From 625b83ca2a2c756e9103777485ee5bc29b29c5f3 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Wed, 29 Nov 2023 15:28:52 +0800
Subject: [PATCH] fix(cloudflared): flux notification-controller

---
 .../core/ingress/cloudflare/tunnel/netpol.yaml     | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/kube/deploy/core/ingress/cloudflare/tunnel/netpol.yaml b/kube/deploy/core/ingress/cloudflare/tunnel/netpol.yaml
index 9d407171..fb164085 100644
--- a/kube/deploy/core/ingress/cloudflare/tunnel/netpol.yaml
+++ b/kube/deploy/core/ingress/cloudflare/tunnel/netpol.yaml
@@ -65,6 +65,20 @@ spec:
           rules:
             dns:
               - matchPattern: "*"
+    # allow Flux notification-controller ingress
+    - toEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: flux-system
+            app: notification-controller
+      toPorts:
+        - ports:
+            - port: "9292"
+              protocol: TCP
+            - port: "80"
+              protocol: TCP
+          rules:
+            http:
+              - {}
 ---
 apiVersion: "cilium.io/v2"
 kind: CiliumClusterwideNetworkPolicy