From 84947447956ff0f613629f71b0e542ad9e48998d Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Wed, 16 Jun 2021 14:52:31 -0600 Subject: [PATCH 01/17] feat: Initial autoRollingUpgrade to 7.12 support --- chart/templates/bigbang/upgrade-job.yaml | 12 +++++++++++- chart/values.yaml | 8 ++++---- 2 files changed, 15 insertions(+), 5 deletions(-) diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 118aeec..4350104 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -79,13 +79,23 @@ spec: curl -XPUT -ku "elastic:$elastic" "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocation.enable": "primaries" } }' curl -XPOST -ku "elastic:$elastic" "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_flush/synced?pretty" + export ES_DESIRED_VERSION="7.10.*" + echo "Rolling Upgrade Prep Commands Completed" + else if [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 7.10.* ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.version}') == 7.12.* ]]; then + echo "Running Rolling Upgrade Prep Commands" + kubectl annotate --overwrite kibana {{ .Release.Name }} -n {{ .Release.Namespace }} 'eck.k8s.elastic.co/managed=false' + kubectl delete deployment -l kibana.k8s.elastic.co/name={{ .Release.Name }},common.k8s.elastic.co/type=kibana -n {{ .Release.Namespace }} + + curl -XPUT -ku "elastic:$elastic" "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_cluster/settings?pretty" -H 'Content-Type: application/json' -d' { "persistent": { "cluster.routing.allocation.enable": "primaries" } }' + curl -XPOST -ku "elastic:$elastic" "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_flush/synced?pretty" + export ES_DESIRED_VERSION="7.12.*" echo "Rolling Upgrade Prep Commands Completed" else echo "No Upgrade Prep Necessary :D" exit 0 fi - until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 7.10.* ]]; do + until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == $ES_DESIRED_VERSION ]]; do echo "ES cluster not Ready" && sleep 10; done diff --git a/chart/values.yaml b/chart/values.yaml index 510a477..98c541e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -6,10 +6,10 @@ autoRollingUpgrade: enabled: true kibana: - version: 7.10.2 + version: 7.12.0 image: repository: registry1.dso.mil/ironbank/elastic/kibana/kibana - tag: 7.10.2 + tag: 7.12.0 # Number of Kibana replicas count: 3 @@ -60,10 +60,10 @@ kibana: # command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"] elasticsearch: - version: 7.10.0 + version: 7.12.0 image: repository: registry1.dso.mil/ironbank/elastic/elasticsearch/elasticsearch - tag: 7.10.0 + tag: 7.12.0 imagePullSecrets: [ ] -- GitLab From 72716ff45aa4e6fc9a850efae04af8486da0ed11 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Wed, 16 Jun 2021 15:00:26 -0600 Subject: [PATCH 02/17] chore: Bumping chart and changelog --- CHANGELOG.md | 5 +++++ chart/Chart.yaml | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cc75da0..b151bbd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- +## [0.1.15-bb.0] - 2021-06-16 +### Changed +- Upgrade to version 7.12.0 of Kibana and Elasticsearch +- Tweaks to autoRollingUpgrade job to allow for transition from 7.10 to 7.12 . + ## [0.1.14-bb.1] - 2021-06-17 ### Added - Network Policy templates. diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 8658410..f8778f6 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: logging -version: 0.1.14-bb.1 -appVersion: 7.10.0 +version: 0.1.15-bb.0 +appVersion: 7.12.0 dependencies: - name: bb-test-lib version: "0.4.0" -- GitLab From 4fbd09b3705105ec9272ebece76739464b40fad6 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Wed, 16 Jun 2021 16:40:10 -0600 Subject: [PATCH 03/17] fix: Syntax update to initial if statement --- chart/templates/bigbang/upgrade-job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 4350104..3a648a2 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -81,7 +81,7 @@ spec: curl -XPOST -ku "elastic:$elastic" "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_flush/synced?pretty" export ES_DESIRED_VERSION="7.10.*" echo "Rolling Upgrade Prep Commands Completed" - else if [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 7.10.* ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.version}') == 7.12.* ]]; then + elif [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == 7.10.* ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.spec.version}') == 7.12.