helm-charts icon indicating copy to clipboard operation
helm-charts copied to clipboard
verified publisher icon grafana

[grafana] feat(network policy): extend Ingress

Open C4tWithShell opened this issue 1 year ago • 1 comments

Add extraIngress parameter to network policy since it does not allow to specify additional sources from the grafana helm chart . For example, I can not set up load balancer in the cluster.

C4tWithShell avatar Aug 24 '24 17:08 C4tWithShell

CLA assistant check
All committers have signed the CLA.

CLAassistant avatar Aug 24 '24 17:08 CLAassistant

@Sheikh-Abubaker @jkatsos @maorfr @torstenwalter @Xtigyro @zanhsieh Appreciate if able to review the PR when available, thanks!

C4tWithShell avatar Sep 03 '24 03:09 C4tWithShell

@C4tWithShell Thanks for the Contribution! Have you tested the proposed solution ?

Yes, I did

C4tWithShell avatar Sep 05 '24 05:09 C4tWithShell

@C4tWithShell If I didn't get you wrong in the extraIngress comments, you've illustrated an example of accepting traffic from NGINX right by setting appropriate matchLabels ? in order to use different ingress sources right ?

Sheikh-Abubaker avatar Sep 05 '24 05:09 Sheikh-Abubaker

I believe we could achieve the same result, by adding the appropriate labels in the existing networkpolicy.yaml right here: https://github.com/grafana/helm-charts/blob/e930987a79ef7656b10bcd3883b285d6e726121c/charts/grafana/templates/networkpolicy.yaml#L49

I'd recommend you to first try and test using the existing networkpolicy.yaml utilizing the above feature and I believe it would help you to achieve the same result as extraIngress.

Incase you want to accept traffic from some different namespace, you could utilize the explicitNamespaceSelector feature for that: https://github.com/grafana/helm-charts/blob/e930987a79ef7656b10bcd3883b285d6e726121c/charts/grafana/values.yaml#L1326

Sheikh-Abubaker avatar Sep 05 '24 05:09 Sheikh-Abubaker

@C4tWithShell any updates on this one ?

Sheikh-Abubaker avatar Sep 15 '24 14:09 Sheikh-Abubaker

@C4tWithShell any updates on this one ?

Hi! Yes, I was able to configure ingress network policy with adding the addition label to ingress-nginx pod. Even though I think it is a little bit confusing to set up network policy indirectly

C4tWithShell avatar Sep 15 '24 15:09 C4tWithShell

@C4tWithShell any updates on this one ?

Hi! Yes, I was able to configure ingress network policy with adding the addition label to ingress-nginx pod.

You mean by using the existing Network Policy right ?

Sheikh-Abubaker avatar Sep 15 '24 15:09 Sheikh-Abubaker

@C4tWithShell any updates on this one ?

Hi! Yes, I was able to configure ingress network policy with adding the addition label to ingress-nginx pod.

You mean by the existing Network Policy right ?

Yes. By adding the grafana-client label

C4tWithShell avatar Sep 15 '24 16:09 C4tWithShell

Yes. By adding the grafana-client label

All right! shall I close this one then @C4tWithShell ?

Sheikh-Abubaker avatar Sep 15 '24 16:09 Sheikh-Abubaker