From 4a8ac12fb17cf2fa3fcdb11152b79b75a87a93be Mon Sep 17 00:00:00 2001
From: omohammed95 <osman.mohammed@camptocamp.com>
Date: Fri, 31 May 2024 16:16:26 +0200
Subject: [PATCH 1/9] feat: Add a variable that enables/disables network
 policies

---
 aks/main.tf  |  1 +
 eks/main.tf  |  1 +
 kind/main.tf |  1 +
 locals.tf    | 14 +++++++-------
 sks/main.tf  |  1 +
 variables.tf |  6 ++++++
 6 files changed, 17 insertions(+), 7 deletions(-)

diff --git a/aks/main.tf b/aks/main.tf
index 7fed6791..72e9bfd1 100644
--- a/aks/main.tf
+++ b/aks/main.tf
@@ -71,6 +71,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
+  network_policy_thanos  = var.network_policy_thanos
 
   resources = var.resources
 
diff --git a/eks/main.tf b/eks/main.tf
index c6bcde71..ea383685 100644
--- a/eks/main.tf
+++ b/eks/main.tf
@@ -62,6 +62,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
+  network_policy_thanos  = var.network_policy_thanos
 
   resources = var.resources
 
diff --git a/kind/main.tf b/kind/main.tf
index 721e18d3..c504f875 100644
--- a/kind/main.tf
+++ b/kind/main.tf
@@ -13,6 +13,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
+  network_policy_thanos  = var.network_policy_thanos
 
   resources = var.resources
 
diff --git a/locals.tf b/locals.tf
index 098f82a3..fbde6782 100644
--- a/locals.tf
+++ b/locals.tf
@@ -44,7 +44,7 @@ locals {
           limits   = { for k, v in var.resources.storegateway.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
         extraFlags = [
           # Store Gateway index cache config -> https://thanos.io/tip/components/store.md/#index-cache
@@ -84,7 +84,7 @@ locals {
           limits   = { for k, v in var.resources.query.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
 
@@ -108,7 +108,7 @@ locals {
           size = local.thanos.compactor_persistence_size
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
 
@@ -200,7 +200,7 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
 
@@ -334,17 +334,17 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
       receive = {
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
       ruler = {
         networkPolicy = {
-          enabled = false
+          enabled = var.network_policy_thanos
         }
       }
     }
diff --git a/sks/main.tf b/sks/main.tf
index 721e18d3..c504f875 100644
--- a/sks/main.tf
+++ b/sks/main.tf
@@ -13,6 +13,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
+  network_policy_thanos  = var.network_policy_thanos
 
   resources = var.resources
 
diff --git a/variables.tf b/variables.tf
index 7b4b0c38..458b0301 100644
--- a/variables.tf
+++ b/variables.tf
@@ -174,3 +174,9 @@ variable "enable_service_monitor" {
   type        = bool
   default     = false
 }
+
+variable "network_policy_thanos" {
+  description = "Enable or disable network policy for Thanos components."
+  type        = bool
+  default     = false
+}

From a98ad02e8463201919e7d703fffcf4271c941fd6 Mon Sep 17 00:00:00 2001
From: omohammed95 <osman.mohammed@camptocamp.com>
Date: Tue, 20 Aug 2024 16:59:33 +0200
Subject: [PATCH 2/9] feat: allow traefik to bucketweb and queryFrontend

