openstack/openstack-helm
Code Issues Proposed changes

Merge "Apply network policy to all services"

Browse Source
This commit is contained in:
Zuul 2019-10-14 13:53:25 +00:00 committed by Gerrit Code Review
commit 2d8acb9396
10 changed files with 66 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
aodh/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $opts := dict "envAll" . "name" "application" "label" "aodh" -}}
{{ $opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

8
aodh/values.yaml
View File

@ -693,6 +693,13 @@ endpoints:
metrics: metrics:
default: 24220 default: 24220
network_policy:
aodh:
ingress:
- {}
egress:
- {}
manifests: manifests:
configmap_bin: true configmap_bin: true
configmap_etc: true configmap_etc: true
@ -711,6 +718,7 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
network_policy: false
pdb_api: true pdb_api: true
pod_aodh_test: true pod_aodh_test: true
secret_db: true secret_db: true

2
ceilometer/values.yaml
View File

@ -2101,6 +2101,8 @@ network_policy:
ceilometer: ceilometer:
ingress: ingress:
- {} - {}
egress:
- {}
manifests: manifests:
configmap_bin: true configmap_bin: true

2
congress/values.yaml
View File

@ -350,6 +350,8 @@ network_policy:
congress: congress:
ingress: ingress:
- {} - {}
egress:
- {}
conf: conf:
congress: congress:

2
ironic/values.yaml
View File

@ -679,6 +679,8 @@ network_policy:
ironic: ironic:
ingress: ingress:
- {} - {}
egress:
- {}
manifests: manifests:
configmap_bin: true configmap_bin: true

21
magnum/values.yaml
View File

@ -622,24 +622,9 @@ pod:
network_policy: network_policy:
magnum: magnum:
ingress: ingress:
- from: - {}
- podSelector: egress:
matchLabels: - {}
application: magnum
- podSelector:
matchLabels:
application: horizon
- podSelector:
matchLabels:
application: ingress
- podSelector:
matchLabels:
application: heat
ports:
- protocol: TCP
port: 80
- protocol: TCP
port: 9511
manifests: manifests:
configmap_bin: true configmap_bin: true

21
mistral/values.yaml
View File

@ -701,24 +701,9 @@ pod:
network_policy: network_policy:
mistral: mistral:
ingress: ingress:
- from: - {}
- podSelector: egress:
matchLabels: - {}
application: mistral
- podSelector:
matchLabels:
application: horizon
- podSelector:
matchLabels:
application: ingress
- podSelector:
matchLabels:
application: heat
ports:
- protocol: TCP
port: 80
- protocol: TCP
port: 8989
manifests: manifests:
configmap_bin: true configmap_bin: true

18
panko/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,18 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $opts := dict "envAll" . "name" "application" "label" "panko" -}}
{{ $opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

8
panko/values.yaml
View File

@ -454,6 +454,13 @@ endpoints:
metrics: metrics:
default: 24220 default: 24220
network_policy:
panko:
ingress:
- {}
egress:
- {}
pod: pod:
security_context: security_context:
panko: panko:
@ -606,6 +613,7 @@ manifests:
job_ks_endpoints: true job_ks_endpoints: true
job_ks_service: true job_ks_service: true
job_ks_user: true job_ks_user: true
network_policy: false
pdb_api: true pdb_api: true
pod_rally_test: true pod_rally_test: true
secret_db: true secret_db: true

2
senlin/values.yaml
View File

@ -658,6 +658,8 @@ network_policy:
senlin: senlin:
ingress: ingress:
- {} - {}
egress:
- {}
manifests: manifests:
configmap_bin: true configmap_bin: true