6d849acf93
There is a duplicate network_policy: key (one for ingress and one for egress). This patch set fixes the netpol override yaml so it is correct. Change-Id: I0df65ce248c010b5cf6e54515cfa10206436fa6c Signed-off-by: Tin Lam <tin@irrational.io>
107 lines
2.8 KiB
YAML
107 lines
2.8 KiB
YAML
network_policy:
|
|
rabbitmq:
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: keystone
|
|
- podSelector:
|
|
matchLabels:
|
|
application: heat
|
|
- podSelector:
|
|
matchLabels:
|
|
application: glance
|
|
- podSelector:
|
|
matchLabels:
|
|
application: cinder
|
|
- podSelector:
|
|
matchLabels:
|
|
application: aodh
|
|
- podSelector:
|
|
matchLabels:
|
|
application: congress
|
|
- podSelector:
|
|
matchLabels:
|
|
application: barbican
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ceilometer
|
|
- podSelector:
|
|
matchLabels:
|
|
application: designate
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ironic
|
|
- podSelector:
|
|
matchLabels:
|
|
application: magnum
|
|
- podSelector:
|
|
matchLabels:
|
|
application: mistral
|
|
- podSelector:
|
|
matchLabels:
|
|
application: nova
|
|
- podSelector:
|
|
matchLabels:
|
|
application: neutron
|
|
- podSelector:
|
|
matchLabels:
|
|
application: senlin
|
|
- podSelector:
|
|
matchLabels:
|
|
application: placement
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rabbitmq
|
|
- podSelector:
|
|
matchLabels:
|
|
application: prometheus_rabbitmq_exporter
|
|
ports:
|
|
# AMQP port
|
|
- protocol: TCP
|
|
port: 5672
|
|
# HTTP API ports
|
|
- protocol: TCP
|
|
port: 15672
|
|
- protocol: TCP
|
|
port: 80
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rabbitmq
|
|
ports:
|
|
# Clustering port AMQP + 20000
|
|
- protocol: TCP
|
|
port: 25672
|
|
# Erlang Port Mapper Daemon (epmd)
|
|
- protocol: TCP
|
|
port: 4369
|
|
egress:
|
|
- to:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rabbitmq
|
|
ports:
|
|
# Erlang port mapper daemon (epmd)
|
|
- protocol: TCP
|
|
port: 4369
|
|
# Rabbit clustering port AMQP + 20000
|
|
- protocol: TCP
|
|
port: 25672
|
|
# NOTE(lamt): Set by inet_dist_listen_{min/max}. Firewalls must
|
|
# permit traffic in this range to pass between clustered nodes.
|
|
# - protocol: TCP
|
|
# port: 35197
|
|
- to:
|
|
- ipBlock:
|
|
cidr: %%%REPLACE_API_ADDR%%%/32
|
|
ports:
|
|
- protocol: TCP
|
|
port: %%%REPLACE_API_PORT%%%
|
|
|
|
manifests:
|
|
monitoring:
|
|
prometheus:
|
|
network_policy_exporter: true
|
|
network_policy: true
|