chore: add netpol template for runner sandbox (#125)

updates default package config when specifying an internal runner to support the sandbox namespace communication to the gitlab workhorse. Release-As: v16.11.1-uds.1
defenseunicorns · May 7, 2024 · c5ad463 · c5ad463
1 parent 423687d
commit c5ad463
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/chart/templates/uds-package.yaml b/chart/templates/uds-package.yaml
@@ -79,6 +79,15 @@ spec:
         description: "Runner Ingress Workhorse"
     {{- end }}
 
+    {{- if and .Values.runner.internal (hasKey .Values.runner "sandboxNamespace") (ne .Values.runner.sandboxNamespace "") }}
+      - direction: Ingress
+        selector:
+          app: webservice
+        remoteNamespace: {{ .Values.runner.sandboxNamespace | quote }}
+        port: 8181
+        description: "Runner Sandbox Ingress Workhorse"
+    {{- end }}
+
       - direction: Ingress
         remoteNamespace: monitoring
         remoteSelector:
@@ -155,7 +164,7 @@ spec:
         {{- end }}
         description: "Registry Storage"
 
-      # Sidekiq Netpols 
+      # Sidekiq Netpols
       - direction: Egress
         selector:
           app: sidekiq

diff --git a/chart/values.yaml b/chart/values.yaml
@@ -28,6 +28,7 @@ runner:
   selector:
     app: gitlab-runner
   namespace: gitlab-runner
+  sandboxNamespace: gitlab-runner-sandbox
 # custom:
 #    # Notice no `remoteGenerated` field here on custom internal rule
 #   - direction: Ingress