Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Default Deny Network Policy #179

Merged
merged 308 commits into from
Jan 13, 2022
Merged

Add Default Deny Network Policy #179

merged 308 commits into from
Jan 13, 2022

Conversation

Gordonby
Copy link
Collaborator

@Gordonby Gordonby commented Jan 12, 2022
edited
Loading

PR Summary

This PR example adds a default deny k8s manifest to the repo which is referenced by

  • The Wizard UI (screengrab below)
  • The BYO network CI/CD sample
  • The Private CI/CD sample

The following application helm charts have been updated to have Network Policies (in order to work in a namespace with a default deny on egress/ingress).
Azure Vote
Java hello world
CertManagerIssuer
ExternalDns

The Azure Vote workflow has been extended to include a Playwright test to properly test the East-West traffic between the pods.

Other changes

Added an NSG rule to allow public 80/443 access when the AGW is not deployed with a privateIP.

Screengrabs

image

Other notes

Ridiculous number of commits in this branch, candidate for a squash-merge if I've ever seen one.

CI/CD

Full testing in the branch has happened.

https://github.com/Azure/Aks-Construction/actions/runs/1688055862
image

https://github.com/Azure/Aks-Construction/actions/runs/1687900578
image

PR Checklist

  • PR has a meaningful title
  • Summarized changes
  • This PR is ready to merge and is not Work in Progress
  • Link to a filed issue

Closes #97
Closes #177

Gordon Byers added 30 commits November 22, 2021 23:20
Update Test_ReusableWorkflows.yml
747ba26
Update Test_ReusableWorkflows.yml
38541af
Update Test_ReusableWorkflows.yml
f3338a8
Update Test_ReusableWorkflows.yml
5f20bdf
Update Test_ReusableWorkflows.yml
a8aacb8
Update Test_ReusableWorkflows.yml
4d3b219
Update Test_ReusableWorkflows.yml
b9ec81e
Update Test_ReusableWorkflows.yml
2f851dd
Update Test_ReusableWorkflows.yml
2147a61
Update AksDeploy-ByoVnetPrivate.parameters.json
88e3854
Update Test_ReusableWorkflows.yml
88c8a38
Update Test_ReusableWorkflows.yml
17e0a05
Update Test_ReusableWorkflows.yml
47f28cf
Update Test_ReusableWorkflows.yml
dd56a4e
Update Test_ReusableWorkflows.yml
157d542
Update Test_ReusableWorkflows.yml
2b130b9
Update AppDeploy_AzureVote.yml
c4f7fc7
Update Test_ReusableWorkflows.yml
24fc5d3
Update AppDeploy_AzureVote.yml
1279f2f
using run command for curl
5137126
cleaning response code up
b9696cd
Merge branch 'main' of https://github.com/Azure/Aks-Construction into…
3ee2643 
… gb-denyall
Update AppDeploy_AzureVote.yml
c226561
Update AppDeploy_AzureVote.yml
5f65bae
Update AppDeploy_AzureVote.yml
228988f
Update AppDeploy_AzureVote.yml
ad943db
Update AppDeploy_AzureVote.yml
cad0a03
Update AppDeploy_AzureVote.yml
33ef6dc
Update AppDeploy_AzureVote.yml
fba8f8c
Update AppDeploy_AzureVote.yml
461c444
@Gordonby Gordonby requested a review from khowling January 12, 2022 15:00
@github-actions github-actions bot added documentation Improvements or additions to documentation helper-ui 🧙‍♀️ An issue with the UI in the helper labels Jan 12, 2022
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 15:04 Inactive
This was linked to issues Jan 12, 2022
Implement a Deny-All by default network policy #97
Closed
External DNS is not creating DNS records in Azure resource #177
Closed
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 17:11 Inactive
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 19:30 Inactive
@Gordonby
Copy link
Collaborator Author

Added support for the Run Command, as per our review @khowling

image

@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 21:57 Inactive
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 22:06 Inactive
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 22:06 Inactive
@Gordonby Gordonby temporarily deployed to azurecirgs January 12, 2022 22:10 Inactive
@Gordonby Gordonby changed the title Add Default Deny Policy example Add Default Deny Network Policy Jan 12, 2022
@Gordonby Gordonby added ci-cd sample 🤖 Sample code in a GitHub action workflow enhancement New feature or request labels Jan 12, 2022
khowling
khowling approved these changes Jan 13, 2022
View reviewed changes
Copy link
Contributor

@khowling khowling left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice one!

@Gordonby Gordonby merged commit def467e into main Jan 13, 2022
@Gordonby Gordonby deleted the gb-denyall branch January 13, 2022 09:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khowling khowling khowling approved these changes

Assignees
No one assigned
Labels
ci-cd sample 🤖 Sample code in a GitHub action workflow documentation Improvements or additions to documentation enhancement New feature or request helper-ui 🧙‍♀️ An issue with the UI in the helper
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

External DNS is not creating DNS records in Azure resource Implement a Deny-All by default network policy
2 participants
@Gordonby @khowling