alertmanager/networkPolicy: Allow cluster peer-to-peer communication

Signed-off-by: GitHub <noreply@github.com> (cherry picked from commit df68b8d1da5d2d91b9502d4be67063c2c497e0cb)
2022-02-18 15:56:39 +00:00
parent acaf2fe0e7
commit 3f3b56e247
2 changed files with 40 additions and 12 deletions
--- a/jsonnet/kube-prometheus/components/alertmanager.libsonnet
+++ b/jsonnet/kube-prometheus/components/alertmanager.libsonnet
@@ -113,7 +113,8 @@ function(params) {
      },
      policyTypes: ['Egress', 'Ingress'],
      egress: [{}],
-      ingress: [{
+      ingress: [
+        {
          from: [{
            podSelector: {
              matchLabels: {
@@ -125,7 +126,25 @@ function(params) {
            port: o.port,
            protocol: 'TCP',
          }, am.service.spec.ports),
+        },
+        // Alertmanager cluster peer-to-peer communication
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'alertmanager',
+              },
+            },
          }],
+          ports: [{
+            port: 9094,
+            protocol: 'TCP',
+          }, {
+            port: 9094,
+            protocol: 'UDP',
+          }],
+        },
+      ],
    },
  },

--- a/manifests/alertmanager-networkPolicy.yaml
+++ b/manifests/alertmanager-networkPolicy.yaml
@@ -22,6 +22,15 @@ spec:
      protocol: TCP
    - port: 8080
      protocol: TCP
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: alertmanager
+    ports:
+    - port: 9094
+      protocol: TCP
+    - port: 9094
+      protocol: UDP
  podSelector:
    matchLabels:
      app.kubernetes.io/component: alert-router