Merge remote-tracking branch 'origin/main' into release

particuleio · Nov 9, 2021 · cc2be71 · cc2be71
2 parents 68866c3 + 298fba1
commit cc2be71
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 3 deletions.
diff --git a/helm-dependencies.yaml b/helm-dependencies.yaml
@@ -57,7 +57,7 @@ dependencies:
     version: 15.1.0
     repository: https://codecentric.github.io/helm-charts
   - name: kong
-    version: 2.5.0
+    version: 2.6.0
     repository: https://charts.konghq.com
   - name: kube-prometheus-stack
     version: 19.2.3
@@ -72,7 +72,7 @@ dependencies:
     version: 2.5.0
     repository: https://grafana.github.io/helm-charts
   - name: loki
-    version: 2.8.0
+    version: 2.8.1
     repository: https://grafana.github.io/helm-charts
   - name: promtail
     version: 3.9.1
@@ -108,7 +108,7 @@ dependencies:
     version: 8.0.0
     repository: https://charts.bitnami.com/bitnami
   - name: tigera-operator
-    version: v3.20.2
+    version: v3.21.0
     repository: https://docs.projectcalico.org/charts
   - name: traefik
     version: 10.6.1

diff --git a/modules/aws/README.md b/modules/aws/README.md
@@ -284,6 +284,7 @@ This module can uses [IRSA](https://aws.amazon.com/blogs/opensource/introducing-
 | [kubernetes_network_policy.vault_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.vault_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
+| [kubernetes_network_policy.velero_allow_monitoring](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_allow_namespace](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.velero_default_deny](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |
 | [kubernetes_network_policy.victoria-metrics-k8s-stack_allow_control_plane](https://registry.terraform.io/providers/hashicorp/kubernetes/latest/docs/resources/network_policy) | resource |

diff --git a/modules/aws/velero.tf b/modules/aws/velero.tf
@@ -266,3 +266,34 @@ resource "kubernetes_network_policy" "velero_allow_namespace" {
     policy_types = ["Ingress"]
   }
 }
+
+resource "kubernetes_network_policy" "velero_allow_monitoring" {
+  count = local.velero["enabled"] && local.velero["default_network_policy"] ? 1 : 0
+
+  metadata {
+    name      = "${kubernetes_namespace.velero.*.metadata.0.name[count.index]}-allow-monitoring"
+    namespace = kubernetes_namespace.velero.*.metadata.0.name[count.index]
+  }
+
+  spec {
+    pod_selector {
+    }
+
+    ingress {
+      ports {
+        port     = "8085"
+        protocol = "TCP"
+      }
+
+      from {
+        namespace_selector {
+          match_labels = {
+            "${local.labels_prefix}/component" = "monitoring"
+          }
+        }
+      }
+    }
+
+    policy_types = ["Ingress"]
+  }
+}