Add NetworkPolicy to limit traffic into Prometheus
* Allow traffic from Grafana to Prometheus in monitoring * Allow traffic from Prometheus to Prometheus in monitoring * NetworkPolicy denies non-whitelisted traffic. Define policy to allow other access
This commit is contained in:
parent
36e31fc9fa
commit
41a9d86bc3
|
@ -30,6 +30,7 @@ Notable changes between versions.
|
|||
|
||||
* Update Prometheus from v2.7.1 to [v2.8.0](https://github.com/prometheus/prometheus/releases/tag/v2.8.0)
|
||||
* Refresh rules based on upstreams ([#426](https://github.com/poseidon/typhoon/pull/426))
|
||||
* Define NetworkPolicy to allow only traffic from the Grafana addon
|
||||
* Update Grafana from v6.0.0 to v6.0.2
|
||||
* Add liveness and readiness probes
|
||||
* Refresh dashboards and organize to stay below ConfigMap size limit ([#426](https://github.com/poseidon/typhoon/pull/426))
|
||||
|
|
|
@ -0,0 +1,28 @@
|
|||
# Allow Grafana access and in-cluster Prometheus scraping
|
||||
apiVersion: networking.k8s.io/v1
|
||||
kind: NetworkPolicy
|
||||
metadata:
|
||||
name: prometheus
|
||||
namespace: monitoring
|
||||
spec:
|
||||
podSelector:
|
||||
matchLabels:
|
||||
name: prometheus
|
||||
ingress:
|
||||
- ports:
|
||||
- protocol: TCP
|
||||
port: 9090
|
||||
from:
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
name: grafana
|
||||
- namespaceSelector:
|
||||
matchLabels:
|
||||
name: monitoring
|
||||
podSelector:
|
||||
matchLabels:
|
||||
name: prometheus
|
||||
|
Loading…
Reference in New Issue