Add network policy function
Introduce network policy function Added sample calico v3 policy in function Added/Patched network policies at airship-core type and virtual-network-cloud site level Relates-To: #43 Change-Id: Ib34da7235257ed348b30b3cdb0c086f47da2c25a
This commit is contained in:
parent
52c92a9c28
commit
d71b62c369
|
@ -0,0 +1,20 @@
|
||||||
|
apiVersion: projectcalico.org/v3
|
||||||
|
kind: GlobalNetworkPolicy
|
||||||
|
metadata:
|
||||||
|
name: hosts-ingress-rule
|
||||||
|
spec:
|
||||||
|
order: 0
|
||||||
|
selector: all()
|
||||||
|
ingress:
|
||||||
|
action: Allow
|
||||||
|
protocol: TCP
|
||||||
|
source:
|
||||||
|
nets:
|
||||||
|
- 192.0.1.52/32
|
||||||
|
destination:
|
||||||
|
ports:
|
||||||
|
- 80
|
||||||
|
- 443
|
||||||
|
doNotTrack: false
|
||||||
|
preDNAT: false
|
||||||
|
applyOnForward: true
|
|
@ -0,0 +1,2 @@
|
||||||
|
resources:
|
||||||
|
- hosts_ingress.yaml
|
|
@ -0,0 +1,2 @@
|
||||||
|
resources:
|
||||||
|
- calico
|
|
@ -0,0 +1,12 @@
|
||||||
|
[
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 2378 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 4149 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 6443 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 6553 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 6666 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 6667 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 9099 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 10250 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 10255 },
|
||||||
|
{ "op": "add","path": "/spec/destination/ports/-","value": 10256 }
|
||||||
|
]
|
|
@ -0,0 +1,10 @@
|
||||||
|
resources:
|
||||||
|
- ../../../../../type/airship-core/target/workload/network-policy
|
||||||
|
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
group: projectcalico.org
|
||||||
|
version: v3
|
||||||
|
kind: GlobalNetworkPolicy
|
||||||
|
name: "hosts-ingress-rule"
|
||||||
|
path: hosts_ingress_dest_port_patch.json
|
|
@ -0,0 +1,3 @@
|
||||||
|
[
|
||||||
|
{ "op": "replace","path": "/spec/source/nets/0","value": "192.0.2.56/32" }
|
||||||
|
]
|
|
@ -0,0 +1,13 @@
|
||||||
|
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||||
|
kind: Kustomization
|
||||||
|
resources:
|
||||||
|
- ../../../../../function/network-policy
|
||||||
|
|
||||||
|
patchesJson6902:
|
||||||
|
- target:
|
||||||
|
group: projectcalico.org
|
||||||
|
version: v3
|
||||||
|
kind: GlobalNetworkPolicy
|
||||||
|
name: "hosts-ingress-rule"
|
||||||
|
path: hosts_ingress_src_nets_patch.json
|
||||||
|
|
Loading…
Reference in New Issue