openstack/openstack-helm-infra
Code Issues Proposed changes

Merge "Add network policy toolkit function"

Browse Source
This commit is contained in:
Zuul 2018-10-15 17:45:35 +00:00 committed by Gerrit Code Review
commit b3e777c596
50 changed files with 1332 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
elasticsearch/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "elasticsearch" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
elasticsearch/values.yaml
View File

@ -635,6 +635,7 @@ manifests:
configmap_bin_exporter: true configmap_bin_exporter: true
deployment_exporter: true deployment_exporter: true
service_exporter: true service_exporter: true
network_policy: false
service_data: true service_data: true
service_discovery: true service_discovery: true
service_ingress: true service_ingress: true

25
fluent-logging/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,25 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. */}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "fluentbit" }}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{ $netpol_opts := dict "envAll" . "name" "application" "label" "fluentd" }}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{ $netpol_opts := dict "envAll" . "name" "application" "label" "fluent" }}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{ $netpol_opts := dict "envAll" . "name" "application" "label" "fluent-logging" }}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
fluent-logging/values.yaml
View File

@ -568,6 +568,7 @@ manifests:
configmap_bin: true configmap_bin: true
deployment_exporter: true deployment_exporter: true
service_exporter: true service_exporter: true
network_policy: false
secret_elasticsearch: true secret_elasticsearch: true
service_fluentd: true service_fluentd: true
job_elasticsearch_template: true job_elasticsearch_template: true

20
grafana/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "grafana" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
grafana/values.yaml
View File

@ -311,6 +311,7 @@ manifests:
job_db_init_session: true job_db_init_session: true
job_db_session_sync: true job_db_session_sync: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
secret_db: true secret_db: true
secret_db_session: true secret_db_session: true
secret_admin_creds: true secret_admin_creds: true

86
helm-toolkit/templates/manifests/_network_policy.tpl Normal file
View File

@ -0,0 +1,86 @@
{{/*
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{/*
abstract: |
Creates a network policy manifest for services.
values: |
network_policy:
myLabel:
ingress:
- from:
- podSelector:
matchLabels:
application: keystone
ports:
- protocol: TCP
port: 80
usage: |
{{ dict "envAll" . "name" "application" "label" "myLabel" | include "helm-toolkit.manifests.kubernetes_network_policy" }}
return: |
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: RELEASE-NAME
namespace: NAMESPACE
spec:
policyTypes:
- Ingress
- Egress
podSelector:
matchLabels:
application: myLabel
ingress:
- from:
- podSelector:
matchLabels:
application: keystone
ports:
- protocol: TCP
port: 80
egress:
- {}
*/}}
{{- define "helm-toolkit.manifests.kubernetes_network_policy" -}}
{{- $envAll := index . "envAll" -}}
{{- $name := index . "name" -}}
{{- $label := index . "label" -}}
---
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ $label }}-netpol
namespace: {{ $envAll.Release.Namespace }}
spec:
policyTypes:
- Egress
{{- if hasKey (index $envAll.Values "network_policy") $label }}
{{- if index $envAll.Values.network_policy $label "ingress" }}
- Ingress
{{- end }}
{{- end }}
podSelector:
matchLabels:
{{ $name }}: {{ $label }}
egress:
- {}
{{- if hasKey (index $envAll.Values "network_policy") $label }}
{{- if index $envAll.Values.network_policy $label "ingress" }}
ingress:
{{ index $envAll.Values.network_policy $label "ingress" | toYaml | indent 4 }}
{{- end }}
{{- end }}
{{- end }}

20
ingress/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "ingress" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

22
ingress/values.yaml
View File

@ -175,6 +175,27 @@ endpoints:
port: port:
metrics: metrics:
default: 10254 default: 10254
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
ingress:
ingress:
- {}
conf: conf:
controller: controller:
@ -209,3 +230,4 @@ manifests:
monitoring: monitoring:
prometheus: prometheus:
service_exporter: true service_exporter: true
network_policy: false

20
kibana/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "kibana" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
kibana/values.yaml
View File

