diff options
-rw-r--r-- | tools/monitoring/templates/network-policies.yaml | 119 |
1 files changed, 119 insertions, 0 deletions
diff --git a/tools/monitoring/templates/network-policies.yaml b/tools/monitoring/templates/network-policies.yaml new file mode 100644 index 0000000..ec76582 --- /dev/null +++ b/tools/monitoring/templates/network-policies.yaml @@ -0,0 +1,119 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-prometheus + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-server + ports: + - protocol: TCP + port: 9090 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-elasticsearch + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: elasticsearch-master + ports: + - protocol: TCP + port: 9200 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-grafana-to-logstash + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: grafana + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: logstash + ports: + - protocol: TCP + port: 5044 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-otel-collector-to-logstash + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: opentelemetry-collector + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: logstash + ports: + - protocol: TCP + port: 5044 + +--- +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-otel-collector-to-prometheus + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: opentelemetry-collector + policyTypes: + - Ingress + ingress: + - from: + - namespaceSelector: + matchLabels: + name: monitoring + - podSelector: + matchLabels: + app.kubernetes.io/name: prometheus-server + ports: + - protocol: TCP + port: 9090 + |