fix(monitoring): add netpol for kube api ingress to fix webhooks

General MR

Summary

This MR adds a network policy config to the monitoring values in BB umbrella that allow the kube API to communicate with the prometheus operator for validating and mutating webhook configurations for the prometheus CRDs. Without this, upgrades to monitoring do succeed but they can take significantly longer under certain configurations.

Relevant logs/screenshots

❯ ./scripts/template-all.sh ./chart \
    --namespace bigbang \
    | yq 'select(.metadata.name == "*10250*" and .metadata.namespace == "monitoring" and .kind == "NetworkPolicy")'
[INFO] Templating Big Bang chart with Helm...
[INFO] All repositories successfully resolved.
[INFO] Templating completed successfully.
# Source: monitoring/templates/bigbang/network-policies.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    generated.network-policies.bigbang.dev/local-key: kube-prometheus-stack-prometheus-operator:10250
    generated.network-policies.bigbang.dev/remote-key: 0.0.0.0/0
  labels:
    network-policies.bigbang.dev/direction: ingress
    network-policies.bigbang.dev/source: bb-common
  name: allow-ingress-to-kube-prometheus-stack-prometheus-operator-tcp-port-10250-from-anywhere
  namespace: monitoring
spec:
  ingress:
    - from:
        - ipBlock:
            cidr: 0.0.0.0/0
      ports:
        - port: 10250
          protocol: TCP
  podSelector:
    matchLabels:
      app.kubernetes.io/name: kube-prometheus-stack-prometheus-operator
  policyTypes:
    - Ingress

Linked Issue

big-bang/product/packages/monitoring#318 (closed)

Upgrade Notices

N/A