close metrics port for external

Signed-off-by: IvanHunters <xorokhotnikov@gmail.com>
2026-01-28 02:18:36 +00:00 · 2025-11-04 12:00:30 +03:00
parent eea685065a
commit 52a23eacfc
2 changed files with 19 additions and 1 deletions
--- a/packages/system/fluxcd-operator/charts/flux-operator/templates/network-policy.yaml
+++ b/packages/system/fluxcd-operator/charts/flux-operator/templates/network-policy.yaml
@@ -0,0 +1,18 @@
+apiVersion: cilium.io/v2
+kind: CiliumClusterwideNetworkPolicy
+metadata:
+  name: {{ include "flux-operator.fullname" . }}-restrict
+spec:
+  nodeSelector: {}
+  ingressDeny:
+    - fromEntities:
+        - world
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
+            - port: "8081"
+              protocol: TCP
+  ingress:
+    - fromEntities:
+        - cluster
--- a/packages/system/fluxcd-operator/values.yaml
+++ b/packages/system/fluxcd-operator/values.yaml
@@ -4,7 +4,7 @@ flux-operator:
    - key: node.kubernetes.io/not-ready
      operator: Exists
      effect: NoSchedule
-  hostNetwork: false
+  hostNetwork: true
  resources:
    limits:
      cpu: 100m