fix: network policy for keda (#338)

and-babkin · midnight47 · p1gmale0n · commit 56bc4cdc2fb0 · 2023-08-24T11:46:25.000+06:00
Co-authored-by: midnight47 &lt;midnight47@mail.ru&gt;
diff --git a/terraform/layer2-k8s/eks-keda.tf b/terraform/layer2-k8s/eks-keda.tf
@@ -52,6 +52,32 @@ module "keda_namespace" {
           }
         ]
       }
+    },
+    {
+      name         = "allow-control-plane"
+      policy_types = ["Ingress"]
+      pod_selector = {
+        match_expressions = {
+          key      = "app"
+          operator = "In"
+          values   = ["keda-operator-metrics-apiserver"]
+        }
+      }
+      ingress = {
+        ports = [
+          {
+            port     = "6443"
+            protocol = "TCP"
+          }
+        ]
+        from = [
+          {
+            ip_block = {
+              cidr = "0.0.0.0/0"
+            }
+          }
+        ]
+      }
     }
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -52,6 +52,32 @@ module "keda_namespace" {`
`52`	`52`	`}`
`53`	`53`	`]`
`54`	`54`	`}`
	`55`	`+ },`
	`56`	`+ {`
	`57`	`+ name = "allow-control-plane"`
	`58`	`+ policy_types = ["Ingress"]`
	`59`	`+ pod_selector = {`
	`60`	`+ match_expressions = {`
	`61`	`+ key = "app"`
	`62`	`+ operator = "In"`
	`63`	`+ values = ["keda-operator-metrics-apiserver"]`
	`64`	`+ }`
	`65`	`+ }`
	`66`	`+ ingress = {`
	`67`	`+ ports = [`
	`68`	`+ {`
	`69`	`+ port = "6443"`
	`70`	`+ protocol = "TCP"`
	`71`	`+ }`
	`72`	`+ ]`
	`73`	`+ from = [`
	`74`	`+ {`
	`75`	`+ ip_block = {`
	`76`	`+ cidr = "0.0.0.0/0"`
	`77`	`+ }`
	`78`	`+ }`
	`79`	`+ ]`
	`80`	`+ }`
`55`	`81`	`}`
`56`	`82`	`]`
`57`	`83`	`}`