From 13d7b669110463976a490a9fe617b243fde5f65a Mon Sep 17 00:00:00 2001 From: Jonas Juselius Date: Sun, 22 Jun 2025 09:14:24 +0200 Subject: [PATCH] devel: change whitelist_ips to just whitelisr --- values/argo/values/argocd.yaml.gotmpl | 4 ++-- values/env-oceanbox.yaml | 2 +- values/env.yaml | 2 +- values/prometheus/values/prometheus.yaml.gotmpl | 8 ++++---- .../oceanbox/kyverno/whitelist-internal-ingresses.yaml | 4 ++-- values/tempo/values/tempo.yaml.gotmpl | 2 +- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/values/argo/values/argocd.yaml.gotmpl b/values/argo/values/argocd.yaml.gotmpl index c5dcf11a..d68597e6 100644 --- a/values/argo/values/argocd.yaml.gotmpl +++ b/values/argo/values/argocd.yaml.gotmpl @@ -264,7 +264,7 @@ server: nginx.ingress.kubernetes.io/ssl-passthrough: "true" nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} hosts: @@ -286,7 +286,7 @@ applicationSet: ingressClassName: nginx annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} - # {{- with .Values.clusterConfig.ingress_whitelist_ips}} + # {{- with .Values.clusterConfig.ingress_whitelist}} # NOTE(kai): include gitlab and github webhook ranges # nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }},192.30.252.0/22,140.82.112.0/20,34.74.226.27/28,34.74.226.0/24 # {{- end }} diff --git a/values/env-oceanbox.yaml b/values/env-oceanbox.yaml index d324e0ac..b5ff14d3 100644 --- a/values/env-oceanbox.yaml +++ b/values/env-oceanbox.yaml @@ -25,7 +25,7 @@ clusterConfig: patterns: [] cidr: [] nodes: [] - ingress_whitelist_ips: + ingress_whitelist: #itp internal - 10.0.0.0/8 - 172.16.0.0/12 diff --git a/values/env.yaml b/values/env.yaml index 0872e232..523a4a6b 100644 --- a/values/env.yaml +++ b/values/env.yaml @@ -15,7 +15,7 @@ clusterConfig: nodenames: [] nodes: [] ingress_clusterissuer: "letsencrypt-production" - ingress_whitelist_ips: + ingress_whitelist: - 10.0.0.0/8 - 172.16.0.0/12 - 192.168.0.0/16 diff --git a/values/prometheus/values/prometheus.yaml.gotmpl b/values/prometheus/values/prometheus.yaml.gotmpl index f98ef685..fe37502d 100644 --- a/values/prometheus/values/prometheus.yaml.gotmpl +++ b/values/prometheus/values/prometheus.yaml.gotmpl @@ -72,7 +72,7 @@ alertmanager: annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} hosts: @@ -173,7 +173,7 @@ grafana: annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{- with .Values.clusterConfig.ingress_whitelist_ips}} + {{- with .Values.clusterConfig.ingress_whitelist}} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} hosts: @@ -437,7 +437,7 @@ prometheus: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" nginx.ingress.kubernetes.io/backend-protocol: "GRPC" - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} kubernetes.io/ingress.allow-http: "false" @@ -458,7 +458,7 @@ prometheus: annotations: cert-manager.io/cluster-issuer: {{ .Values.clusterConfig.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} hosts: diff --git a/values/system/oceanbox/kyverno/whitelist-internal-ingresses.yaml b/values/system/oceanbox/kyverno/whitelist-internal-ingresses.yaml index adfde358..b3197e69 100644 --- a/values/system/oceanbox/kyverno/whitelist-internal-ingresses.yaml +++ b/values/system/oceanbox/kyverno/whitelist-internal-ingresses.yaml @@ -46,7 +46,7 @@ spec: patchStrategicMerge: metadata: annotations: - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: "{{`{{ @ }}`}},{{ join "," . }}" {{- end }} - name: add-nginx-whitelist @@ -66,7 +66,7 @@ spec: patchStrategicMerge: metadata: annotations: - {{- with .Values.clusterConfig.ingress_whitelist_ips }} + {{- with .Values.clusterConfig.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: "{{ join "," . }}" {{- end }} {{- end }} diff --git a/values/tempo/values/tempo.yaml.gotmpl b/values/tempo/values/tempo.yaml.gotmpl index 00190480..529bf8d8 100644 --- a/values/tempo/values/tempo.yaml.gotmpl +++ b/values/tempo/values/tempo.yaml.gotmpl @@ -40,7 +40,7 @@ tempoQuery: annotations: cert-manager.io/cluster-issuer: {{ .Values.cluster_config.ingress_clusterissuer }} nginx.ingress.kubernetes.io/ssl-redirect: "true" - {{- with .Values.cluster_config.ingress_whitelist_ips }} + {{- with .Values.cluster_config.ingress_whitelist }} nginx.ingress.kubernetes.io/whitelist-source-range: {{ join "," . }} {{- end }} path: /