From 4d64420f30c09caef8cd70707aae90a2e7d03ea2 Mon Sep 17 00:00:00 2001 From: LH Date: Wed, 8 Nov 2023 18:25:38 +0100 Subject: [PATCH] fix: DNS ingress rules - GitHub runners (#25) --- apps/common/values.lab.yml | 1 + apps/common/values.prod.yml | 1 + apps/dns/templates/network-policy.yml | 2 +- apps/dns/values.lab.yml | 3 --- apps/dns/values.prod.yml | 3 --- apps/haraka-relay/values.lab.yml | 2 +- apps/haraka-relay/values.prod.yml | 2 +- 7 files changed, 5 insertions(+), 9 deletions(-) diff --git a/apps/common/values.lab.yml b/apps/common/values.lab.yml index 7e02e3bf3..56a3ef9f5 100644 --- a/apps/common/values.lab.yml +++ b/apps/common/values.lab.yml @@ -6,6 +6,7 @@ networkPolicy: - 10.1.8.23 servicesSubnetCidr: 10.1.8.0/24 consumerCidrs: + - 10.1.8.9/32 # GitHub runners - 10.1.8.0/24 - 10.1.3.0/24 diff --git a/apps/common/values.prod.yml b/apps/common/values.prod.yml index d648dae28..a59beea7e 100644 --- a/apps/common/values.prod.yml +++ b/apps/common/values.prod.yml @@ -6,6 +6,7 @@ networkPolicy: - 10.1.2.23 servicesSubnetCidr: 10.1.2.0/24 consumerCidrs: + - 10.1.8.9/32 # GitHub runners - 10.1.2.0/24 - 10.1.3.0/24 diff --git a/apps/dns/templates/network-policy.yml b/apps/dns/templates/network-policy.yml index 11cd299a2..80d8fabc7 100644 --- a/apps/dns/templates/network-policy.yml +++ b/apps/dns/templates/network-policy.yml @@ -23,7 +23,7 @@ spec: # Accept internal traffic (?) - ipBlock: cidr: 172.16.0.0/16 - {{- range $cidr := .Values.networkPolicy.externalIngressIpBlocks }} + {{- range $cidr := .Values.networkPolicy.consumerCidrs }} - ipBlock: cidr: {{ $cidr }} {{- end }} diff --git a/apps/dns/values.lab.yml b/apps/dns/values.lab.yml index 8fe41c96d..2e5a879d3 100644 --- a/apps/dns/values.lab.yml +++ b/apps/dns/values.lab.yml @@ -1,7 +1,4 @@ networkPolicy: - externalIngressIpBlocks: - - 10.1.8.0/24 - - 10.1.3.0/24 forwarders: - 1.1.1.1 - 1.0.0.1 diff --git a/apps/dns/values.prod.yml b/apps/dns/values.prod.yml index 17183baaa..8c9c81b06 100644 --- a/apps/dns/values.prod.yml +++ b/apps/dns/values.prod.yml @@ -1,7 +1,4 @@ networkPolicy: - externalIngressIpBlocks: - - 10.1.8.0/24 - - 10.1.3.0/24 forwarders: - 1.1.1.1 - 1.0.0.1 diff --git a/apps/haraka-relay/values.lab.yml b/apps/haraka-relay/values.lab.yml index c5df1823f..5e4d09227 100644 --- a/apps/haraka-relay/values.lab.yml +++ b/apps/haraka-relay/values.lab.yml @@ -2,7 +2,7 @@ hostname: smtp-lab.homecentr.one loadBalancerIp: 10.1.8.130 allowedClients: - - 10.1.8.224/27 # GitHub runners + - 10.1.8.9/32 # GitHub runners resources: limits: diff --git a/apps/haraka-relay/values.prod.yml b/apps/haraka-relay/values.prod.yml index e167dd62a..74c5a09bc 100644 --- a/apps/haraka-relay/values.prod.yml +++ b/apps/haraka-relay/values.prod.yml @@ -2,7 +2,7 @@ hostname: smtp.homecentr.one loadBalancerIp: 10.1.2.130 allowedClients: - - 10.1.3.250/32 # GitHub runner + - 10.1.8.9/32 # GitHub runners - 10.1.3.5/32 # Printer - 10.1.2.211/32 # iDRAC - 10.1.2.212/32 # iDRAC