From 8586239a60c87210af704d1ba7bf1a11664bc191 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Sun, 31 Dec 2023 04:00:13 +0100
Subject: [PATCH] chore(monitoring): Restrict access to monitoring to VPN

---
 clusters/k8s01/monitoring/ingress.yaml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/clusters/k8s01/monitoring/ingress.yaml b/clusters/k8s01/monitoring/ingress.yaml
index 17681e5e9..22ab51cc9 100644
--- a/clusters/k8s01/monitoring/ingress.yaml
+++ b/clusters/k8s01/monitoring/ingress.yaml
@@ -7,6 +7,7 @@ metadata:
         nginx.ingress.kubernetes.io/auth-response-headers: Authorization
         nginx.ingress.kubernetes.io/auth-url: https://$host/oauth2/auth
         nginx.ingress.kubernetes.io/auth-signin: https://$host/oauth2/start?rd=$escaped_request_uri
+        nginx.ingress.kubernetes.io/whitelist-source-range: 10.0.0.0/8,172.16.0.0/12,192.168.0.0/16,100.64.0.0/24
 spec:
     rules:
         - host: ENC[AES256_GCM,data:k1mCBDKYvRLLC489r7yvk9PRDsQh5IgUpOaOfdhpQCwUNN8=,iv:AuBQnC2duZJM5/aYASq6gcovFPhECGk9EWjMaBgeRzQ=,tag:VdMb/Rn54dWpbDjxbEjPvA==,type:str]
-- 
GitLab