a25eccb7cb
This patch set adds in the egress policy for core OpenStack Services. Depends-On: https://review.opendev.org/#/c/679853/ Change-Id: I585ddabcbd640db784520c913af8eddecaee3843 Signed-off-by: Tin Lam <tlam@omegaprime.dev>
49 lines
1.1 KiB
YAML
49 lines
1.1 KiB
YAML
manifests:
|
|
network_policy: true
|
|
#NOTE(gagehugo): Test this whitelist when the netpol gate works
|
|
network_policy:
|
|
glance:
|
|
# ingress:
|
|
# - from:
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: glance
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: nova
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: horizon
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: ingress
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: heat
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: ironic
|
|
# - podSelector:
|
|
# matchLabels:
|
|
# application: cinder
|
|
# ports:
|
|
# - protocol: TCP
|
|
# port: 80
|
|
# - protocol: TCP
|
|
# port: 9191
|
|
# - protocol: TCP
|
|
# port: 9292
|
|
egress:
|
|
- to:
|
|
ports:
|
|
- protocol: TCP
|
|
port: 80
|
|
- protocol: TCP
|
|
port: 443
|
|
- to:
|
|
- ipBlock:
|
|
cidr: $API_ADDR/32
|
|
ports:
|
|
- protocol: TCP
|
|
port: $API_PORT
|