From 08a7eb5baac6ff9ed0cc996f56e5c80a94e9f7f1 Mon Sep 17 00:00:00 2001
From: Marat Bediev <bediev@gmail.com>
Date: Tue, 21 Mar 2023 15:39:08 +0600
Subject: [PATCH] Add new network policy to loki namespace to allow connections
 from monitoring namespace to promtail-metrics endpoint

---
 terraform/layer2-k8s/eks-loki-stack.tf | 30 +++++++++++++++++++++++++-
 1 file changed, 29 insertions(+), 1 deletion(-)

diff --git a/terraform/layer2-k8s/eks-loki-stack.tf b/terraform/layer2-k8s/eks-loki-stack.tf
index 94e31a9e..d3e1f2c0 100644
--- a/terraform/layer2-k8s/eks-loki-stack.tf
+++ b/terraform/layer2-k8s/eks-loki-stack.tf
@@ -77,7 +77,7 @@ module "loki_namespace" {
       }
     },
     {
-      name         = "allow-monitoring"
+      name         = "allow-monitoring-loki"
       policy_types = ["Ingress"]
       pod_selector = {
         match_expressions = {
@@ -108,6 +108,34 @@ module "loki_namespace" {
         ]
       }
     },
+    {
+      name         = "allow-monitoring-promtail"
+      policy_types = ["Ingress"]
+      pod_selector = {
+        match_expressions = {
+          key      = "app.kubernetes.io/instance"
+          operator = "In"
+          values   = [local.loki_stack.name]
+        }
+      }
+      ingress = {
+        ports = [
+          {
+            port     = "3101"
+            protocol = "TCP"
+          }
+        ]
+        from = [
+          {
+            namespace_selector = {
+              match_labels = {
+                name = "monitoring"
+              }
+            }
+          }
+        ]
+      }
+    },
     {
       name         = "allow-egress"
       policy_types = ["Egress"]