@ -318,6 +318,7 @@ manifests:
deployment: true deployment: true
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
secret_elasticsearch: true secret_elasticsearch: true
secret_ingress_tls: true secret_ingress_tls: true
service: true service: true

19
ldap/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "ldap" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

7
ldap/values.yaml
View File

@ -147,6 +147,11 @@ endpoints:
ldap: ldap:
default: 389 default: 389
network_policy:
ldap:
ingress:
- {}
data: data:
sample: | sample: |
dn: ou=People,dc=cluster,dc=local dn: ou=People,dc=cluster,dc=local
@ -231,6 +236,8 @@ manifests:
configmap_bin: true configmap_bin: true
configmap_etc: true configmap_etc: true
job_bootstrap: true job_bootstrap: true
network_policy: false
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
statefulset: true statefulset: true
service: true service: true

20
libvirt/templates/network-policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "libvirt" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

6
libvirt/values.yaml
View File

@ -58,6 +58,11 @@ endpoints:
registry: registry:
node: 5000 node: 5000
network_policy:
libvirt:
ingress:
- {}
ceph_client: ceph_client:
configmap: ceph-etc configmap: ceph-etc
user_secret_name: pvc-ceph-client-key user_secret_name: pvc-ceph-client-key
@ -163,3 +168,4 @@ manifests:
configmap_etc: true configmap_etc: true
daemonset_libvirt: true daemonset_libvirt: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false

20
lockdown/Chart.yaml Normal file
View File

@ -0,0 +1,20 @@
# Copyright 2017-2018 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
apiVersion: v1
appVersion: "1.0"
description: |
A helm chart used to lockdown all ingress and egress for a namespace
name: lockdown
version: 0.1.0

27
lockdown/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,27 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: deny-all
namespace: {{ .Release.Namespace }}
spec:
policyTypes:
- Egress
- Ingress
podSelector: {}
egress: []
ingress: []

17
lockdown/values.yaml Normal file
View File

@ -0,0 +1,17 @@
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
# Default values for lockdown chart.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.

19
mariadb/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "mariadb" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

22
mariadb/values.yaml
View File

@ -264,6 +264,27 @@ endpoints:
default: 3306 default: 3306
wsrep: wsrep:
default: 4567 default: 4567
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
mariadb:
ingress:
- {}
manifests: manifests:
configmap_bin: true configmap_bin: true
@ -280,6 +301,7 @@ manifests:
secret_etc: true secret_etc: true
service_exporter: true service_exporter: true
pdb_server: true pdb_server: true
network_policy: false
secret_db: true secret_db: true
secret_etc: true secret_etc: true
service_discovery: true service_discovery: true

19
memcached/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "memcached" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

22
memcached/values.yaml
View File

@ -82,6 +82,27 @@ endpoints:
port: port:
metrics: metrics:
default: 9150 default: 9150
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
memcached:
ingress:
- {}
monitoring: monitoring:
prometheus: prometheus:
@ -114,6 +135,7 @@ manifests:
configmap_bin: true configmap_bin: true
deployment: true deployment: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
service: true service: true
monitoring: monitoring:
prometheus: prometheus:

20
nagios/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "nagios" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
nagios/values.yaml
View File

@ -213,6 +213,7 @@ manifests:
deployment: true deployment: true
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
secret_nagios: true secret_nagios: true
secret_ingress_tls: true secret_ingress_tls: true
service: true service: true

20
openvswitch/templates/network-policy.yaml Normal file
View File

@ -0,0 +1,20 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "openvswitch" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

6
openvswitch/values.yaml
View File

@ -104,6 +104,11 @@ endpoints:
registry: registry:
node: 5000 node: 5000
network_policy:
openvswitch:
ingress:
- {}
dependencies: dependencies:
dynamic: dynamic:
common: common:
@ -126,3 +131,4 @@ manifests:
daemonset_ovs_db: true daemonset_ovs_db: true
daemonset_ovs_vswitchd: true daemonset_ovs_vswitchd: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false

