diff --git a/config/network-policy/allow-metrics-traffic.yaml b/config/network-policy/allow-metrics-traffic.yaml deleted file mode 100644 index d24812ad..00000000 --- a/config/network-policy/allow-metrics-traffic.yaml +++ /dev/null @@ -1,27 +0,0 @@ -# This NetworkPolicy allows ingress traffic -# with Pods running on namespaces labeled with 'metrics: enabled'. Only Pods on those -# namespaces are able to gathering data from the metrics endpoint. -apiVersion: networking.k8s.io/v1 -kind: NetworkPolicy -metadata: - labels: - app: external-secrets-operator - app.kubernetes.io/name: external-secrets-operator - app.kubernetes.io/managed-by: kustomize - name: allow-metrics-traffic - namespace: system -spec: - podSelector: - matchLabels: - app: external-secrets-operator - policyTypes: - - Ingress - ingress: - # This allows ingress traffic from any namespace with the label metrics: enabled - - from: - - namespaceSelector: - matchLabels: - metrics: enabled # Only from namespaces with this label - ports: - - port: 8443 - protocol: TCP diff --git a/config/network-policy/allow-network-traffic.yaml b/config/network-policy/allow-network-traffic.yaml index e59c0c83..32c56ebb 100644 --- a/config/network-policy/allow-network-traffic.yaml +++ b/config/network-policy/allow-network-traffic.yaml @@ -16,9 +16,12 @@ spec: port: 6443 # Required: Kubernetes API server ingress: # Optional: expose metrics (8443 and 8080 based on user configuration) + - from: + - namespaceSelector: + matchLabels: + name: openshift-monitoring - ports: - protocol: TCP port: 8443 - - ports: - protocol: TCP port: 8080 \ No newline at end of file diff --git a/config/network-policy/kustomization.yaml b/config/network-policy/kustomization.yaml index 696becbc..5a71a8c2 100644 --- a/config/network-policy/kustomization.yaml +++ b/config/network-policy/kustomization.yaml @@ -1,4 +1,3 @@ resources: -- allow-metrics-traffic.yaml - allow-network-traffic.yaml - deny-all.yaml \ No newline at end of file