From feb97a2dc3842f16ed4fb418ab5e788228b2a638 Mon Sep 17 00:00:00 2001 From: Tin Lam Date: Fri, 27 Sep 2019 14:26:58 -0500 Subject: [PATCH] Add horizon ingress override This patch set adds in default horizon ingress overrides. Change-Id: I5a7e8197b84bc5f1ad94d5d6a1d0662257404994 Signed-off-by: Tin Lam --- horizon/values_overrides/netpol.yaml | 20 +++++++++++++++++++ tools/deployment/common/test-networkpolicy.sh | 6 ++++++ zuul.d/jobs-openstack-helm.yaml | 3 ++- 3 files changed, 28 insertions(+), 1 deletion(-) diff --git a/horizon/values_overrides/netpol.yaml b/horizon/values_overrides/netpol.yaml index 7a85753209..2ee3d3f67c 100644 --- a/horizon/values_overrides/netpol.yaml +++ b/horizon/values_overrides/netpol.yaml @@ -1,2 +1,22 @@ manifests: network_policy: true +network_policy: + horizon: + ingress: + - from: + - podSelector: + matchLabels: + application: horizon + - from: + - podSelector: + matchLabels: + application: prometheus-openstack-exporter + - from: + - podSelector: + matchLabels: + application: ingress + ports: + - port: 80 + protocol: TCP + - port: 443 + protocol: TCP diff --git a/tools/deployment/common/test-networkpolicy.sh b/tools/deployment/common/test-networkpolicy.sh index d971404477..c4268a8f33 100755 --- a/tools/deployment/common/test-networkpolicy.sh +++ b/tools/deployment/common/test-networkpolicy.sh @@ -47,15 +47,21 @@ test_netpol openstack mariadb server keystone-api.openstack.svc.cluster.local:50 test_netpol openstack mariadb ingress keystone-api.openstack.svc.cluster.local:5000 fail test_netpol openstack memcached server keystone-api.openstack.svc.cluster.local:5000 fail test_netpol openstack rabbitmq server keystone-api.openstack.svc.cluster.local:5000 fail + # Doing positive tests test_netpol openstack keystone api mariadb.openstack.svc.cluster.local:3306 success test_netpol openstack keystone api rabbitmq.openstack.svc.cluster.local:5672 success test_netpol openstack ingress server keystone-api.openstack.svc.cluster.local:5000 success test_netpol openstack prometheus-openstack-exporter exporter keystone-api.openstack.svc.cluster.local:5000 success +if kubectl -n openstack get pod -l application=horizon | grep Running ; then + test_netpol openstack keystone api horizon.openstack.svc.cluster.local:80 fail +fi + if kubectl -n openstack get pod -l application=cinder | grep Running ; then # Negative Cinder Tests #test_netpol openstack keystone api cinder-api.openstack.svc.cluster.local fail + test_netpol openstack cinder api horizon.openstack.svc.cluster.local:80 fail # Positive Cinder Tests test_netpol openstack cinder api rabbitmq.openstack.svc.cluster.local:5672 success test_netpol openstack cinder api keystone-api.openstack.svc.cluster.local:5000 success diff --git a/zuul.d/jobs-openstack-helm.yaml b/zuul.d/jobs-openstack-helm.yaml index 88c0505c8e..c52ae9e97f 100644 --- a/zuul.d/jobs-openstack-helm.yaml +++ b/zuul.d/jobs-openstack-helm.yaml @@ -289,12 +289,12 @@ - ./tools/deployment/component/nfs-provisioner/nfs-provisioner.sh - ./tools/deployment/component/keystone/keystone.sh - ./tools/deployment/component/heat/heat.sh - - ./tools/deployment/component/horizon/horizon.sh - ./tools/deployment/component/glance/glance.sh - ./tools/deployment/component/compute-kit/openvswitch.sh - ./tools/deployment/component/compute-kit/libvirt.sh - ./tools/deployment/component/compute-kit/compute-kit.sh - ./tools/deployment/developer/common/170-setup-gateway.sh + - ./tools/deployment/component/horizon/horizon.sh - ./tools/deployment/common/openstack-exporter.sh - ./tools/deployment/developer/common/900-use-it.sh - ./tools/deployment/common/test-networkpolicy.sh @@ -323,6 +323,7 @@ - ./tools/deployment/component/common/rabbitmq.sh - ./tools/deployment/component/keystone/keystone.sh - ./tools/deployment/component/cinder/cinder.sh + - ./tools/deployment/component/horizon/horizon.sh - ./tools/deployment/common/openstack-exporter.sh - ./tools/deployment/common/test-networkpolicy.sh