Replies: 1 comment
-
|
Prometheus is configured to scrape the To expose Grafana via an ingress we've added the following patch to our Grafana network policy, allowing traffic from nginx containers. apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 9.1.7
name: grafana
namespace: observability
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: 3000
protocol: TCP
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: nginx-ingress
+ ports:
+ - port: 3000
podSelector:
matchLabels:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
policyTypes:
- Egress
- IngressMore specifically the diff comes from add the following patch to our copy of example.jsonnet: This will always add the additional network policy ingress on top of whatever kube-prometheus provides. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
hello everyone.
I'm new here. so please understand dumb question xD
why grafana needs networkpolicy?
https://github.com/prometheus-operator/kube-prometheus/blob/main/manifests/grafana-networkPolicy.yaml
especially, this configuration below - makes it hard to expose the service
(nodeport, loadbalancer doesn't work with this configuration. so i delete it. )
what for?
Beta Was this translation helpful? Give feedback.
All reactions