From ff146ea9fda22dc920382d2dd63215637ebe18d5 Mon Sep 17 00:00:00 2001
From: Chinasubbareddy M <cr3938@att.com>
Date: Thu, 24 Jan 2019 11:56:40 -0600
Subject: [PATCH] OSH: Add ingress netpol for ceph-rgw pods

This is to enable ingress netpol for ceph-rgw pods

Depends-On: https://review.openstack.org/#/c/632567/

Change-Id: I542a38a08101b031633bfcb0810e00904ae58df5
---
 .../developer/ceph/110-ceph-radosgateway.sh   | 27 ++++++++++++++++++
 .../developer/common/030-ingress.sh           |  3 ++
 .../multinode/090-ceph-radosgateway.sh        | 28 +++++++++++++++++++
 3 files changed, 58 insertions(+)

diff --git a/tools/deployment/developer/ceph/110-ceph-radosgateway.sh b/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
index 3616a7f8c4..33bb55bae4 100755
--- a/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
+++ b/tools/deployment/developer/ceph/110-ceph-radosgateway.sh
@@ -44,6 +44,33 @@ conf:
 pod:
   replicas:
     rgw: 1
+network_policy:
+  ceph:
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: glance
+        - podSelector:
+            matchLabels:
+              application: cinder
+        - podSelector:
+            matchLabels:
+              application: libvirt
+        - podSelector:
+            matchLabels:
+              application: nova
+        - podSelector:
+            matchLabels:
+              application: ceph
+        - podSelector:
+            matchLabels:
+              application: ingress
+        ports:
+        - protocol: TCP
+          port: 8088
+manifests:
+  network_policy: true
 EOF
 helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
   --namespace=openstack \
diff --git a/tools/deployment/developer/common/030-ingress.sh b/tools/deployment/developer/common/030-ingress.sh
index edd1a30376..dc09a38e62 100755
--- a/tools/deployment/developer/common/030-ingress.sh
+++ b/tools/deployment/developer/common/030-ingress.sh
@@ -27,6 +27,9 @@ network_policy:
   ingress:
     ingress:
       - from:
+        - podSelector:
+            matchLabels:
+              application: ceph
         - podSelector:
             matchLabels:
               application: keystone
diff --git a/tools/deployment/multinode/090-ceph-radosgateway.sh b/tools/deployment/multinode/090-ceph-radosgateway.sh
index 58d994f60f..8e7658198b 100755
--- a/tools/deployment/multinode/090-ceph-radosgateway.sh
+++ b/tools/deployment/multinode/090-ceph-radosgateway.sh
@@ -38,11 +38,39 @@ bootstrap:
 conf:
   rgw_ks:
     enabled: true
+network_policy:
+  ceph:
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: glance
+        - podSelector:
+            matchLabels:
+              application: cinder
+        - podSelector:
+            matchLabels:
+              application: libvirt
+        - podSelector:
+            matchLabels:
+              application: nova
+        - podSelector:
+            matchLabels:
+              application: ceph
+        - podSelector:
+            matchLabels:
+              application: ingress
+        ports:
+        - protocol: TCP
+          port: 8088
+manifests:
+  network_policy: true
 EOF
 
 : ${OSH_INFRA_PATH:="../openstack-helm-infra"}
 helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
   --namespace=openstack \
+  --set manifests.network_policy=true \
   --values=/tmp/radosgw-openstack.yaml \
   ${OSH_EXTRA_HELM_ARGS} \
   ${OSH_EXTRA_HELM_ARGS_HEAT}