* ]]; then echo "Running Rolling Upgrade Prep Commands" kubectl annotate --overwrite kibana {{ .Release.Name }} -n {{ .Release.Namespace }} 'eck.k8s.elastic.co/managed=false' kubectl delete deployment -l kibana.k8s.elastic.co/name={{ .Release.Name }},common.k8s.elastic.co/type=kibana -n {{ .Release.Namespace }} @@ -95,7 +95,7 @@ spec: exit 0 fi - until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == $ES_DESIRED_VERSION ]]; do + until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == "$ES_DESIRED_VERSION" ]]; do echo "ES cluster not Ready" && sleep 10; done -- GitLab From b524e68dd9176d58d0b084ec3e058c5f216dd0f8 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 17 Jun 2021 08:28:38 -0600 Subject: [PATCH 04/17] feat: NP changes and tweaks for upgrade-job and efficiency --- .../networkpolicies/all-egress-allow.yaml | 18 ++++++++++++++++++ .../bigbang/networkpolicies/es-allow.yaml | 19 +++++++++++++++++++ chart/templates/bigbang/upgrade-job.yaml | 2 ++ 3 files changed, 39 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/all-egress-allow.yaml diff --git a/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml b/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml new file mode 100644 index 0000000..2ab33e2 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml @@ -0,0 +1,18 @@ +{{- if and .Values.networkPolicies.enabled .Values.autoRollingUpgrade.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-all-egress + namespace: {{ .Release.Namespace }} +spec: + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 + podSelector: {} + policyTypes: + - Egress +{{- end }} \ No newline at end of file diff --git a/chart/templates/bigbang/networkpolicies/es-allow.yaml b/chart/templates/bigbang/networkpolicies/es-allow.yaml index dfada9b..11d8043 100644 --- a/chart/templates/bigbang/networkpolicies/es-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/es-allow.yaml @@ -84,3 +84,22 @@ spec: policyTypes: - Ingress {{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: es-communication-in-namespace + namespace: {{ .Release.Namespace }} +spec: + ingress: + - from: + - podSelector: {} + ports: + - port: 9200 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: elasticsearch + policyTypes: + - Ingress +{{- end }} diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 3a648a2..45c7abf 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -63,6 +63,8 @@ spec: name: bb-{{ .Release.Name }}-upgrade annotations: sidecar.istio.io/inject: 'false' + labels: + app.kubernetes.io/name: bigbang-ek-upgrade-job spec: serviceAccountName: {{ .Release.Name }}-bb-upgrade containers: -- GitLab From 53dc22ee667dca9a69e021cab2795017b20ee683 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 17 Jun 2021 09:22:21 -0600 Subject: [PATCH 05/17] if selector on all-egress NP resource --- chart/templates/bigbang/networkpolicies/all-egress-allow.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml b/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml index 2ab33e2..dc40731 100644 --- a/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.networkPolicies.enabled .Values.autoRollingUpgrade.enabled }} +{{- if .Values.networkPolicies.enabled }} apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: @@ -15,4 +15,4 @@ spec: podSelector: {} policyTypes: - Egress -{{- end }} \ No newline at end of file +{{- end }} -- GitLab From f0fd6e948d56280d8ca5cc5f89fd7f0651d79f38 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 17 Jun 2021 11:41:54 -0600 Subject: [PATCH 06/17] feat: Syntax and clarity fixes for upgrade-job --- chart/templates/bigbang/upgrade-job.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 45c7abf..02dc79f 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -97,8 +97,8 @@ spec: exit 0 fi - until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == "$ES_DESIRED_VERSION" ]]; do - echo "ES cluster not Ready" && sleep 10; + until [[ $( kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.phase}' ) == "Ready" ]] && [[ $(kubectl get elasticsearch {{ .Release.Name }} -n {{ .Release.Namespace }} -o jsonpath='{.status.version}') == $ES_DESIRED_VERSION ]]; do + echo "ES cluster version $ES_DESIRED_VERSION not yet Ready" && sleep 10; done if [ $( curl -ku "elastic:$elastic" -k "https://{{ .Release.Name }}-es-http.