From 6993f51ef7ba95db1ccca9558e0e9a7a7aff1d6a Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sun, 14 Dec 2025 15:08:44 -0300
Subject: [PATCH] gitops-ui: allow acme solver ingress from traefik

---
 services/gitops-ui/kustomization.yaml      |  1 +
 services/gitops-ui/networkpolicy-acme.yaml | 17 +++++++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100644 services/gitops-ui/networkpolicy-acme.yaml

diff --git a/services/gitops-ui/kustomization.yaml b/services/gitops-ui/kustomization.yaml
index fad837d..a86611a 100644
--- a/services/gitops-ui/kustomization.yaml
+++ b/services/gitops-ui/kustomization.yaml
@@ -6,3 +6,4 @@ resources:
   - source.yaml
   - helmrelease.yaml
   - certificate.yaml
+  - networkpolicy-acme.yaml
diff --git a/services/gitops-ui/networkpolicy-acme.yaml b/services/gitops-ui/networkpolicy-acme.yaml
new file mode 100644
index 0000000..a7a5063
--- /dev/null
+++ b/services/gitops-ui/networkpolicy-acme.yaml
@@ -0,0 +1,17 @@
+# services/gitops-ui/networkpolicy-acme.yaml
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: allow-acme-solver
+  namespace: flux-system
+spec:
+  podSelector:
+    matchLabels:
+      acme.cert-manager.io/http01-solver: "true"
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: traefik