DRAFT: see the main issue for outstanding tasks before this is ready to merge
š Summary of changes
Terraform updated to:
create separate spaces for manager, workers & services, and egress proxy
create the service account credentials & grant roles in the appropriate spaces
deploy an egress proxy configured with the unions of apis that manager and workers need to access
set up network policy for manager to reach egress proxy over ports 61443 and 8080
utilize new cloudfoundry provider where possible
runner-manager bash scripts updated to:
set up HTTP(S)_PROXY variables in manager and workers
add network policies to allow workers to reach egress proxy over ports 61443 and 8080
get ssh calls from manager -> workers working properly over the egress proxy
End result (at this point) is that the manager and worker spaces have no egress ability except via the egress proxy, and the egress space has public_networks_egress
š Testing Plan
How would a peer test this work?
Destroy any gitlab runner setup (before switching to this branch, if you did it via terraform) you have and recreate it with this terraform
Run whatever pipelines had been working previously
š« Addresses issue: https://github.com/GSA-TTS/devtools-program/issues/72
DRAFT: see the main issue for outstanding tasks before this is ready to merge
š Summary of changes
Terraform updated to:
runner-manager bash scripts updated to:
HTTP(S)_PROXYvariables in manager and workersEnd result (at this point) is that the manager and worker spaces have no egress ability except via the egress proxy, and the egress space has
public_networks_egressš Testing Plan
How would a peer test this work?