about summary refs log tree commit diff
path: root/tools/monitoring
diff options
context:
space:
mode:
authormakefunstuff <[email protected]>2024-06-28 21:22:25 +0200
committermakefunstuff <[email protected]>2024-06-28 21:22:25 +0200
commit17108bfc644a27372b830e550ea8eba91dc5c6da (patch)
treee12a01de2b18828d041e1cc114b062fbb85820cb /tools/monitoring
parent70c535f34fb71645ab0f31392430060645ebeeec (diff)
downloadk3s-lab-17108bfc644a27372b830e550ea8eba91dc5c6da.tar.gz
more networking
Diffstat (limited to '')
-rw-r--r--tools/monitoring/templates/network-policy.yaml51
1 files changed, 35 insertions, 16 deletions
diff --git a/tools/monitoring/templates/network-policy.yaml b/tools/monitoring/templates/network-policy.yaml
index 9e8bd65..b50c3af 100644
--- a/tools/monitoring/templates/network-policy.yaml
+++ b/tools/monitoring/templates/network-policy.yaml
@@ -6,15 +6,14 @@ metadata:
 spec:
   podSelector: {}
   policyTypes:
-  - Ingress
-  - Egress
+    - Ingress
+    - Egress
   ingress:
-  - from:
-    - podSelector: {}
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: monitoring
+    - from:
+        - podSelector: {}
+  egress:
+    - to:
+        - podSelector: {}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -25,14 +24,34 @@ spec:
   podSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+  policyTypes:
+    - Ingress
   ingress:
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
-    - podSelector:
-        matchLabels:
-          app: traefik
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              name: kube-system
+        - podSelector:
+            matchLabels:
+              app: traefik
+        - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-external-ingress-to-grafana
+  namespace: monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
   policyTypes:
-  - Ingress
+    - Ingress
+  ingress:
+    - from: 
+        - ipBlock:
+            cidr: 0.0.0.0/0
+  egress:
+    - to:
+        - podSelector: {}