Skip to content

Update network policy egress in remote development agent configs

Vishal Tak requested to merge vtak/egress_agent_config_update into master

What does this MR do and why?

Issue: Backend: Updates to agent configuration updates... (#427235 - closed)

Depends on: Add egress ip options in remote development age... (!135497 - merged)

Related to: Add remote development network policy egress pr... (gitlab-org/cluster-integration/gitlab-agent!1167 - merged)

Update network policy egress in remote development agent configs

Set all workspaces of the agent to force include all resources when the configuration of the agent is updated.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Configure an agent with the following configuration
remote_developemnt:
  enabled: true
  network_policy:
    enabled: true
    egress:
    - allow: '0.0.0.0/0
      except:
      - '10.0.0.0/8'
    - allow: '10.0.0.0/32
  1. Verify that the network_policy_egress is set to [{ "allow": "0.0.0.0/0", "except": ["10.0.0.0/8"] }, { "allow": "10.0.0.0/32" }] in the remote_development_agent_configs table for the given agent.
  2. Verify that all the workspaces for the given agent have force_include_all_resources: true immediately after the update.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Vishal Tak

Merge request reports