---
 aks/main.tf  |  2 +-
 eks/main.tf  |  2 +-
 kind/main.tf |  2 +-
 locals.tf    | 36 +++++++++++++++++++++++++++++-------
 sks/main.tf  |  2 +-
 variables.tf |  2 +-
 6 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/aks/main.tf b/aks/main.tf
index 72e9bfd1..678fa04a 100644
--- a/aks/main.tf
+++ b/aks/main.tf
@@ -71,7 +71,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
-  network_policy_thanos  = var.network_policy_thanos
+  enable_network_policies  = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/eks/main.tf b/eks/main.tf
index ea383685..fc58b44c 100644
--- a/eks/main.tf
+++ b/eks/main.tf
@@ -62,7 +62,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
-  network_policy_thanos  = var.network_policy_thanos
+  enable_network_policies  = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/kind/main.tf b/kind/main.tf
index c504f875..11972a6a 100644
--- a/kind/main.tf
+++ b/kind/main.tf
@@ -13,7 +13,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
-  network_policy_thanos  = var.network_policy_thanos
+  enable_network_policies  = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/locals.tf b/locals.tf
index fbde6782..c557545e 100644
--- a/locals.tf
+++ b/locals.tf
@@ -44,7 +44,7 @@ locals {
           limits   = { for k, v in var.resources.storegateway.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
         }
         extraFlags = [
           # Store Gateway index cache config -> https://thanos.io/tip/components/store.md/#index-cache
@@ -84,7 +84,7 @@ locals {
           limits   = { for k, v in var.resources.query.limits : k => v if v != null }
         }
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
         }
       }
 
@@ -108,7 +108,7 @@ locals {
           size = local.thanos.compactor_persistence_size
         }
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
         }
       }
 
@@ -200,7 +200,18 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
+          extraIngress = var.enable_network_policies ? [
+            {
+              from = {
+                namespaceSelector = {
+                  matchLabels = {
+                    "app.kubernetes.io/metadata.name" = "traefik"
+                  }
+                }
+              }
+            }
+          ] : []
         }
       }
 
@@ -334,17 +345,28 @@ locals {
           }]
         }
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
+          extraIngress = var.enable_network_policies ? [
+            {
+              from = {
+                namespaceSelector = {
+                  matchLabels = {
+                    "app.kubernetes.io/metadata.name" = "traefik"
+                  }
+                }
+              }
+            }
+          ] : []
         }
       }
       receive = {
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
         }
       }
       ruler = {
         networkPolicy = {
-          enabled = var.network_policy_thanos
+          enabled = var.enable_network_policies
         }
       }
     }
diff --git a/sks/main.tf b/sks/main.tf
index c504f875..11972a6a 100644
--- a/sks/main.tf
+++ b/sks/main.tf
@@ -13,7 +13,7 @@ module "thanos" {
   enable_service_monitor = var.enable_service_monitor
   app_autosync           = var.app_autosync
   dependency_ids         = var.dependency_ids
-  network_policy_thanos  = var.network_policy_thanos
+  enable_network_policies  = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/variables.tf b/variables.tf
index 458b0301..b12a58da 100644
--- a/variables.tf
+++ b/variables.tf
@@ -175,7 +175,7 @@ variable "enable_service_monitor" {
   default     = false
 }
 
-variable "network_policy_thanos" {
+variable "enable_network_policies" {
   description = "Enable or disable network policy for Thanos components."
   type        = bool
   default     = false

From 5ffc39fe5f055726bd0422b55f885e2008ab64c4 Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Mon, 3 Jun 2024 13:20:46 +0000
Subject: [PATCH 3/9] feat: use podSelctor to allow traefik
 docs(terraform-docs): generate docs and write to README.adoc

---
 README.adoc      | 16 +++++++++++++++-
 aks/README.adoc  | 14 ++++++++++++++
 aks/main.tf      | 26 +++++++++++++-------------
 eks/README.adoc  | 14 ++++++++++++++
 eks/main.tf      | 26 +++++++++++++-------------
 kind/README.adoc | 14 ++++++++++++++
 kind/main.tf     | 26 +++++++++++++-------------
 locals.tf        |  8 ++++----
 sks/README.adoc  | 14 ++++++++++++++
 sks/main.tf      | 26 +++++++++++++-------------
 10 files changed, 127 insertions(+), 57 deletions(-)

diff --git a/README.adoc b/README.adoc
index 5eb6faaa..df8887d3 100644
--- a/README.adoc
+++ b/README.adoc
@@ -270,6 +270,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -302,8 +310,8 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |===
 |Name |Version
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
 |[[provider_utils]] <<provider_utils,utils>> |>= 1
+|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
 |[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
@@ -513,6 +521,12 @@ object({
 |`false`
 |no
 
+|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/aks/README.adoc b/aks/README.adoc
index eb883379..75cea20b 100644
--- a/aks/README.adoc
+++ b/aks/README.adoc
@@ -474,6 +474,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -740,6 +748,12 @@ object({
 |`false`
 |no
 
