From 56bc4cdc2fb087b715f33e4ccc5a231ea02a7511 Mon Sep 17 00:00:00 2001
From: and-babkin <92081568+and-babkin@users.noreply.github.com>
Date: Tue, 11 Jul 2023 11:10:58 +0600
Subject: [PATCH] fix: network policy for keda (#338)

Co-authored-by: midnight47 <midnight47@mail.ru>
---
 terraform/layer2-k8s/eks-keda.tf | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

diff --git a/terraform/layer2-k8s/eks-keda.tf b/terraform/layer2-k8s/eks-keda.tf
index 1f6a8d84..d191829b 100644
--- a/terraform/layer2-k8s/eks-keda.tf
+++ b/terraform/layer2-k8s/eks-keda.tf
@@ -52,6 +52,32 @@ module "keda_namespace" {
           }
         ]
       }
+    },
+    {
+      name         = "allow-control-plane"
+      policy_types = ["Ingress"]
+      pod_selector = {
+        match_expressions = {
+          key      = "app"
+          operator = "In"
+          values   = ["keda-operator-metrics-apiserver"]
+        }
+      }
+      ingress = {
+        ports = [
+          {
+            port     = "6443"
+            protocol = "TCP"
+          }
+        ]
+        from = [
+          {
+            ip_block = {
+              cidr = "0.0.0.0/0"
+            }
+          }
+        ]
+      }
     }
   ]
 }