alertmanager/networkPolicy: Allow cluster peer-to-peer communication

Signed-off-by: GitHub <noreply@github.com>
(cherry picked from commit df68b8d1da5d2d91b9502d4be67063c2c497e0cb)

jsonnet/kube-prometheus/components/alertmanager.libsonnet

@@ -113,19 +113,38 @@ function(params) {
       },
       policyTypes: ['Egress', 'Ingress'],
       egress: [{}],
-      ingress: [{
+      ingress: [
-        from: [{
+        {
-          podSelector: {
+          from: [{
-            matchLabels: {
+            podSelector: {
-              'app.kubernetes.io/name': 'prometheus',
+              matchLabels: {
+                'app.kubernetes.io/name': 'prometheus',
+              },
             },
-          },
+          }],
-        }],
+          ports: std.map(function(o) {
-        ports: std.map(function(o) {
+            port: o.port,
-          port: o.port,
+            protocol: 'TCP',
-          protocol: 'TCP',
+          }, am.service.spec.ports),
-        }, am.service.spec.ports),
+        },
-      }],
+        // Alertmanager cluster peer-to-peer communication
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'alertmanager',
+              },
+            },
+          }],
+          ports: [{
+            port: 9094,
+            protocol: 'TCP',
+          }, {
+            port: 9094,
+            protocol: 'UDP',
+          }],
+        },
+      ],
     },
   },
 

manifests/alertmanager-networkPolicy.yaml

@@ -22,6 +22,15 @@ spec:
       protocol: TCP
     - port: 8080
       protocol: TCP
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: alertmanager
+    ports:
+    - port: 9094
+      protocol: TCP
+    - port: 9094
+      protocol: UDP
   podSelector:
     matchLabels:
       app.kubernetes.io/component: alert-router