19
prometheus-alertmanager/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. */}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "alertmanager" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
prometheus-alertmanager/values.yaml
View File

@ -169,6 +169,7 @@ manifests:
configmap_etc: true configmap_etc: true
ingress: true ingress: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
secret_ingress_tls: true secret_ingress_tls: true
service: true service: true
service_discovery: true service_discovery: true

19
prometheus-process-exporter/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. */}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "prometheus-process-exporter" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

19
prometheus/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License. */}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "prometheus" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

1
prometheus/values.yaml
View File

@ -231,6 +231,7 @@ manifests:
ingress: true ingress: true
helm_tests: true helm_tests: true
job_image_repo_sync: true job_image_repo_sync: true
network_policy: false
secret_ingress_tls: true secret_ingress_tls: true
secret_prometheus: true secret_prometheus: true
service_ingress: true service_ingress: true

19
rabbitmq/templates/network_policy.yaml Normal file
View File

@ -0,0 +1,19 @@
{{/*
Copyright 2017-2018 The Openstack-Helm Authors.
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/}}
{{- if .Values.manifests.network_policy -}}
{{- $netpol_opts := dict "envAll" . "name" "application" "label" "rabbitmq" -}}
{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
{{- end -}}

22
rabbitmq/values.yaml
View File

@ -249,6 +249,27 @@ endpoints:
port: port:
metrics: metrics:
default: 9095 default: 9095
kube_dns:
namespace: kube-system
name: kubernetes-dns
hosts:
default: kube-dns
host_fqdn_override:
default: null
path:
default: null
scheme: http
port:
dns_tcp:
default: 53
dns:
default: 53
protocol: UDP
network_policy:
rabbitmq:
ingress:
- {}
volume: volume:
chown_on_start: true chown_on_start: true
@ -267,6 +288,7 @@ manifests:
configmap_bin: true configmap_bin: true
deployment_exporter: true deployment_exporter: true
service_exporter: true service_exporter: true
network_policy: false
service_discovery: true service_discovery: true
service_ingress_management: true service_ingress_management: true
service: true service: true

29
tools/deployment/developer/netpol/039-lockdown.sh Executable file
View File

@ -0,0 +1,29 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make lockdown
#NOTE: Deploy command
helm upgrade --install lockdown ./lockdown \
--namespace=osh-infra
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh openstack
#NOTE: Validate Deployment info
helm status lockdown

60
tools/deployment/developer/netpol/040-ldap.sh Executable file
View File

@ -0,0 +1,60 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Pull images and lint chart
make ldap
tee /tmp/ldap.yaml <<EOF
manifests:
network_policy: true
network_policy:
ingress:
- from:
- podSelector:
matchLabels:
application: ldap
- podSelector:
matchLabels:
application: grafana
- podSelector:
matchLabels:
application: nagios
- podSelector:
matchLabels:
application: elasticsearch
- podSelector:
matchLabels:
application: kibana
ports:
- protocol: TCP
port: 389
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install ldap ./ldap \
--namespace=osh-infra \
--values=/tmp/ldap.yaml \
--set bootstrap.enabled=true
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status ldap

57
tools/deployment/developer/netpol/045-mariadb.sh Executable file
View File

@ -0,0 +1,57 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make mariadb
tee /tmp/mariadb.yaml <<EOF
manifests:
network_policy: true
network_policy:
mariadb:
ingress:
- from:
- podSelector:
matchLabels:
application: grafana
- podSelector:
matchLabels:
application: mariadb
ports:
- protocol: TCP
port: 3306
- protocol: TCP
port: 4567
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
: ${OSH_INFRA_EXTRA_HELM_ARGS:=""}
helm upgrade --install mariadb ./mariadb \
--namespace=osh-infra \
--values=/tmp/mariadb.yaml \
--set pod.replicas.server=1 \
${OSH_INFRA_EXTRA_HELM_ARGS} \
${OSH_INFRA_EXTRA_HELM_ARGS_MARIADB}
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status mariadb

