c3e085b800
This change adds two network policy zuul checks, one for the compute-kit, and one for cinder/ceph, to test network policy for each OpenStack service. These checks will be non-voting initially. The network policy rules for each service will initially allow all traffic. These ingress/egress rules will be defined in future changes to only explicitly allow traffic between services that are explicitly allowed to communicate, other traffic will be denied. Depends-On: https://review.opendev.org/#/c/685130/ Change-Id: Ide2998ebb2af2832f24ca7abc398a82e4a6d70e3
37 lines
1.3 KiB
Bash
Executable File
37 lines
1.3 KiB
Bash
Executable File
#!/bin/bash
|
|
|
|
# Copyright 2017-2018 The Openstack-Helm Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
|
# not use this file except in compliance with the License. You may obtain
|
|
# a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
|
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
|
# License for the specific language governing permissions and limitations
|
|
# under the License.
|
|
set -xe
|
|
|
|
#NOTE: Get the over-rides to use
|
|
export HELM_CHART_ROOT_PATH="${HELM_CHART_ROOT_PATH:="${OSH_INFRA_PATH:="../openstack-helm-infra"}"}"
|
|
: ${OSH_EXTRA_HELM_ARGS_LOCKDOWN:="$(./tools/deployment/common/get-values-overrides.sh lockdown)"}
|
|
|
|
#NOTE: Lint and package chart
|
|
make -C ${HELM_CHART_ROOT_PATH} lockdown
|
|
|
|
#NOTE: Deploy command
|
|
: ${OSH_EXTRA_HELM_ARGS:=""}
|
|
helm upgrade --install lockdown ${HELM_CHART_ROOT_PATH}/lockdown \
|
|
--namespace=openstack \
|
|
${OSH_EXTRA_HELM_ARGS} \
|
|
${OSH_EXTRA_HELM_ARGS_LOCKDOWN}
|
|
|
|
#NOTE: Wait for deploy
|
|
./tools/deployment/common/wait-for-pods.sh openstack
|
|
|
|
#NOTE: Validate Deployment info
|
|
helm status lockdown
|