Add ingress network policy for Nagios

This adds the ingress network policy to Nagios using the helm-toolkit template Change-Id: If6cc66330b24c3f79f9b5c29a94ea904d1eb37d4
2019-02-22 11:15:57 -06:00 · 2019-02-22 11:15:57 -06:00 · 736af38c9c
commit 736af38c9c
parent 6b8f0065cb
3 changed files with 14 additions and 4 deletions
--- a/nagios/values.yaml
+++ b/nagios/values.yaml
@ -185,6 +185,11 @@ network:
      enabled: false
      port: 30925

+network_policy:
+  nagios:
+    ingress:
+      - {}
+
 pod:
  lifecycle:
    upgrades:
--- a/tools/deployment/network-policy/110-nagios.sh
+++ b/tools/deployment/network-policy/110-nagios.sh
@ -19,7 +19,7 @@ set -xe
 #NOTE: Lint and package chart
 make nagios

-tee /tmp/nagios.yaml <<EOF
+tee /tmp/nagios.yaml << EOF
 manifests:
  network_policy: true
 network_policy:
@ -29,14 +29,18 @@ network_policy:
        - podSelector:
            matchLabels:
              application: nagios
+        - podSelector:
+            matchLabels:
+              application: ingress
        ports:
-        - protocol: TCP
-          port: 8000
        - protocol: TCP
          port: 80
+        - protocol: TCP
+          port: 8000
+        - protocol:
+          port: 443
 EOF

-
 #NOTE: Deploy command
 helm upgrade --install nagios ./nagios \
    --namespace=osh-infra \
--- a/tools/deployment/network-policy/901-test-networkpolicy.sh
+++ b/tools/deployment/network-policy/901-test-networkpolicy.sh
@ -52,6 +52,7 @@ function test_netpol {
 test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail
 test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
 test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail
+test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail

 # Doing positive tests
 test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success