easylinux/kube-prometheus
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jsonnet: add networkpolicies for components accessed by prometheus

Browse Source
This commit is contained in:
paulfantom
2021-11-01 10:44:50 +01:00
committed by Paweł Krupa (paulfantom)
parent f7c9de918c
commit f8c00b9963
4 changed files with 96 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
jsonnet/kube-prometheus/components/blackbox-exporter.libsonnet
View File

@@ -238,6 +238,30 @@ function(params) {
}, },
}, },
networkPolicy: {
apiVersion: 'networking.k8s.io/v1',
kind: 'NetworkPolicy',
metadata: bb.service.metadata,
spec: {
podSelector: {
matchLabels: bb._config.selectorLabels,
},
ingress: [{
from: [{
podSelector: {
matchLabels: {
'app.kubernetes.io/name': 'prometheus',
},
},
}],
ports: std.map(function(o) {
port: o.port,
protocol: 'TCP',
}, bb.service.spec.ports),
}],
},
},
service: { service: {
apiVersion: 'v1', apiVersion: 'v1',
kind: 'Service', kind: 'Service',

24
jsonnet/kube-prometheus/components/kube-state-metrics.libsonnet
View File

@@ -118,6 +118,30 @@ function(params) (import 'github.com/kubernetes/kube-state-metrics/jsonnet/kube-
image: ksm._config.kubeRbacProxyImage, image: ksm._config.kubeRbacProxyImage,
}), }),
networkPolicy: {
apiVersion: 'networking.k8s.io/v1',
kind: 'NetworkPolicy',
metadata: ksm.service.metadata,
spec: {
podSelector: {
matchLabels: ksm._config.selectorLabels,
},
ingress: [{
from: [{
podSelector: {
matchLabels: {
'app.kubernetes.io/name': 'prometheus',
},
},
}],
ports: std.map(function(o) {
port: o.port,
protocol: 'TCP',
}, ksm.service.spec.ports),
}],
},
},
deployment+: { deployment+: {
spec+: { spec+: {
template+: { template+: {

24
jsonnet/kube-prometheus/components/node-exporter.libsonnet
View File

@@ -159,6 +159,30 @@ function(params) {
}, },
}, },
networkPolicy: {
apiVersion: 'networking.k8s.io/v1',
kind: 'NetworkPolicy',
metadata: ne.service.metadata,
spec: {
podSelector: {
matchLabels: ne._config.selectorLabels,
},
ingress: [{
from: [{
podSelector: {
matchLabels: {
'app.kubernetes.io/name': 'prometheus',
},
},
}],
ports: std.map(function(o) {
port: o.port,
protocol: 'TCP',
}, ne.service.spec.ports),
}],
},
},
daemonset: daemonset:
local nodeExporter = { local nodeExporter = {
name: ne._config.name, name: ne._config.name,

24
jsonnet/kube-prometheus/components/prometheus-adapter.libsonnet
View File

@@ -206,6 +206,30 @@ function(params) {
}, },
}, },
networkPolicy: {
apiVersion: 'networking.k8s.io/v1',
kind: 'NetworkPolicy',
metadata: pa.service.metadata,
spec: {
podSelector: {
matchLabels: pa._config.selectorLabels,
},
ingress: [{
from: [{
podSelector: {
matchLabels: {
'app.kubernetes.io/name': 'prometheus',
},
},
}],
ports: std.map(function(o) {
port: o.port,
protocol: 'TCP',
}, pa.service.spec.ports),
}],
},
},
deployment: deployment:
local c = { local c = {
name: pa._config.name, name: pa._config.name,