search

prometheus-community / helm-charts

Prometheus community Helm charts
Apache License 2.0
5.1k stars 5.02k forks source link

[kube-prometheus-stack] operator `NetworkPolicy` stronger egress filter #3220

Open jcpunk opened 1 year ago

jcpunk commented 1 year ago

Is your feature request related to a problem ?

When trying to ensure rational network controls.

Describe the solution you'd like.

Update kube-prometheus-stack/templates/prometheus-operator/networkpolicy.yaml to have an egress filter that matches its needs. Currently all egress is allowed.

perhaps something like:

  egress:
  - to:
    - namespaceSelector:
        matchLabels:
          name: kube-system
    ports:
    - protocol: UDP
      port: 53
    - protocol: TCP
      port: 53
    - port: 443
      protocol: TCP

Describe alternatives you've considered.

Some sort of local patching

Additional context.

https://kubernetes.io/docs/concepts/services-networking/network-policies/#default-deny-all-egress-traffic

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

jcpunk commented 1 year ago

I would like to see some version of this implemented.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.

jcpunk commented 1 year ago

I would like to see some version of this implemented.

stale[bot] commented 1 year ago

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Any further update will cause the issue/pull request to no longer be considered stale. Thank you for your contributions.