apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-grafana-to-prometheus namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: grafana policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring - podSelector: matchLabels: app.kubernetes.io/name: prometheus-server ports: - protocol: TCP port: 9090 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-grafana-to-elasticsearch namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: grafana policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring - podSelector: matchLabels: app.kubernetes.io/name: elasticsearch-master ports: - protocol: TCP port: 9200 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-grafana-to-logstash namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: grafana policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring - podSelector: matchLabels: app.kubernetes.io/name: logstash ports: - protocol: TCP port: 5044 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-otel-collector-to-logstash namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: opentelemetry-collector policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring - podSelector: matchLabels: app.kubernetes.io/name: logstash ports: - protocol: TCP port: 5044 --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-otel-collector-to-prometheus namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: opentelemetry-collector policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: monitoring - podSelector: matchLabels: app.kubernetes.io/name: prometheus-server ports: - protocol: TCP port: 9090