Add network policy function
Introduce network policy function Added sample calico v3 policy in function Added/Patched network policies at airship-core type and virtual-network-cloud site level Relates-To: #43 Change-Id: Ib34da7235257ed348b30b3cdb0c086f47da2c25a
This commit is contained in:
parent
52c92a9c28
commit
d71b62c369
|
@ -0,0 +1,20 @@
|
|||
apiVersion: projectcalico.org/v3
|
||||
kind: GlobalNetworkPolicy
|
||||
metadata:
|
||||
name: hosts-ingress-rule
|
||||
spec:
|
||||
order: 0
|
||||
selector: all()
|
||||
ingress:
|
||||
action: Allow
|
||||
protocol: TCP
|
||||
source:
|
||||
nets:
|
||||
- 192.0.1.52/32
|
||||
destination:
|
||||
ports:
|
||||
- 80
|
||||
- 443
|
||||
doNotTrack: false
|
||||
preDNAT: false
|
||||
applyOnForward: true
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- hosts_ingress.yaml
|
|
@ -0,0 +1,2 @@
|
|||
resources:
|
||||
- calico
|
|
@ -0,0 +1,12 @@
|
|||
[
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 2378 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 4149 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 6443 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 6553 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 6666 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 6667 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 9099 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 10250 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 10255 },
|
||||
{ "op": "add","path": "/spec/destination/ports/-","value": 10256 }
|
||||
]
|
|
@ -0,0 +1,10 @@
|
|||
resources:
|
||||
- ../../../../../type/airship-core/target/workload/network-policy
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: projectcalico.org
|
||||
version: v3
|
||||
kind: GlobalNetworkPolicy
|
||||
name: "hosts-ingress-rule"
|
||||
path: hosts_ingress_dest_port_patch.json
|
|
@ -0,0 +1,3 @@
|
|||
[
|
||||
{ "op": "replace","path": "/spec/source/nets/0","value": "192.0.2.56/32" }
|
||||
]
|
|
@ -0,0 +1,13 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- ../../../../../function/network-policy
|
||||
|
||||
patchesJson6902:
|
||||
- target:
|
||||
group: projectcalico.org
|
||||
version: v3
|
||||
kind: GlobalNetworkPolicy
|
||||
name: "hosts-ingress-rule"
|
||||
path: hosts_ingress_src_nets_patch.json
|
||||
|
Loading…
Reference in New Issue