From 991afc4f725251199e151ee71cc47580672b9a51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Mon, 10 Nov 2025 17:09:26 +0100 Subject: [PATCH] fix(spegel): Correct policies --- .../CiliumNetworkPolicy-allow-api-server.yaml | 4 ++-- ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 ------------- ...etworkPolicy-allow-prometheus-metrics.yaml | 4 ++-- ...workPolicy-allow-remote-node-webhooks.yaml | 20 ------------------- 4 files changed, 4 insertions(+), 38 deletions(-) delete mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml delete mode 100644 values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml index e2c3ec2c..5145c28c 100644 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -3,12 +3,12 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-api-server - namespace: slinky + namespace: spegel spec: egress: - toEntities: - kube-apiserver endpointSelector: matchLabels: - app.kubernetes.io/instance: slurm-operator + app.kubernetes.io/instance: spegel {{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml deleted file mode 100644 index 11af8379..00000000 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml +++ /dev/null @@ -1,14 +0,0 @@ -{{- if .Values.clusterConfig.cilium.enabled }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-host-to-slurm-operator - namespace: slinky -spec: - endpointSelector: - matchLabels: - app.kubernetes.io/instance: slurm-operator - ingress: - - fromEntities: - - host -{{- end}} diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml index 2974ce11..97f7abca 100644 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml +++ b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -3,11 +3,11 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-prometheus-metrics - namespace: slinky + namespace: spegel spec: endpointSelector: matchLabels: - app.kubernetes.io/instance: slurm-operator + app.kubernetes.io/instance: spegel ingress: - fromEndpoints: - matchLabels: diff --git a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml deleted file mode 100644 index f167c211..00000000 --- a/values/spegel/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml +++ /dev/null @@ -1,20 +0,0 @@ -{{- if .Values.clusterConfig.cilium.enabled }} -apiVersion: cilium.io/v2 -kind: CiliumNetworkPolicy -metadata: - name: allow-remote-node-webhooks - namespace: slinky -spec: - endpointSelector: - matchLabels: {} - ingress: - - fromEntities: - - kube-apiserver - - remote-node - toPorts: - - ports: - - port: "443" - protocol: TCP - - port: "9443" - protocol: TCP -{{- end}}