4f30b1361e
This patch set adds in default mariadb ingress network policy overrides for openstack namespace. Change-Id: I037de30f868dfeb0dedb1c32209b8be6d4690962
89 lines
2.2 KiB
YAML
89 lines
2.2 KiB
YAML
manifests:
|
|
network_policy: true
|
|
network_policy:
|
|
mariadb:
|
|
egress:
|
|
- to:
|
|
- ipBlock:
|
|
cidr: %%%REPLACE_API_ADDR%%%/32
|
|
ports:
|
|
- protocol: TCP
|
|
port: %%%REPLACE_API_PORT%%%
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: keystone
|
|
- podSelector:
|
|
matchLabels:
|
|
application: heat
|
|
- podSelector:
|
|
matchLabels:
|
|
application: glance
|
|
- podSelector:
|
|
matchLabels:
|
|
application: cinder
|
|
- podSelector:
|
|
matchLabels:
|
|
application: aodh
|
|
- podSelector:
|
|
matchLabels:
|
|
application: congress
|
|
- podSelector:
|
|
matchLabels:
|
|
application: barbican
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ceilometer
|
|
- podSelector:
|
|
matchLabels:
|
|
application: designate
|
|
- podSelector:
|
|
matchLabels:
|
|
application: horizon
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ironic
|
|
- podSelector:
|
|
matchLabels:
|
|
application: magnum
|
|
- podSelector:
|
|
matchLabels:
|
|
application: mistral
|
|
- podSelector:
|
|
matchLabels:
|
|
application: nova
|
|
- podSelector:
|
|
matchLabels:
|
|
application: neutron
|
|
- podSelector:
|
|
matchLabels:
|
|
application: panko
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rally
|
|
- podSelector:
|
|
matchLabels:
|
|
application: senlin
|
|
- podSelector:
|
|
matchLabels:
|
|
application: placement
|
|
- podSelector:
|
|
matchLabels:
|
|
application: prometheus-mysql-exporter
|
|
- podSelector:
|
|
matchLabels:
|
|
application: mariadb
|
|
- podSelector:
|
|
matchLabels:
|
|
application: mariadb-backup
|
|
ports:
|
|
- protocol: TCP
|
|
port: 3306
|
|
- protocol: TCP
|
|
port: 4567
|
|
- protocol: TCP
|
|
port: 80
|
|
- protocol: TCP
|
|
port: 8080
|