From 79d2735f027e5bae5c50d79082c12bae647aaef2 Mon Sep 17 00:00:00 2001
From: Branden Cobb <cobb_branden@bah.com>
Date: Thu, 26 Aug 2021 15:58:02 +0000
Subject: [PATCH] Side-car Scraping Network Policy

---
 CHANGELOG.md                                  |  6 +++++
 chart/Chart.yaml                              |  2 +-
 .../allow-sidecar-scraping.yaml               | 22 +++++++++++++++++++
 3 files changed, 29 insertions(+), 1 deletion(-)
 create mode 100644 chart/templates/networkpolicies/allow-sidecar-scraping.yaml

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 00d6f54..4c73c17 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -3,6 +3,12 @@
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 ---
+## [0.0.8-bb.1] - 2021-08-26
+
+## Added
+
+- Added istio sidecar scraping network policy
+
 ## [0.0.8-bb.0] - 2021-08-16
 
 ### Added
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
index fb89401..44bbd5a 100644
--- a/chart/Chart.yaml
+++ b/chart/Chart.yaml
@@ -1,6 +1,6 @@
 apiVersion: v2
 name: twistlock
-version: 0.0.8-bb.0
+version: 0.0.8-bb.1
 appVersion: 21.04.439
 dependencies:
   - name: gluon
diff --git a/chart/templates/networkpolicies/allow-sidecar-scraping.yaml b/chart/templates/networkpolicies/allow-sidecar-scraping.yaml
new file mode 100644
index 0000000..fe99454
--- /dev/null
+++ b/chart/templates/networkpolicies/allow-sidecar-scraping.yaml
@@ -0,0 +1,22 @@
+{{- if and .Values.networkPolicies.enabled .Values.istio.enabled }}
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-sidecar-scraping
+  namespace: {{ .Release.Namespace }}
+spec:
+  podSelector: {}
+  policyTypes:
+    - Ingress
+  ingress:
+  - from:
+    - namespaceSelector:
+        matchLabels:
+          app.kubernetes.io/name: monitoring
+      podSelector:
+        matchLabels:
+          app: prometheus
+    ports:
+    - protocol: TCP
+      port: 15020
+{{- end }}
-- 
GitLab