platform/manifests
1
0
Fork 0
Code Issues 7 Pull Requests 5 Actions Packages Projects Releases Wiki Activity

fix: Add cnps for slurm

Browse Source
This commit is contained in:
Moritz Jörg
2025-09-26 16:33:02 +02:00
parent a70177052b
commit c37c20818d
4 changed files with 55 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files
values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-api-server.yaml
+2 -6
View File
@@ -3,16 +3,12 @@ apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy kind: CiliumNetworkPolicy
metadata: metadata:
name: allow-api-server name: allow-api-server
namespace: slinky namespace: slurm-operator
spec: spec:
egress: egress:
- toEntities: - toEntities:
- kube-apiserver - kube-apiserver
toPorts:
- ports:
- port: "6443"
protocol: TCP
endpointSelector: endpointSelector:
matchLabels: matchLabels:
app.kubernetes.io/instance: slurm-operator app.kubernetes.io/instance: slurm-operator
{{- end }} {{- end}}
values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-host-to-mariadb.yaml
+14
View File
@@ -0,0 +1,14 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-host-to-mariadb
namespace: slurm-operator
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: slurm-operator
ingress:
- fromEntities:
- host
{{- end}}
values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-prometheus-metrics.yaml
+19
View File
@@ -0,0 +1,19 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-prometheus-metrics
namespace: slurm-operator
spec:
endpointSelector:
matchLabels:
app.kubernetes.io/instance: slurm-operator
ingress:
- fromEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: prometheus
toPorts:
- ports:
- port: "8080"
protocol: TCP
{{- end}}
values/slurm-operator/manifests/policies/CiliumNetworkPolicy-allow-remote-node-webhooks.yaml
+20
View File
@@ -0,0 +1,20 @@
{{- if .Values.clusterConfig.cilium.enabled }}
apiVersion: cilium.io/v2
kind: CiliumNetworkPolicy
metadata:
name: allow-remote-node-webhooks
namespace: slurm-operator
spec:
endpointSelector:
matchLabels: {}
ingress:
- fromEntities:
- kube-apiserver
- remote-node
toPorts:
- ports:
- port: "443"
protocol: TCP
- port: "9443"
protocol: TCP
{{- end}}