From 0743238a95663100c0c2cc06d779d6767987843c Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Fri, 28 Feb 2025 10:42:35 +0100
Subject: [PATCH] fix(base-cluster/cert-manager): metrics collection

---
 .../cert-manager/ciliumNetworkPolicy.yaml     | 23 +++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
index 46849412ec..4f5ad694a9 100644
--- a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
+++ b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
@@ -11,13 +11,16 @@ spec:
     matchLabels:
       app.kubernetes.io/name: cert-manager
       app.kubernetes.io/instance: cert-manager
-  ingress:
+  ingress: {{- if .Values.monitoring.prometheus.enabled }}
     - fromEndpoints:
         - matchLabels: {{- include "common.tplvalues.render" (dict "value" (include "common.dict.filterEmptyValues" .Values.global.networkPolicy.metricsLabels) "context" $) | nindent 12 }}
       toPorts:
         - ports:
             - port: "9402"
               protocol: TCP
+    {{- else }}
+    - {}
+    {{- end }}
   egress:
     - toEntities:
         - world # allow access to letsencrypt and the DNS apis
@@ -60,6 +63,14 @@ spec:
         - ports:
             - port: "6080"
               protocol: TCP
+    {{- if .Values.monitoring.prometheus.enabled }}
+    - fromEndpoints:
+        - matchLabels: {{- include "common.tplvalues.render" (dict "value" (include "common.dict.filterEmptyValues" .Values.global.networkPolicy.metricsLabels) "context" $) | nindent 12 }}
+      toPorts:
+        - ports:
+            - port: "9402"
+              protocol: TCP
+    {{- end }}
   egress:
     - toEntities:
         - kube-apiserver
@@ -76,8 +87,16 @@ spec:
     matchLabels:
       app.kubernetes.io/name: cainjector
       app.kubernetes.io/instance: cert-manager
-  ingress:
+  ingress: {{- if .Values.monitoring.prometheus.enabled }}
+    - fromEndpoints:
+        - matchLabels: {{- include "common.tplvalues.render" (dict "value" (include "common.dict.filterEmptyValues" .Values.global.networkPolicy.metricsLabels) "context" $) | nindent 12 }}
+      toPorts:
+        - ports:
+            - port: "9402"
+              protocol: TCP
+    {{- else }}
     - {}
+    {{- end }}
   egress:
     - toEntities:
         - kube-apiserver