diff --git a/src/main/helm/templates/network_policy.yaml b/src/main/helm/templates/network_policy.yaml
index fb3ab3968eab6183274431f6247c7ddd099b84f5..2f6b933486261c4ead7395ddc7a9acec1cd86e80 100644
--- a/src/main/helm/templates/network_policy.yaml
+++ b/src/main/helm/templates/network_policy.yaml
@@ -49,6 +49,13 @@ spec:
- podSelector:
matchLabels:
component: alfa
+ - from:
+ - namespaceSelector:
+ matchLabels:
+ name: {{ (.Values.networkPolicy).monitoringNamespace | default "openshift-user-workload-monitoring" }}
+ ports:
+ - protocol: TCP
+ port: 9002
{{- with (.Values.networkPolicy).additionalIngressConfigLocal }}
{{ toYaml . | indent 2 }}
{{- end }}
diff --git a/src/test/helm/network_policy_test.yaml b/src/test/helm/network_policy_test.yaml
index fc9b32fddea89b572061b476f839c2d5bd950b27..9f0fb3dec685939500c0142673f945636ea28f47 100644
--- a/src/test/helm/network_policy_test.yaml
+++ b/src/test/helm/network_policy_test.yaml
@@ -86,6 +86,13 @@ tests:
- podSelector:
matchLabels:
component: alfa
+ - ports:
+ - port: 9002
+ protocol: TCP
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: openshift-user-workload-monitoring
egress:
- to:
- podSelector:
@@ -181,6 +188,24 @@ tests:
matchLabels:
component: local-client
+ - it: should set monitoring namespace for monitoring scraper ingress rule
+ set:
+ networkPolicy:
+ ssoPublicIp: 51.89.117.53/32
+ dnsServerNamespace: test-namespace-dns
+ monitoringNamespace: test-monitoring
+ asserts:
+ - contains:
+ path: spec.ingress
+ content:
+ ports:
+ - port: 9002
+ protocol: TCP
+ from:
+ - namespaceSelector:
+ matchLabels:
+ name: test-monitoring
+
- it: should add additionalEgressConfigLocal
set:
networkPolicy: