Allow keystone pods to connect to kube-dns

When deploying keystone, two pods fail with error: Temporary failure in name resolution These pods are executing fernet_manage.py and fetch secrets using: https://github.com/openstack/openstack-helm/blob/master/keystone/templates/bin/_fernet-manage.py.tpl#L60 However, the current network policy blocks the connection to kube-dns. This patch fixes it Change-Id: I4ae6722a5bcb350e64995fbd2e1010153b0c29e6 Signed-off-by: Manuel Buil <mbuil@suse.com>
2019-05-09 12:05:09 +02:00 · 2019-05-09 12:05:09 +02:00 · 0a965cf4c7
commit 0a965cf4c7
parent dc247b3856
1 changed files with 5 additions and 1 deletions
--- a/keystone/values.yaml
+++ b/keystone/values.yaml
@ -460,7 +460,11 @@ network_policy:
        - podSelector:
            matchLabels:
              application: ceph
-
+      - ports:
+        - port: 53
+          protocol: UDP
+        - port: 53
+          protocol: TCP
 conf:
  security: |
    #