+|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/aks/main.tf b/aks/main.tf
index 678fa04a..248f675e 100644
--- a/aks/main.tf
+++ b/aks/main.tf
@@ -59,19 +59,19 @@ resource "azurerm_federated_identity_credential" "thanos" {
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
-  enable_network_policies  = var.enable_network_policies
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/eks/README.adoc b/eks/README.adoc
index 12d92f83..e69ee478 100644
--- a/eks/README.adoc
+++ b/eks/README.adoc
@@ -503,6 +503,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -768,6 +776,12 @@ object({
 |`false`
 |no
 
+|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/eks/main.tf b/eks/main.tf
index fc58b44c..55ad1075 100644
--- a/eks/main.tf
+++ b/eks/main.tf
@@ -50,19 +50,19 @@ module "iam_assumable_role_thanos" {
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
-  enable_network_policies  = var.enable_network_policies
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/kind/README.adoc b/kind/README.adoc
index 101fb78b..502434f3 100644
--- a/kind/README.adoc
+++ b/kind/README.adoc
@@ -401,6 +401,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -645,6 +653,12 @@ object({
 |`false`
 |no
 
+|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/kind/main.tf b/kind/main.tf
index 11972a6a..01651f69 100644
--- a/kind/main.tf
+++ b/kind/main.tf
@@ -1,19 +1,19 @@
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
-  enable_network_policies  = var.enable_network_policies
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 
diff --git a/locals.tf b/locals.tf
index c557545e..df4e5652 100644
--- a/locals.tf
+++ b/locals.tf
@@ -204,9 +204,9 @@ locals {
           extraIngress = var.enable_network_policies ? [
             {
               from = {
-                namespaceSelector = {
+                podSelector = {
                   matchLabels = {
-                    "app.kubernetes.io/metadata.name" = "traefik"
+                    "app" = "traefik"
                   }
                 }
               }
@@ -349,9 +349,9 @@ locals {
           extraIngress = var.enable_network_policies ? [
             {
               from = {
-                namespaceSelector = {
+                podSelector = {
                   matchLabels = {
-                    "app.kubernetes.io/metadata.name" = "traefik"
+                    "app" = "traefik"
                   }
                 }
               }
diff --git a/sks/README.adoc b/sks/README.adoc
index 45892b06..fd0b0ff6 100644
--- a/sks/README.adoc
+++ b/sks/README.adoc
@@ -344,6 +344,14 @@ Type: `bool`
 
 Default: `false`
 
+==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+
+Description: Enable or disable network policy for Thanos components.
+
+Type: `bool`
+
+Default: `false`
+
 === Outputs
 
 The following outputs are exported:
@@ -587,6 +595,12 @@ object({
 |`false`
 |no
 
+|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|Enable or disable network policy for Thanos components.
+|`bool`
+|`false`
+|no
+
 |===
 
 = Outputs
diff --git a/sks/main.tf b/sks/main.tf
index 11972a6a..01651f69 100644
--- a/sks/main.tf
+++ b/sks/main.tf
@@ -1,19 +1,19 @@
 module "thanos" {
   source = "../"
 
-  cluster_name           = var.cluster_name
-  base_domain            = var.base_domain
-  subdomain              = var.subdomain
-  argocd_project         = var.argocd_project
-  argocd_labels          = var.argocd_labels
-  destination_cluster    = var.destination_cluster
-  target_revision        = var.target_revision
-  cluster_issuer         = var.cluster_issuer
-  deep_merge_append_list = var.deep_merge_append_list
-  enable_service_monitor = var.enable_service_monitor
-  app_autosync           = var.app_autosync
-  dependency_ids         = var.dependency_ids
-  enable_network_policies  = var.enable_network_policies
+  cluster_name            = var.cluster_name
+  base_domain             = var.base_domain
+  subdomain               = var.subdomain
+  argocd_project          = var.argocd_project
+  argocd_labels           = var.argocd_labels
+  destination_cluster     = var.destination_cluster
+  target_revision         = var.target_revision
+  cluster_issuer          = var.cluster_issuer
+  deep_merge_append_list  = var.deep_merge_append_list
+  enable_service_monitor  = var.enable_service_monitor
+  app_autosync            = var.app_autosync
+  dependency_ids          = var.dependency_ids
+  enable_network_policies = var.enable_network_policies
 
   resources = var.resources
 

From 1152c0832c7cbb4058bccec2a3eb3305a4b5dd20 Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Wed, 21 Aug 2024 09:09:33 +0000
Subject: [PATCH 4/9] docs(terraform-docs): generate docs and write to
 README.adoc

