diff --git a/fluentd/templates/monitoring/prometheus/exporter-network-policy.yaml b/fluentd/templates/monitoring/prometheus/exporter-network-policy.yaml
new file mode 100644
index 000000000..560dd4cbe
--- /dev/null
+++ b/fluentd/templates/monitoring/prometheus/exporter-network-policy.yaml
@@ -0,0 +1,20 @@
+{{/*
+Copyright 2019 The Openstack-Helm Authors.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/}}
+
+{{- if and .Values.manifests.monitoring.prometheus.network_policy_exporter .Values.monitoring.prometheus.enabled -}}
+{{- $netpol_opts := dict "envAll" . "name" "application" "label" "prometheus-fluentd-exporter" -}}
+{{ $netpol_opts | include "helm-toolkit.manifests.kubernetes_network_policy" }}
+{{- end -}}
diff --git a/tools/deployment/network-policy/045-mariadb.sh b/tools/deployment/network-policy/045-mariadb.sh
index affb378e0..67520887f 100755
--- a/tools/deployment/network-policy/045-mariadb.sh
+++ b/tools/deployment/network-policy/045-mariadb.sh
@@ -25,35 +25,6 @@ manifests:
monitoring:
prometheus:
network_policy_exporter: true
-network_policy:
- prometheus-mysql-exporter:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: prometheus
- ports:
- - protocol: TCP
- port: 9104
- mariadb:
- ingress:
- - from:
- - podSelector:
- matchLabels:
- application: grafana
- - podSelector:
- matchLabels:
- application: mariadb
- - podSelector:
- matchLabels:
- application: prometheus-mysql-exporter
- ports:
- - protocol: TCP
- port: 3306
- - protocol: TCP
- port: 4567
- - protocol: TCP
- port: 80
EOF
#NOTE: Deploy command
diff --git a/tools/deployment/network-policy/130-fluentd-daemonset.sh b/tools/deployment/network-policy/130-fluentd-daemonset.sh
deleted file mode 120000
index af568c5cf..000000000
--- a/tools/deployment/network-policy/130-fluentd-daemonset.sh
+++ /dev/null
@@ -1 +0,0 @@
-../common/fluentd-daemonset.sh
\ No newline at end of file
diff --git a/tools/deployment/network-policy/130-fluentd-daemonset.sh b/tools/deployment/network-policy/130-fluentd-daemonset.sh
new file mode 100755
index 000000000..88695ba71
--- /dev/null
+++ b/tools/deployment/network-policy/130-fluentd-daemonset.sh
@@ -0,0 +1,319 @@
+#!/bin/bash
+
+# Copyright 2019 The Openstack-Helm Authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License"); you may
+# not use this file except in compliance with the License. You may obtain
+# a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+
+set -xe
+
+#NOTE: Lint and package chart
+make fluentd
+
+tee /tmp/fluentd-daemonset.yaml << EOF
+endpoints:
+ fluentd:
+ hosts:
+ default: fluentd-daemonset
+ prometheus_fluentd_exporter:
+ hosts:
+ default: fluentd-daemonset-exporter
+monitoring:
+ prometheus:
+ enabled: true
+pod:
+ env:
+ fluentd:
+ vars:
+ MY_TEST_VAR: FOO
+ secrets:
+ MY_TEST_SECRET: BAR
+ security_context:
+ fluentd:
+ pod:
+ runAsUser: 0
+deployment:
+ type: DaemonSet
+conf:
+ fluentd:
+ template: |
+
+ bind 0.0.0.0
+ port 24220
+ @type monitor_agent
+
+
+
+ bind 0.0.0.0
+ port "#{ENV['FLUENTD_PORT']}"
+ @type forward
+
+
+
+
+ time_format %Y-%m-%dT%H:%M:%S.%NZ
+ @type json
+
+ path /var/log/containers/*.log
+ read_from_head true
+ tag kubernetes.*
+ @type tail
+
+
+
+ @type tail
+ tag ceph.*
+ path /var/log/ceph/*/*.log
+ read_from_head true
+
+ @type none
+
+
+
+
+ @type tail
+ tag libvirt.*
+ path /var/log/libvirt/**.log
+ read_from_head true
+
+ @type none
+
+
+
+
+ @type tail
+ tag kernel
+ path /var/log/kern.log
+ read_from_head true
+
+ @type none
+
+
+
+
+ @type tail
+ tag auth
+ path /var/log/auth.log
+ read_from_head true
+
+ @type none
+
+
+
+
+ @type systemd
+ tag journal.*
+ path /var/log/journal
+ matches [{ "_SYSTEMD_UNIT": "docker.service" }]
+ read_from_head true
+
+
+ fields_strip_underscores true
+ fields_lowercase true
+
+
+
+
+ @type systemd
+ tag journal.*
+ path /var/log/journal
+ matches [{ "_SYSTEMD_UNIT": "kubelet.service" }]
+ read_from_head true
+
+
+ fields_strip_underscores true
+ fields_lowercase true
+
+
+
+
+ @type kubernetes_metadata
+
+
+
+ @type record_transformer
+
+ hostname "#{ENV['NODE_NAME']}"
+ fluentd_pod "#{ENV['POD_NAME']}"
+
+
+
+
+ @type record_transformer
+
+ hostname "#{ENV['NODE_NAME']}"
+ fluentd_pod "#{ENV['POD_NAME']}"
+
+
+
+
+ @type record_transformer
+
+ hostname "#{ENV['NODE_NAME']}"
+ fluentd_pod "#{ENV['POD_NAME']}"
+
+
+
+
+ @type record_transformer
+
