From fc4d01b3e57cb3bb49bb6840698a3f69dc57917b Mon Sep 17 00:00:00 2001
From: Stefan Prodan <stefan.prodan@gmail.com>
Date: Sun, 11 Oct 2020 13:48:06 +0300
Subject: [PATCH] Allow scraping and webhooks

Signed-off-by: Stefan Prodan <stefan.prodan@gmail.com>
---
 manifests/policies/allow-scraping.yaml | 14 ++++++++++++++
 manifests/policies/allow-webhooks.yaml | 13 +++++++++++++
 manifests/policies/deny-ingress.yaml   |  2 +-
 manifests/policies/kustomization.yaml  |  2 ++
 4 files changed, 30 insertions(+), 1 deletion(-)
 create mode 100644 manifests/policies/allow-scraping.yaml
 create mode 100644 manifests/policies/allow-webhooks.yaml

diff --git a/manifests/policies/allow-scraping.yaml b/manifests/policies/allow-scraping.yaml
new file mode 100644
index 00000000..0daf25a1
--- /dev/null
+++ b/manifests/policies/allow-scraping.yaml
@@ -0,0 +1,14 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-scraping
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+      ports:
+        - protocol: TCP
+          port: 8080
+  podSelector: {}
diff --git a/manifests/policies/allow-webhooks.yaml b/manifests/policies/allow-webhooks.yaml
new file mode 100644
index 00000000..4f0622d4
--- /dev/null
+++ b/manifests/policies/allow-webhooks.yaml
@@ -0,0 +1,13 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-webhooks
+spec:
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector: {}
+  podSelector:
+    matchLabels:
+      app: notification-controller
diff --git a/manifests/policies/deny-ingress.yaml b/manifests/policies/deny-ingress.yaml
index 92550512..5577032b 100644
--- a/manifests/policies/deny-ingress.yaml
+++ b/manifests/policies/deny-ingress.yaml
@@ -3,9 +3,9 @@ kind: NetworkPolicy
 metadata:
   name: deny-ingress
 spec:
-  podSelector: {}
   policyTypes:
     - Ingress
   ingress:
   - from:
     - podSelector: {}
+  podSelector: {}
diff --git a/manifests/policies/kustomization.yaml b/manifests/policies/kustomization.yaml
index f535811d..6884c916 100644
--- a/manifests/policies/kustomization.yaml
+++ b/manifests/policies/kustomization.yaml
@@ -2,3 +2,5 @@ apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 resources:
   - deny-ingress.yaml
+  - allow-scraping.yaml
+  - allow-webhooks.yaml
-- 
GitLab