Replies: 1 comment
-
|
Prometheus is configured to scrape the To expose Grafana via an ingress we've added the following patch to our Grafana network policy, allowing traffic from nginx containers. apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
app.kubernetes.io/version: 9.1.7
name: grafana
namespace: observability
spec:
egress:
- {}
ingress:
- from:
- podSelector:
matchLabels:
app.kubernetes.io/name: prometheus
ports:
- port: 3000
protocol: TCP
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ kubernetes.io/metadata.name: nginx-ingress
+ ports:
+ - port: 3000
podSelector:
matchLabels:
app.kubernetes.io/component: grafana
app.kubernetes.io/name: grafana
app.kubernetes.io/part-of: kube-prometheus
policyTypes:
- Egress
- IngressMore specifically the diff comes from add the following patch to our copy of example.jsonnet: This will always add the additional network policy ingress on top of whatever kube-prometheus provides. |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
hello everyone.
I'm new here. so please understand dumb question xD
why grafana needs networkpolicy?
https://github.com/prometheus-operator/kube-prometheus/blob/main/manifests/grafana-networkPolicy.yaml
especially, this configuration below - makes it hard to expose the service
(nodeport, loadbalancer doesn't work with this configuration. so i delete it. )
what for?
Beta Was this translation helpful? Give feedback.
All reactions