From e56b7b6644190feef06fe9e68bb3f170bd2d7e95 Mon Sep 17 00:00:00 2001
From: Sheogorath <sheogorath@shivering-isles.com>
Date: Wed, 2 Feb 2022 21:28:33 +0100
Subject: [PATCH] fix(monitoring): Allow exposure through ingress

This patch allows network requests from the ingress namespace(s) by
adding our shared network policy.
---
 infrastructure/monitoring/kustomization.yaml |  3 +++
 infrastructure/monitoring/networkpolicy.yaml | 14 ++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 infrastructure/monitoring/networkpolicy.yaml

diff --git a/infrastructure/monitoring/kustomization.yaml b/infrastructure/monitoring/kustomization.yaml
index ab59d1481..d88ac8cc5 100644
--- a/infrastructure/monitoring/kustomization.yaml
+++ b/infrastructure/monitoring/kustomization.yaml
@@ -6,3 +6,6 @@ resources:
   - repository.yaml
   - release.yaml
   - ../../shared/networkpolicies/allow-from-same-namespace.yaml
+  - ../../shared/networkpolicies/allow-from-ingress.yaml
+patchesStrategicMerge:
+  - networkpolicy.yaml
diff --git a/infrastructure/monitoring/networkpolicy.yaml b/infrastructure/monitoring/networkpolicy.yaml
new file mode 100644
index 000000000..460c09edf
--- /dev/null
+++ b/infrastructure/monitoring/networkpolicy.yaml
@@ -0,0 +1,14 @@
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-from-ingress
+spec:
+  podSelector:
+    matchExpressions:
+      - key: app.kubernetes.io/name
+        operator: In
+        values:
+          - alertmanager
+          - grafana
+          - prometheus
-- 
GitLab