)]}'
{"ceph-rgw/templates/network_policy.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d227152c0bf32f12ccb0db7a3753ace81032f977","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"{{- if .Values.manifests.network_policy -}}"},{"line_number":16,"context_line":"{{- $netpol_opts :\u003d dict \"envAll\" . \"name\" \"application\" \"label\" \"ceph_rgw\" -}}"},{"line_number":17,"context_line":"{{ $netpol_opts | include \"helm-toolkit.manifests.kubernetes_network_policy\" }}"},{"line_number":18,"context_line":"{{- end -}}"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_01237257","line":16,"range":{"start_line":16,"start_character":36,"end_line":16,"end_character":75},"updated":"2019-10-16 19:24:57.000000000","message":"I don\u0027t think `application\u003dceph_rgw` is how the pods are labeled, it\u0027s actually `application\u003dceph,component\u003drgw`\n\nIn this case I think you can get away with:\n\n    \"name\" \"component\" \"label\" \"rgw\"\n\n(with the associated other changes)","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"{{- if .Values.manifests.network_policy -}}"},{"line_number":16,"context_line":"{{- $netpol_opts :\u003d dict \"envAll\" . \"name\" \"application\" \"label\" \"ceph_rgw\" -}}"},{"line_number":17,"context_line":"{{ $netpol_opts | include \"helm-toolkit.manifests.kubernetes_network_policy\" }}"},{"line_number":18,"context_line":"{{- end -}}"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_12941b8a","line":16,"range":{"start_line":16,"start_character":36,"end_line":16,"end_character":75},"in_reply_to":"3fa7e38b_01237257","updated":"2019-10-17 04:25:29.000000000","message":"I will revisit the ceph pods to find the correct label to address this.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d2943ab8be99aa9b5bf8d56bab175fd91368cc0b","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"{{- if .Values.manifests.network_policy -}}"},{"line_number":16,"context_line":"{{- $netpol_opts :\u003d dict \"envAll\" . \"key\" \"rgw\" \"labels\" (dict \"application\" \"ceph\" \"componet\" \"rgw\") -}}"},{"line_number":17,"context_line":"{{ $netpol_opts | include \"helm-toolkit.manifests.kubernetes_network_policy\" }}"},{"line_number":18,"context_line":"{{- end -}}"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_802c00ad","line":16,"range":{"start_line":16,"start_character":85,"end_line":16,"end_character":93},"updated":"2019-10-21 21:46:18.000000000","message":"typo: component","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"2e761fbb417bf531511a31fc9ed0eea7c90ba52a","unresolved":false,"context_lines":[{"line_number":13,"context_line":"# limitations under the License."},{"line_number":14,"context_line":""},{"line_number":15,"context_line":"{{- if .Values.manifests.network_policy -}}"},{"line_number":16,"context_line":"{{- $netpol_opts :\u003d dict \"envAll\" . \"key\" \"rgw\" \"labels\" (dict \"application\" \"ceph\" \"componet\" \"rgw\") -}}"},{"line_number":17,"context_line":"{{ $netpol_opts | include \"helm-toolkit.manifests.kubernetes_network_policy\" }}"},{"line_number":18,"context_line":"{{- end -}}"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_89174b46","line":16,"range":{"start_line":16,"start_character":85,"end_line":16,"end_character":93},"in_reply_to":"3fa7e38b_802c00ad","updated":"2019-10-22 01:42:45.000000000","message":"will fix","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"}],"ceph-rgw/values.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d227152c0bf32f12ccb0db7a3753ace81032f977","unresolved":false,"context_lines":[{"line_number":550,"context_line":"        protocol: UDP"},{"line_number":551,"context_line":""},{"line_number":552,"context_line":"network_policy:"},{"line_number":553,"context_line":"  ceph_rgw:"},{"line_number":554,"context_line":"    ingress:"},{"line_number":555,"context_line":"      - {}"},{"line_number":556,"context_line":"    egress:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_a1d7fe22","line":553,"range":{"start_line":553,"start_character":2,"end_line":553,"end_character":10},"updated":"2019-10-16 