forgejo_admin/pal-e-platform
1
0
Fork 1
Code Issues 33 Pull requests 1 Projects Releases Packages Wiki Activity Actions

fix: allow argocd namespace ingress to forgejo #202

Merged
forgejo_admin merged 1 commit from 200-forgejo-netpol-argocd into main 2026-03-27 06:35:32 +00:00
Conversation 1 Commits 1 Files changed 1 +1
forgejo_admin commented 2026-03-27 06:30:06 +00:00
Owner
Copy link

Summary

  • ArgoCD needs network access to Forgejo to pull Git repositories and sync manifests
  • The Forgejo network policy was missing an ingress rule for the argocd namespace
  • Adds argocd to the ingress allow list, matching the existing pattern

Changes

  • terraform/network-policies.tf: Added argocd namespace ingress rule to netpol_forgejo, following the same pattern used by tailscale, woodpecker, and monitoring (and already present in the harbor policy)

tofu plan Output

Providers not cached in this worktree so tofu validate could not run fully. tofu fmt -check passed clean. The change is a single ingress rule addition.

Expected plan: kubernetes_manifest.netpol_forgejo will be updated in-place with one additional ingress rule.

Test Plan

  • tofu plan shows only an in-place update to kubernetes_manifest.netpol_forgejo
  • After apply, ArgoCD can reach Forgejo Git endpoints (repo sync succeeds)
  • No other network policies affected

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related Notes

  • Closes #200
  • pal-e-platform -- the project this work belongs to
## Summary - ArgoCD needs network access to Forgejo to pull Git repositories and sync manifests - The Forgejo network policy was missing an ingress rule for the argocd namespace - Adds argocd to the ingress allow list, matching the existing pattern ## Changes - `terraform/network-policies.tf`: Added argocd namespace ingress rule to `netpol_forgejo`, following the same pattern used by tailscale, woodpecker, and monitoring (and already present in the harbor policy) ## tofu plan Output Providers not cached in this worktree so `tofu validate` could not run fully. `tofu fmt -check` passed clean. The change is a single ingress rule addition. Expected plan: `kubernetes_manifest.netpol_forgejo` will be updated in-place with one additional ingress rule. ## Test Plan - [ ] `tofu plan` shows only an in-place update to `kubernetes_manifest.netpol_forgejo` - [ ] After apply, ArgoCD can reach Forgejo Git endpoints (repo sync succeeds) - [ ] No other network policies affected ## Review Checklist - [ ] Passed automated review-fix loop - [ ] No secrets committed - [ ] No unnecessary file changes - [ ] Commit messages are descriptive ## Related Notes - Closes #200 - `pal-e-platform` -- the project this work belongs to
fix: allow argocd namespace ingress to forgejo
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
ci/woodpecker/pull_request_closed/woodpecker Pipeline was successful
Details
762b7888b2 
ArgoCD needs to reach Forgejo to pull manifests and sync repos.
Adds argocd to the Forgejo network policy ingress allow list,
matching the existing pattern used by tailscale, woodpecker,
and monitoring namespaces.

Refs: #200

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-27 06:31:19 +00:00
Author
Owner
Copy link

QA Review -- PR #202

Diff Analysis

  • Files changed: 1 (terraform/network-policies.tf)
  • Lines added: 1 | Lines deleted: 0

The change adds a single ingress rule allowing the argocd namespace to reach pods in the forgejo namespace. The rule follows the exact same pattern as the existing tailscale, woodpecker, and monitoring rules in the same block, and matches how argocd is already referenced in the harbor network policy.

Checklist

  • Pattern matches existing ingress rules exactly
  • tofu fmt -check passed
  • No secrets committed
  • No unnecessary file changes
  • Commit message is descriptive and references #200
  • PR body includes all required sections
  • Scope is minimal -- one line, one file, one purpose

Findings

No issues found. This is a clean, minimal, pattern-consistent change.

VERDICT: APPROVE

## QA Review -- PR #202 ### Diff Analysis - **Files changed**: 1 (`terraform/network-policies.tf`) - **Lines added**: 1 | **Lines deleted**: 0 The change adds a single ingress rule allowing the `argocd` namespace to reach pods in the `forgejo` namespace. The rule follows the exact same pattern as the existing tailscale, woodpecker, and monitoring rules in the same block, and matches how argocd is already referenced in the harbor network policy. ### Checklist - [x] Pattern matches existing ingress rules exactly - [x] `tofu fmt -check` passed - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit message is descriptive and references #200 - [x] PR body includes all required sections - [x] Scope is minimal -- one line, one file, one purpose ### Findings No issues found. This is a clean, minimal, pattern-consistent change. ### VERDICT: APPROVE
forgejo_admin deleted branch 200-forgejo-netpol-argocd 2026-03-27 06:35:32 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform!202
No description provided.