diff options
| author | makefunstuff <[email protected]> | 2024-06-28 20:44:38 +0200 |
|---|---|---|
| committer | makefunstuff <[email protected]> | 2024-06-28 20:44:38 +0200 |
| commit | 5ebe69d014eb73650034944899fbc49210132c77 (patch) | |
| tree | b4ff2c021de6e83fe2a99c0c0bbe0762cecd2732 /tools/monitoring | |
| parent | f4c3f6cefa7911c807c1d911b2913fb2fd6f5475 (diff) | |
| download | k3s-lab-5ebe69d014eb73650034944899fbc49210132c77.tar.gz | |
add network policies
Diffstat (limited to 'tools/monitoring')
| -rw-r--r-- | tools/monitoring/templates/network-policies.yaml | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/tools/monitoring/templates/network-policies.yaml b/tools/monitoring/templates/network-policies.yaml new file mode 100644 index 0000000..ec76582 --- /dev/null +++ b/tools/monitoring/templates/network-policies.yaml @@ -0,0 +1,119 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-prometheus + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-server + ports: + - protocol: TCP + port: 9090 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-elasticsearch + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: elasticsearch-master + ports: + - protocol: TCP + port: 9200 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-logstash + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: logstash + ports: + - protocol: TCP + port: 5044 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-otel-collector-to-logstash + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: opentelemetry-collector + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: logstash + ports: + - protocol: TCP + port: 5044 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-otel-collector-to-prometheus + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: opentelemetry-collector + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-server + ports: + - protocol: TCP + port: 9090 + |