egress-sso network policy needs to open port 8443, not 443
Bug
Description
On a cluster where the controlplane cidr is specified, gitlab sso fails to talk to keycloak. If gitlab sso was talking directly to the keycloak VS, the egress-sso netpol wouldn't even be needed because the netpols to allow traffic to egress to istio would already handle that. Something about how gitlab talks to keycloak happens in the background over the keycloak cluster service that's listening on port 8443. It appears that the egress-sso netpol works, but I've only seen successful sso login on clusters without the controlplane cidr set. I believe they are successful because the 8443 traffic is allowed by the egress-kube-api netpol that allows all pods to egress to all ports on all cidr's (which essentially whitelists ALL egress traffic...). On my cluster, if I simply change the egress-sso netpol from allowing port 443 to allowing port 8443, sso is immediately functional.
BigBang Version
What version of BigBang were you running? 2.20.0