platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 6 Actions Packages Projects Releases Wiki Activity

fix: add cilium cluster feature guards to network policies

Browse Source
This commit is contained in:
Jonas Juselius
2025-06-24 14:26:03 +02:00
parent 4cff341fb0
commit d5e0da1692
78 changed files with 158 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alerting.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: prom-alertmanager
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-alertmanager-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-dns-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: prometheus
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-etcd-metrics.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: prometheus
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-oidc-login.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -14,3 +15,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-plugins.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -13,3 +14,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-grafana-secure-gravatar.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-host-traffic.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- kube-apiserver
endpointSelector:
matchLabels: {}
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-nginx-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: ingress-nginx
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-opencost-scrape.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -17,3 +18,4 @@ spec:
- ports:
- port: "9090"
protocol: TCP
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-metrics-server.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-remote-node-to-webhook.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
ingress:
- fromEntities:
- remote-node
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-robusta-ingress.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -12,3 +13,4 @@ spec:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: robusta
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-slack.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -10,3 +11,4 @@ spec:
- matchName: hooks.slack.com
endpointSelector:
matchLabels: {}
{{- end }}
values/prometheus/manifests/policies/CiliumNetworkPolicy-allow-stats-grafana.yaml
+2
View File
@@ -1,3 +1,4 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
@@ -11,3 +12,4 @@ spec:
endpointSelector:
matchLabels:
app.kubernetes.io/name: grafana
{{- end }}