From d3941f904503140ca2413f2ce5190381606bfb23 Mon Sep 17 00:00:00 2001
From: Roeland van Batenburg <roelandvanbatenburg@gmail.com>
Date: Fri, 16 Dec 2022 15:11:24 +0100
Subject: [PATCH] illustrate adding to networkpolicies (#1960)

---
 ...prometheus-alertmanager-grafana-ingress.md | 34 ++++++++++++++++++-
 1 file changed, 33 insertions(+), 1 deletion(-)

diff --git a/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md b/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md
index 650004d8..883b37db 100644
--- a/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md
+++ b/docs/customizations/exposing-prometheus-alertmanager-grafana-ingress.md
@@ -105,7 +105,7 @@ In order to expose Alertmanager and Grafana, simply create additional fields con
 
 In order to render the ingress objects similar to the other objects use as demonstrated in the [main readme](https://github.com/prometheus-operator/kube-prometheus/tree/main/README.md):
 
-```
+```jsonnet
 { ['00namespace-' + name]: kp.kubePrometheus[name] for name in std.objectFields(kp.kubePrometheus) } +
 { ['0prometheus-operator-' + name]: kp.prometheusOperator[name] for name in std.objectFields(kp.prometheusOperator) } +
 { ['node-exporter-' + name]: kp.nodeExporter[name] for name in std.objectFields(kp.nodeExporter) } +
@@ -119,3 +119,35 @@ In order to render the ingress objects similar to the other objects use as demon
 Note, that in comparison only the last line was added, the rest is identical to the original.
 
 See [ingress.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/ingress.jsonnet) for an example implementation.
+
+## Adding Ingress namespace to NetworkPolicies
+
+NetworkPolicies restricting access to the components are added by default. These can either be removed as in
+[networkpolicies-disabled.jsonnet](https://github.com/prometheus-operator/kube-prometheus/tree/main/examples/networkpolicies-disabled.jsonnet) or modified as
+described here.
+
+This is an example for grafana, but the same can be applied to alertmanager and prometheus.
+
+```jsonnet
+{
+  alertmanager+:: {
+    networkPolicy+: {
+      spec+: {
+        ingress: [
+          super.ingress[0] + {
+            from+: [
+              {
+                namespaceSelector: {
+                  matchLabels: {
+                    'app.kubernetes.io/name': 'ingress-nginx',
+                  },
+                },
+              },
+            ],
+          },
+        ] + super.ingress[1:],
+      },
+    },
+  },
+}
+```
-- 
GitLab