---
 README.adoc      | 12 ++++++------
 aks/README.adoc  |  4 ++--
 eks/README.adoc  |  4 ++--
 kind/README.adoc |  4 ++--
 locals.tf        |  4 ++--
 sks/README.adoc  |  4 ++--
 6 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/README.adoc b/README.adoc
index df8887d3..c9cbe58f 100644
--- a/README.adoc
+++ b/README.adoc
@@ -38,10 +38,10 @@ The following providers are used by this module:
 
 - [[provider_random]] <<provider_random,random>> (>= 3)
 
-- [[provider_argocd]] <<provider_argocd,argocd>> (>= 5)
-
 - [[provider_utils]] <<provider_utils,utils>> (>= 1)
 
+- [[provider_argocd]] <<provider_argocd,argocd>> (>= 5)
+
 - [[provider_null]] <<provider_null,null>> (>= 3)
 
 === Resources
@@ -270,7 +270,7 @@ Type: `bool`
 
 Default: `false`
 
-==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 
 Description: Enable or disable network policy for Thanos components.
 
@@ -309,10 +309,10 @@ Description: ID to pass other modules in order to refer to this module as a depe
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
+|[[provider_null]] <<provider_null,null>> |>= 3
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
-|[[provider_null]] <<provider_null,null>> |>= 3
+|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |===
 
 = Resources
@@ -521,7 +521,7 @@ object({
 |`false`
 |no
 
-|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 |Enable or disable network policy for Thanos components.
 |`bool`
 |`false`
diff --git a/aks/README.adoc b/aks/README.adoc
index 75cea20b..cc18aa09 100644
--- a/aks/README.adoc
+++ b/aks/README.adoc
@@ -474,7 +474,7 @@ Type: `bool`
 
 Default: `false`
 
-==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 
 Description: Enable or disable network policy for Thanos components.
 
@@ -748,7 +748,7 @@ object({
 |`false`
 |no
 
-|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 |Enable or disable network policy for Thanos components.
 |`bool`
 |`false`
diff --git a/eks/README.adoc b/eks/README.adoc
index e69ee478..99bf000b 100644
--- a/eks/README.adoc
+++ b/eks/README.adoc
@@ -503,7 +503,7 @@ Type: `bool`
 
 Default: `false`
 
-==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 
 Description: Enable or disable network policy for Thanos components.
 
@@ -776,7 +776,7 @@ object({
 |`false`
 |no
 
-|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 |Enable or disable network policy for Thanos components.
 |`bool`
 |`false`
diff --git a/kind/README.adoc b/kind/README.adoc
index 502434f3..90d815bc 100644
--- a/kind/README.adoc
+++ b/kind/README.adoc
@@ -401,7 +401,7 @@ Type: `bool`
 
 Default: `false`
 
-==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 
 Description: Enable or disable network policy for Thanos components.
 
@@ -653,7 +653,7 @@ object({
 |`false`
 |no
 
-|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 |Enable or disable network policy for Thanos components.
 |`bool`
 |`false`
diff --git a/locals.tf b/locals.tf
index df4e5652..0c2b1cc4 100644
--- a/locals.tf
+++ b/locals.tf
@@ -203,13 +203,13 @@ locals {
           enabled = var.enable_network_policies
           extraIngress = var.enable_network_policies ? [
             {
-              from = {
+              from = [{
                 podSelector = {
                   matchLabels = {
                     "app" = "traefik"
                   }
                 }
-              }
+              }]
             }
           ] : []
         }
diff --git a/sks/README.adoc b/sks/README.adoc
index fd0b0ff6..c65df02e 100644
--- a/sks/README.adoc
+++ b/sks/README.adoc
@@ -344,7 +344,7 @@ Type: `bool`
 
 Default: `false`
 
-==== [[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+==== [[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 
 Description: Enable or disable network policy for Thanos components.
 
