Put back gitlab ssh, update config location

defenseunicorns · Mar 7, 2024 · 240f87f · 240f87f
1 parent 390729c
commit 240f87f
Show file tree

Hide file tree

Showing 10 changed files with 114 additions and 2 deletions.
diff --git a/bundles/uds-core-swf/uds-bundle.yaml b/bundles/uds-core-swf/uds-bundle.yaml
@@ -95,6 +95,11 @@ packages:
               description: "The TLS key for the tenant gateway (must be base64 encoded)"
               path: tls.key
 
+  # Additional manifests needed
+  - name: additional-manifests
+    path: ../../build
+    ref: 0.0.1
+
   # Gitlab
   - name: gitlab-redis
     repository: ghcr.io/defenseunicorns/packages/uds/dev-redis

diff --git a/.../uds-core-swf/dev-cluster/uds-config.yaml → config/dev-cluster/uds-config.yaml b/.../uds-core-swf/dev-cluster/uds-config.yaml → config/dev-cluster/uds-config.yaml
diff --git a/...uds-core-swf/test-cluster/uds-config.yaml → config/test-cluster/uds-config.yaml b/...uds-core-swf/test-cluster/uds-config.yaml → config/test-cluster/uds-config.yaml
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-gateway.yaml b/packages/additional-manifests/manifests/gitlab-ssh-gateway.yaml
@@ -0,0 +1,15 @@
+apiVersion: networking.istio.io/v1beta1
+kind: Gateway
+metadata:
+  name: gitlab-ssh-gateway
+  namespace: istio-tenant-gateway
+spec:
+  selector:
+    app: tenant-ingressgateway
+  servers:
+    - hosts:
+      - gitlab.###ZARF_VAR_DOMAIN###
+      port:
+        name: tcp-ssh
+        number: 2022
+        protocol: TCP
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-networkpolicies.yaml b/packages/additional-manifests/manifests/gitlab-ssh-networkpolicies.yaml
@@ -0,0 +1,42 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: ingress-istio-shell
+  namespace: gitlab
+spec:
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: istio-controlplane
+      podSelector:
+        matchLabels:
+          app: tenant-ingressgateway
+          istio: ingressgateway
+    ports:
+    - port: 2222
+      protocol: TCP
+  podSelector:
+    matchLabels:
+      app: gitlab-shell
+  policyTypes:
+  - Ingress
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: egress-shell
+  namespace: gitlab
+spec:
+  egress:
+  - to:
+    - namespaceSelector: {}
+    - ipBlock:
+        cidr: 0.0.0.0/0
+        except:
+        - 169.254.169.254/32
+  podSelector:
+    matchLabels:
+      app: gitlab-shell
+  policyTypes:
+  - Egress
diff --git a/packages/additional-manifests/manifests/gitlab-ssh-virtualservice.yaml b/packages/additional-manifests/manifests/gitlab-ssh-virtualservice.yaml
@@ -0,0 +1,21 @@
+apiVersion: networking.istio.io/v1beta1
+kind: VirtualService
+metadata:
+  annotations:
+    meta.helm.sh/release-name: gitlab
+    meta.helm.sh/release-namespace: gitlab
+  name: gitlab-ssh
+  namespace: gitlab
+spec:
+  gateways:
+  - istio-tenant-gateway/gitlab-ssh-gateway
+  hosts:
+  - gitlab.###ZARF_VAR_DOMAIN###
+  tcp:
+  - match:
+    - port: 2022
+    route:
+    - destination:
+        host: gitlab-gitlab-shell.gitlab.svc.cluster.local
+        port:
+          number: 22
diff --git a/packages/additional-manifests/zarf.yaml b/packages/additional-manifests/zarf.yaml
@@ -0,0 +1,23 @@
+# yaml-language-server: $schema=https://raw.githubusercontent.com/defenseunicorns/zarf/v0.32.1/zarf.schema.json
+kind: ZarfPackageConfig
+metadata:
+  name: additional-manifests
+  description: "Installs additional needed manifests"
+  architecture: "amd64"
+  version: "0.0.1"
+
+variables:
+  - name: DOMAIN
+    description: "Domain to be used in VS hosts and gateway config"
+    default: "mtsi.bigbang.dev"
+
+components:
+  - name: gitlab-ssh
+    required: true
+    manifests:
+      - name: gitlab-ssh-virtualservice
+        namespace: gitlab
+        files:
+          - manifests/gitlab-ssh-virtualservice.yaml
+          - manifests/gitlab-ssh-networkpolicies.yaml
+          - manifests/gitlab-ssh-gateway.yaml
diff --git a/tasks.yaml b/tasks.yaml
@@ -14,6 +14,7 @@ tasks:
       - task: create:namespaces-package
       - task: create:idam-packages
       - task: create:object-store-packages
+      - task: create:additional-manifests-package
       - task: create:bundle
 
   ################

diff --git a/tasks/create.yaml b/tasks/create.yaml
@@ -45,3 +45,8 @@ tasks:
     description: Create the object storage packages
     actions:
       - cmd: zarf package create ./packages/object-store/gitlab --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
+
+  - name: additional-manifests-package
+    description: Create package create additional manifests needed.
+    actions:
+      - cmd: zarf package create ./packages/additional-manifests --confirm --no-progress --architecture=${ARCH} --skip-sbom --output ./build
diff --git a/tasks/deploy.yaml b/tasks/deploy.yaml
@@ -2,9 +2,9 @@ tasks:
   - name: bundle-to-dev
     description: Deploy UDS Core version of the bundle to dev
     actions:
-      - cmd: UDS_CONFIG=./uds-config/uds-core-swf/dev-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm
+      - cmd: UDS_CONFIG=./config/dev-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm
 
   - name: bundle-to-test
     description: Deploy UDS Core version of the bundle to test
     actions:
-      - cmd: UDS_CONFIG=./uds-config/uds-core-swf/test-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm
+      - cmd: UDS_CONFIG=./config/test-cluster/uds-config.yaml uds deploy ./build/uds-bundle-*.tar.zst --confirm