · GitLab

UNCLASSIFIED - NO CUI

Snippets Groups Projects

Currently supported Big Bang Version is 2.49

Attention Iron Bank Customers: On March 27, 2025, we are moving SBOM artifacts from the Anchore Scan job to the Build job to streamline the container hardening pipeline. If you currently download SBOMs from the Anchore Scan job, you can still get them from the Build job and from other sources, including IBFE and image attestations.

Merged kevin.wilder requested to merge 55-create-networkpolicies-for-gitlab-runner into main 2 years ago

Create networkpolicies for gitlab-runner
also add istio integration with PeerAuthentication and NetworkPolicy

related BB MR big-bang/bigbang!2581 (merged)

Closes #55 (closed)

Edited 2 years ago by kevin.wilder

Activity

kevin.wilder changed milestone to %2.0.0 2 years ago

changed milestone to %2.0.0
kevin.wilder added gitlabRunner statusdoing teambigbang labels 2 years ago

added gitlabRunner statusdoing teambigbang labels
kevin.wilder assigned to @kevin.wilder 2 years ago

assigned to @kevin.wilder
kevin.wilder assigned to @jason.flowers 2 years ago

assigned to @jason.flowers
kevin.wilder added 1 commit 2 years ago
added 1 commit

e63fe5e3 - add networkpolicies

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

cd64c126 - captial N

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

4b5fe541 - add controlPlaneCidr

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

a7866ec6 - access kube-api

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

74f86663 - ns not equal to gitlab

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

9eb08007 - update readme

Compare with previous version
kevin.wilder added 1 commit 2 years ago
added 1 commit

844cf266 - add and

Compare with previous version
kevin.wilder @kevin.wilder · 2 years ago

Author Contributor

I tested BB 1.x and BB 2.0
kevin.wilder marked this merge request as ready 2 years ago

marked this merge request as ready
kevin.wilder added statusreview label and removed statusdoing label 2 years ago

added statusreview label and removed statusdoing label
kevin.wilder requested review from @micah.nagel 2 years ago

requested review from @micah.nagel
kevin.wilder requested review from @ryan.j.garcia 2 years ago

requested review from @ryan.j.garcia
Micah Nagel @micah.nagel started a thread on an old version of the diff 2 years ago

Resolved 2 years ago by kevin.wilder
Last reply by kevin.wilder 2 years ago

Micah Nagel @micah.nagel started a thread on the diff 2 years ago

Resolved 2 years ago by kevin.wilder

Micah Nagel @micah.nagel · 2 years ago

Contributor

Resolved 2 years ago by kevin.wilder

Do we want to consider adding something like the wrapper's extra network policies via values? https://repo1.dso.mil/big-bang/product/packages/wrapper/-/blob/main/chart/templates/network/networkpolicy-additional.yaml

I think this has a great usecase for runner since people may want specific jobs to specific ingress/egress. Thinking of our dogfood cluster we could create a policy via values to allow sonarqube egress. Totally fine to say no and make this a future enhancement - although I'd suspect our default policies will cause most people issues if they are running any jobs that reach outside of the cluster.
Last reply by kevin.wilder 2 years ago

bigbang bot requested review from @LynnStill 2 years ago

requested review from @LynnStill

Please register or sign in to reply

UNCLASSIFIED - NO CUI