19:24:57.000000000","message":"rgw","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":550,"context_line":"        protocol: UDP"},{"line_number":551,"context_line":""},{"line_number":552,"context_line":"network_policy:"},{"line_number":553,"context_line":"  ceph_rgw:"},{"line_number":554,"context_line":"    ingress:"},{"line_number":555,"context_line":"      - {}"},{"line_number":556,"context_line":"    egress:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_b28e6776","line":553,"range":{"start_line":553,"start_character":2,"end_line":553,"end_character":10},"in_reply_to":"3fa7e38b_a1d7fe22","updated":"2019-10-17 04:25:29.000000000","message":"will fix","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"}],"ceph-rgw/values_overrides/netpol.yaml":[{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d227152c0bf32f12ccb0db7a3753ace81032f977","unresolved":false,"context_lines":[{"line_number":1,"context_line":"manifests:"},{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  ceph_rgw:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_81d44221","line":4,"range":{"start_line":4,"start_character":2,"end_line":4,"end_character":10},"updated":"2019-10-16 19:24:57.000000000","message":"rgw","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"manifests:"},{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  ceph_rgw:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_d289a36e","line":4,"range":{"start_line":4,"start_character":2,"end_line":4,"end_character":10},"in_reply_to":"3fa7e38b_81d44221","updated":"2019-10-17 04:25:29.000000000","message":"will fix","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"187e28417dba906f748d6aff7e4aa25a4dd7e0f6","unresolved":false,"context_lines":[{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"},{"line_number":12,"context_line":"            port: 80"},{"line_number":13,"context_line":"          - protocol: TCP"},{"line_number":14,"context_line":"            port: 443"},{"line_number":15,"context_line":"      - to:"},{"line_number":16,"context_line":"        - ipBlock:"},{"line_number":17,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_61358644","line":14,"range":{"start_line":13,"start_character":0,"end_line":14,"end_character":21},"updated":"2019-10-16 19:34:52.000000000","message":"I don\u0027t see 443 in any of the ceph-rgw configuration. Is it really used?","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"},{"line_number":12,"context_line":"            port: 80"},{"line_number":13,"context_line":"          - protocol: TCP"},{"line_number":14,"context_line":"            port: 443"},{"line_number":15,"context_line":"      - to:"},{"line_number":16,"context_line":"        - ipBlock:"},{"line_number":17,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_32f037fd","line":14,"range":{"start_line":13,"start_character":0,"end_line":14,"end_character":21},"in_reply_to":"3fa7e38b_61358644","updated":"2019-10-17 04:25:29.000000000","message":"given that 80/http is used, there might be a chance 443/https is also be being used, this is placed in just in case.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":28849,"name":"Meghan Heisler","email":"mkheisler93@gmail.com","username":"mh783g"},"change_message_id":"45be4ecbb132ba5bd29dde9fc3e9d827bd8df77f","unresolved":false,"context_lines":[{"line_number":1,"context_line":"manifests:"},{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  ceph_rgw:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_7978a42a","line":4,"range":{"start_line":4,"start_character":2,"end_line":4,"end_character":10},"updated":"2019-10-21 16:47:08.000000000","message":"not sure if you missed this one, but it should be just rgw to match the ceph-rgw values.yaml label used","commit_id":"b3c09aeb41baafff4e8c2df8bb27302c9cd521e7"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"33e92fac8afd70136c8eb94e7c8f1fa2bb1a7733","unresolved":false,"context_lines":[{"line_number":1,"context_line":"manifests:"},{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  