From 76bbe4dfea669f693e5432cd834e4bd69f71b59e Mon Sep 17 00:00:00 2001
From: MichaelFisher1997 <contact@michaelfisher.tech>
Date: Tue, 5 May 2026 05:14:36 +0000
Subject: [PATCH] fix: allow tailnet access to flux ui

---
 .../addons/flux-ui/kustomization.yaml         |  1 +
 .../networkpolicy-weave-gitops-tailscale.yaml | 19 +++++++++++++++++++
 2 files changed, 20 insertions(+)
 create mode 100644 infrastructure/addons/flux-ui/networkpolicy-weave-gitops-tailscale.yaml

diff --git a/infrastructure/addons/flux-ui/kustomization.yaml b/infrastructure/addons/flux-ui/kustomization.yaml
index 731e252..d143ce2 100644
--- a/infrastructure/addons/flux-ui/kustomization.yaml
+++ b/infrastructure/addons/flux-ui/kustomization.yaml
@@ -3,4 +3,5 @@ kind: Kustomization
 resources:
   - ocirepository-weave-gitops.yaml
   - helmrelease-weave-gitops.yaml
+  - networkpolicy-weave-gitops-tailscale.yaml
   - weave-gitops-tailscale-service.yaml
diff --git a/infrastructure/addons/flux-ui/networkpolicy-weave-gitops-tailscale.yaml b/infrastructure/addons/flux-ui/networkpolicy-weave-gitops-tailscale.yaml
new file mode 100644
index 0000000..b1d21fa
--- /dev/null
+++ b/infrastructure/addons/flux-ui/networkpolicy-weave-gitops-tailscale.yaml
@@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  name: weave-gitops-tailscale-ingress
+  namespace: flux-system
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: weave-gitops
+  policyTypes:
+    - Ingress
+  ingress:
+    - from:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: tailscale-system
+      ports:
+        - protocol: TCP
+          port: 9001