From 3fcc2e1ef7878719d089fd379b137e99acad25f4 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 21 Jun 2021 17:11:50 +0000 Subject: [PATCH 1/5] Update chart/templates/bigbang/networkpolicies/allow-test-egress.yaml, chart/values.yaml, chart/Chart.yaml, CHANGELOG.md files --- CHANGELOG.md | 4 ++++ chart/Chart.yaml | 2 +- .../bigbang/networkpolicies/allow-test-egress.yaml | 7 +------ chart/values.yaml | 1 - 4 files changed, 6 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index d1e9a2f..ddf5190 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.1.6-bb.6] - 2021-06-21 +### Changed +- Changed test NP to lock down for only k3d + ## [0.1.6-bb.5] - 2021-06-21 ### Fixed - NetworkPolicy blocking an init container, added policy to allow postgres egress for the init container diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 68c86b6..97ae127 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: mattermost type: application -version: "0.1.6-bb.5" +version: "0.1.6-bb.6" appVersion: "5.34.2" description: "Deployment of mattermost" keywords: diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml index 974182b..ccc7c9f 100644 --- a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -14,12 +14,7 @@ spec: egress: - to: - ipBlock: - cidr: {{ .Values.networkPolicies.controlPlaneCidr }} - {{- if eq .Values.networkPolicies.controlPlaneCidr "0.0.0.0/0" }} - # ONLY Block requests to cloud metadata IP - except: - - 169.254.169.254/32 - {{- end }} + cidr: 10.43.0.1/32 policyTypes: - Egress {{- end }} diff --git a/chart/values.yaml b/chart/values.yaml index 418fd1e..3c5b37c 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -23,7 +23,6 @@ networkPolicies: ingressLabels: app: istio-ingressgateway istio: ingressgateway - controlPlaneCidr: 0.0.0.0/0 sso: enabled: false -- GitLab From 82d6f3a87f8923932e902fcb6218b85ba16058c3 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 21 Jun 2021 17:21:40 +0000 Subject: [PATCH 2/5] Update chart/templates/bigbang/networkpolicies/allow-test-egress.yaml --- chart/templates/bigbang/networkpolicies/allow-test-egress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml index ccc7c9f..0845c0b 100644 --- a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -14,7 +14,7 @@ spec: egress: - to: - ipBlock: - cidr: 10.43.0.1/32 + cidr: 127.0.0.1/32 policyTypes: - Egress {{- end }} -- GitLab From 44cee75de187b894884861f94232b90dc183413a Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 21 Jun 2021 17:26:23 +0000 Subject: [PATCH 3/5] Update chart/templates/bigbang/networkpolicies/allow-test-egress.yaml --- chart/templates/bigbang/networkpolicies/allow-test-egress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml index 0845c0b..20be313 100644 --- a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -14,7 +14,7 @@ spec: egress: - to: - ipBlock: - cidr: 127.0.0.1/32 + cidr: 10.0.0.0/8 policyTypes: - Egress {{- end }} -- GitLab From 4edfecad42f6384f07d3b062995e01e3a9826494 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Mon, 21 Jun 2021 17:34:44 +0000 Subject: [PATCH 4/5] Update chart/templates/bigbang/networkpolicies/allow-test-egress.yaml --- chart/templates/bigbang/networkpolicies/allow-test-egress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml index 20be313..1b2a30b 100644 --- a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -14,7 +14,7 @@ spec: egress: - to: - ipBlock: - cidr: 10.0.0.0/8 + cidr: 172.16.0.0/1 policyTypes: - Egress {{- end }} -- GitLab From 636035fa8f17fe675e3d3ade7e9653ec25e9d200 Mon Sep 17 00:00:00 2001 From: Branden Cobb Date: Mon, 21 Jun 2021 17:35:44 +0000 Subject: [PATCH 5/5] you missed a 2 --- chart/templates/bigbang/networkpolicies/allow-test-egress.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml index 1b2a30b..03c49da 100644 --- a/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml +++ b/chart/templates/bigbang/networkpolicies/allow-test-egress.yaml @@ -14,7 +14,7 @@ spec: egress: - to: - ipBlock: - cidr: 172.16.0.0/1 + cidr: 172.16.0.0/12 policyTypes: - Egress {{- end }} -- GitLab