From d555bdcec06c258bd1fee3735c7d7b5348632885 Mon Sep 17 00:00:00 2001 From: makefunstuff Date: Sat, 29 Jun 2024 00:45:31 +0300 Subject: explicit network-policy --- tools/elasticsearch/network-policy.yaml | 27 +++++++++++++++++++++++++++ tools/elasticsearch/values.yaml | 20 -------------------- 2 files changed, 27 insertions(+), 20 deletions(-) create mode 100644 tools/elasticsearch/network-policy.yaml (limited to 'tools') diff --git a/tools/elasticsearch/network-policy.yaml b/tools/elasticsearch/network-policy.yaml new file mode 100644 index 0000000..8665861 --- /dev/null +++ b/tools/elasticsearch/network-policy.yaml @@ -0,0 +1,27 @@ +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-logstash-and-grafana-to-elasticsearch + namespace: monitoring +spec: + podSelector: + matchLabels: + app.kubernetes.io/name: elasticsearch + policyTypes: + - Ingress + ingress: + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: logstash + ports: + - protocol: TCP + port: 9200 + - from: + - podSelector: + matchLabels: + app.kubernetes.io/name: grafana + ports: + - protocol: TCP + port: 9200 + diff --git a/tools/elasticsearch/values.yaml b/tools/elasticsearch/values.yaml index e769dc6..c052ff4 100644 --- a/tools/elasticsearch/values.yaml +++ b/tools/elasticsearch/values.yaml @@ -9,26 +9,6 @@ elasticsearch: storage: 10Gi labels: app.kubernetes.io/name: elasticsearch - networkPolicy: - http: - enabled: true - transport: - enabled: true - additionalRules: - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: logstash - ports: - - protocol: TCP - port: 9200 - - from: - - podSelector: - matchLabels: - app.kubernetes.io/name: grafana - ports: - - protocol: TCP - port: 9200 logstash: enabled: true replicas: 1 -- cgit 1.4.1-2-gfad0