openstack/openstack-helm
Code Issues Proposed changes

Merge "Add Glance ingress network policy overrides"

Browse Source
This commit is contained in:
Zuul 2020-01-13 21:07:29 +00:00 committed by Gerrit Code Review
commit 9ded66d17f
2 changed files with 37 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
glance/values_overrides/netpol.yaml
View File

@ -1,38 +1,35 @@
manifests: manifests:
network_policy: true network_policy: true
#NOTE(gagehugo): Test this whitelist when the netpol gate works
network_policy: network_policy:
glance: glance:
# ingress: ingress:
# - from: - from:
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: glance application: glance
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: nova application: nova
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: horizon application: horizon
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: ingress application: ingress
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: heat application: heat
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: ironic application: ironic
# - podSelector: - podSelector:
# matchLabels: matchLabels:
# application: cinder application: cinder
# ports: ports:
# - protocol: TCP - protocol: TCP
# port: 80 port: 9191
# - protocol: TCP - protocol: TCP
# port: 9191 port: 9292
# - protocol: TCP
# port: 9292
egress: egress:
- to: - to:
ports: ports:

9
tools/deployment/common/test-networkpolicy.sh
View File

@ -69,6 +69,10 @@ else
# Negative Compute-Kit Tests # Negative Compute-Kit Tests
#test_netpol openstack keystone api heat-api.openstack.svc.cluster.local fail #test_netpol openstack keystone api heat-api.openstack.svc.cluster.local fail
#test_netpol openstack keystone api glance-api.openstack.svc.cluster.local fail #test_netpol openstack keystone api glance-api.openstack.svc.cluster.local fail
test_netpol openstack mariadb server glance-api.openstack.svc.cluster.local:9292 fail
test_netpol openstack memcached server glance-api.openstack.svc.cluster.local:9292 fail
test_netpol openstack keystone api glance-api.openstack.svc.cluster.local:9292 fail
# Positive Compute-Kit Tests # Positive Compute-Kit Tests
test_netpol openstack heat api mariadb.openstack.svc.cluster.local:3306 success test_netpol openstack heat api mariadb.openstack.svc.cluster.local:3306 success
test_netpol openstack glance api mariadb.openstack.svc.cluster.local:3306 success test_netpol openstack glance api mariadb.openstack.svc.cluster.local:3306 success
@ -78,6 +82,11 @@ else
test_netpol openstack nova os-api keystone-api.openstack.svc.cluster.local:5000 success test_netpol openstack nova os-api keystone-api.openstack.svc.cluster.local:5000 success
test_netpol openstack nova compute keystone-api.openstack.svc.cluster.local:5000 success test_netpol openstack nova compute keystone-api.openstack.svc.cluster.local:5000 success
test_netpol openstack neutron l3-agent keystone-api.openstack.svc.cluster.local:5000 success test_netpol openstack neutron l3-agent keystone-api.openstack.svc.cluster.local:5000 success
test_netpol openstack ingress server glance-api.openstack.svc.cluster.local:9292 success
test_netpol openstack nova os-api glance-api.openstack.svc.cluster.local:9292 success
test_netpol openstack nova compute glance-api.openstack.svc.cluster.local:9292 success
test_netpol openstack heat api glance-api.openstack.svc.cluster.local:9292 success
test_netpol openstack horizon server glance-api.openstack.svc.cluster.local:9292 success
fi fi
echo Test Success echo Test Success