fix: DNS ingress rules - GitHub runners (#25)

apps/common/values.lab.yml

@@ -6,6 +6,7 @@ networkPolicy:
     - 10.1.8.23
   servicesSubnetCidr: 10.1.8.0/24
   consumerCidrs:
+    - 10.1.8.9/32 # GitHub runners
     - 10.1.8.0/24
     - 10.1.3.0/24
 

apps/common/values.prod.yml

@@ -6,6 +6,7 @@ networkPolicy:
     - 10.1.2.23
   servicesSubnetCidr: 10.1.2.0/24
   consumerCidrs:
+    - 10.1.8.9/32 # GitHub runners
     - 10.1.2.0/24
     - 10.1.3.0/24
 

apps/dns/templates/network-policy.yml

@@ -23,7 +23,7 @@ spec:
         # Accept internal traffic (?)
         - ipBlock:
             cidr: 172.16.0.0/16
-        {{- range $cidr := .Values.networkPolicy.externalIngressIpBlocks }}
+        {{- range $cidr := .Values.networkPolicy.consumerCidrs }}
         - ipBlock:
             cidr: {{ $cidr }}
         {{- end }}

apps/dns/values.lab.yml

@@ -1,7 +1,4 @@
 networkPolicy:
-  externalIngressIpBlocks:
-    - 10.1.8.0/24
-    - 10.1.3.0/24
   forwarders:
     - 1.1.1.1
     - 1.0.0.1

apps/dns/values.prod.yml

@@ -1,7 +1,4 @@
 networkPolicy:
-  externalIngressIpBlocks:
-    - 10.1.8.0/24
-    - 10.1.3.0/24
   forwarders:
     - 1.1.1.1
     - 1.0.0.1

apps/haraka-relay/values.lab.yml

@@ -2,7 +2,7 @@ hostname: smtp-lab.homecentr.one
 loadBalancerIp: 10.1.8.130
 
 allowedClients:
-  - 10.1.8.224/27 # GitHub runners
+  - 10.1.8.9/32 # GitHub runners
 
 resources:
   limits:

apps/haraka-relay/values.prod.yml

@@ -2,7 +2,7 @@ hostname: smtp.homecentr.one
 loadBalancerIp: 10.1.2.130
 
 allowedClients:
-  - 10.1.3.250/32 # GitHub runner
+  - 10.1.8.9/32 # GitHub runners
   - 10.1.3.5/32   # Printer
   - 10.1.2.211/32 # iDRAC
   - 10.1.2.212/32 # iDRAC