Open Collinbrown95 opened 1 year ago
cloud-main-system
namespace.apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: allow-gitlab
namespace: cloud-main-system
spec:
egress:
- to:
- ipBlock:
cidr: XXX.XXX.XXX.XXX/32 # I.e. allow **only** the specified IP address; omitting the real IP address since this is a public repo
podSelector: {}
policyTypes:
- Egress
Added by souheil:
Description
This issue will track the steps that were taken in order to roll out the gitlab cloud main connectivity feature on the AAW production environment.
Dev Changes
Prod Changes
allow-cloud-main-ingress
netpolcloud-main-system.yaml
to kustomize manifests.IstioOperator
andGateway
for cloud main egress gateway.coredns-custom
configmap, but we will want to eventually bake this step into the deployment so that it does not require a manual edit.profiles-controller
service account to createdestinationrule
resources.