feat: add expose service entry for internal cluster traffic
#356
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
UnicornChance
previously approved these changes
Apr 24, 2024
mjnagel
reviewed
May 3, 2024
There was a problem hiding this comment.
I think this seems okay in general. Broad strokes though, I think this could be done for every virtualservice (and done via pepr generating it based on the spec.expose entry in the Package CR)?
I'm not opposed to rolling forward with just this one, but if we are seeing issues due to cluster -> external LB -> cluster it may make sense to just cover all the things rather than adding one specific one for Keycloak.
|
two ServiceEntries made for |
Racer159
changed the title
expose service entry for internal cluster traffic
mjnagel
reviewed
May 8, 2024
mjnagel
reviewed
May 13, 2024
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
rjferguson21
approved these changes
May 14, 2024
mjnagel
approved these changes
May 14, 2024
mjnagel
pushed a commit
that referenced
this pull request
May 23, 2024
🤖 I have created a release *beep* *boop* --- ## [0.22.0](v0.21.1...v0.22.0) (2024-05-22) ### Features * add `expose` service entry for internal cluster traffic ([#356](#356)) ([1bde4cc](1bde4cc)) * add reconciliation retries for CRs ([#423](#423)) ([424b57b](424b57b)) * uds common renovate config ([#391](#391)) ([035786c](035786c)) * uds core docs ([#414](#414)) ([a35ca7b](a35ca7b)) ### Bug Fixes * mismatched exemption/policy for DropAllCapabilities ([#384](#384)) ([d8ec278](d8ec278)) * pepr mutation annotation overwrite ([#385](#385)) ([6e56b2a](6e56b2a)) * renovate config grouping, test-infra ([#411](#411)) ([05fd407](05fd407)) * renovate pepr comment ([#410](#410)) ([a825388](a825388)) ### Miscellaneous * **deps:** update keycloak ([#390](#390)) ([3e82c4e](3e82c4e)) * **deps:** update keycloak to v24.0.4 ([#397](#397)) ([c0420ea](c0420ea)) * **deps:** update keycloak to v24.0.4 ([#402](#402)) ([e454576](e454576)) * **deps:** update neuvector to v9.4 ([#381](#381)) ([20d4170](20d4170)) * **deps:** update pepr to 0.31.0 ([#360](#360)) ([fbd61ea](fbd61ea)) * **deps:** update prometheus-stack ([#348](#348)) ([49cb11a](49cb11a)) * **deps:** update prometheus-stack ([#392](#392)) ([2e656f5](2e656f5)) * **deps:** update uds to v0.10.4 ([#228](#228)) ([1750b23](1750b23)) * **deps:** update uds-k3d to v0.6.0 ([#398](#398)) ([288f009](288f009)) * **deps:** update velero ([#350](#350)) ([e7cb33e](e7cb33e)) * **deps:** update zarf to v0.33.2 ([#394](#394)) ([201a37b](201a37b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
rjferguson21
pushed a commit
that referenced
this pull request
Jul 11, 2024
## Description This adds a service entry to allow traffic to stay inside the cluster and enable things like proper network policies when clients need to access this endpoint. ## Related Issue Fixes #N/A ## Type of change - [ ] Bug fix (non-breaking change which fixes an issue) - [ ] New feature (non-breaking change which adds functionality) - [X] Other (security config, docs update, etc) ## Checklist before merging - [X] Test, docs, adr added or updated as needed - [X] [Contributor Guide Steps](https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md)(https://github.com/defenseunicorns/uds-template-capability/blob/main/CONTRIBUTING.md#submitting-a-pull-request) followed --------- Co-authored-by: Chance <139784371+UnicornChance@users.noreply.github.com> Co-authored-by: Micah Nagel <micah.nagel@defenseunicorns.com>
rjferguson21
pushed a commit
that referenced
this pull request
Jul 11, 2024
🤖 I have created a release *beep* *boop* --- ## [0.22.0](v0.21.1...v0.22.0) (2024-05-22) ### Features * add `expose` service entry for internal cluster traffic ([#356](#356)) ([1bde4cc](1bde4cc)) * add reconciliation retries for CRs ([#423](#423)) ([424b57b](424b57b)) * uds common renovate config ([#391](#391)) ([035786c](035786c)) * uds core docs ([#414](#414)) ([a35ca7b](a35ca7b)) ### Bug Fixes * mismatched exemption/policy for DropAllCapabilities ([#384](#384)) ([d8ec278](d8ec278)) * pepr mutation annotation overwrite ([#385](#385)) ([6e56b2a](6e56b2a)) * renovate config grouping, test-infra ([#411](#411)) ([05fd407](05fd407)) * renovate pepr comment ([#410](#410)) ([a825388](a825388)) ### Miscellaneous * **deps:** update keycloak ([#390](#390)) ([3e82c4e](3e82c4e)) * **deps:** update keycloak to v24.0.4 ([#397](#397)) ([c0420ea](c0420ea)) * **deps:** update keycloak to v24.0.4 ([#402](#402)) ([e454576](e454576)) * **deps:** update neuvector to v9.4 ([#381](#381)) ([20d4170](20d4170)) * **deps:** update pepr to 0.31.0 ([#360](#360)) ([fbd61ea](fbd61ea)) * **deps:** update prometheus-stack ([#348](#348)) ([49cb11a](49cb11a)) * **deps:** update prometheus-stack ([#392](#392)) ([2e656f5](2e656f5)) * **deps:** update uds to v0.10.4 ([#228](#228)) ([1750b23](1750b23)) * **deps:** update uds-k3d to v0.6.0 ([#398](#398)) ([288f009](288f009)) * **deps:** update velero ([#350](#350)) ([e7cb33e](e7cb33e)) * **deps:** update zarf to v0.33.2 ([#394](#394)) ([201a37b](201a37b)) --- This PR was generated with [Release Please](https://github.com/googleapis/release-please). See [documentation](https://github.com/googleapis/release-please#release-please). Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This adds a service entry to allow traffic to stay inside the cluster and enable things like proper network policies when clients need to access this endpoint.
Related Issue
Fixes #N/A
Type of change
Checklist before merging