explicit network-policy

2 files changed, 27 insertions, 20 deletions

diff --git a/tools/elasticsearch/network-policy.yaml b/tools/elasticsearch/network-policy.yaml
new file mode 100644
index 0000000..8665861
--- /dev/null
+++ b/tools/elasticsearch/network-policy.yaml
@@ -0,0 +1,27 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-logstash-and-grafana-to-elasticsearch
+  namespace: monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: elasticsearch
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: logstash
+      ports:
+        - protocol: TCP
+          port: 9200
+    - from:
+        - podSelector:
+            matchLabels:
+              app.kubernetes.io/name: grafana
+      ports:
+        - protocol: TCP
+          port: 9200
+
diff --git a/tools/elasticsearch/values.yaml b/tools/elasticsearch/values.yaml
index e769dc6..c052ff4 100644
--- a/tools/elasticsearch/values.yaml
+++ b/tools/elasticsearch/values.yaml
@@ -9,26 +9,6 @@ elasticsearch:
         storage: 10Gi
   labels:
     app.kubernetes.io/name: elasticsearch
-  networkPolicy:
-    http:
-      enabled: true
-    transport:
-      enabled: true
-    additionalRules:
-      - from:
-          - podSelector:
-              matchLabels:
-                app.kubernetes.io/name: logstash
-        ports:
-          - protocol: TCP
-            port: 9200
-      - from:
-          - podSelector:
-              matchLabels:
-                app.kubernetes.io/name: grafana
-        ports:
-          - protocol: TCP
-            port: 9200
 logstash:
   enabled: true
   replicas: 1