apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-all-internal namespace: monitoring spec: podSelector: {} policyTypes: - Ingress - Egress ingress: - from: - podSelector: {} egress: - to: - podSelector: {} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-ingress-to-grafana namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: grafana policyTypes: - Ingress ingress: - from: - namespaceSelector: matchLabels: name: kube-system - podSelector: matchLabels: app: traefik - {} --- apiVersion: networking.k8s.io/v1 kind: NetworkPolicy metadata: name: allow-external-ingress-to-grafana namespace: monitoring spec: podSelector: matchLabels: app.kubernetes.io/name: grafana policyTypes: - Ingress ingress: - from: - ipBlock: cidr: 0.0.0.0/0 egress: - to: - podSelector: {}