{{ .Release.Namespace }}.svc:9200/_cluster/settings?pretty" | yq r - persistent.cluster.routing.allocation.enable ) == "primaries" ]; then -- GitLab From 5b1d688ede92aaeed90b8601b22307aeb03a6b22 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Mon, 21 Jun 2021 09:21:05 -0600 Subject: [PATCH 07/17] Cleaning up NetworkPolicy resources and rebasing --- .../networkpolicies/all-egress-allow.yaml | 18 ------------------ .../bigbang/networkpolicies/es-allow.yaml | 19 ------------------- 2 files changed, 37 deletions(-) delete mode 100644 chart/templates/bigbang/networkpolicies/all-egress-allow.yaml diff --git a/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml b/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml deleted file mode 100644 index dc40731..0000000 --- a/chart/templates/bigbang/networkpolicies/all-egress-allow.yaml +++ /dev/null @@ -1,18 +0,0 @@ -{{- if .Values.networkPolicies.enabled }} -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: allow-all-egress - namespace: {{ .Release.Namespace }} -spec: - egress: - - to: - - ipBlock: - cidr: 0.0.0.0/0 - # ONLY Block requests to AWS metadata IP - except: - - 169.254.169.254/32 - podSelector: {} - policyTypes: - - Egress -{{- end }} diff --git a/chart/templates/bigbang/networkpolicies/es-allow.yaml b/chart/templates/bigbang/networkpolicies/es-allow.yaml index 11d8043..dfada9b 100644 --- a/chart/templates/bigbang/networkpolicies/es-allow.yaml +++ b/chart/templates/bigbang/networkpolicies/es-allow.yaml @@ -84,22 +84,3 @@ spec: policyTypes: - Ingress {{- end }} ---- -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - name: es-communication-in-namespace - namespace: {{ .Release.Namespace }} -spec: - ingress: - - from: - - podSelector: {} - ports: - - port: 9200 - protocol: TCP - podSelector: - matchLabels: - common.k8s.elastic.co/type: elasticsearch - policyTypes: - - Ingress -{{- end }} -- GitLab From 4fe46e8cbad9e46ec4e4d5c089bae1146f8e15a1 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Mon, 21 Jun 2021 09:57:00 -0600 Subject: [PATCH 08/17] feat: controlPlaneCidr value and upgrade-job specific NP YAML --- chart/templates/bigbang/upgrade-job.yaml | 27 ++++++++++++++++++++++++ chart/values.yaml | 2 ++ 2 files changed, 29 insertions(+) diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 02dc79f..9d130b8 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -1,4 +1,31 @@ {{- if .Values.autoRollingUpgrade.enabled }} +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: api-egress-upgrade-job + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/hook": post-upgrade + "helm.sh/hook-weight": "-10" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + egress: + - to: + - ipBlock: + cidr: {{ .Values.networkPolicies.controlPlaneCidr }} + {{- if eq .Values.networkPolicies.controlPlaneCidr "0.0.0.0/0" }} + # ONLY Block requests to AWS metadata IP + except: + - 169.254.169.254/32 + {{- end }} + podSelector: + matchLabels: + app.kubernetes.io/name: bigbang-ek-upgrade-job + policyTypes: + - Egress +{{- end }} +--- apiVersion: v1 kind: ServiceAccount metadata: diff --git a/chart/values.yaml b/chart/values.yaml index 98c541e..2f36fcd 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -267,6 +267,8 @@ networkPolicies: ingressLabels: app: istio-ingressgateway istio: ingressgateway + # See `kubectl cluster-info` and then resolve to IP + controlPlaneCidr: 0.0.0.0/0 upgradeJob: image: -- GitLab From 93747634bd7e170f87567fb2b5b94435c9359ca6 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Mon, 21 Jun 2021 13:44:46 -0600 Subject: [PATCH 09/17] Job ttlSeconds config for future k8s versions --- CHANGELOG.md | 2 +- chart/templates/bigbang/upgrade-job.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b151bbd..1f229bb 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), --- -## [0.1.15-bb.0] - 2021-06-16 +## [0.1.15-bb.0] - 2021-06-22 ### Changed - Upgrade to version 7.12.0 of Kibana and Elasticsearch - Tweaks to autoRollingUpgrade job to allow for transition from 7.10 to 7.12 . diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 9d130b8..3f33aa3 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -84,7 +84,7 @@ metadata: "helm.sh/hook-weight": "-5" spec: backoffLimit: 3 - ttlSecondsAfterFinished: 300 + ttlSecondsAfterFinished: 480 template: metadata: name: bb-{{ .Release.Name }}-upgrade -- GitLab From 77d60e17d858833d58e153c30cb0cf2672795880 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Tue, 22 Jun 2021 10:12:51 -0600 Subject: [PATCH 10/17] Adding different controlPlaneCidr network to test-values --- tests/test-values.