From c37c20818d0a8772633c22ae9d09a8e3a588f79f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Moritz=20J=C3=B6rg?= Date: Fri, 26 Sep 2025 16:33:02 +0200 Subject: [PATCH] fix: Add cnps for slurm --- .../CiliumNetworkPolicy-allow-api-server.yaml | 8 ++------ ...umNetworkPolicy-allow-host-to-mariadb.yaml | 14 +++++++++++++ ...etworkPolicy-allow-prometheus-metrics.yaml | 19 ++++++++++++++++++ ...workPolicy-allow-remote-node-webhooks.yaml | 20 +++++++++++++++++++ 4 files changed, 55 insertions(+), 6 deletions(-) create mode 100644 values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml create mode 100644 values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml create mode 100644 values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml diff --git a/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml index 97ff48c6..16b530de 100644 --- a/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml +++ b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml @@ -3,16 +3,12 @@ apiVersion: cilium.io/v2 kind: CiliumNetworkPolicy metadata: name: allow-api-server - namespace: slinky + namespace: slurm-operator spec: egress: - toEntities: - kube-apiserver - toPorts: - - ports: - - port: "6443" - protocol: TCP endpointSelector: matchLabels: app.kubernetes.io/instance: slurm-operator -{{- end }} +{{- end}} diff --git a/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml new file mode 100644 index 00000000..177eda37 --- /dev/null +++ b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml @@ -0,0 +1,14 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-host-to-mariadb + namespace: slurm-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEntities: + - host +{{- end}} diff --git a/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml new file mode 100644 index 00000000..4c5b4056 --- /dev/null +++ b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml @@ -0,0 +1,19 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-prometheus-metrics + namespace: slurm-operator +spec: + endpointSelector: + matchLabels: + app.kubernetes.io/instance: slurm-operator + ingress: + - fromEndpoints: + - matchLabels: + io.kubernetes.pod.namespace: prometheus + toPorts: + - ports: + - port: "8080" + protocol: TCP +{{- end}} diff --git a/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml new file mode 100644 index 00000000..aea10d4b --- /dev/null +++ b/values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml @@ -0,0 +1,20 @@ +{{- if .Values.clusterConfig.cilium.enabled }} +apiVersion: cilium.io/v2 +kind: CiliumNetworkPolicy +metadata: + name: allow-remote-node-webhooks + namespace: slurm-operator +spec: + endpointSelector: + matchLabels: {} + ingress: + - fromEntities: + - kube-apiserver + - remote-node + toPorts: + - ports: + - port: "443" + protocol: TCP + - port: "9443" + protocol: TCP +{{- end}}