Add network policy in multi-tenant
Add network-policy function entrypoint in multi-tenant type Add replacement rules to patch network policy Change-Id: Iaf0e31cb19eff54b4354f1eb2abc736b409f5374
This commit is contained in:
parent
1f6c3af815
commit
7514c94ef4
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- network-policy.yaml
|
|
@ -0,0 +1,29 @@
|
|||
apiVersion: airshipit.org/v1alpha1
|
||||
kind: ReplacementTransformer
|
||||
metadata:
|
||||
name: networking-policy-replacements
|
||||
annotations:
|
||||
config.kubernetes.io/function: |-
|
||||
container:
|
||||
image: quay.io/airshipit/replacement-transformer:latest
|
||||
replacements:
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: networking-ha
|
||||
fieldref: "{.vrrp.ingress.oam_cidr}"
|
||||
target:
|
||||
objref:
|
||||
kind: GlobalNetworkPolicy
|
||||
name: hosts-ingress-rule
|
||||
fieldrefs: ["{.spec.source.nets[0]}"]
|
||||
- source:
|
||||
objref:
|
||||
kind: VariableCatalogue
|
||||
name: networking-ha
|
||||
fieldref: "{.vrrp.ingress.destination.ports}"
|
||||
target:
|
||||
objref:
|
||||
kind: GlobalNetworkPolicy
|
||||
name: hosts-ingress-rule
|
||||
fieldrefs: ["{.spec.destination.ports}"]
|
|
@ -13,3 +13,16 @@ vrrp:
|
|||
ingress:
|
||||
interface: bond.51
|
||||
virtual_ipaddress: 10.23.25.102
|
||||
oam_cidr: 10.23.25.151
|
||||
destination:
|
||||
ports:
|
||||
- 2378
|
||||
- 4149
|
||||
- 6443
|
||||
- 6553
|
||||
- 6666
|
||||
- 6667
|
||||
- 9099
|
||||
- 10250
|
||||
- 10255
|
||||
- 10256
|
||||
|
|
|
@ -1,10 +1,2 @@
|
|||
resources:
|
||||
- ../../../../../type/airship-core/target/workload/network-policy
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: projectcalico.org
|
||||
version: v3
|
||||
kind: GlobalNetworkPolicy
|
||||
name: "hosts-ingress-rule"
|
||||
path: hosts_ingress_dest_port_patch.json
|
||||
|
|
|
@ -1,3 +0,0 @@
|
|||
[
|
||||
{ "op": "replace","path": "/spec/source/nets/0","value": "192.0.2.56/32" }
|
||||
]
|
|
@ -2,12 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
|
|||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../function/network-policy
|
||||
- ../../../../../function/treasuremap-base-catalogues
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: projectcalico.org
|
||||
version: v3
|
||||
kind: GlobalNetworkPolicy
|
||||
name: "hosts-ingress-rule"
|
||||
path: hosts_ingress_src_nets_patch.json
|
||||
transformers:
|
||||
- ../../../../../function/network-policy/calico/replacements
|
||||
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
resources:
|
||||
- ../../../airship-core/target/workload
|
||||
- ../../../../function/sip
|
||||
#- network-policy
|
||||
|
|
|
@ -0,0 +1,9 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../function/network-policy
|
||||
- ../../../../../function/treasuremap-base-catalogues
|
||||
|
||||
transformers:
|
||||
- ../../../../../function/network-policy/calico/replacements
|
||||
|
Loading…
Reference in New Issue