762dc76b5c
The patch adds Network Policy ingress rules for RabbitMQ and Prometheus RabbitMQ exporter. It also fixes name generation for network policies, to make sure they do not contain a prohibited '_' symbol, which may appear in some label names. Change-Id: I9821983b61d90e73e62c5ac669eefeb4ba9999d2
85 lines
2.1 KiB
YAML
85 lines
2.1 KiB
YAML
network_policy:
|
|
rabbitmq:
|
|
ingress:
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: keystone
|
|
- podSelector:
|
|
matchLabels:
|
|
application: heat
|
|
- podSelector:
|
|
matchLabels:
|
|
application: glance
|
|
- podSelector:
|
|
matchLabels:
|
|
application: cinder
|
|
- podSelector:
|
|
matchLabels:
|
|
application: aodh
|
|
- podSelector:
|
|
matchLabels:
|
|
application: congress
|
|
- podSelector:
|
|
matchLabels:
|
|
application: barbican
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ceilometer
|
|
- podSelector:
|
|
matchLabels:
|
|
application: designate
|
|
- podSelector:
|
|
matchLabels:
|
|
application: ironic
|
|
- podSelector:
|
|
matchLabels:
|
|
application: magnum
|
|
- podSelector:
|
|
matchLabels:
|
|
application: mistral
|
|
- podSelector:
|
|
matchLabels:
|
|
application: nova
|
|
- podSelector:
|
|
matchLabels:
|
|
application: neutron
|
|
- podSelector:
|
|
matchLabels:
|
|
application: senlin
|
|
- podSelector:
|
|
matchLabels:
|
|
application: placement
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rabbitmq
|
|
- podSelector:
|
|
matchLabels:
|
|
application: prometheus_rabbitmq_exporter
|
|
ports:
|
|
# AMQP port
|
|
- protocol: TCP
|
|
port: 5672
|
|
# HTTP API ports
|
|
- protocol: TCP
|
|
port: 15672
|
|
- protocol: TCP
|
|
port: 80
|
|
- from:
|
|
- podSelector:
|
|
matchLabels:
|
|
application: rabbitmq
|
|
ports:
|
|
# Clustering port AMQP + 20000
|
|
- protocol: TCP
|
|
port: 25672
|
|
# Erlang Port Mapper Daemon (epmd)
|
|
- protocol: TCP
|
|
port: 4369
|
|
|
|
manifests:
|
|
monitoring:
|
|
prometheus:
|
|
network_policy_exporter: true
|
|
network_policy: true
|