From 3f3b56e247d74a1d27ef62d20c8b224f7db0dfe6 Mon Sep 17 00:00:00 2001
From: Arthur Silva Sens <arthursens2005@gmail.com>
Date: Fri, 18 Feb 2022 15:56:39 +0000
Subject: [PATCH] alertmanager/networkPolicy: Allow cluster peer-to-peer
 communication

Signed-off-by: GitHub <noreply@github.com>
(cherry picked from commit df68b8d1da5d2d91b9502d4be67063c2c497e0cb)
---
 .../components/alertmanager.libsonnet         | 43 +++++++++++++------
 manifests/alertmanager-networkPolicy.yaml     |  9 ++++
 2 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet
index 7dc43b3b..364b1a35 100644
--- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet
+++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet
@@ -113,19 +113,38 @@ function(params) {
       },
       policyTypes: ['Egress', 'Ingress'],
       egress: [{}],
-      ingress: [{
-        from: [{
-          podSelector: {
-            matchLabels: {
-              'app.kubernetes.io/name': 'prometheus',
+      ingress: [
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'prometheus',
+              },
             },
-          },
-        }],
-        ports: std.map(function(o) {
-          port: o.port,
-          protocol: 'TCP',
-        }, am.service.spec.ports),
-      }],
+          }],
+          ports: std.map(function(o) {
+            port: o.port,
+            protocol: 'TCP',
+          }, am.service.spec.ports),
+        },
+        // Alertmanager cluster peer-to-peer communication
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'alertmanager',
+              },
+            },
+          }],
+          ports: [{
+            port: 9094,
+            protocol: 'TCP',
+          }, {
+            port: 9094,
+            protocol: 'UDP',
+          }],
+        },
+      ],
     },
   },
 
diff --git a/manifests/alertmanager-networkPolicy.yaml b/manifests/alertmanager-networkPolicy.yaml
index d9f01424..11b1a992 100644
--- a/manifests/alertmanager-networkPolicy.yaml
+++ b/manifests/alertmanager-networkPolicy.yaml
@@ -22,6 +22,15 @@ spec:
       protocol: TCP
     - port: 8080
       protocol: TCP
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: alertmanager
+    ports:
+    - port: 9094
+      protocol: TCP
+    - port: 9094
+      protocol: UDP
   podSelector:
     matchLabels:
       app.kubernetes.io/component: alert-router
-- 
GitLab