UNCLASSIFIED - NO CUI

Skip to content

Alertmanager requires egress netpol

In order to configure Alertmanager for notifications such as smtp or slack, an egress netpol is needed. The current design blocks egress from this pod and doesn't seem to have a way to configure it within the chart. This requires deploying a separate egress netpol outside of the chart which is not desirable, especially given the chart supports configurations for external notification configurations.

Below is an example of a netpol I created manually in order to allow Alertmanager to send notifications to Slack. It would be preferably to have this enabled when a receiver is configured for the chart.

apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  annotations:
    meta.helm.sh/release-name: monitoring-monitoring
    meta.helm.sh/release-namespace: monitoring
  labels:
    app.kubernetes.io/managed-by: Helm
    helm.toolkit.fluxcd.io/name: monitoring
    helm.toolkit.fluxcd.io/namespace: bigbang
  name: allow-egress-alertmanager
  namespace: monitoring
spec:
  egress:
  - to:
    - ipBlock:
        cidr: 0.0.0.0/0
        except:
        - 169.254.169.254/32
  podSelector:
    matchLabels:
      app.kubernetes.io/name: alertmanager
  policyTypes:
  - Egress

UNCLASSIFIED - NO CUI