From 2bdace92a8273c89ad97665f9ea01f568d0d7c79 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 2 Feb 2022 01:14:06 +0100
Subject: [PATCH] fix(goharbor): Fix broken monitoring

This patch adds a new network policy to allow traffic from the
monitoring namespace to access the exporter endpoints. Since it's not
using allow right now, prometheus reports target down.
---
 apps/base/goharbor/kustomization.yaml             |  1 +
 apps/base/goharbor/networkpolicy.yaml             | 10 ++++++++++
 shared/networkpolicies/allow-from-monitoring.yaml | 12 ++++++++++++
 3 files changed, 23 insertions(+)
 create mode 100644 shared/networkpolicies/allow-from-monitoring.yaml

diff --git a/apps/base/goharbor/kustomization.yaml b/apps/base/goharbor/kustomization.yaml
index ae068bbaa..b4d360b94 100644
--- a/apps/base/goharbor/kustomization.yaml
+++ b/apps/base/goharbor/kustomization.yaml
@@ -6,5 +6,6 @@ resources:
   - repository.yaml
   - release.yaml
   - ../../../shared/networkpolicies/allow-from-ingress.yaml
+  - ../../../shared/networkpolicies/allow-from-monitoring.yaml
 patchesStrategicMerge:
   - networkpolicy.yaml
diff --git a/apps/base/goharbor/networkpolicy.yaml b/apps/base/goharbor/networkpolicy.yaml
index a0c21ef64..8aaab3d51 100644
--- a/apps/base/goharbor/networkpolicy.yaml
+++ b/apps/base/goharbor/networkpolicy.yaml
@@ -7,3 +7,13 @@ spec:
   podSelector:
     matchLabels:
       app: harbor
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  podSelector:
+    matchLabels:
+      app: harbor
+      release: harbor
diff --git a/shared/networkpolicies/allow-from-monitoring.yaml b/shared/networkpolicies/allow-from-monitoring.yaml
new file mode 100644
index 000000000..5ca30bd36
--- /dev/null
+++ b/shared/networkpolicies/allow-from-monitoring.yaml
@@ -0,0 +1,12 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-monitoring
+spec:
+  policyTypes:
+  - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          monitoring.shivering-isles.com/network-access-required: "true"
-- 
GitLab