70
tools/deployment/developer/netpol/050-prometheus.sh Executable file
View File

@ -0,0 +1,70 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus
tee /tmp/prometheus.yaml <<EOF
manifests:
network_policy: true
network_policy:
prometheus:
ingress:
- from:
- podSelector:
matchLabels:
application: prometheus
- podSelector:
matchLabels:
application: elasticsearch-exporter
- podSelector:
matchLabels:
application: elasticsearch
- podSelector:
matchLabels:
application: grafana
- podSelector:
matchLabels:
application: nagios
- podSelector:
matchLabels:
application: fluentd-exporter
- podSelector:
matchLabels:
application: fluentd
ports:
- protocol: TCP
port: 9093
- protocol: TCP
port: 6783
- protocol: TCP
port: 9108
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install prometheus ./prometheus \
--namespace=osh-infra \
--values=/tmp/prometheus.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status prometheus

51
tools/deployment/developer/netpol/060-alertmanager.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-alertmanager
tee /tmp/prometheus-alertmanager.yaml <<EOF
manifests:
network_policy: true
network_policy:
alertmanager:
ingress:
- from:
- podSelector:
matchLabels:
application: prometheus-alertmanager
ports:
- protocol: TCP
port: 9093
- protocol: TCP
port: 6783
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install prometheus-alertmanager ./prometheus-alertmanager \
--namespace=osh-infra \
--values=/tmp/prometheus-alertmanager.yaml \
--set pod.replicas.alertmanager=1
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status prometheus-alertmanager

30
tools/deployment/developer/netpol/070-kube-state-metrics.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-kube-state-metrics
#NOTE: Deploy command
helm upgrade --install prometheus-kube-state-metrics \
./prometheus-kube-state-metrics --namespace=kube-system
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Validate Deployment info
helm status prometheus-kube-state-metrics

30
tools/deployment/developer/netpol/080-node-exporter.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-node-exporter
#NOTE: Deploy command
helm upgrade --install prometheus-node-exporter \
./prometheus-node-exporter --namespace=kube-system
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Validate Deployment info
helm status prometheus-node-exporter

30
tools/deployment/developer/netpol/090-process-exporter.sh Executable file
View File

@ -0,0 +1,30 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make prometheus-process-exporter
#NOTE: Deploy command
helm upgrade --install prometheus-process-exporter \
./prometheus-process-exporter --namespace=kube-system
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh kube-system
#NOTE: Validate Deployment info
helm status prometheus-process-exporter

48
tools/deployment/developer/netpol/100-grafana.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make grafana
tee /tmp/grafana.yaml <<EOF
manifests:
network_policy: true
network_policy:
grafana:
ingress:
- from:
- podSelector:
matchLabels:
application: grafana
ports:
- protocol: TCP
port: 3000
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install grafana ./grafana \
--namespace=osh-infra \
--values=/tmp/grafana.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status grafana

49
tools/deployment/developer/netpol/110-nagios.sh Executable file
View File

@ -0,0 +1,49 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make nagios
tee /tmp/nagios.yaml <<EOF
manifests:
network_policy: true
network_policy:
nagios:
ingress:
- from:
- podSelector:
matchLabels:
application: nagios
ports:
- protocol: TCP
port: 8000
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install nagios ./nagios \
--namespace=osh-infra \
--values=/tmp/nagios.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status nagios

46
tools/deployment/developer/netpol/120-elasticsearch.sh Executable file
View File

@ -0,0 +1,46 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make elasticsearch
#NOTE: Deploy command
tee /tmp/elasticsearch.yaml << EOF
monitoring:
prometheus:
enabled: true
pod:
replicas:
data: 1
manifests:
network_policy: true
network_policy:
elasticsearch:
ingress:
- from:
EOF
helm upgrade --install elasticsearch ./elasticsearch \
--namespace=osh-infra \
--values=/tmp/elasticsearch.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status elasticsearch

91
tools/deployment/developer/netpol/125-elasticsearch-ldap.sh Executable file
View File

