The current network policy egress routes allow for remoteGenerated: Anywhere on almost all gitlab pods. We should enable more restrictive egress policies by adding helm values and corresponding templates to allow a user to customize more limited egress for their specific environment.
Overview
The current network policy egress routes allow for
remoteGenerated: Anywhere
on almost all gitlab pods. We should enable more restrictive egress policies by adding helm values and corresponding templates to allow a user to customize more limited egress for their specific environment.See more discussion here
Proposal
values.additionalNetworkAllows[]
to allow a user to specify fully custom additional rules