diff --git a/tenants/acme/60-monitoring-netpol.yaml b/tenants/acme/60-monitoring-netpol.yaml new file mode 100644 index 0000000..9bebb76 --- /dev/null +++ b/tenants/acme/60-monitoring-netpol.yaml @@ -0,0 +1,19 @@ +# Permite o namespace 'monitoring' (Prometheus) raspar o backend (porta 8083). Additivo a deny-cross-tenant. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: acme-prod +spec: + podSelector: + matchLabels: + app: backend + policyTypes: [Ingress] + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - protocol: TCP + port: 8083 diff --git a/tenants/demo/60-monitoring-netpol.yaml b/tenants/demo/60-monitoring-netpol.yaml new file mode 100644 index 0000000..0754624 --- /dev/null +++ b/tenants/demo/60-monitoring-netpol.yaml @@ -0,0 +1,19 @@ +# Permite o namespace 'monitoring' (Prometheus) raspar o backend (porta 8083). Additivo a deny-cross-tenant. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: demo-prod +spec: + podSelector: + matchLabels: + app: backend + policyTypes: [Ingress] + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - protocol: TCP + port: 8083 diff --git a/tenants/piloto/60-monitoring-netpol.yaml b/tenants/piloto/60-monitoring-netpol.yaml new file mode 100644 index 0000000..26dd359 --- /dev/null +++ b/tenants/piloto/60-monitoring-netpol.yaml @@ -0,0 +1,19 @@ +# Permite o namespace 'monitoring' (Prometheus) raspar o backend (porta 8083). Additivo a deny-cross-tenant. +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: allow-monitoring + namespace: piloto-prod +spec: + podSelector: + matchLabels: + app: backend + policyTypes: [Ingress] + ingress: + - from: + - namespaceSelector: + matchLabels: + kubernetes.io/metadata.name: monitoring + ports: + - protocol: TCP + port: 8083