manifests:
  network_policy: true
network_policy:
  keystone:
    ingress:
      - from:
        - podSelector:
            matchLabels:
              application: ceph
        - podSelector:
            matchLabels:
              application: ingress
        - podSelector:
            matchLabels:
              application: keystone
        - podSelector:
            matchLabels:
              application: heat
        - podSelector:
            matchLabels:
              application: glance
        - podSelector:
            matchLabels:
              application: cinder
        - podSelector:
            matchLabels:
              application: congress
        - podSelector:
            matchLabels:
              application: barbican
        - podSelector:
            matchLabels:
              application: ceilometer
        - podSelector:
            matchLabels:
              application: horizon
        - podSelector:
            matchLabels:
              application: ironic
        - podSelector:
            matchLabels:
              application: magnum
        - podSelector:
            matchLabels:
              application: mistral
        - podSelector:
            matchLabels:
              application: nova
        - podSelector:
            matchLabels:
              application: neutron
        - podSelector:
            matchLabels:
              application: senlin
        - podSelector:
            matchLabels:
              application: placement
        - podSelector:
            matchLabels:
              application: prometheus-openstack-exporter
        ports:
        - protocol: TCP
          port: 5000
        - protocol: TCP
          port: 35357
#    egress:
#      - to:
#        - namespaceSelector:
#            matchLabels:
#              name: ceph
#      - to:
#        - podSelector:
#            matchLabels:
#              application: ceph
#      - ports:
#        - port: 53
#          protocol: UDP
#        - port: 53
#          protocol: TCP