@ -0,0 +1,91 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
ELASTICSEARCH_ENDPOINT="elasticsearch-logging.osh-infra"
#NOTE: Create index with specified LDAP user
function create_index () {
index_result=$(curl -K- <<< "--user $1:$2" \
-XPUT "${ELASTICSEARCH_ENDPOINT}/$1_index?pretty" -H 'Content-Type: application/json' -d'
{
"settings" : {
"index" : {
"number_of_shards" : 3,
"number_of_replicas" : 2
}
}
}
' | python -c "import sys, json; print json.load(sys.stdin)['acknowledged']")
if [ "$index_result" == "True" ];
then
echo "$1's index successfully created!";
else
echo "$1's index not created!";
exit 1;
fi
}
#NOTE: Insert test data with specified LDAP user
function insert_test_data () {
insert_result=$(curl -K- <<< "--user $1:$2" \
-XPUT "${ELASTICSEARCH_ENDPOINT}/$1_index/sample_type/123/_create?pretty" -H 'Content-Type: application/json' -d'
{
"name" : "Elasticsearch",
"message" : "Test data text entry"
}
' | python -c "import sys, json; print json.load(sys.stdin)['result']")
if [ "$insert_result" == "created" ]; then
sleep 20
echo "Test data inserted into $1's index!";
else
echo "Test data not inserted into $1's index!";
exit 1;
fi
}
#NOTE: Check hits on test data in specified LDAP user's index
function check_hits () {
total_hits=$(curl -K- <<< "--user $1:$2" \
"${ELASTICSEARCH_ENDPOINT}/_search?pretty" -H 'Content-Type: application/json' -d'
{
"query" : {
"bool": {
"must": [
{ "match": { "name": "Elasticsearch" }},
{ "match": { "message": "Test data text entry" }}
]
}
}
}
' | python -c "import sys, json; print json.load(sys.stdin)['hits']['total']")
if [ "$total_hits" -gt 0 ]; then
echo "Successful hits on test data query on $1's index!"
else
echo "No hits on query for test data on $1's index!";
exit 1;
fi
}
create_index bob password
create_index alice password
insert_test_data bob password
insert_test_data alice password
check_hits bob password
check_hits alice password

51
tools/deployment/developer/netpol/130-fluent-logging.sh Executable file
View File

@ -0,0 +1,51 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make fluent-logging
tee /tmp/fluent-logging.yaml <<EOF
manifests:
network_policy: true
network_policy:
fluentbit:
ingress:
- from:
fluentd:
ingress:
- from:
fluent:
ingress:
- from:
fluent-logging:
ingress:
- from:
EOF
#NOTE: Deploy command
helm upgrade --install fluent-logging ./fluent-logging \
--namespace=osh-infra \
--values=/tmp/fluent-logging.yaml \
--set pod.replicas.fluentd=1
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status fluent-logging

47
tools/deployment/developer/netpol/140-kibana.sh Executable file
View File

@ -0,0 +1,47 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
#NOTE: Lint and package chart
make kibana
tee /tmp/kibana.yaml <<EOF
manifests:
network_policy: true
network_policy:
kibana:
ingress:
- from:
- podSelector:
matchLabels:
application: kibana
ports:
- protocol: TCP
port: 5601
- protocol: TCP
port: 80
EOF
#NOTE: Deploy command
helm upgrade --install kibana ./kibana \
--namespace=osh-infra \
--values=/tmp/kibana.yaml
#NOTE: Wait for deploy
./tools/deployment/common/wait-for-pods.sh osh-infra
#NOTE: Validate Deployment info
helm status kibana

48
tools/deployment/developer/netpol/901-test-networkpolicy.sh Executable file
View File

