DO NOT MERGE: Allow access to monitoring ports from all namespaces

rfredette · rfredette · commit 14ce8442cffb · 2026-01-30T13:47:34.000-05:00
Make sure test pods in e2e-aws-ovn-serial are able to reach monitoring
ports. If this passes tests, changes are needed in the origin tests to
add a network policy for exec pods.
diff --git a/manifests/0000_70_dns-operator_01-network-policy.yaml b/manifests/0000_70_dns-operator_01-network-policy.yaml
@@ -46,10 +46,11 @@ spec:
         matchLabels:
           apiserver: "true"
   ingress:
-  - from:
-    - namespaceSelector:
-        matchLabels:
-          kubernetes.io/metadata.name: openshift-monitoring
-    ports:
+  - ports:
     - protocol: TCP
       port: 9393
+  # TODO: Disabling namespace selector for testing purposes. DO NOT MERGE
+  #  from:
+    #- namespaceSelector:
+        #matchLabels:
+          #kubernetes.io/metadata.name: openshift-monitoring
diff --git a/pkg/manifests/assets/dns/networkpolicy-allow.yaml b/pkg/manifests/assets/dns/networkpolicy-allow.yaml
@@ -19,10 +19,11 @@ spec:
   - ports:
     - protocol: TCP
       port: 9154
-    from:
-    - namespaceSelector:
-        matchLabels:
-          kubernetes.io/metadata.name: openshift-monitoring
+    # TODO: Disabling the namespace selector for testing purposes. DO NOT MERGE
+    #from:
+    #- namespaceSelector:
+        #matchLabels:
+          #kubernetes.io/metadata.name: openshift-monitoring
   # Allow the dns operator namespaces to hit the healthcheck ports
   - ports:
     - protocol: TCP
