kevin.wilder requested to merge 1300-gitlab-runner-secret-sync into master Oct 25, 2022

Big Bang Changes

Move gitlab-runner to a separate namespace to reduce blast radius of a compromised runner.
Added a hidden dig key .Values.addons.gitlabRunner.autoRegister.enabled defaulted to true in the gitlab-runner template. Can be disabled with BB values.
Default Kyverno to enabled so that it can support the needs of applications for copying secrets and configs
Started a document list for the applications that are using Kyverno.

Package Changes

Added a conditional Kyverno ClusterPolicy to the gitlab-runner package. The policy supports auto registration when the gitlab runner is deployed in a separate namespace from gitlab. An autoRegister value is passed down to the gitlab-runner package chart. The chart is defaulted to false. The BB chart defaults to true.

Package MR

https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab-runner/-/merge_requests/69

For Issue

Closes https://repo1.dso.mil/platform-one/big-bang/bigbang/-/issues/1300

Edited Oct 26, 2022 by kevin.wilder

Admin message

Draft: Move gitlab-runner to its own namespace

Big Bang Changes

Package Changes

Package MR

For Issue

Merge request reports