Skip to content

[kube-prometheus-stack] Fix NetworkPolicy for Alertmanager#5359

Merged
jkroepke merged 3 commits intoprometheus-community:mainfrom
sebastiangaiser:main
Mar 3, 2025
Merged

[kube-prometheus-stack] Fix NetworkPolicy for Alertmanager#5359
jkroepke merged 3 commits intoprometheus-community:mainfrom
sebastiangaiser:main

Conversation

@sebastiangaiser
Copy link
Copy Markdown
Contributor

@sebastiangaiser sebastiangaiser commented Feb 25, 2025

Set gateway/ingress namespace and podLabel selector to an empty string/object in order to not accidentally expose something unexpected. Move the Loki rule to the additionalIngress examples as Loki is not part of the stack. The 'alertmanager.service.clusterPort' was added as it was not declared in the values and now needs to be enabled explicitly.

Issue: #5318

What this PR does / why we need it

Which issue this PR fixes

(optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close that issue when PR gets merged)

  • fixes #

Special notes for your reviewer

Checklist

  • DCO signed
  • Chart Version bumped
  • Title of the PR starts with chart name (e.g. [prometheus-couchdb-exporter])

@sebastiangaiser
[kube-prometheus-stack] Fix NetworkPolicy for Alertmanager
2ec3ce2 
Set gateway/ingress namespace and podLabel selector to an empty string/object in order to not accidentally expose something unexpected. Move the Loki rule to the additionalIngress examples as Loki is not part of the stack. The 'alertmanager.service.clusterPort' was added as it was not declared in the values and now needs to be enabled explicitly.

Issue: prometheus-community#5318
Signed-off-by: Sebastian Gaiser <sebastian.gaiser@hetzner-cloud.de>
@sebastiangaiser
Merge branch 'main' into main
4fc7fe8 
Signed-off-by: Sebastian Gaiser <sebastiangaiser@users.noreply.github.com>
@sebastiangaiser
Copy link
Copy Markdown
Contributor Author

sebastiangaiser commented Mar 3, 2025

Ping @jkroepke 😉

jkroepke
jkroepke reviewed Mar 3, 2025
View reviewed changes
Comment thread charts/kube-prometheus-stack/templates/alertmanager/networkpolicy.yaml Outdated
@sebastiangaiser
Update charts/kube-prometheus-stack/templates/alertmanager/networkpol…
3de41a1 
…icy.yaml

Signed-off-by: Sebastian Gaiser <sebastiangaiser@users.noreply.github.com>
jkroepke
jkroepke approved these changes Mar 3, 2025
View reviewed changes
Copy link
Copy Markdown
Member

@jkroepke jkroepke left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@jkroepke
Copy link
Copy Markdown
Member

jkroepke commented Mar 3, 2025

Thanks

@jkroepke jkroepke merged commit e3ba830 into prometheus-community:main Mar 3, 2025
@eyenx eyenx mentioned this pull request Apr 23, 2025
Merged
7 tasks
hedgieinsocks pushed a commit to hedgieinsocks/prom-helm-charts that referenced this pull request Apr 27, 2025
@sebastiangaiser @hedgieinsocks
[kube-prometheus-stack] Fix NetworkPolicy for Alertmanager (prometheu…
f0c76ee 
…s-community#5359)

* [kube-prometheus-stack] Fix NetworkPolicy for Alertmanager

Set gateway/ingress namespace and podLabel selector to an empty string/object in order to not accidentally expose something unexpected. Move the Loki rule to the additionalIngress examples as Loki is not part of the stack. The 'alertmanager.service.clusterPort' was added as it was not declared in the values and now needs to be enabled explicitly.

Issue: prometheus-community#5318
Signed-off-by: Sebastian Gaiser <sebastian.gaiser@hetzner-cloud.de>

* Update charts/kube-prometheus-stack/templates/alertmanager/networkpolicy.yaml

Signed-off-by: Sebastian Gaiser <sebastiangaiser@users.noreply.github.com>

---------

Signed-off-by: Sebastian Gaiser <sebastian.gaiser@hetzner-cloud.de>
Signed-off-by: Sebastian Gaiser <sebastiangaiser@users.noreply.github.com>
Signed-off-by: Artyom Babiy <artyom.babiy@gmail.com>
@gitops-updater gitops-updater Bot mentioned this pull request Jun 4, 2025
Closed
1 task
This was referenced Jun 5, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Jun 6, 2025
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jkroepke jkroepke jkroepke approved these changes

@GMartinez-Sisti GMartinez-Sisti Awaiting requested review from GMartinez-Sisti GMartinez-Sisti is a code owner

@QuentinBisson QuentinBisson Awaiting requested review from QuentinBisson QuentinBisson is a code owner

@Xtigyro Xtigyro Awaiting requested review from Xtigyro Xtigyro is a code owner

@andrewgkew andrewgkew Awaiting requested review from andrewgkew andrewgkew is a code owner

@gianrubio gianrubio Awaiting requested review from gianrubio gianrubio is a code owner

@gkarthiks gkarthiks Awaiting requested review from gkarthiks gkarthiks is a code owner

@scottrigby scottrigby Awaiting requested review from scottrigby

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@sebastiangaiser @jkroepke