OSH: Add ingress netpol for ceph-rgw pods

This is to enable ingress netpol for ceph-rgw pods

Depends-On: https://review.openstack.org/#/c/632567/

Change-Id: I542a38a08101b031633bfcb0810e00904ae58df5
This commit is contained in:
Chinasubbareddy M 2019-01-24 11:56:40 -06:00 committed by chinasubbareddy mallavarapu
parent 72b0d3c982
commit ff146ea9fd
3 changed files with 58 additions and 0 deletions

View File

@ -44,6 +44,33 @@ conf:
pod: pod:
replicas: replicas:
rgw: 1 rgw: 1
network_policy:
ceph:
ingress:
- from:
- podSelector:
matchLabels:
application: glance
- podSelector:
matchLabels:
application: cinder
- podSelector:
matchLabels:
application: libvirt
- podSelector:
matchLabels:
application: nova
- podSelector:
matchLabels:
application: ceph
- podSelector:
matchLabels:
application: ingress
ports:
- protocol: TCP
port: 8088
manifests:
network_policy: true
EOF EOF
helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \ helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
--namespace=openstack \ --namespace=openstack \

View File

@ -27,6 +27,9 @@ network_policy:
ingress: ingress:
ingress: ingress:
- from: - from:
- podSelector:
matchLabels:
application: ceph
- podSelector: - podSelector:
matchLabels: matchLabels:
application: keystone application: keystone

View File

@ -38,11 +38,39 @@ bootstrap:
conf: conf:
rgw_ks: rgw_ks:
enabled: true enabled: true
network_policy:
ceph:
ingress:
- from:
- podSelector:
matchLabels:
application: glance
- podSelector:
matchLabels:
application: cinder
- podSelector:
matchLabels:
application: libvirt
- podSelector:
matchLabels:
application: nova
- podSelector:
matchLabels:
application: ceph
- podSelector:
matchLabels:
application: ingress
ports:
- protocol: TCP
port: 8088
manifests:
network_policy: true
EOF EOF
: ${OSH_INFRA_PATH:="../openstack-helm-infra"} : ${OSH_INFRA_PATH:="../openstack-helm-infra"}
helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \ helm upgrade --install radosgw-openstack ${OSH_INFRA_PATH}/ceph-rgw \
--namespace=openstack \ --namespace=openstack \
--set manifests.network_policy=true \
--values=/tmp/radosgw-openstack.yaml \ --values=/tmp/radosgw-openstack.yaml \
${OSH_EXTRA_HELM_ARGS} \ ${OSH_EXTRA_HELM_ARGS} \
${OSH_EXTRA_HELM_ARGS_HEAT} ${OSH_EXTRA_HELM_ARGS_HEAT}