Zachary Seguin
Zachary Seguin
It's not exactly accurate to say that we can't use private endpoints.. Per the security proposal, https://github.com/StatCan/aaw-security-proposal/blob/master/02-azure.md#networking: - The subnets within the AKS VNET are for compute resources only -...
Yes, the system subnet has a different IP range from the user subnets and therefore firewall rules can be put in place to restrict access to just the system subnet.
This is where AAW prod is in a bit of an odd place, zone `1` is the disks that were migrated from the old environment and are technically not in...
@vexingly I don't believe the zone matters on the temp nodes because they are not officially attached to a zone.
I think @vexingly has it under control, but if anyone needs my help I'm around :)
I'm just going to chime in and say that I agree with what @justbert wrote and I think this echos much of what I said during yesterday's standup.
There is a virtual service named `disclosure-vetting` in dev that maps disclosure vetting to the `ingress-general-system/general-istio-ingress-gateway-https`, which is public facing (ignoring that dev is not supposed to be public; but...
I'm removing the blocker on this, I incorrectly applied to Istio configuration policy to all pods instead of just Protected B pods.
Hello @bbusioc, thanks - I thought the chart supported arbitrary env vars, but it looks like it does not. I'll add that support soon.
Just following up on @sylus's message, but we were able to get it all working. The biggest issue was the `composer.json` file that was generated by Drupal containing incorrect settings...