ceph_rgw:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"}],"source_content_type":"text/x-yaml","patch_set":23,"id":"3fa7e38b_60c1c4e4","line":4,"range":{"start_line":4,"start_character":2,"end_line":4,"end_character":10},"in_reply_to":"3fa7e38b_7978a42a","updated":"2019-10-21 21:29:35.000000000","message":"Nice catch, will fix","commit_id":"b3c09aeb41baafff4e8c2df8bb27302c9cd521e7"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d2943ab8be99aa9b5bf8d56bab175fd91368cc0b","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"},{"line_number":8,"context_line":"            cidr: 172.17.0.1/16"},{"line_number":9,"context_line":"      - to:"},{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_036edac8","line":8,"range":{"start_line":8,"start_character":18,"end_line":8,"end_character":31},"updated":"2019-10-21 21:46:18.000000000","message":"where does this value come from?\nalso, it seems like it should be either 172.17.0.0/16 or 172.17.0.1/32.","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"2e761fbb417bf531511a31fc9ed0eea7c90ba52a","unresolved":false,"context_lines":[{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - ipBlock:"},{"line_number":8,"context_line":"            cidr: 172.17.0.1/16"},{"line_number":9,"context_line":"      - to:"},{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_a93ec7b6","line":8,"range":{"start_line":8,"start_character":18,"end_line":8,"end_character":31},"in_reply_to":"3fa7e38b_036edac8","updated":"2019-10-22 01:42:45.000000000","message":"This network was defined for the ceph deployment in the gate script here:\n\nhttps://github.com/openstack/openstack-helm-infra/blob/13f99c1cfa2a775d548e6515046b381162256c74/tools/deployment/osh-infra-logging/020-ceph.sh#L52","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d2943ab8be99aa9b5bf8d56bab175fd91368cc0b","unresolved":false,"context_lines":[{"line_number":14,"context_line":"            port: 443"},{"line_number":15,"context_line":"      - to:"},{"line_number":16,"context_line":"        - ipBlock:"},{"line_number":17,"context_line":"            cidr: $API_ADDR/32"},{"line_number":18,"context_line":"        ports:"},{"line_number":19,"context_line":"          - protocol: TCP"},{"line_number":20,"context_line":"            port: $API_PORT"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_4374d29c","line":17,"range":{"start_line":17,"start_character":18,"end_line":17,"end_character":27},"updated":"2019-10-21 21:46:18.000000000","message":"where does this substitution happen?","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"2e761fbb417bf531511a31fc9ed0eea7c90ba52a","unresolved":false,"context_lines":[{"line_number":14,"context_line":"            port: 443"},{"line_number":15,"context_line":"      - to:"},{"line_number":16,"context_line":"        - ipBlock:"},{"line_number":17,"context_line":"            cidr: $API_ADDR/32"},{"line_number":18,"context_line":"        ports:"},{"line_number":19,"context_line":"          - protocol: TCP"},{"line_number":20,"context_line":"            port: $API_PORT"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_294bb75f","line":17,"range":{"start_line":17,"start_character":18,"end_line":17,"end_character":27},"in_reply_to":"3fa7e38b_4374d29c","updated":"2019-10-22 01:42:45.000000000","message":"https://review.opendev.org/#/c/685634/10/tools/deployment/common/get-values-overrides.sh - that code will need to be moved to OSH-I as well, will fix.","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":28719,"name":"Phil Sphicas","email":"phil.sphicas@att.com","username":"ps3910"},"change_message_id":"d2943ab8be99aa9b5bf8d56bab175fd91368cc0b","unresolved":false,"context_lines":[{"line_number":17,"context_line":"            cidr: $API_ADDR/32"},{"line_number":18,"context_line":"        ports:"},{"line_number":19,"context_line":"          - protocol: TCP"},{"line_number":20,"context_line":"            port: $API_PORT"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_6379ce91","line":20,"range":{"start_line":20,"start_character":18,"end_line":20,"end_character":27},"updated":"2019-10-21 21:46:18.000000000","message":"ditto","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"2e761fbb417bf531511a31fc9ed0eea7c90ba52a","unresolved":false,"context_lines":[{"line_number":17,"context_line":"            