From 17108bfc644a27372b830e550ea8eba91dc5c6da Mon Sep 17 00:00:00 2001
From: makefunstuff <plugatariov@gmail.com>
Date: Fri, 28 Jun 2024 22:22:25 +0300
Subject: more networking

---
 tools/monitoring/templates/network-policy.yaml | 51 ++++++++++++++++++--------
 1 file changed, 35 insertions(+), 16 deletions(-)

(limited to 'tools/monitoring')

diff --git a/tools/monitoring/templates/network-policy.yaml b/tools/monitoring/templates/network-policy.yaml
index 9e8bd65..b50c3af 100644
--- a/tools/monitoring/templates/network-policy.yaml
+++ b/tools/monitoring/templates/network-policy.yaml
@@ -6,15 +6,14 @@ metadata:
 spec:
   podSelector: {}
   policyTypes:
-  - Ingress
-  - Egress
+    - Ingress
+    - Egress
   ingress:
-  - from:
-    - podSelector: {}
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: monitoring
+    - from:
+        - podSelector: {}
+  egress:
+    - to:
+        - podSelector: {}
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
@@ -25,14 +24,34 @@ spec:
   podSelector:
     matchLabels:
       app.kubernetes.io/name: grafana
+  policyTypes:
+    - Ingress
   ingress:
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          name: kube-system
-    - podSelector:
-        matchLabels:
-          app: traefik
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              name: kube-system
+        - podSelector:
+            matchLabels:
+              app: traefik
+        - {}
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-external-ingress-to-grafana
+  namespace: monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: grafana
   policyTypes:
-  - Ingress
+    - Ingress
+  ingress:
+    - from: 
+        - ipBlock:
+            cidr: 0.0.0.0/0
+  egress:
+    - to:
+        - podSelector: {}
 
-- 
cgit 1.4.1-2-gfad0