forgejo_admin/pal-e-platform
1
0
Fork 0
Code Issues 33 Pull requests Projects Releases Packages Wiki Activity Actions

fix: allow argocd namespace ingress to Harbor #161

Merged
forgejo_admin merged 1 commit from 148-harbor-argocd-netpol into main 2026-03-26 03:42:46 +00:00
Conversation 1 Commits 1 Files changed 1 +1
forgejo_admin commented 2026-03-25 13:39:42 +00:00
Owner
Copy link

Summary

ArgoCD Image Updater needs to reach Harbor to check for new image tags. The Harbor NetworkPolicy was missing argocd from its ingress allowlist, causing connection timeouts.

Changes

  • terraform/network-policies.tf: Added argocd namespace to netpol_harbor ingress rules alongside existing tailscale, harbor, monitoring, and woodpecker entries.

Test Plan

  • Apply with tofu apply -target=kubernetes_manifest.netpol_harbor
  • Verify ArgoCD Image Updater logs no longer show connection timeouts to Harbor
  • Confirm kubectl get networkpolicy -n harbor default-deny-ingress -o yaml includes the argocd namespace selector
  • No regressions in other Harbor access (Woodpecker pushes, Tailscale UI)

Review Checklist

  • Passed automated review-fix loop
  • No secrets committed
  • No unnecessary file changes
  • Commit messages are descriptive

Related

## Summary ArgoCD Image Updater needs to reach Harbor to check for new image tags. The Harbor NetworkPolicy was missing `argocd` from its ingress allowlist, causing connection timeouts. ## Changes - `terraform/network-policies.tf`: Added `argocd` namespace to `netpol_harbor` ingress rules alongside existing tailscale, harbor, monitoring, and woodpecker entries. ## Test Plan - [ ] Apply with `tofu apply -target=kubernetes_manifest.netpol_harbor` - [ ] Verify ArgoCD Image Updater logs no longer show connection timeouts to Harbor - [ ] Confirm `kubectl get networkpolicy -n harbor default-deny-ingress -o yaml` includes the argocd namespace selector - [ ] No regressions in other Harbor access (Woodpecker pushes, Tailscale UI) ## Review Checklist - [x] Passed automated review-fix loop - [x] No secrets committed - [x] No unnecessary file changes - [x] Commit messages are descriptive ## Related - Closes #148
fix: allow argocd namespace ingress to Harbor for Image Updater
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/pr/woodpecker Pipeline was successful
Details
14ceb75d6e 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
forgejo_admin commented 2026-03-25 13:40:01 +00:00
Author
Owner
Copy link

Review: LGTM

Diff: +1 line, 1 file changed. Minimal and correct.

Findings:

  • The new argocd ingress rule follows the exact same namespaceSelector pattern as the existing tailscale, harbor, monitoring, and woodpecker entries. Consistent.
  • No secrets, no extraneous changes, no formatting drift.
  • Correctly targets netpol_harbor resource only.

No issues found. Ready for merge.

## Review: LGTM **Diff:** +1 line, 1 file changed. Minimal and correct. **Findings:** - The new `argocd` ingress rule follows the exact same `namespaceSelector` pattern as the existing tailscale, harbor, monitoring, and woodpecker entries. Consistent. - No secrets, no extraneous changes, no formatting drift. - Correctly targets `netpol_harbor` resource only. **No issues found.** Ready for merge.
forgejo_admin deleted branch 148-harbor-argocd-netpol 2026-03-26 03:42:46 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
domain:backend

   
domain:devops

   
domain:frontend

   
status:approved

QA passed, awaiting merge approval

  
status:in-progress

Dev agent is actively working

  
status:needs-fix

QA found issues, back to dev

  
status:qa

PR submitted, awaiting QA review

  
type:bug

Bug fix

  
type:devops

Infrastructure/CI/config work

  
type:feature

New functionality

No labels
domain:backend
domain:devops
domain:frontend
status:approved
status:in-progress
status:needs-fix
status:qa
type:bug
type:devops
type:feature
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
forgejo_admin/pal-e-platform!161
No description provided.