Add network policy in multi-tenant

Add network-policy function entrypoint in multi-tenant type
Add replacement rules to patch network policy

Change-Id: Iaf0e31cb19eff54b4354f1eb2abc736b409f5374
This commit is contained in:
Ratnopam Chakrabarti 2021-03-25 21:21:08 -04:00
parent 1f6c3af815
commit 7514c94ef4
8 changed files with 57 additions and 18 deletions

View File

@ -0,0 +1,2 @@
resources:
- network-policy.yaml

View File

@ -0,0 +1,29 @@
apiVersion: airshipit.org/v1alpha1
kind: ReplacementTransformer
metadata:
name: networking-policy-replacements
annotations:
config.kubernetes.io/function: |-
container:
image: quay.io/airshipit/replacement-transformer:latest
replacements:
- source:
objref:
kind: VariableCatalogue
name: networking-ha
fieldref: "{.vrrp.ingress.oam_cidr}"
target:
objref:
kind: GlobalNetworkPolicy
name: hosts-ingress-rule
fieldrefs: ["{.spec.source.nets[0]}"]
- source:
objref:
kind: VariableCatalogue
name: networking-ha
fieldref: "{.vrrp.ingress.destination.ports}"
target:
objref:
kind: GlobalNetworkPolicy
name: hosts-ingress-rule
fieldrefs: ["{.spec.destination.ports}"]

View File

@ -13,3 +13,16 @@ vrrp:
ingress:
interface: bond.51
virtual_ipaddress: 10.23.25.102
oam_cidr: 10.23.25.151
destination:
ports:
- 2378
- 4149
- 6443
- 6553
- 6666
- 6667
- 9099
- 10250
- 10255
- 10256

View File

@ -1,10 +1,2 @@
resources:
- ../../../../../type/airship-core/target/workload/network-policy
patchesJson6902:
- target:
group: projectcalico.org
version: v3
kind: GlobalNetworkPolicy
name: "hosts-ingress-rule"
path: hosts_ingress_dest_port_patch.json

View File

@ -1,3 +0,0 @@
[
{ "op": "replace","path": "/spec/source/nets/0","value": "192.0.2.56/32" }
]

View File

@ -2,12 +2,8 @@ apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../function/network-policy
- ../../../../../function/treasuremap-base-catalogues
patchesJson6902:
- target:
group: projectcalico.org
version: v3
kind: GlobalNetworkPolicy
name: "hosts-ingress-rule"
path: hosts_ingress_src_nets_patch.json
transformers:
- ../../../../../function/network-policy/calico/replacements

View File

@ -1,3 +1,4 @@
resources:
- ../../../airship-core/target/workload
- ../../../../function/sip
#- network-policy

View File

@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ../../../../../function/network-policy
- ../../../../../function/treasuremap-base-catalogues
transformers:
- ../../../../../function/network-policy/calico/replacements