alertmanager/networkPolicy: Allow cluster peer-to-peer communication

ArthurSens · web-flow · commit df68b8d1da5d · 2022-02-18T15:59:25.000Z
Signed-off-by: GitHub &lt;noreply@github.com&gt;
diff --git a/jsonnet/kube-prometheus/components/alertmanager.libsonnet b/jsonnet/kube-prometheus/components/alertmanager.libsonnet
@@ -113,19 +113,38 @@ function(params) {
       },
       policyTypes: ['Egress', 'Ingress'],
       egress: [{}],
-      ingress: [{
-        from: [{
-          podSelector: {
-            matchLabels: {
-              'app.kubernetes.io/name': 'prometheus',
+      ingress: [
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'prometheus',
+              },
             },
-          },
-        }],
-        ports: std.map(function(o) {
-          port: o.port,
-          protocol: 'TCP',
-        }, am.service.spec.ports),
-      }],
+          }],
+          ports: std.map(function(o) {
+            port: o.port,
+            protocol: 'TCP',
+          }, am.service.spec.ports),
+        },
+        // Alertmanager cluster peer-to-peer communication
+        {
+          from: [{
+            podSelector: {
+              matchLabels: {
+                'app.kubernetes.io/name': 'alertmanager',
+              },
+            },
+          }],
+          ports: [{
+            port: 9094,
+            protocol: 'TCP',
+          }, {
+            port: 9094,
+            protocol: 'UDP',
+          }],
+        },
+      ],
     },
   },
 
diff --git a/manifests/alertmanager-networkPolicy.yaml b/manifests/alertmanager-networkPolicy.yaml
@@ -22,6 +22,15 @@ spec:
       protocol: TCP
     - port: 8080
       protocol: TCP
+  - from:
+    - podSelector:
+        matchLabels:
+          app.kubernetes.io/name: alertmanager
+    ports:
+    - port: 9094
+      protocol: TCP
+    - port: 9094
+      protocol: UDP
   podSelector:
     matchLabels:
       app.kubernetes.io/component: alert-router