@ -0,0 +1,48 @@
#!/bin/bash
# Copyright 2017 The Openstack-Helm Authors.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
set -xe
# test_netpol(namespace, component, target_host, expected_result{fail,success})
function test_netpol {
NS=$1
COMPONENT=$2
HOST=$3
STATUS=$4
echo Testing connection from $COMPONENT to host $HOST with namespace $NS
POD=$(kubectl -n $NS get pod | grep $COMPONENT | grep Running | awk '{print $1}')
PID=$(sudo docker inspect --format '{{ .State.Pid }}' $(kubectl get pods --namespace $NS $POD -o jsonpath='{.status.containerStatuses[0].containerID}' | cut -c 10-21))
if [ "x${STATUS}" == "xfail" ]; then
if ! sudo nsenter -t $PID -n wget --spider --timeout=5 --tries=1 $HOST ; then
echo "Connection timed out; as expected by policy."
else
exit 1
fi
else
sudo nsenter -t $PID -n wget --spider --timeout=10 --tries=1 $HOST
fi
}
# Doing negative tests
test_netpol osh-infra mariadb-server elasticsearch.osh-infra.svc.cluster.local fail
test_netpol osh-infra mariadb-server nagios.osh-infra.svc.cluster.local fail
test_netpol osh-infra mariadb-server prometheus.osh-infra.svc.cluster.local fail
# Doing positive tests
test_netpol osh-infra grafana mariadb.osh-infra.svc.cluster.local:3306 success
echo Test successfully

31
zuul.d/jobs.yaml
View File

@ -139,6 +139,37 @@
- ./tools/deployment/developer/nfs/130-fluent-logging.sh - ./tools/deployment/developer/nfs/130-fluent-logging.sh
- ./tools/deployment/developer/nfs/140-kibana.sh - ./tools/deployment/developer/nfs/140-kibana.sh
- job:
name: openstack-helm-infra-dev-deploy-nfs-networkpolicy
parent: openstack-helm-functional
timeout: 7200
pre-run: playbooks/osh-infra-upgrade-host.yaml
run: playbooks/osh-infra-gate-runner.yaml
post-run: playbooks/osh-infra-collect-logs.yaml
nodeset: openstack-helm-single-node
vars:
gate_scripts:
- ./tools/deployment/developer/nfs/000-install-packages.sh
- ./tools/deployment/developer/nfs/005-deploy-k8s.sh
- ./tools/deployment/developer/nfs/010-deploy-docker-registry.sh
- ./tools/deployment/developer/nfs/020-ingress.sh
- ./tools/deployment/developer/nfs/030-nfs-provisioner.sh
- ./tools/deployment/developer/netpol/039-lockdown.sh
- ./tools/deployment/developer/netpol/040-ldap.sh
- ./tools/deployment/developer/netpol/045-mariadb.sh
- ./tools/deployment/developer/netpol/050-prometheus.sh
- ./tools/deployment/developer/netpol/060-alertmanager.sh
- ./tools/deployment/developer/netpol/070-kube-state-metrics.sh
- ./tools/deployment/developer/netpol/080-node-exporter.sh
- ./tools/deployment/developer/netpol/090-process-exporter.sh
- ./tools/deployment/developer/netpol/100-grafana.sh
- ./tools/deployment/developer/netpol/110-nagios.sh
- ./tools/deployment/developer/netpol/120-elasticsearch.sh
- ./tools/deployment/developer/netpol/125-elasticsearch-ldap.sh
- ./tools/deployment/developer/netpol/130-fluent-logging.sh
- ./tools/deployment/developer/netpol/140-kibana.sh
- ./tools/deployment/developer/netpol/901-test-networkpolicy.sh
- job: - job:
name: openstack-helm-infra-openstack-support name: openstack-helm-infra-openstack-support
parent: openstack-helm-infra-functional parent: openstack-helm-infra-functional

2
zuul.d/project.yaml
View File

@ -28,6 +28,8 @@
#NOTE(srwilkers): Changing the dev-deploy-nfs job to nonvoting until #NOTE(srwilkers): Changing the dev-deploy-nfs job to nonvoting until
# we can agree on the proper services to deploy with this job # we can agree on the proper services to deploy with this job
voting: false voting: false
- openstack-helm-infra-dev-deploy-nfs-networkpolicy:
voting: false
- openstack-helm-infra-openstack-support - openstack-helm-infra-openstack-support
- openstack-helm-infra-kubernetes-keystone-auth - openstack-helm-infra-kubernetes-keystone-auth
gate: gate: