Skip to content

Instantly share code, notes, and snippets.

@davidlu1001

davidlu1001/es-networkpolicy.yaml

Created March 19, 2026 22:20
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save davidlu1001/165ac741a7186784c3f0072828d16ac6 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save davidlu1001/165ac741a7186784c3f0072828d16ac6 to your computer and use it in GitHub Desktop.
Download ZIP
es-networkpolicy.yaml
Raw
es-networkpolicy.yaml
{{- if .Values.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "elasticsearch.fullname" . }}
namespace: {{ .Release.Namespace }}
labels:
{{- include "elasticsearch.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
elasticsearch.k8s.elastic.co/cluster-name: {{ include "elasticsearch.fullname" . }}
policyTypes:
- Ingress
ingress:
# ----------------------------------------------------------------
# Intra-namespace: ES node-to-node transport (9300) and HTTP (9200)
# ----------------------------------------------------------------
- from:
- podSelector: {}
ports:
- protocol: TCP
port: 9200
- protocol: TCP
port: 9300
# ----------------------------------------------------------------
# ECK operator namespace — needs access for reconciliation
# ----------------------------------------------------------------
- from:
- namespaceSelector:
matchLabels:
kubernetes.io/metadata.name: elastic-system
ports:
- protocol: TCP
port: 9200
# ----------------------------------------------------------------
# Allowed external namespaces — HTTP only (9200)
# ----------------------------------------------------------------
{{- range .Values.networkPolicy.allowedNamespaces }}
- from:
- namespaceSelector:
matchLabels:
{{- toYaml .matchLabels | nindent 14 }}
ports:
- protocol: TCP
port: 9200
{{- end }}
{{- end }}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment