Add network policy function

Introduce network policy function Added sample calico v3 policy in function Added/Patched network policies at airship-core type and virtual-network-cloud site level Relates-To: #43 Change-Id: Ib34da7235257ed348b30b3cdb0c086f47da2c25a
2021-03-03 01:10:12 -05:00 · 2021-03-03 01:10:12 -05:00 · d71b62c369
parent 52c92a9c28
commit d71b62c369
7 changed files with 62 additions and 0 deletions
--- a/manifests/function/network-policy/calico/hosts_ingress.yaml
+++ b/manifests/function/network-policy/calico/hosts_ingress.yaml
@ -0,0 +1,20 @@
+apiVersion: projectcalico.org/v3
+kind: GlobalNetworkPolicy
+metadata:
+  name: hosts-ingress-rule
+spec:
+  order: 0
+  selector: all()
+  ingress:
+  action: Allow
+  protocol: TCP
+  source:
+    nets:
+    - 192.0.1.52/32
+  destination:
+    ports:
+    - 80
+    - 443
+  doNotTrack: false
+  preDNAT: false
+  applyOnForward: true
--- a/manifests/function/network-policy/calico/kustomization.yaml
+++ b/manifests/function/network-policy/calico/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - hosts_ingress.yaml
--- a/manifests/function/network-policy/kustomization.yaml
+++ b/manifests/function/network-policy/kustomization.yaml
@ -0,0 +1,2 @@
+resources:
+  - calico
--- a/manifests/site/virtual-network-cloud/target/workload/network-policy/hosts_ingress_dest_port_patch.json
+++ b/manifests/site/virtual-network-cloud/target/workload/network-policy/hosts_ingress_dest_port_patch.json
@ -0,0 +1,12 @@
+[
+    { "op": "add","path": "/spec/destination/ports/-","value": 2378 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 4149 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 6443 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 6553 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 6666 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 6667 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 9099 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 10250 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 10255 },
+    { "op": "add","path": "/spec/destination/ports/-","value": 10256 }
+]
--- a/manifests/site/virtual-network-cloud/target/workload/network-policy/kustomization.yaml
+++ b/manifests/site/virtual-network-cloud/target/workload/network-policy/kustomization.yaml
@ -0,0 +1,10 @@
+resources:
+  - ../../../../../type/airship-core/target/workload/network-policy
+
+patchesJson6902:
+  - target:
+      group: projectcalico.org
+      version: v3
+      kind: GlobalNetworkPolicy
+      name: "hosts-ingress-rule"
+    path: hosts_ingress_dest_port_patch.json
--- a/manifests/type/airship-core/target/workload/network-policy/hosts_ingress_src_nets_patch.json
+++ b/manifests/type/airship-core/target/workload/network-policy/hosts_ingress_src_nets_patch.json
@ -0,0 +1,3 @@
+[
+    { "op": "replace","path": "/spec/source/nets/0","value": "192.0.2.56/32" }
+]
--- a/manifests/type/airship-core/target/workload/network-policy/kustomization.yaml
+++ b/manifests/type/airship-core/target/workload/network-policy/kustomization.yaml
@ -0,0 +1,13 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+  - ../../../../../function/network-policy
+
+patchesJson6902:
+  - target:
+      group: projectcalico.org
+      version: v3
+      kind: GlobalNetworkPolicy
+      name: "hosts-ingress-rule"
+    path: hosts_ingress_src_nets_patch.json
+