Update network policy egress in remote development agent configs (!136179) · Merge requests · GitLab.org / GitLab

Vishal Tak requested to merge vtak/egress_agent_config_update into master Nov 07, 2023

What does this MR do and why?

Issue: Backend: Updates to agent configuration updates... (#427235 - closed)

Depends on: Add egress ip options in remote development age... (!135497 - merged)

Update network policy egress in remote development agent configs

Set all workspaces of the agent to force include all resources when the configuration of the agent is updated.

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

Configure an agent with the following configuration

remote_developemnt:
  enabled: true
  network_policy:
    enabled: true
    egress:
    - allow: '0.0.0.0/0
      except:
      - '10.0.0.0/8'
    - allow: '10.0.0.0/32

Verify that the network_policy_egress is set to [{ "allow": "0.0.0.0/0", "except": ["10.0.0.0/8"] }, { "allow": "10.0.0.0/32" }] in the remote_development_agent_configs table for the given agent.
Verify that all the workspaces for the given agent have force_include_all_resources: true immediately after the update.

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

I have evaluated the MR acceptance checklist for this MR.

Edited Nov 08, 2023 by Vishal Tak

Update network policy egress in remote development agent configs

What does this MR do and why?

How to set up and validate locally

MR acceptance checklist

Merge request reports