Add NetworkPolicy ingress rules for Grafana datasource access

- Allow Grafana to query Tempo on port 3200
- Allow Grafana to scrape OTEL Collector metrics on port 8888
- Fixes datasource connectivity from Grafana UI

Author: Ladas

components/02-observability/networkpolicies.yaml

@@ -50,6 +50,15 @@ spec:
     - protocol: TCP
       port: 3200  # UI
 
+  # Allow from Grafana (same namespace, datasource queries)
+  - from:
+    - podSelector:
+        matchLabels:
+          app: grafana
+    ports:
+    - protocol: TCP
+      port: 3200  # Query API
+
   egress:
   # Allow DNS
   - to:
@@ -191,6 +200,15 @@ spec:
     - protocol: TCP
       port: 8888  # Metrics
 
+  # Allow from Grafana (metrics scraping for datasource)
+  - from:
+    - podSelector:
+        matchLabels:
+          app: grafana
+    ports:
+    - protocol: TCP
+      port: 8888  # Metrics
+
   egress:
   # Allow to Tempo (export infrastructure traces)
   - to: