UNCLASSIFIED - NO CUI

Skip to content

Resolve "Egress Whitelist - Harbor"

Chris Schaefer requested to merge 68-egress-whitelist-harbor-2 into main

General MR

Summary

As part of big-bang&160, we will want to enable users to configure setting REGISTRY_ONLY traffic policy on a per-package basis, in addition to allowing for it to be set globally in the meshConfig (see #1886). Creating Sidecars in each package will also allow us to focus on individual packages as we define what whitelists will need to be created per application.

This issue will handle this for Harbor

bigbang test pipeline MR

updated: https://repo1.dso.mil/big-bang/bigbang/-/pipelines/3244118

Relevant logs/screenshots

before apply - curl https://google.com within namespace harbor

result = 302 response received

[2024-04-26T18:23:21.532Z] "- - -" 0 - - - "-" 840 8305 737 - "-" "-" "-" "-" "142.250.189.174:443" PassthroughCluster 10.42.0.15:45240 142.250.189.174:443 10.42.0.15:45228 - - tra │ │ [2024-04-26T18:23:23.180Z] "- - -" 0 - - - "-" 840 8306 727 - "-" "-" "-" "-" "142.250.189.174:443" PassthroughCluster 10.42.0.15:45264 142.250.189.174:443 10.42.0.15:45250 - - tra │ │ [2024-04-26T18:23:24.568Z] "- - -" 0 - - - "-" 840 8305 801 - "-" "-" "-" "-" "142.250.189.174:443" PassthroughCluster 10.42.0.15:45292 142.250.189.174:443 10.42.0.15:45280 - - tra │ │ [2024-04-26T18:23:26.046Z] "- - -" 0 - - - "-" 840 8305 704 - "-" "-" "-" "-" "142.250.189.174:443" PassthroughCluster 10.42.0.15:45320 142.250.189.174:443 10.42.0.15:45306 - - tra

after apply - curl https://google.com within namespace harbor

result = eof block

[2024-04-26T18:20:39.592Z] "- - -" 0 UH - - "-" 0 0 0 - "-" "-" "-" "-" "-" BlackHoleCluster - 142.250.189.206:443 10.42.0.15:37824 - - traceID=- │ │ [2024-04-26T18:20:42.470Z] "- - -" 0 UH - - "-" 0 0 0 - "-" "-" "-" "-" "-" BlackHoleCluster - 142.250.189.206:443 10.42.0.15:37826 - - traceID=- │ │ [2024-04-26T18:20:44.306Z] "- - -" 0 UH - - "-" 0 0 0 - "-" "-" "-" "-" "-" BlackHoleCluster - 142.250.189.206:443 10.42.0.15:37830 - - traceID=- │ │ [2024-04-26T18:20:45.769Z] "- - -" 0 UH - - "-" 0 0 0 - "-" "-" "-" "-" "-" BlackHoleCluster - 142.250.189.206:443 10.42.0.15:37832 - - traceID=- │

after applying test customServiceEntries value !97 (diffs)

result - response

│ [2024-04-26T18:36:58.830Z] "- - -" 0 - - - "-" 883 26633 900 - "-" "-" "-" "-" "142.251.46.228:443" outbound|443||www.google.com 10.42.0.21:56606 142.251.46.228:443 10.42.0.21:5660 │

Linked Issue

#68

Upgrade Notices

N/A

Edited by Chris Schaefer

Merge request reports

UNCLASSIFIED - NO CUI