diff --git a/rabbitmq/templates/monitoring/prometheus/exporter-network-policy.yaml b/rabbitmq/templates/monitoring/prometheus/exporter-network-policy.yaml new file mode 100644 index 000000000..2abefa194 --- /dev/null +++ b/rabbitmq/templates/monitoring/prometheus/exporter-network-policy.yaml @@ -0,0 +1,20 @@ +{{/* +Copyright 2019 The Openstack-Helm Authors. + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/}} + +{{- if and .Values.manifests.monitoring.prometheus.network_policy_exporter .Values.monitoring.prometheus.enabled -}} +{{- $netpol_opts := dict "envAll" . "name" "application" "label" "prometheus_rabbitmq_exporter" -}} +{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }} +{{- end -}} diff --git a/rabbitmq/values.yaml b/rabbitmq/values.yaml index 8598123bb..1b5c933da 100644 --- a/rabbitmq/values.yaml +++ b/rabbitmq/values.yaml @@ -319,6 +319,11 @@ endpoints: protocol: UDP network_policy: + prometheus_rabbitmq_exporter: + ingress: + - {} + egress: + - {} rabbitmq: ingress: - {} @@ -346,6 +351,7 @@ manifests: configmap_bin: true deployment_exporter: true service_exporter: true + network_policy_exporter: false network_policy: false secret_erlang_cookie: true secret_admin_user: true diff --git a/rabbitmq/values_overrides/netpol.yaml b/rabbitmq/values_overrides/netpol.yaml index 7a8575320..e7341221e 100644 --- a/rabbitmq/values_overrides/netpol.yaml +++ b/rabbitmq/values_overrides/netpol.yaml @@ -1,2 +1,84 @@ +network_policy: + rabbitmq: + ingress: + - from: + - podSelector: + matchLabels: + application: keystone + - podSelector: + matchLabels: + application: heat + - podSelector: + matchLabels: + application: glance + - podSelector: + matchLabels: + application: cinder + - podSelector: + matchLabels: + application: aodh + - podSelector: + matchLabels: + application: congress + - podSelector: + matchLabels: + application: barbican + - podSelector: + matchLabels: + application: ceilometer + - podSelector: + matchLabels: + application: designate + - podSelector: + matchLabels: + application: ironic + - podSelector: + matchLabels: + application: magnum + - podSelector: + matchLabels: + application: mistral + - podSelector: + matchLabels: + application: nova + - podSelector: + matchLabels: + application: neutron + - podSelector: + matchLabels: + application: senlin + - podSelector: + matchLabels: + application: placement + - podSelector: + matchLabels: + application: rabbitmq + - podSelector: + matchLabels: + application: prometheus_rabbitmq_exporter + ports: + # AMQP port + - protocol: TCP + port: 5672 + # HTTP API ports + - protocol: TCP + port: 15672 + - protocol: TCP + port: 80 + - from: + - podSelector: + matchLabels: + application: rabbitmq + ports: + # Clustering port AMQP + 20000 + - protocol: TCP + port: 25672 + # Erlang Port Mapper Daemon (epmd) + - protocol: TCP + port: 4369 + manifests: + monitoring: + prometheus: + network_policy_exporter: true network_policy: true