From c7204ce0a8170da72f109353f3d7097f89f7e8e9 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 26 May 2021 20:02:26 +0000 Subject: [PATCH 01/36] See what breaks --- .../networkpolicies/default-deny-all.yaml | 15 ++++++++++++++ .../bigbang/networkpolicies/istio.yaml | 20 +++++++++++++++++++ chart/values.yaml | 7 +++++++ 3 files changed, 42 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/default-deny-all.yaml create mode 100644 chart/templates/bigbang/networkpolicies/istio.yaml diff --git a/chart/templates/bigbang/networkpolicies/default-deny-all.yaml b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml new file mode 100644 index 0000000..d8e6d46 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/default-deny-all.yaml @@ -0,0 +1,15 @@ +{{ if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: default-deny-all + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + - Egress + ingress: [] + egress: [] +{{- end }} + diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml new file mode 100644 index 0000000..e829e46 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -0,0 +1,20 @@ +{{ if .Values.networkPolicies.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-to-istio-ingressgateway + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: istio-controlplane + podSelector: + matchLabels: + {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} +{{- end }} + diff --git a/chart/values.yaml b/chart/values.yaml index aadeaa3..7d5c4a2 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -6,6 +6,13 @@ istio: nexus: gateways: - "istio-system/main" + +networkPolicies: + enabled: true + ingressLabels: + app: istio-ingressgateway + istio: ingressgateway + monitoring: enabled: false license_key: "" -- GitLab From db619b2479712fc0a29263cef208dc557c33154b Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 27 May 2021 15:12:08 +0000 Subject: [PATCH 02/36] Turn off networkPolicies as a test --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 7d5c4a2..e0a6a9d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ istio: - "istio-system/main" networkPolicies: - enabled: true + enabled: false ingressLabels: app: istio-ingressgateway istio: ingressgateway -- GitLab From e064d31327d7ab1307e3343626127590e55e8eb9 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 27 May 2021 16:01:51 +0000 Subject: [PATCH 03/36] turn on network policy --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index e0a6a9d..7d5c4a2 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ istio: - "istio-system/main" networkPolicies: - enabled: false + enabled: true ingressLabels: app: istio-ingressgateway istio: ingressgateway -- GitLab From 2dc11e006d33edaa349e737b12046d25f644a2ec Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 27 May 2021 17:58:43 +0000 Subject: [PATCH 04/36] trying to turn on docker registry at port 5000 --- chart/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 7d5c4a2..10cf608 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -72,11 +72,11 @@ image: nexus: docker: - enabled: false - registries: [] - # - host: chart.local - # port: 5000 - # secretName: registrySecret + enabled: true + registries: + - host: registry.nexus.bigbang.dev + port: 5000 + secretName: registrySecret env: - name: install4jAddVmParams value: "-Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" -- GitLab From 227ce3dc96efb571805a8969c1d5022bdec1fe4e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Thu, 27 May 2021 19:12:43 +0000 Subject: [PATCH 05/36] rename nexus-registry --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 10cf608..97c25d1 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -74,7 +74,7 @@ nexus: docker: enabled: true registries: - - host: registry.nexus.bigbang.dev + - host: nexus-registry.bigbang.dev port: 5000 secretName: registrySecret env: -- GitLab From 1238bedc5f6992a4ea32d8816315603f5d98d35a Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 12:20:07 +0000 Subject: [PATCH 06/36] turn off network policy --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 97c25d1..e6eca1e 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -72,7 +72,7 @@ image: nexus: docker: - enabled: true + enabled: false registries: - host: nexus-registry.bigbang.dev port: 5000 -- GitLab From 66475f7d6b7756be1e6dcd74a82408850ca2d7e6 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 12:37:51 +0000 Subject: [PATCH 07/36] Turn off network policies --- chart/values.