Skip to content
Snippets Groups Projects

Harden ignite networking

Merged Harden ignite networking
es/harden-ignite-networking into main
Merged Warren Gifford requested to merge es/harden-ignite-networking into main

Created by: eseliger

This PR improves the isolation of our executor VMs further by making them all fully isolated on the network.

# Test points:

- SSH into ignite VM
- curl -fv http://169.254.169.254/latest/meta-data/
- ssh 10.61.0.1
- curl -fv google.com
- curl -fvL http://10.0.1.4:5000 FAIL (will fix in tf module)
- ping 10.61.0.1
- ping 10.61.0.3 (other VM) 
- ssh <host_internal_ip>
- ssh <host_external_ip>

Addresses https://github.com/sourcegraph/security-issues/issues/295

Test plan

See test points above, both tested on GCP and AWS.

Merge request reports

Merged by avatar (Apr 22, 2025 10:22am UTC)

Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply