fix: move loki policies from system to loki

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-loki-backend-to-api-server.yaml

@@ -1,18 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-loki-backend-to-api-server
-  namespace: loki
-spec:
-  description: Promtail needs to reach kube-apiserver
-  egress:
-    - toEntities:
-        - kube-apiserver
-      toPorts:
-        - ports:
-            - port: "6443"
-              protocol: TCP
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/component: backend
-      app.kubernetes.io/instance: loki

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-prometheus-metrics.yaml

@@ -1,20 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-prometheus-metrics
-  namespace: loki
-spec:
-  description: Allow Prometheus read and write
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/instance: loki
-  ingress:
-    - fromEndpoints:
-        - matchLabels:
-            io.kubernetes.pod.namespace: prometheus
-      toPorts:
-        - ports:
-            - port: "3100"
-              protocol: TCP
-            - port: "3500"
-              protocol: TCP

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-promtail-to-api-server.yaml

@@ -1,17 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-promtail-to-api-server
-  namespace: loki
-spec:
-  description: Promtail needs to reach kube-apiserver
-  egress:
-    - toEntities:
-        - kube-apiserver
-      toPorts:
-        - ports:
-            - port: "6443"
-              protocol: TCP
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/instance: promtail

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3-traffic.yaml

@@ -1,12 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-s3-traffic
-  namespace: loki
-spec:
-  egress:
-    - toCIDR:
-        - 10.139.2.20/32
-        - 10.255.241.30/32
-  endpointSelector:
-    matchLabels: {}

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-s3.yaml

@@ -1,14 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-s3
-  namespace: loki
-spec:
-  description: Allow loki to ship logs to s3
-  egress:
-    - toFQDNs:
-        - matchPattern: s3.*.oceanbox.io
-        - matchPattern: s3.*.itpartner.no
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/instance: loki

values/system/oceanbox/network/loki/CiliumNetworkPolicy-allow-stats-grafana.yaml

@@ -1,13 +0,0 @@
-apiVersion: cilium.io/v2
-kind: CiliumNetworkPolicy
-metadata:
-  name: allow-stats-grafana
-  namespace: loki
-spec:
-  description: Allow stats
-  egress:
-    - toFQDNs:
-        - matchName: stats.grafana.org
-  endpointSelector:
-    matchLabels:
-      app.kubernetes.io/instance: loki