1. 08 Apr, 2021 3 commits
  2. 07 Apr, 2021 1 commit
    • Benjamin Tissoires's avatar
      logging: prevent unauthorized access to the data · f74bfab7
      Benjamin Tissoires authored
      ES without a license doesn't support an authorization mechanism.
      
      It was fine when the cluster was "safe". But now that we are adding
      the runners, any runner could query the cluster DNS server, get the
      IP of ES, and start pulling logs.
      
      This is not a comfortable situation, so use network policies to filter
      out non-legitimate access to the pods in the logging namespace.
      
      Note that flannel doesn't support Network Policies, but k3s implements
      them for us, so we can use them.
      Signed-off-by: Benjamin Tissoires's avatarBenjamin Tissoires <benjamin.tissoires@gmail.com>
      f74bfab7
  3. 06 Apr, 2021 3 commits
  4. 03 Apr, 2021 1 commit
  5. 26 Mar, 2021 2 commits
  6. 25 Mar, 2021 1 commit
    • Daniel Stone's avatar
      Add debugging for OPA · 26c7a15e
      Daniel Stone authored
      Add a tweakable for OPA which allows us to toggle on super-verbose
      debugging (including decision logging) if required.
      26c7a15e
  7. 24 Mar, 2021 1 commit
  8. 23 Mar, 2021 1 commit
  9. 22 Mar, 2021 1 commit
  10. 02 Mar, 2021 1 commit
  11. 24 Feb, 2021 4 commits
  12. 20 Feb, 2021 1 commit
    • Daniel Stone's avatar
      Move marge-bot to Packet · 422b98c9
      Daniel Stone authored
      Write a new Helm chart and Helmfile deployment definition, based on the
      existing deployment in GKE.
      422b98c9
  13. 16 Feb, 2021 1 commit
  14. 11 Feb, 2021 5 commits
  15. 10 Feb, 2021 6 commits
  16. 06 Feb, 2021 1 commit
  17. 05 Feb, 2021 2 commits
  18. 04 Feb, 2021 3 commits
  19. 02 Feb, 2021 1 commit
  20. 01 Feb, 2021 1 commit