cidr: $API_ADDR/32"},{"line_number":18,"context_line":"        ports:"},{"line_number":19,"context_line":"          - protocol: TCP"},{"line_number":20,"context_line":"            port: $API_PORT"}],"source_content_type":"text/x-yaml","patch_set":24,"id":"3fa7e38b_4950730b","line":20,"range":{"start_line":20,"start_character":18,"end_line":20,"end_character":27},"in_reply_to":"3fa7e38b_6379ce91","updated":"2019-10-22 01:42:45.000000000","message":"See reply above.","commit_id":"e6909df1983226ac6a1004f3ef180cbc394bcb88"}],"helm-toolkit/templates/manifests/_network_policy.tpl":[{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"89b954dbc243a9ca3507e4de3c7a452f163f923b","unresolved":false,"context_lines":[{"line_number":73,"context_line":"        application: myLabel"},{"line_number":74,"context_line":"        component: api"},{"line_number":75,"context_line":"    ingress:"},{"line_number":76,"context_line":"    - from:"},{"line_number":77,"context_line":"      - podSelector:"},{"line_number":78,"context_line":"          matchLabels:"},{"line_number":79,"context_line":"            application: keystone"},{"line_number":80,"context_line":"      ports:"},{"line_number":81,"context_line":"      - protocol: TCP"},{"line_number":82,"context_line":"        port: 80"},{"line_number":83,"context_line":"    egress:"},{"line_number":84,"context_line":"      - to:"},{"line_number":85,"context_line":"          - podSelector:"}],"source_content_type":"text/x-smarty","patch_set":1,"id":"7faddb67_2811ea53","line":82,"range":{"start_line":76,"start_character":0,"end_line":82,"end_character":16},"updated":"2019-09-03 20:48:31.000000000","message":"Can we slide this over to match the indentation on lines 84-102?","commit_id":"a66490996527d69939bb80d5a8f74126a32935a0"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"21feb8caf1bfd935550aea554ea27677cf6ecd89","unresolved":false,"context_lines":[{"line_number":73,"context_line":"        application: myLabel"},{"line_number":74,"context_line":"        component: api"},{"line_number":75,"context_line":"    ingress:"},{"line_number":76,"context_line":"    - from:"},{"line_number":77,"context_line":"      - podSelector:"},{"line_number":78,"context_line":"          matchLabels:"},{"line_number":79,"context_line":"            application: keystone"},{"line_number":80,"context_line":"      ports:"},{"line_number":81,"context_line":"      - protocol: TCP"},{"line_number":82,"context_line":"        port: 80"},{"line_number":83,"context_line":"    egress:"},{"line_number":84,"context_line":"      - to:"},{"line_number":85,"context_line":"          - podSelector:"}],"source_content_type":"text/x-smarty","patch_set":1,"id":"7faddb67_e316934a","line":82,"range":{"start_line":76,"start_character":0,"end_line":82,"end_character":16},"in_reply_to":"7faddb67_2811ea53","updated":"2019-09-03 21:12:51.000000000","message":"Will do on the next patch","commit_id":"a66490996527d69939bb80d5a8f74126a32935a0"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"89b954dbc243a9ca3507e4de3c7a452f163f923b","unresolved":false,"context_lines":[{"line_number":183,"context_line":"{{- end }}"},{"line_number":184,"context_line":"{{- end }}"},{"line_number":185,"context_line":"{{- end }}"},{"line_number":186,"context_line":"{{- if index $envAll.Values.network_policy $label \"egress\" }}"},{"line_number":187,"context_line":"{{ index $envAll.Values.network_policy $label \"egress\" | toYaml | indent 4 }}"},{"line_number":188,"context_line":"{{- end }}"},{"line_number":189,"context_line":"{{- end }}"}],"source_content_type":"text/x-smarty","patch_set":1,"id":"7faddb67_a8263ab9","line":186,"range":{"start_line":186,"start_character":0,"end_line":186,"end_character":61},"updated":"2019-09-03 20:48:31.000000000","message":"Don\u0027t we want this line to be before line 148?","commit_id":"a66490996527d69939bb80d5a8f74126a32935a0"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"21feb8caf1bfd935550aea554ea27677cf6ecd89","unresolved":false,"context_lines":[{"line_number":183,"context_line":"{{- end }}"},{"line_number":184,"context_line":"{{- end }}"},{"line_number":185,"context_line":"{{- end }}"},{"line_number":186,"context_line":"{{- if index $envAll.Values.network_policy $label \"egress\" }}"},{"line_number":187,"context_line":"{{ index $envAll.Values.network_policy $label \"egress\" | toYaml | indent 4 }}"},{"line_number":188,"context_line":"{{- end }}"},{"line_number":189,"context_line":"{{- end }}"}],"source_content_type":"text/x-smarty","patch_set":1,"id":"7faddb67_0342cf3b","line":186,"range":{"start_line":186,"start_character":0,"end_line":186,"end_character":61},"in_reply_to":"7faddb67_a8263ab9","updated":"2019-09-03 21:12:51.000000000","message":"No. This if is to pick up user specified egress rule. The block before is for the autogeneration. If a user doesn\u0027t specify new/different egress rule, we should still automatically generate the endpoints-based rules.","commit_id":"a66490996527d69939bb80d5a8f74126a32935a0"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"c0b42d47ebbe67f3f463a0e4cfb7810daa3200ca","unresolved":false,"context_lines":[{"line_number":47,"context_line":"        - protocol: TCP"},{"line_number":48,"context_line":"          port: 80"},{"line_number":49,"context_line":"      egress:"},{"line_number":50,"context_line":"      - ports:"},{"line_number":51,"context_line":"        - to:"},{"line_number":52,"context_line":"          - namespaceSelector:"},{"line_number":53,"context_line":"              matchLabels:"},{"line_number":54,"context_line":"                name: default"},{"line_number":55,"context_line":"          - namespaceSelector:"},{"line_number":56,"context_line":"              matchLabels:"},{"line_number":57,"context_line":"                name: kube-public"},{"line_number":58,"context_line":"usage: |"},{"line_number":59,"context_line":"  {{ dict \"envAll\" . \"name\" \"application\" \"label\" \"myLabel\" | include \"helm-toolkit.manifests.kubernetes_network_policy\" }}"},{"line_number":60,"context_line":"return: |"}],"source_content_type":"text/x-smarty","patch_set":3,"id":"7faddb67_34adc330","line":57,"range":{"start_line":50,"start_character":0,"end_line":57,"end_character":33},"updated":"2019-09-04 02:51:05.000000000","message":"this comment is incorrect from copy \u0026 paste. will correct next patch.","commit_id":"7961788e3d9749edfbfdc795821b5d71a5270a28"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"187e28417dba906f748d6aff7e4aa25a4dd7e0f6","unresolved":false,"context_lines":[{"line_number":47,"context_line":"        - protocol: TCP"},{"line_number":48,"context_line":"          port: 80"},{"line_number":49,"context_line":"      egress:"},{"line_number":50,"context_line":"      - ports:"},{"line_number":51,"context_line":"        - to:"},{"line_number":52,"context_line":"          - namespaceSelector:"},{"line_number":53,"context_line":"              matchLabels:"},{"line_number":54,"context_line":"                name: default"}],"source_content_type":"text/x-smarty","patch_set":20,"id":"3fa7e38b_41572acb","line":51,"range":{"start_line":50,"start_character":0,"end_line":51,"end_character":13},"updated":"2019-10-16 19:34:52.000000000","message":"This doesn\u0027t make sense. In k8s policy, \"ports\" is an attribute of the \"to\" or the \"from\" clause. And also, there is no port specified here. Delete \"- ports\" and I think that\u0027s what you want.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":47,"context_line":"        - protocol: TCP"},{"line_number":48,"context_line":"          port: 80"},{"line_number":49,"context_line":"      egress:"},{"line_number":50,"context_line":"      - ports:"},{"line_number":51,"context_line":"        - to:"},{"line_number":52,"context_line":"          - namespaceSelector:"},{"line_number":53,"context_line":"              matchLabels:"},{"line_number":54,"context_line":"                name: default"}],"source_content_type":"text/x-smarty","patch_set":20,"id":"3fa7e38b_527e136a","line":51,"range":{"start_line":50,"start_character":0,"end_line":51,"end_character":13},"in_reply_to":"3fa7e38b_41572acb","updated":"2019-10-17 04:25:29.000000000","message":"I suspect a merge conflict caused to change. Will fix.