Integrate bb-common
Follow the bb-common Migration Guide to integrate bb-common into package.
| Old Name | New Name | Notes | Covered in bb-common |
|---|---|---|---|
| allow-alloy-ingress-mimir-mimir |
Following the lead here, as I noticed it was a little weird as well: Draft: Mimir allow alloy metrics (!80 (merged)) · Merge requests · Big Bang / Universe / Product / mimir · GitLab |
No | |
| allow-dns-lookups-mimir | default-egress-allow-kube-dns | Yes | |
| allow-egress-storage-mimir-mimir | allow-egress-from-mimir-to-anywhere-tcp-port-443 | This is a 443 egress to any IP. | |
| allow-in-namespace-mimir-mimir |
default-ingress-allow-all-in-ns default-egress-allow-all-in-ns |
Yes | |
| allow-istiod-egress-mimir-mimir | default-egress-allow-istiod | Yes | |
| allow-kube-apiserver-egress-mimir-mimir |
allow-egress-from-mimir-to-kubeapi allow-egress-from-minio-to-kubeapi allow-egress-from-rollout-operator-to-kubeapi |
Put definition override in umbrella chart, and use the definition in the mimir package. | No |
| allow-mimir-egress-grafana | allow-egress-from-mimir-to-ns-monitoring-pod-grafana-tcp-port-3000 | Will need ingress rule on the grafana side. Mirror this egress rule to the ingress rule for grafana, both in umbrella chart. | No |
| allow-mimir-egress-minio | N/A | Removed this, as there is nothing in the helmrelease that shows a dependency for the minio namespace. | No |
| allow-mimir-ingress-grafana |
allow-ingress-to-mimir-tcp-ports-8080-9095-from-ns-monitoring-pod-grafana allow-ingress-to-rollout-operator-tcp-ports-8080-9095-from-ns-monitoring-pod-grafana |
mimir is in it's own namespace, seperate from grafana, this should not be here? | |
| allow-mimir-sidecar-scraping |
allow-ingress-to-mimir-tcp-port-15020-from-ns-monitoring-pod-prometheus allow-ingress-to-minio-tcp-port-15020-from-ns-monitoring-pod-prometheus allow-ingress-to-rollout-operator-tcp-port-15020-from-ns-monitoring-pod-prometheus |
||
| allow-mimir-test-egress | N/A | No longer needed with newer versions of gluon. | |
| allow-minio-egress-minio | N/A | Did not add this one back in. This seems like all internal namespace traffic. | |
| allow-minio-ingress-mimir | N/A | Did not add this one back in. This seems like all internal namespace traffic. | |
| allow-prometheus-ingress-mimir-mimir |
allow-ingress-to-mimir-tcp-ports-8080-9095-from-ns-monitoring-pod-prometheus allow-ingress-to-rollout-operator-tcp-ports-8080-9095-from-ns-monitoring-pod-prometheus allow-ingress-to-minio-tcp-port-9000-from-ns-monitoring-pod-prometheus |
||
| default-deny-all-mimir-mimir |
default-ingress-deny-all default-egress-deny-all |
Yes | |
| minio-operator-egress | N/A |
I don't see anything named minioOperator. Is this needed/doing anything? I don't see the 4222 service or the app with a name minioOperator.
|
|
| minio-operator-ingress | allow-ingress-to-minio-tcp-port-9000-from-ns-minio-operator-pod-minio-operator | I don't see anything named minioOperator. Added new policy to fix connectivity. |
