fix: Add new network policy to loki namespace (#323)

p1gmale0n · p1gmale0n · commit c4893f3c22a5 · 2023-08-24T11:43:25.000+06:00
to allow connections from monitoring namespace to
promtail-metrics endpoint
diff --git a/terraform/layer2-k8s/eks-loki-stack.tf b/terraform/layer2-k8s/eks-loki-stack.tf
@@ -77,7 +77,7 @@ module "loki_namespace" {
       }
     },
     {
-      name         = "allow-monitoring"
+      name         = "allow-monitoring-loki"
       policy_types = ["Ingress"]
       pod_selector = {
         match_expressions = {
@@ -108,6 +108,34 @@ module "loki_namespace" {
         ]
       }
     },
+    {
+      name         = "allow-monitoring-promtail"
+      policy_types = ["Ingress"]
+      pod_selector = {
+        match_expressions = {
+          key      = "app.kubernetes.io/instance"
+          operator = "In"
+          values   = [local.loki_stack.name]
+        }
+      }
+      ingress = {
+        ports = [
+          {
+            port     = "3101"
+            protocol = "TCP"
+          }
+        ]
+        from = [
+          {
+            namespace_selector = {
+              match_labels = {
+                name = "monitoring"
+              }
+            }
+          }
+        ]
+      }
+    },
     {
       name         = "allow-egress"
       policy_types = ["Egress"]