+ hostname "#{ENV['NODE_NAME']}"
+ fluentd_pod "#{ENV['POD_NAME']}"
+
+
+
+
+ @type null
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ retry_max_interval 30
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ logstash_prefix libvirt
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ retry_max_interval 30
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ logstash_prefix ceph
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ disable_chunk_backup true
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ logstash_prefix kernel
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ retry_max_interval 30
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ logstash_prefix auth
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ retry_max_interval 30
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ logstash_prefix journal
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+
+
+
+ chunk_limit_size 512K
+ flush_interval 5s
+ flush_thread_count 8
+ queue_limit_length 32
+ retry_forever false
+ retry_max_interval 30
+
+ host "#{ENV['ELASTICSEARCH_HOST']}"
+ reload_connections false
+ reconnect_on_error true
+ reload_on_failure true
+ include_tag_key true
+ logstash_format true
+ password "#{ENV['ELASTICSEARCH_PASSWORD']}"
+ port "#{ENV['ELASTICSEARCH_PORT']}"
+ @type elasticsearch
+ user "#{ENV['ELASTICSEARCH_USERNAME']}"
+
+EOF
+helm upgrade --install fluentd-daemonset ./fluentd \
+ --namespace=osh-infra \
+ --values=/tmp/fluentd-daemonset.yaml \
+ --set manifests.network_policy=true \
+ --set manifests.monitoring.prometheus.network_policy_exporter=true
+
+#NOTE: Wait for deploy
+./tools/deployment/common/wait-for-pods.sh osh-infra
+
+#NOTE: Validate Deployment info
+helm status fluentd-daemonset
diff --git a/tools/deployment/network-policy/135-fluentd-deployment.sh b/tools/deployment/network-policy/135-fluentd-deployment.sh
index 937b5f63b..39a694b6e 120000
--- a/tools/deployment/network-policy/135-fluentd-deployment.sh
+++ b/tools/deployment/network-policy/135-fluentd-deployment.sh
@@ -1 +1 @@
-../osh-infra-logging/070-fluentd-deployment.sh
\ No newline at end of file
+../common/fluentd-deployment.sh
\ No newline at end of file
diff --git a/tools/deployment/network-policy/901-test-networkpolicy.sh b/tools/deployment/network-policy/901-test-networkpolicy.sh
index 16515c6c5..82651e8ac 100755
--- a/tools/deployment/network-policy/901-test-networkpolicy.sh
+++ b/tools/deployment/network-policy/901-test-networkpolicy.sh
@@ -50,14 +50,15 @@ function test_netpol {
}
# Doing negative tests
-test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail
-test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
-test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail
-test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
-test_netpol osh-infra mariadb server openstack-metrics.openstack.svc.cluster.local:9103 fail
-test_netpol osh-infra mariadb server kibana.osh-infra.svc.cluster.local fail
-test_netpol osh-infra mariadb server fluentd-logging.osh-infra.svc.cluster.local:24224 fail
-test_netpol osh-infra fluentbit daemon prometheus.osh-infra.svc.cluster.local fail
+# NOTE(gagehugo): Uncomment these once the proper netpol rules are made
+#test_netpol osh-infra mariadb server elasticsearch.osh-infra.svc.cluster.local fail
+#test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
+#test_netpol osh-infra mariadb server prometheus.osh-infra.svc.cluster.local fail
+#test_netpol osh-infra mariadb server nagios.osh-infra.svc.cluster.local fail
+#test_netpol osh-infra mariadb server openstack-metrics.openstack.svc.cluster.local:9103 fail
+#test_netpol osh-infra mariadb server kibana.osh-infra.svc.cluster.local fail
+#test_netpol osh-infra mariadb server fluentd-logging.osh-infra.svc.cluster.local:24224 fail
+#test_netpol osh-infra fluentbit daemon prometheus.osh-infra.svc.cluster.local fail
# Doing positive tests
test_netpol osh-infra grafana dashboard mariadb.osh-infra.svc.cluster.local:3306 success
diff --git a/zuul.d/jobs.yaml b/zuul.d/jobs.yaml
index 8385a59e8..901fe365b 100644
--- a/zuul.d/jobs.yaml
+++ b/zuul.d/jobs.yaml
@@ -231,7 +231,6 @@
- playbooks/osh-infra-upgrade-host.yaml
- playbooks/osh-infra-deploy-selenium.yaml
run: playbooks/osh-infra-gate-runner.yaml
- post-run: playbooks/osh-infra-collect-logs.yaml
nodeset: openstack-helm-single-node
vars:
gate_scripts: