From de49d8c84b5c800b7ff4abfa31e89b41e6b91f7d Mon Sep 17 00:00:00 2001 From: Cody Shoffner Date: Tue, 10 Dec 2024 09:55:51 -0600 Subject: [PATCH] chore!: update custom properties key (#253) ## Description - Updating all instances of custom: [] to additionalNetworkAllow: [] > [!CAUTION] > **BREAKING CHANGE** `custom` has changed to `additionalNetworkAllow` ## Related Issue Fixes # Relates to # https://github.com/orgs/defenseunicorns/projects/118/views/12?pane=issue&itemId=87152090&issue=defenseunicorns%7Cuds-package-maintenance%7C5 ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [x] Other (security config, docs update, etc) ## Checklist before merging - [x] Test, docs, adr added or updated as needed - [x] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-package-gitlab/blob/main/CONTRIBUTING.md#developer-workflow) followed --------- Co-authored-by: Wayne Starr Release-As: v17.6.1-uds.2 --- bundle/uds-bundle.yaml | 2 +- charts/config/templates/uds-package.yaml | 2 +- charts/config/values.yaml | 2 +- docs/configuration.md | 2 +- 4 files changed, 4 insertions(+), 4 deletions(-) diff --git a/bundle/uds-bundle.yaml b/bundle/uds-bundle.yaml index bc84677c..d4e082b2 100644 --- a/bundle/uds-bundle.yaml +++ b/bundle/uds-bundle.yaml @@ -71,7 +71,7 @@ packages: valkey: uds-valkey-config: values: - - path: custom + - path: additionalNetworkAllow value: - direction: Ingress selector: diff --git a/charts/config/templates/uds-package.yaml b/charts/config/templates/uds-package.yaml index 466b6876..8d614f09 100644 --- a/charts/config/templates/uds-package.yaml +++ b/charts/config/templates/uds-package.yaml @@ -501,7 +501,7 @@ spec: {{- end }} # Custom rules for unanticipated scenarios - {{- range .Values.custom }} + {{- range .Values.additionalNetworkAllow }} - direction: {{ .direction }} selector: {{ .selector | toYaml | nindent 10 }} diff --git a/charts/config/values.yaml b/charts/config/values.yaml index b5c7d246..3d924412 100644 --- a/charts/config/values.yaml +++ b/charts/config/values.yaml @@ -85,7 +85,7 @@ mirroring: gitalyCgroupsInit: enabled: false -# custom: +# additionalNetworkAllow: # # Notice no `remoteGenerated` field here on custom internal rule # - direction: Ingress # selector: diff --git a/docs/configuration.md b/docs/configuration.md index b22055e2..45f923dd 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -16,7 +16,7 @@ Network policies are controlled via the `uds-gitlab-config` chart in accordance - `redis`: sets network policies for accessing a Redis-compatible server from all GitLab services (`webservice`, `toolbox`, `sidekiq`, `migrations`, `gitlab-exporter`) - `postgres`: sets network policies for accessing a Postgres database from all GitLab services (`webservice`, `toolbox`, `sidekiq`, `migrations`, `gitlab-exporter`) - `mirroring`: sets network policies that allow the gitlab repository mirroring feature to work. It defaults to only `https` (443) but can be set to allow the other protocols gitlab supports via the `ports` key. -- `custom`: sets custom network policies for the GitLab namespace - this allows for custom integrations with other services (i.e. Jira) +- `additionalNetworkAllow`: sets custom network policies for the GitLab namespace - this allows for custom integrations with other services (i.e. Jira) > [!NOTE] > Currently the GitLab UDS Package contains Istio `PeerAuthentication` exceptions to allow the `dependency` init containers to reach out and check the Redis and Postgres services. These are only added with `redis.internal` or `postgres.internal` set to `true` and will be removed once UDS Core [switches to native sidecars](https://github.com/defenseunicorns/uds-core/issues/536).