@@ -595,7 +595,7 @@ object({
 |`false`
 |no
 
-|[[input_network_policy_thanos]] <<input_network_policy_thanos,network_policy_thanos>>
+|[[input_enable_network_policies]] <<input_enable_network_policies,enable_network_policies>>
 |Enable or disable network policy for Thanos components.
 |`bool`
 |`false`

From f7bc36bbd03fa682a7b991d2d485fc0fc2ec5b3a Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Wed, 21 Aug 2024 11:31:48 +0000
Subject: [PATCH 5/9] docs(terraform-docs): generate docs and write to
 README.adoc

---
 README.adoc | 10 +++++-----
 locals.tf   |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/README.adoc b/README.adoc
index c9cbe58f..d4bdb179 100644
--- a/README.adoc
+++ b/README.adoc
@@ -36,13 +36,13 @@ The following requirements are needed by this module:
 
 The following providers are used by this module:
 
-- [[provider_random]] <<provider_random,random>> (>= 3)
+- [[provider_null]] <<provider_null,null>> (>= 3)
 
-- [[provider_utils]] <<provider_utils,utils>> (>= 1)
+- [[provider_random]] <<provider_random,random>> (>= 3)
 
 - [[provider_argocd]] <<provider_argocd,argocd>> (>= 5)
 
-- [[provider_null]] <<provider_null,null>> (>= 3)
+- [[provider_utils]] <<provider_utils,utils>> (>= 1)
 
 === Resources
 
@@ -309,10 +309,10 @@ Description: ID to pass other modules in order to refer to this module as a depe
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
-|[[provider_null]] <<provider_null,null>> |>= 3
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
 |[[provider_utils]] <<provider_utils,utils>> |>= 1
+|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
+|[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
 = Resources
diff --git a/locals.tf b/locals.tf
index 0c2b1cc4..1f48951e 100644
--- a/locals.tf
+++ b/locals.tf
@@ -348,13 +348,13 @@ locals {
           enabled = var.enable_network_policies
           extraIngress = var.enable_network_policies ? [
             {
-              from = {
+              from = [{
                 podSelector = {
                   matchLabels = {
                     "app" = "traefik"
                   }
                 }
-              }
+              }]
             }
           ] : []
         }

From a2002f63ab83bbdd8ae1846e25cfcbfeac9f481f Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Wed, 21 Aug 2024 11:36:34 +0000
Subject: [PATCH 6/9] docs(terraform-docs): generate docs and write to
 README.adoc

---
 README.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.adoc b/README.adoc
index d4bdb179..8ff2e817 100644
--- a/README.adoc
+++ b/README.adoc
@@ -309,10 +309,10 @@ Description: ID to pass other modules in order to refer to this module as a depe
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
+|[[provider_null]] <<provider_null,null>> |>= 3
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
-|[[provider_null]] <<provider_null,null>> |>= 3
+|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |===
 
 = Resources

From 1de35c84d4bd1f27151c0d0fbfcc2eecbc0db3d9 Mon Sep 17 00:00:00 2001
From: omohammed95 <osman.mohammed@camptocamp.com>
Date: Wed, 28 Aug 2024 16:41:26 +0200
Subject: [PATCH 7/9] feat: add namespaceSelector to loki extraIngresses

---
 locals.tf | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

diff --git a/locals.tf b/locals.tf
index 1f48951e..782afadd 100644
--- a/locals.tf
+++ b/locals.tf
@@ -204,11 +204,18 @@ locals {
           extraIngress = var.enable_network_policies ? [
             {
               from = [{
-                podSelector = {
+                namespaceSelector = {
                   matchLabels = {
-                    "app" = "traefik"
+                    "kubernetes.io/metadata.name" = "traefik"
                   }
                 }
+                },
+                {
+                  podSelector = {
+                    matchLabels = {
+                      "app" = "traefik"
+                    }
+                  }
               }]
             }
           ] : []
@@ -349,11 +356,18 @@ locals {
           extraIngress = var.enable_network_policies ? [
             {
               from = [{
-                podSelector = {
+                namespaceSelector = {
                   matchLabels = {
-                    "app" = "traefik"
+                    "kubernetes.io/metadata.name" = "traefik"
                   }
                 }
+                },
+                {
+                  podSelector = {
+                    matchLabels = {
+                      "app" = "traefik"
+                    }
+                  }
               }]
             }
           ] : []

From caf8b864ca6751c5b65a2a037587eb23f886aa3e Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Wed, 28 Aug 2024 14:41:54 +0000
Subject: [PATCH 8/9] docs(terraform-docs): generate docs and write to
 README.adoc

---
 README.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.adoc b/README.adoc
index 8ff2e817..d4bdb179 100644
--- a/README.adoc
+++ b/README.adoc
@@ -309,10 +309,10 @@ Description: ID to pass other modules in order to refer to this module as a depe
 [cols="a,a",options="header,autowidth"]
 |===
 |Name |Version
-|[[provider_null]] <<provider_null,null>> |>= 3
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
 |[[provider_utils]] <<provider_utils,utils>> |>= 1
+|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
+|[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
 = Resources

From 50c4af545d3ab908adac4728d4a7a3435571d735 Mon Sep 17 00:00:00 2001
From: omohammed95 <omohammed95@users.noreply.github.com>
Date: Tue, 22 Oct 2024 09:10:13 +0000
Subject: [PATCH 9/9] docs(terraform-docs): generate docs and write to
 README.adoc

---
 README.adoc      | 7 +++----
 aks/README.adoc  | 4 ++--
 eks/README.adoc  | 4 ++--
 kind/README.adoc | 4 ++--
 sks/README.adoc  | 4 ++--
 5 files changed, 11 insertions(+), 12 deletions(-)

diff --git a/README.adoc b/README.adoc
index d869f2cf..eefe6f75 100644
--- a/README.adoc
+++ b/README.adoc
@@ -114,7 +114,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -310,9 +310,8 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |===
 |Name |Version
 |[[provider_random]] <<provider_random,random>> |>= 3
-|[[provider_utils]] <<provider_utils,utils>> |>= 1
-|[[provider_argocd]] <<provider_argocd,argocd>> |>= 5
 |[[provider_argocd]] <<provider_argocd,argocd>> |>= 6
+|[[provider_utils]] <<provider_utils,utils>> |>= 1
 |[[provider_null]] <<provider_null,null>> |>= 3
 |===
 
@@ -374,7 +373,7 @@ Description: ID to pass other modules in order to refer to this module as a depe
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
diff --git a/aks/README.adoc b/aks/README.adoc
index e1f10d0f..afa58bf1 100644
--- a/aks/README.adoc
+++ b/aks/README.adoc
@@ -318,7 +318,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -600,7 +600,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
diff --git a/eks/README.adoc b/eks/README.adoc
index e64864dd..f85e4505 100644
--- a/eks/README.adoc
+++ b/eks/README.adoc
@@ -347,7 +347,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -628,7 +628,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
diff --git a/kind/README.adoc b/kind/README.adoc
index 72d150d9..204e9158 100644
--- a/kind/README.adoc
+++ b/kind/README.adoc
@@ -245,7 +245,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -505,7 +505,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
diff --git a/sks/README.adoc b/sks/README.adoc
index f548667d..3323965f 100644
--- a/sks/README.adoc
+++ b/sks/README.adoc
@@ -188,7 +188,7 @@ Description: Override of target revision of the application chart.
 
 Type: `string`
 
-Default: `"v7.0.0"`
+Default: `"v7.0.1"`
 
 ==== [[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>
 
@@ -447,7 +447,7 @@ object({
 |[[input_target_revision]] <<input_target_revision,target_revision>>
 |Override of target revision of the application chart.
 |`string`
-|`"v7.0.0"`
+|`"v7.0.1"`
 |no
 
 |[[input_cluster_issuer]] <<input_cluster_issuer,cluster_issuer>>