chore: add network policies for Harbor #906
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SdgJlbl
force-pushed
the
feat/add-profile-to-launch-harbor-as-external-registry+
branch
from
ab04540 to
8015f7b
Compare
Base automatically changed from
feat/add-profile-to-launch-harbor-as-external-registry+
to
main
May 21, 2024 07:35
guilhem-barthes
force-pushed
the
chore/network-policy
branch
from
045cf47 to
3faa989
Compare
guilhem-barthes
force-pushed
the
feat/network-policies-for-harbor
branch
from
0722718 to
2590820
Compare
guilhem-barthes
force-pushed
the
feat/network-policies-for-harbor
branch
from
2590820 to
c9b3dc7
Compare
Signed-off-by: Guilhem Barthés <[email protected]>
guilhem-barthes
added a commit
that referenced
this pull request
May 22, 2024
* chore: add network policies for Harbor * chore: add newline Signed-off-by: Guilhem Barthés <[email protected]> --------- Signed-off-by: Guilhem Barthés <[email protected]> Co-authored-by: Guilhem Barthés <[email protected]>
guilhem-barthes
added a commit
that referenced
this pull request
May 23, 2024
* chore: add limits and requests to pods Signed-off-by: SdgJlbl <[email protected]> * chore: add network policy Signed-off-by: SdgJlbl <[email protected]> * revert: "chore: add limits and requests to pods" This reverts commit 8d277d6. * feat: deny all traffic Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to redis Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to database Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to docker-registry Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to storage Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to orc Signed-off-by: Guilhem Barthés <[email protected]> * feat: allow connection to internet Signed-off-by: Guilhem Barthés <[email protected]> * feat: add communication with server Signed-off-by: Guilhem Barthés <[email protected]> * feat: add communication with k8s api server Signed-off-by: Guilhem Barthés <[email protected]> * feat: add internet communication for builder Signed-off-by: Guilhem Barthés <[email protected]> * fix: add http requests between backends in same cluster Signed-off-by: Guilhem Barthés <[email protected]> * fix: add `skaffold-local-ingress` network policies Signed-off-by: Guilhem Barthés <[email protected]> * chore: test with weaker policy for api k8s Signed-off-by: Guilhem Barthés <[email protected]> * wip: test with weaker deny all Signed-off-by: Guilhem Barthés <[email protected]> * chore: remove commented code Signed-off-by: Guilhem Barthés <[email protected]> * chore: remove commented code as it is parsed by helm but not k8s Signed-off-by: Guilhem Barthés <[email protected]> * fix: `-api-server-egress` was not an array Signed-off-by: Guilhem Barthés <[email protected]> * fix: `-api-server-egress` `ipBlock` indentation Signed-off-by: Guilhem Barthés <[email protected]> * fix: add more private IP range to target kubernetes apiserver Signed-off-by: Guilhem Barthés <[email protected]> * feat: add `server.allowLocalRequests` parameter Signed-off-by: Guilhem Barthés <[email protected]> * chore: remove duplicate network policies (replaced by `allowLocalRequests`) Signed-off-by: Guilhem Barthés <[email protected]> * fix: add `role-api-k8s-client: 'true'` to builder when `privateCa.enabled` is enabled Signed-off-by: Guilhem Barthés <[email protected]> * chore: remove unused `deploy.kubectl` Signed-off-by: Guilhem Barthés <[email protected]> * fix: allow communication between backends in the same cluster Signed-off-by: Guilhem Barthés <[email protected]> * fix: allow communication between local backends with `allowLocalRequests` Signed-off-by: Guilhem Barthés <[email protected]> * fix: readd policy to prevent compute-task to communicate with internet Signed-off-by: Guilhem Barthés <[email protected]> * doc: update chart version and changelog Signed-off-by: Guilhem Barthés <[email protected]> * chore: add network policies for Harbor (#906) * chore: add network policies for Harbor * chore: add newline Signed-off-by: Guilhem Barthés <[email protected]> --------- Signed-off-by: Guilhem Barthés <[email protected]> Co-authored-by: Guilhem Barthés <[email protected]> * fix: remove wrong value for profile `three-org` Signed-off-by: Guilhem Barthés <[email protected]> --------- Signed-off-by: SdgJlbl <[email protected]> Signed-off-by: Guilhem Barthés <[email protected]> Co-authored-by: Guilhem Barthés <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
How has this been tested?
Checklist