phase 16: add dashboard network policy, allow query-api from dashboard

2026-04-11 18:20:48 -07:00
parent cc7014e33d
commit 4cd8961db6
1 changed files with 23 additions and 0 deletions
@@ -25,6 +25,9 @@ spec:
        - namespaceSelector:
            matchLabels:
              kubernetes.io/metadata.name: kube-system
+        - podSelector:
+            matchLabels:
+              app: dashboard
      ports:
        - protocol: TCP
          port: 8000
@@ -143,6 +146,26 @@ spec:
 ---
 apiVersion: networking.k8s.io/v1
 kind: NetworkPolicy
+metadata:
+  name: allow-dashboard-ingress
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector:
+    matchLabels:
+      app: dashboard
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: kube-system
+      ports:
+        - protocol: TCP
+          port: 8080
+---
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
 metadata:
  name: deny-broker-adapter-ingress
  namespace: {{ .Release.Namespace }}