---
manifests:
  network_policy: true
network_policy:
  heat:
    ingress:
      - from:
        - podSelector:
            matchLabels:
              application: heat
        - podSelector:
            matchLabels:
              application: ingress
        - podSelector:
            matchLabels:
              application: horizon
        ports:
        - protocol: TCP
          port: 8000
        - protocol: TCP
          port: 8003
        - protocol: TCP
          port: 8004
    egress:
      - to:
        - podSelector:
            matchLabels:
              application: neutron
      - to:
        - podSelector:
            matchLabels:
              application: nova
      - to:
        - podSelector:
            matchLabels:
              application: glance
      - to:
        - podSelector:
            matchLabels:
              application: cinder
      - to:
        - ipBlock:
            cidr: %%%REPLACE_API_ADDR%%%/32
        ports:
          - protocol: TCP
            port: %%%REPLACE_API_PORT%%%
...