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index e6eca1e..726cde7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ istio: - "istio-system/main" networkPolicies: - enabled: true + enabled: false ingressLabels: app: istio-ingressgateway istio: ingressgateway @@ -72,7 +72,7 @@ image: nexus: docker: - enabled: false + enabled: true registries: - host: nexus-registry.bigbang.dev port: 5000 -- GitLab From bbc5f320b2e5ad78985b4f30655746206248c5e6 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 15:09:33 +0000 Subject: [PATCH 08/36] Re-enable network policy now that docker login works --- chart/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/values.yaml b/chart/values.yaml index 726cde7..97c25d1 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ istio: - "istio-system/main" networkPolicies: - enabled: false + enabled: true ingressLabels: app: istio-ingressgateway istio: ingressgateway -- GitLab From fa2481419992ce71ae3a71ca50f4d2ca621e2db2 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 19:31:11 +0000 Subject: [PATCH 09/36] Guessing at ports --- .../bigbang/networkpolicies/istio.yaml | 5 ++++ .../bigbang/networkpolicies/monitoring.yaml | 24 +++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/monitoring.yaml diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index e829e46..1340f43 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -16,5 +16,10 @@ spec: podSelector: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} + ports: + - port: {{ .Values.nexus.nexusPort }} + {{ - range $.Values.nexus.docker.registries }} + - port: {{ .port }} + {{ - end }} {{- end }} diff --git a/chart/templates/bigbang/networkpolicies/monitoring.yaml b/chart/templates/bigbang/networkpolicies/monitoring.yaml new file mode 100644 index 0000000..b844bcd --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/monitoring.yaml @@ -0,0 +1,24 @@ +{{- if and .Values.networkPolicies.enabled .Values.monitoring.enabled }} +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-scraping + namespace: "{{ .Release.Namespace }}" +spec: + ingress: + - from: + - namespaceSelector: + matchLabels: + app.kubernetes.io/name: monitoring + podSelector: + matchLabels: + app: prometeus + ports: + - port: {{ .Values.nexus.nexusPort }} + podSelector: + matchLabels: + {{ - toYaml .Values.networkPolicies.ingressLabels | nindent 8 }} + policyTypes: + - Ingress +{{- end }} + -- GitLab From ba169f9751dcbb1ebde7e8f2ee6c9a16ed382537 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 20:49:43 +0000 Subject: [PATCH 10/36] fix label --- chart/templates/bigbang/networkpolicies/monitoring.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/monitoring.yaml b/chart/templates/bigbang/networkpolicies/monitoring.yaml index b844bcd..04349ef 100644 --- a/chart/templates/bigbang/networkpolicies/monitoring.yaml +++ b/chart/templates/bigbang/networkpolicies/monitoring.yaml @@ -17,7 +17,7 @@ spec: - port: {{ .Values.nexus.nexusPort }} podSelector: matchLabels: - {{ - toYaml .Values.networkPolicies.ingressLabels | nindent 8 }} + app.kubernetes.io/name: nexus-repository-manager policyTypes: - Ingress {{- end }} -- GitLab From a18b0457dacbf37462be14b4074bb56831777fe5 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 21:07:06 +0000 Subject: [PATCH 11/36] syntax --- chart/templates/bigbang/networkpolicies/istio.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 1340f43..056b764 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -18,7 +18,7 @@ spec: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} ports: - port: {{ .Values.nexus.nexusPort }} - {{ - range $.Values.nexus.docker.registries }} + {{ - range .Values.nexus.docker.registries }} - port: {{ .port }} {{ - end }} {{- end }} -- GitLab From daebcacc9cd478824dc224cf6d07dbd97b16e380 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 21:18:12 +0000 Subject: [PATCH 12/36] syntax --- chart/templates/bigbang/networkpolicies/istio.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 056b764..30d3f12 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -18,8 +18,8 @@ spec: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} ports: - port: {{ .Values.nexus.nexusPort }} - {{ - range .Values.nexus.docker.registries }} + {{- range .Values.nexus.docker.registries }} - port: {{ .port }} - {{ - end }} + {{- end }} {{- end }} -- GitLab From 2ee078cf06ef74e3fb8ba8ede4969db5698b0d5c Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Tue, 1 Jun 2021 21:25:34 +0000 Subject: [PATCH 13/36] syntax --- chart/templates/bigbang/networkpolicies/istio.