a25eccb7cb
This patch set adds in the egress policy for core OpenStack Services. Depends-On: https://review.opendev.org/#/c/679853/ Change-Id: I585ddabcbd640db784520c913af8eddecaee3843 Signed-off-by: Tin Lam <tlam@omegaprime.dev>
54 lines
1.2 KiB
YAML
54 lines
1.2 KiB
YAML
manifests:
|
|
network_policy: true
|
|
network_policy:
|
|
horizon:
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: horizon
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: prometheus-openstack-exporter
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ingress
|
|
ports:
|
|
- port: 80
|
|
protocol: TCP
|
|
- port: 443
|
|
protocol: TCP
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: neutron
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: nova
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: glance
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: cinder
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: keystone
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: heat
|
|
- to:
|
|
- ipBlock:
|
|
cidr: $API_ADDR/32
|
|
ports:
|
|
- protocol: TCP
|
|
port: $API_PORT
|