833 gitlab iam role

This MR allows us to check if an AWS IAM Profile is being used for object storage. If so, then it will modify the egress-kube-api network policy to allow access to the AWS metadata endpoint

Partially closes https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/833

added gitlab teamXForce labels

requested review from @ryan.j.garcia and @kevin.wilder

assigned to @cassiesouza

added statusreview label

added BB Customer Issues label

This will technically work but i want to get Ryan's opinion on this. And maybe Micah's opinion.

added 1 commit

• f23d31ad - Add comment

Compare with previous version

resolved all threads

In addition @cassiesouza we will need to add a new NetworkPolicy template eg egress-metadata.yaml with explicit egress to 169.254.169.254/32 when use_iam_profile is true and we will need multiple copies of the networkPolicy resource YAML to apply to all pods that will need to be reaching out, eg: task-runner, webservice, sidekiq, etc.

added statusdoing label and removed statusreview label

added 7 commits

• f23d31ad...e58ea3d2 - 2 commits from branch main
• fc4d44fe - Conditional
• 3f2d3df3 - Missing end
• 7af74cc5 - Changelog
• e7b6d088 - Add comment
• b59cc03a - Fixing conflict in CHANGELOG

Compare with previous version

added 1 commit

• e6b47ee3 - Readme and chart update, also templating on api-egress

Compare with previous version

added 1 commit

• b2d59388 - Adding AWS metadata allow NPs for 4 pods

Compare with previous version

resolved all threads

added statusreview label and removed statusdoing label

added 1 commit

• 86c6a830 - Removed merge leftovers

Compare with previous version

added 1 commit

• 3e793c09 - Testing blocking all to aws metadata when 0.0.0.0 specified

Compare with previous version

approved this merge request

merged

mentioned in commit bddbdd5c