fix: Add cnps for slurm

2025-09-26 16:33:02 +02:00
parent a70177052b
commit c37c20818d
4 changed files with 55 additions and 6 deletions
@@ -3,16 +3,12 @@ apiVersion: cilium.io/v2
 kind: CiliumNetworkPolicy
 metadata:
  name: allow-api-server
-  namespace: slinky
+  namespace: slurm-operator
 spec:
  egress:
    - toEntities:
        - kube-apiserver
-      toPorts:
-        - ports:
-            - port: "6443"
-              protocol: TCP
  endpointSelector:
    matchLabels:
      app.kubernetes.io/instance: slurm-operator
-{{- end }}
+{{- end}}
@@ -0,0 +1,14 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-host-to-mariadb
+  namespace: slurm-operator
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: slurm-operator
+  ingress:
+    - fromEntities:
+        - host
+{{- end}}
@@ -0,0 +1,19 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-prometheus-metrics
+  namespace: slurm-operator
+spec:
+  endpointSelector:
+    matchLabels:
+      app.kubernetes.io/instance: slurm-operator
+  ingress:
+    - fromEndpoints:
+        - matchLabels:
+            io.kubernetes.pod.namespace: prometheus
+      toPorts:
+        - ports:
+            - port: "8080"
+              protocol: TCP
+{{- end}}
@@ -0,0 +1,20 @@
+{{- if .Values.clusterConfig.cilium.enabled }}
+apiVersion: cilium.io/v2
+kind: CiliumNetworkPolicy
+metadata:
+  name: allow-remote-node-webhooks
+  namespace: slurm-operator
+spec:
+  endpointSelector:
+    matchLabels: {}
+  ingress:
+    - fromEntities:
+        - kube-apiserver
+        - remote-node
+      toPorts:
+        - ports:
+            - port: "443"
+              protocol: TCP
+            - port: "9443"
+              protocol: TCP
+{{- end}}