Heat: Add ingress network policy overrides

This patch set adds in default heat ingress overrides. Change-Id: I4e1f2b6687a05f2bf3ca91c941c2cf11abe68f07
2019-09-30 09:21:01 -05:00 · 2019-09-30 09:21:01 -05:00 · f76a3f5e0a
commit f76a3f5e0a
parent 915276f4f7
2 changed files with 27 additions and 21 deletions
--- a/heat/values_overrides/netpol.yaml
+++ b/heat/values_overrides/netpol.yaml
@ -1,28 +1,25 @@
 manifests:
  network_policy: true
-#NOTE(gagehugo): Test these once the netpol gate works
 network_policy:
  heat:
-#    ingress:
-#      - from:
-#        - podSelector:
-#            matchLabels:
-#              application: heat
-#        - podSelector:
-#            matchLabels:
-#              application: ingress
-#        - podSelector:
-#            matchLabels:
-#              application: horizon
-#        ports:
-#        - protocol: TCP
-#          port: 80
-#        - protocol: TCP
-#          port: 8000
-#        - protocol: TCP
-#          port: 8003
-#        - protocol: TCP
-#          port: 8004
+    ingress:
+      - from:
+        - podSelector:
+            matchLabels:
+              application: heat
+        - podSelector:
+            matchLabels:
+              application: ingress
+        - podSelector:
+            matchLabels:
+              application: horizon
+        ports:
+        - protocol: TCP
+          port: 8000
+        - protocol: TCP
+          port: 8003
+        - protocol: TCP
+          port: 8004
    egress:
      - to:
        - podSelector:
--- a/tools/deployment/common/test-networkpolicy.sh
+++ b/tools/deployment/common/test-networkpolicy.sh
@ -93,6 +93,12 @@ else
  test_netpol openstack rabbitmq server memcached.openstack.svc.cluster.local:11211 fail
  test_netpol openstack openvswitch openvswitch-vswitchd memcached.openstack.svc.cluster.local:11211 fail
  test_netpol openstack libvirt libvirt memcached.openstack.svc.cluster.local:11211 fail
+  # Heat Negative Tests
+  test_netpol openstack keystone api heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack nova os-api heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack neutron server heat-api.openstack.svc.cluster.local:8004 fail
+  test_netpol openstack glance api heat-api.openstack.svc.cluster.local:8004 fail
+
 # Positive Compute-Kit Tests

  # Positive Mariadb tests
@ -112,6 +118,9 @@ else
  test_netpol openstack nova compute glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack heat api glance-api.openstack.svc.cluster.local:9292 success
  test_netpol openstack horizon server glance-api.openstack.svc.cluster.local:9292 success
+  test_netpol openstack horizon server heat-api.openstack.svc.cluster.local:8004 success
+  test_netpol openstack horizon server heat-cfn.openstack.svc.cluster.local:8000 success
+  test_netpol openstack heat api heat-api.openstack.svc.cluster.local:8004 success
 fi

 echo Test Success