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 30d3f12..ae0f251 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -16,10 +16,10 @@ spec: podSelector: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} - ports: - - port: {{ .Values.nexus.nexusPort }} - {{- range .Values.nexus.docker.registries }} - - port: {{ .port }} - {{- end }} + ports: + - port: {{ .Values.nexus.nexusPort }} + {{- range .Values.nexus.docker.registries }} + - port: {{ .port }} + {{- end }} {{- end }} -- GitLab From 622372a9b299973839efac6b156788171580fc2d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 2 Jun 2021 11:15:19 +0000 Subject: [PATCH 14/36] final cleanup --- chart/Chart.yaml | 2 +- chart/values.yaml | 2 +- tests/test-values.yml | 3 ++- 3 files changed, 4 insertions(+), 3 deletions(-) diff --git a/chart/Chart.yaml b/chart/Chart.yaml index 735e91a..b6173cf 100644 --- a/chart/Chart.yaml +++ b/chart/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: nexus-repository-manager -version: 29.1.0-bb.1 +version: 29.1.0-bb.2 appVersion: 3.29.0 description: Sonatype Nexus Repository Manager - Universal Binary repository type: application diff --git a/chart/values.yaml b/chart/values.yaml index 97c25d1..726cde7 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -8,7 +8,7 @@ istio: - "istio-system/main" networkPolicies: - enabled: true + enabled: false ingressLabels: app: istio-ingressgateway istio: ingressgateway diff --git a/tests/test-values.yml b/tests/test-values.yml index b09ad18..5b40759 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -4,5 +4,6 @@ istio: nexus: imagePullSecrets: - name: private-registry-mil - +networkPolicies: + enabled: true -- GitLab From 33c3caf0afab316ffe6be898a07a7de2974a3312 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 2 Jun 2021 16:04:46 +0000 Subject: [PATCH 15/36] remove registries --- chart/values.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/chart/values.yaml b/chart/values.yaml index 726cde7..e0a6a9d 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -72,11 +72,11 @@ image: nexus: docker: - enabled: true - registries: - - host: nexus-registry.bigbang.dev - port: 5000 - secretName: registrySecret + enabled: false + registries: [] + # - host: chart.local + # port: 5000 + # secretName: registrySecret env: - name: install4jAddVmParams value: "-Xms1200M -Xmx1200M -XX:MaxDirectMemorySize=2G -XX:+UnlockExperimentalVMOptions -XX:+UseCGroupMemoryLimitForHeap" -- GitLab From 55b6b953b6965a7771edf389fbff65720fd1fa72 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 2 Jun 2021 19:41:39 +0000 Subject: [PATCH 16/36] WAG to fix istio problem --- .../bigbang/networkpolicies/istio.yaml | 21 ++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index ae0f251..b436e3f 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -21,5 +21,24 @@ spec: {{- range .Values.nexus.docker.registries }} - port: {{ .port }} {{- end }} +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-to-istio-engress + namespace: {{ .Release.Namespace }} +spec: + podSelector: {} + policyTypes: + - Ingress + engress: + - to: + - namespaceSelector: + matchLabels: + app: istiod in the istio-system + podSelector: + matchLabels: + {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} + ports: + - port: 53 {{- end }} - -- GitLab From 8d2a2555137aaeec7c2392fbee93090bb23f0405 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 2 Jun 2021 19:52:08 +0000 Subject: [PATCH 17/36] typo --- chart/templates/bigbang/networkpolicies/istio.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index b436e3f..58a79f1 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -25,13 +25,13 @@ spec: apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: - name: allow-to-istio-engress + name: allow-to-istio-egress namespace: {{ .Release.Namespace }} spec: podSelector: {} policyTypes: - Ingress - engress: + egress: - to: - namespaceSelector: matchLabels: -- GitLab From 741be894bb7f969c4e324ff2e5f81828774aac4e Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Wed, 2 Jun 2021 19:58:01 +0000 Subject: [PATCH 18/36] try try again --- chart/templates/bigbang/networkpolicies/istio.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 58a79f1..6011a28 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -35,10 +35,10 @@ spec: - to: - namespaceSelector: matchLabels: - app: istiod in the istio-system + app.kubernetes.io/name: istio-controlplane podSelector: matchLabels: {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} ports: - - port: 53 + - port: 15012 {{- end }} -- GitLab From 6ad797ac5bd22184941e0f3f13f982ab91434c52 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 14:17:20 +0000 Subject: [PATCH 19/36] Try updating test-values with nexusPort --- tests/test-values.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/tests/test-values.yml b/tests/test-values.yml index 5b40759..96b068b 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -4,6 +4,7 @@ istio: nexus: imagePullSecrets: - name: private-registry-mil + nexusPort: 8081 networkPolicies: enabled: true -- GitLab From 51c86adecd9e6e0ab01cd6e0ed67a603bcc54fff Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 14:34:34 +0000 Subject: [PATCH 20/36] add docker/registries to test-yaml --- tests/test-values.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/test-values.yml b/tests/test-values.yml index 96b068b..90c2246 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -5,6 +5,10 @@ nexus: imagePullSecrets: - name: private-registry-mil nexusPort: 8081 + docker: + enabled: false + registries: [] + networkPolicies: enabled: true -- GitLab From 0b9f79877415d40b8a12cce0aa6061f4912395ca Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 14:41:32 +0000 Subject: [PATCH 21/36] Remove test-values updates that don't help. Try turning off network policies --- tests/test-values.yml | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index 90c2246..b73756a 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -4,11 +4,6 @@ istio: nexus: imagePullSecrets: - name: private-registry-mil - nexusPort: 8081 - docker: - enabled: false - registries: [] - networkPolicies: - enabled: true + enabled: false -- GitLab From 805f01c7362a17478110fa84746cc9447bd8e764 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 14:55:56 +0000 Subject: [PATCH 22/36] Turn network policies back on --- tests/test-values.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/test-values.yml b/tests/test-values.yml index b73756a..5b40759 100644 --- a/tests/test-values.yml +++ b/tests/test-values.yml @@ -5,5 +5,5 @@ nexus: imagePullSecrets: - name: private-registry-mil networkPolicies: - enabled: false + enabled: true -- GitLab From 833edc055dd3e920f883f79e21aa025943be8daa Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:05:23 +0000 Subject: [PATCH 23/36] set test nexus url --- tests/cypress.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cypress.json b/tests/cypress.json index 43b18da..6019771 100644 --- a/tests/cypress.json +++ b/tests/cypress.json @@ -4,7 +4,7 @@ "supportFile": false, "fixturesFolder": false, "env": { - "nexus_url": "nexus.bigbang.dev" + "nexus_url": "nexus.nexus.svc:8081" } } -- GitLab From d66e6b17628d38d5283369e128f87b40a64267cf Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:12:22 +0000 Subject: [PATCH 24/36] set test nexus url, take 2 --- tests/cypress.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cypress.json b/tests/cypress.json index 6019771..d699dbb 100644 --- a/tests/cypress.json +++ b/tests/cypress.json @@ -4,7 +4,7 @@ "supportFile": false, "fixturesFolder": false, "env": { - "nexus_url": "nexus.nexus.svc:8081" + "nexus_url": "nexus.nexus-repository-manager.svc:8081" } } -- GitLab From 59c1df880b38928708515f2d34770147c5b9143d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:18:46 +0000 Subject: [PATCH 25/36] set test nexus url, take 3 --- tests/cypress.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cypress.json b/tests/cypress.json index d699dbb..36b0cf8 100644 --- a/tests/cypress.json +++ b/tests/cypress.json @@ -4,7 +4,7 @@ "supportFile": false, "fixturesFolder": false, "env": { - "nexus_url": "nexus.nexus-repository-manager.svc:8081" + "nexus_url": "nexus.svc:8081" } } -- GitLab From 82d4108ddcec84e899f655d4afd892bd7c45410d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:23:32 +0000 Subject: [PATCH 26/36] set test nexus url, take 4 --- tests/cypress.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cypress.json b/tests/cypress.json index 36b0cf8..60339b2 100644 --- a/tests/cypress.json +++ b/tests/cypress.json @@ -4,7 +4,7 @@ "supportFile": false, "fixturesFolder": false, "env": { - "nexus_url": "nexus.svc:8081" + "nexus_url": "https://nexus.svc:8081" } } -- GitLab From e1a0c82735ebf5e211ca2e80e96b45aaa13d7db5 Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:39:12 +0000 Subject: [PATCH 27/36] fix istio-egress policy --- chart/templates/bigbang/networkpolicies/istio.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 6011a28..77d2b46 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -30,7 +30,7 @@ metadata: spec: podSelector: {} policyTypes: - - Ingress + - Egress egress: - to: - namespaceSelector: -- GitLab From b172affb12a4ab8cce9b9fffc5171e16e877bb6d Mon Sep 17 00:00:00 2001 From: Ubuntu Date: Mon, 7 Jun 2021 18:41:57 +0000 Subject: [PATCH 28/36] Put correct address back in cypress.json --- tests/cypress.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/cypress.json b/tests/cypress.json index 60339b2..43b18da 100644 --- a/tests/cypress.json +++ b/tests/cypress.json @@ -4,7 +4,7 @@ "supportFile": false, "fixturesFolder": false, "env": { - "nexus_url": "https://nexus.svc:8081" + "nexus_url": "nexus.bigbang.dev" } } -- GitLab From 672dae80f1e0817415775d064f057fd3ce335076 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 8 Jun 2021 09:04:48 -0600 Subject: [PATCH 29/36] test pipeline --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6e9f482..3af819b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' - ref: master + ref: label-istio file: '/templates/package-tests.yml' -- GitLab From 7a46b1a141b86e44f9684a332600beb8da3e21a6 Mon Sep 17 00:00:00 2001 From: Micah Nagel Date: Tue, 8 Jun 2021 15:10:28 +0000 Subject: [PATCH 30/36] back to master --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3af819b..6e9f482 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,4 +1,4 @@ include: - project: 'platform-one/big-bang/pipeline-templates/pipeline-templates' - ref: label-istio + ref: master file: '/templates/package-tests.yml' -- GitLab From df0a965250dbc1b8ef7d725bc1c5f349776cd248 Mon Sep 17 00:00:00 2001 From: Charles Culman Date: Tue, 8 Jun 2021 16:04:40 +0000 Subject: [PATCH 31/36] Update CHANGELOG.md --- CHANGELOG.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4dc68c6..cbef79e 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,2 +1,7 @@ # Changelog +## [bb.2] + +* Added default-deny-all network policy +* Added istio network policy +* Added monitoring network policy -- GitLab From 99e83b4bd132562a0dfd106b7a92f1a208b3261e Mon Sep 17 00:00:00 2001 From: Charles Culman Date: Tue, 8 Jun 2021 16:05:52 +0000 Subject: [PATCH 32/36] Update CHANGELOG.md --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index cbef79e..52aef2f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## [bb.2] +## [29.1.0-bb.2] * Added default-deny-all network policy * Added istio network policy -- GitLab From 769132dfccbc2dd7e500c837a01af78a7e687374 Mon Sep 17 00:00:00 2001 From: Charles Culman Date: Tue, 8 Jun 2021 16:19:28 +0000 Subject: [PATCH 33/36] Apply 1 suggestion(s) to 1 file(s) --- CHANGELOG.md | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 52aef2f..6c94999 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,4 +4,8 @@ * Added default-deny-all network policy * Added istio network policy -* Added monitoring network policy +## [29.1.0-bb.2] +# Added +* default-deny-all network policy +* istio network policy +* monitoring network policy -- GitLab From 9f7606bd0d229439986fa7b7875de7dc9a3d31d5 Mon Sep 17 00:00:00 2001 From: Charles Culman Date: Tue, 8 Jun 2021 16:37:37 +0000 Subject: [PATCH 34/36] Update CHANGELOG.md --- CHANGELOG.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6c94999..cbb51d7 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,9 +1,5 @@ # Changelog -## [29.1.0-bb.2] - -* Added default-deny-all network policy -* Added istio network policy ## [29.1.0-bb.2] # Added * default-deny-all network policy -- GitLab From 2d73935bae694479ef36702a590daa817ac39b90 Mon Sep 17 00:00:00 2001 From: Charles Culman Date: Wed, 9 Jun 2021 16:26:03 +0000 Subject: [PATCH 35/36] Apply 1 suggestion(s) to 1 file(s) --- chart/templates/bigbang/networkpolicies/istio.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/chart/templates/bigbang/networkpolicies/istio.yaml b/chart/templates/bigbang/networkpolicies/istio.yaml index 77d2b46..5c6c341 100644 --- a/chart/templates/bigbang/networkpolicies/istio.yaml +++ b/chart/templates/bigbang/networkpolicies/istio.yaml @@ -38,7 +38,7 @@ spec: app.kubernetes.io/name: istio-controlplane podSelector: matchLabels: - {{- toYaml .Values.networkPolicies.ingressLabels | nindent 10}} + istio: pilot ports: - port: 15012 {{- end }} -- GitLab From 2e1b42f164f1ae4945a1cc433ccfad4956770044 Mon Sep 17 00:00:00 2001 From: "garcia.ryan" Date: Wed, 9 Jun 2021 10:54:21 -0600 Subject: [PATCH 36/36] feat: Adding final policy for kube-api and kube-dns egress --- .../networkpolicies/kube-api-egress.yaml | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) create mode 100644 chart/templates/bigbang/networkpolicies/kube-api-egress.yaml diff --git a/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml new file mode 100644 index 0000000..708f312 --- /dev/null +++ b/chart/templates/bigbang/networkpolicies/kube-api-egress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: kube-api-dns-egress + namespace: {{ .Release.Namespace }} +spec: + egress: + - to: + - namespaceSelector: {} + ports: + - port: 443 + protocol: TCP + - port: 53 + protocol: UDP + podSelector: + matchLabels: + app.kubernetes.io/name: nexus-repository-manager + policyTypes: + - Egress \ No newline at end of file -- GitLab