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-values.yml b/tests/test-values.yml index 94fcb2a..3a840cf 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -29,6 +29,7 @@ istio: networkPolicies: enabled: true + controlPlaneCidr: 172.16.0.0/12 bbtests: enabled: true -- GitLab From 4384cbf6233a0d968298e4c8f1bcdf53489543f6 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 10:18:10 -0600 Subject: [PATCH 11/17] More hook-delete-policy options --- chart/templates/bigbang/upgrade-job.yaml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/chart/templates/bigbang/upgrade-job.yaml b/chart/templates/bigbang/upgrade-job.yaml index 3f33aa3..fa728b0 100644 --- a/chart/templates/bigbang/upgrade-job.yaml +++ b/chart/templates/bigbang/upgrade-job.yaml @@ -8,7 +8,7 @@ metadata: annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation spec: egress: - to: @@ -34,7 +34,7 @@ metadata: annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation --- apiVersion: rbac.authorization.k8s.io/v1 kind: Role @@ -44,7 +44,7 @@ metadata: annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation rules: - apiGroups: ["elasticsearch.k8s.elastic.co"] resources: ["elasticsearches"] @@ -64,7 +64,7 @@ metadata: annotations: "helm.sh/hook": post-upgrade "helm.sh/hook-weight": "-10" - "helm.sh/hook-delete-policy": hook-succeeded + "helm.sh/hook-delete-policy": hook-succeeded,hook-failed,before-hook-creation roleRef: apiGroup: rbac.authorization.k8s.io kind: Role -- GitLab From 9a397a2c5ed994f141061a04d4797f2a13c0f86d Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 11:46:39 -0600 Subject: [PATCH 12/17] ci: UPdating cidr in test-values --- tests/test-values.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index 3a840cf..94fcb2a 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -29,7 +29,6 @@ istio: networkPolicies: enabled: true - controlPlaneCidr: 172.16.0.0/12 bbtests: enabled: true -- GitLab From 363e0239f5d6cd3be7b42cc23f98187cd98f2179 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 11:58:31 -0600 Subject: [PATCH 13/17] NP template for operator to kb resources --- .../bigbang/networkpolicies/kb-allow.yaml | 21 +++++++++++++++++++ 1 file changed, 21 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/kb-allow.yaml diff --git a/chart/templates/bigbang/networkpolicies/kb-allow.yaml b/chart/templates/bigbang/networkpolicies/kb-allow.yaml new file mode 100644 index 0000000..617118d --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/kb-allow.yaml @@ -0,0 +1,21 @@ +{{- if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kb-communication-eck-operator + namespace: {{ .Release.Namespace }} +spec: + ingress: + - from: + - namespaceSelector: {} + podSelector: + matchLabels: + app.kubernetes.io/name: elastic-operator + ports: + - port: 5601 + protocol: TCP + podSelector: + matchLabels: + common.k8s.elastic.co/type: kibana + policyTypes: +{{- end }} -- GitLab From 194c7fe896be8f65d41f9074aa540b234f2ee1b3 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 12:00:56 -0600 Subject: [PATCH 14/17] ci: tests dependencies specific branch --- tests/dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index 68b137e..db7139a 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,2 +1,2 @@ eckoperator: - git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git" + git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git@main" -- GitLab From 3f29b06ed63ba107073613553c13254aabcc95c9 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 12:03:44 -0600 Subject: [PATCH 15/17] ci: tests dependencies specific branch 2 --- tests/dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index db7139a..86d843c 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,2 +1,2 @@ eckoperator: - git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git@main" + git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git#main" -- GitLab From 419f75827321948ffc30cf4c4cf68a4433d26f4d Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 14:14:17 -0600 Subject: [PATCH 16/17] ci: removing tests dependencies branch specifier --- tests/dependencies.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/dependencies.yaml b/tests/dependencies.yaml index 86d843c..68b137e 100644 --- a/tests/dependencies.yaml +++ b/tests/dependencies.yaml @@ -1,2 +1,2 @@ eckoperator: - git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git#main" + git: "https://repo1.dso.mil/platform-one/big-bang/apps/core/eck-operator.git" -- GitLab From 72ff8fc862e4d0ffd379f871c05d73dd18c2a57b Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Thu, 24 Jun 2021 14:19:23 -0600 Subject: [PATCH 17/17] ci: adding back controlPlaneCidr in test-values --- tests/test-values.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-values.yml b/tests/test-values.yml index 94fcb2a..3a840cf 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -29,6 +29,7 @@ istio: networkPolicies: enabled: true + controlPlaneCidr: 172.16.0.0/12 bbtests: enabled: true -- GitLab