Add NetworkPolicy to limit traffic into Prometheus

* Allow traffic from Grafana to Prometheus in monitoring * Allow traffic from Prometheus to Prometheus in monitoring * NetworkPolicy denies non-whitelisted traffic. Define policy to allow other access
2025-07-30 00:21:36 +02:00 · 2019-03-23 17:59:47 -07:00
parent 36e31fc9fa
commit 41a9d86bc3
2 changed files with 29 additions and 0 deletions
--- a/addons/prometheus/network-policy.yaml
+++ b/addons/prometheus/network-policy.yaml
@ -0,0 +1,28 @@
+# Allow Grafana access and in-cluster Prometheus scraping
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: prometheus
+  namespace: monitoring
+spec:
+  podSelector:
+    matchLabels:
+      name: prometheus
+  ingress:
+    - ports:
+        - protocol: TCP
+          port: 9090
+      from:
+        - namespaceSelector:
+            matchLabels:
+              name: monitoring
+          podSelector:
+            matchLabels:
+              name: grafana
+        - namespaceSelector:
+            matchLabels:
+              name: monitoring
+          podSelector:
+            matchLabels:
+              name: prometheus
+