chore: add network policies for Harbor #906
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
SdgJlbl
force-pushed
the
feat/add-profile-to-launch-harbor-as-external-registry+
branch
from
ab04540
to
8015f7b
Compare
Base automatically changed from
feat/add-profile-to-launch-harbor-as-external-registry+
to
main
May 21, 2024 07:35
guilhem-barthes
force-pushed
the
chore/network-policy
branch
from
045cf47
to
3faa989
Compare
guilhem-barthes
force-pushed
the
feat/network-policies-for-harbor
branch
from
0722718
to
2590820
Compare
guilhem-barthes
force-pushed
the
feat/network-policies-for-harbor
branch
from
2590820
to
c9b3dc7
Compare
Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com>
guilhem-barthes
added a commit
that referenced
this pull request
May 22, 2024
* chore: add network policies for Harbor * chore: add newline Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> --------- Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> Co-authored-by: Guilhem Barthés <guilhem.barthes@owkin.com>
guilhem-barthes
added a commit
that referenced
this pull request
May 23, 2024
* chore: add limits and requests to pods Signed-off-by: SdgJlbl <sarah.diot-girard@owkin.com> * chore: add network policy Signed-off-by: SdgJlbl <sarah.diot-girard@owkin.com> * revert: "chore: add limits and requests to pods" This reverts commit 8d277d6. * feat: deny all traffic Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to redis Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to database Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to docker-registry Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to storage Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to orc Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: allow connection to internet Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: add communication with server Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: add communication with k8s api server Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: add internet communication for builder Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: add http requests between backends in same cluster Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: add `skaffold-local-ingress` network policies Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: test with weaker policy for api k8s Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * wip: test with weaker deny all Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: remove commented code Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: remove commented code as it is parsed by helm but not k8s Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: `-api-server-egress` was not an array Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: `-api-server-egress` `ipBlock` indentation Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: add more private IP range to target kubernetes apiserver Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * feat: add `server.allowLocalRequests` parameter Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: remove duplicate network policies (replaced by `allowLocalRequests`) Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: add `role-api-k8s-client: 'true'` to builder when `privateCa.enabled` is enabled Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: remove unused `deploy.kubectl` Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: allow communication between backends in the same cluster Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: allow communication between local backends with `allowLocalRequests` Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: readd policy to prevent compute-task to communicate with internet Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * doc: update chart version and changelog Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> * chore: add network policies for Harbor (#906) * chore: add network policies for Harbor * chore: add newline Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> --------- Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> Co-authored-by: Guilhem Barthés <guilhem.barthes@owkin.com> * fix: remove wrong value for profile `three-org` Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> --------- Signed-off-by: SdgJlbl <sarah.diot-girard@owkin.com> Signed-off-by: Guilhem Barthés <guilhem.barthes@owkin.com> Co-authored-by: Guilhem Barthés <guilhem.barthes@owkin.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
How has this been tested?
Checklist