From 1f896e394fb2b16a2cca0031ca4d31c8eef7781f Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Tue, 7 Feb 2023 02:50:23 +0100
Subject: [PATCH] fix(monitoring): Fix kustomization for calico network policy

---
 .../monitoring/calico-networkpolicy.yaml        | 17 +++++++++++++++++
 infrastructure/monitoring/kustomization.yaml    |  1 +
 2 files changed, 18 insertions(+)
 create mode 100644 infrastructure/monitoring/calico-networkpolicy.yaml

diff --git a/infrastructure/monitoring/calico-networkpolicy.yaml b/infrastructure/monitoring/calico-networkpolicy.yaml
new file mode 100644
index 000000000..82fac54b6
--- /dev/null
+++ b/infrastructure/monitoring/calico-networkpolicy.yaml
@@ -0,0 +1,17 @@
+---
+apiVersion: projectcalico.org/v3
+kind: NetworkPolicy
+metadata:
+  name: allow-controlplane
+  namespace: monitoring-system
+spec:
+  selector: app.kubernetes.io/instance == 'kube-prometheus-stack'
+  ingress:
+  - action: Allow
+    protocol: TCP
+    source:
+      selector: has(node-role.kubernetes.io/control-plane)
+      namespaceSelector: global()
+    destination:
+      ports:
+      - 10250
\ No newline at end of file
diff --git a/infrastructure/monitoring/kustomization.yaml b/infrastructure/monitoring/kustomization.yaml
index 7304bc07d..23a6e8c3b 100644
--- a/infrastructure/monitoring/kustomization.yaml
+++ b/infrastructure/monitoring/kustomization.yaml
@@ -9,6 +9,7 @@ resources:
   - json-exporter-monitor.yaml
   - ../../shared/networkpolicies/allow-from-same-namespace.yaml
   - ../../shared/networkpolicies/allow-from-ingress.yaml
+  - calico-networkpolicy.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
 configMapGenerator:
-- 
GitLab