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"}],"rabbitmq/values_overrides/netpol.yaml":[{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"187e28417dba906f748d6aff7e4aa25a4dd7e0f6","unresolved":false,"context_lines":[{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  rabbitmq:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - podSelector:"},{"line_number":8,"context_line":"            matchLabels:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_e16f365d","line":5,"range":{"start_line":5,"start_character":0,"end_line":5,"end_character":11},"updated":"2019-10-16 19:34:52.000000000","message":"Missing prometheus, via port 9090.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  rabbitmq:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - podSelector:"},{"line_number":8,"context_line":"            matchLabels:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_f2ddbf6f","line":5,"range":{"start_line":5,"start_character":0,"end_line":5,"end_character":11},"in_reply_to":"3fa7e38b_e16f365d","updated":"2019-10-17 04:25:29.000000000","message":"Does rabbit call prometheus directly?","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"195b42163c718e1879d64cdc2de4d6529f96919d","unresolved":false,"context_lines":[{"line_number":2,"context_line":"  network_policy: true"},{"line_number":3,"context_line":"network_policy:"},{"line_number":4,"context_line":"  rabbitmq:"},{"line_number":5,"context_line":"    egress:"},{"line_number":6,"context_line":"      - to:"},{"line_number":7,"context_line":"        - podSelector:"},{"line_number":8,"context_line":"            matchLabels:"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_2b66442b","line":5,"range":{"start_line":5,"start_character":0,"end_line":5,"end_character":11},"in_reply_to":"3fa7e38b_f2ddbf6f","updated":"2019-10-22 14:09:33.000000000","message":"Actually, I discovered today that the rabbit exporter is its own application.  So there needs to be a separate policy for it:\n    application: prometheus_rabbitmq_exporter\n    component: exporter\nThat application does call prometheus directly, so it would need to have port 9090 in its egress policy.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"187e28417dba906f748d6aff7e4aa25a4dd7e0f6","unresolved":false,"context_lines":[{"line_number":8,"context_line":"            matchLabels:"},{"line_number":9,"context_line":"              application: rabbitmq"},{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"},{"line_number":12,"context_line":"            port: 4369"},{"line_number":13,"context_line":"          - protocol: TCP"},{"line_number":14,"context_line":"            port: 35197"},{"line_number":15,"context_line":"          - protocol: TCP"},{"line_number":16,"context_line":"            port: 25672"},{"line_number":17,"context_line":"      - to:"},{"line_number":18,"context_line":"        - ipBlock:"},{"line_number":19,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_e1d2d6fc","line":16,"range":{"start_line":11,"start_character":0,"end_line":16,"end_character":23},"updated":"2019-10-16 19:34:52.000000000","message":"Where do these ports come from? I don\u0027t see them in the endpoints section or in any of the other rabbit configuration.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"fdb0229af61ae4fae5261791350cad0b1667cb6f","unresolved":false,"context_lines":[{"line_number":8,"context_line":"            matchLabels:"},{"line_number":9,"context_line":"              application: rabbitmq"},{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"},{"line_number":12,"context_line":"            port: 4369"},{"line_number":13,"context_line":"          - protocol: TCP"},{"line_number":14,"context_line":"            port: 35197"},{"line_number":15,"context_line":"          - protocol: TCP"},{"line_number":16,"context_line":"            port: 25672"},{"line_number":17,"context_line":"      - to:"},{"line_number":18,"context_line":"        - ipBlock:"},{"line_number":19,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_32c917ab","line":16,"range":{"start_line":11,"start_character":0,"end_line":16,"end_character":23},"in_reply_to":"3fa7e38b_bce3a033","updated":"2019-10-17 04:25:29.000000000","message":"PORT 35197 set by inet_dist_listen_min/max Firewalls must permit traffic in this range to pass between clustered nodes. Probably not needed, but place in just in case. Per Evgeniy - I will add comments so folks know where these port numbers are from.","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":8749,"name":"Evgeniy L","email":"eli@mirantis.com","username":"evgeniyl"},"change_message_id":"c320793d3864ed256937e24d259a6fe35f331b81","unresolved":false,"context_lines":[{"line_number":8,"context_line":"            matchLabels:"},{"line_number":9,"context_line":"              application: rabbitmq"},{"line_number":10,"context_line":"        ports:"},{"line_number":11,"context_line":"          - protocol: TCP"},{"line_number":12,"context_line":"            port: 4369"},{"line_number":13,"context_line":"          - protocol: TCP"},{"line_number":14,"context_line":"            port: 35197"},{"line_number":15,"context_line":"          - protocol: TCP"},{"line_number":16,"context_line":"            port: 25672"},{"line_number":17,"context_line":"      - to:"},{"line_number":18,"context_line":"        - ipBlock:"},{"line_number":19,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":20,"id":"3fa7e38b_bce3a033","line":16,"range":{"start_line":11,"start_character":0,"end_line":16,"end_character":23},"in_reply_to":"3fa7e38b_e1d2d6fc","updated":"2019-10-16 23:32:06.000000000","message":"I don\u0027t know what is 35197, 4369 is empd port and 25672 is clustering.\n\nI have some comment in ingress patch for that: https://review.opendev.org/#/c/682490/10/rabbitmq/values_overrides/netpol.yaml","commit_id":"5eddbce553d593e874de1af3550e1bf90aeb99f1"},{"author":{"_account_id":22636,"name":"Cliff Parsons","email":"cliffhparsons@aol.com","username":"cliffparsons"},"change_message_id":"cb1fce81bca3692c1e42b581e41ef7df893f09f2","unresolved":false,"context_lines":[{"line_number":16,"context_line":"            port: 25672"},{"line_number":17,"context_line":"          # NOTE(lamt): Set by inet_dist_listen_{min/max}. Firewalls must"},{"line_number":18,"context_line":"          # permit traffic in this range to pass between clustered nodes."},{"line_number":19,"context_line":"          # - protocol: TCP"},{"line_number":20,"context_line":"          #  port: 35197"},{"line_number":21,"context_line":"      - to:"},{"line_number":22,"context_line":"        - ipBlock:"},{"line_number":23,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":25,"id":"3fa7e38b_06049d7d","line":20,"range":{"start_line":19,"start_character":0,"end_line":20,"end_character":24},"updated":"2019-10-22 14:33:34.000000000","message":"is this pending investigation? or do we need it here?","commit_id":"12b1b1960e528d24dd19f976cc33f17f99a0f91d"},{"author":{"_account_id":20466,"name":"Tin Lam","email":"tin@lam.wtf","username":"tinlam"},"change_message_id":"c44064aca0b4938fb27100d181d6044ae23adc3d","unresolved":false,"context_lines":[{"line_number":16,"context_line":"            port: 25672"},{"line_number":17,"context_line":"          # NOTE(lamt): Set by inet_dist_listen_{min/max}. Firewalls must"},{"line_number":18,"context_line":"          # permit traffic in this range to pass between clustered nodes."},{"line_number":19,"context_line":"          # - protocol: TCP"},{"line_number":20,"context_line":"          #  port: 35197"},{"line_number":21,"context_line":"      - to:"},{"line_number":22,"context_line":"        - ipBlock:"},{"line_number":23,"context_line":"            cidr: $API_ADDR/32"}],"source_content_type":"text/x-yaml","patch_set":25,"id":"3fa7e38b_2ffded3a","line":20,"range":{"start_line":19,"start_character":0,"end_line":20,"end_character":24},"in_reply_to":"3fa7e38b_06049d7d","updated":"2019-10-22 16:30:27.000000000","message":"It is left here as a comment for those who needs it as a reminder in case this port applies to them.","commit_id":"12b1b1960e528d24dd19f976cc33f17f99a0f91d"}]}