From f67c85cba96591fb677ce12a1c6c66cc20a5582f Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Tue, 2 Apr 2024 02:20:23 +0800
Subject: [PATCH] fix(rook-ceph): RGW hostNetwork netpols

---
 .rtx.toml                                          |  1 +
 kube/deploy/core/storage/rook-ceph/app/netpol.yaml | 13 ++++++++++++-
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/.rtx.toml b/.rtx.toml
index eb4ed864..1975cf38 100644
--- a/.rtx.toml
+++ b/.rtx.toml
@@ -15,6 +15,7 @@ talhelper = ["1.16.2"]
 cilium-cli= ["0.15.14"]
 1password-cli = ["2.24.0"]
 restic = ["0.16.4"]
+k9s = ["0.32.4"]
 
 #pulumi = ["3.95.0"]
 
diff --git a/kube/deploy/core/storage/rook-ceph/app/netpol.yaml b/kube/deploy/core/storage/rook-ceph/app/netpol.yaml
index c087d9b2..57eea7a6 100644
--- a/kube/deploy/core/storage/rook-ceph/app/netpol.yaml
+++ b/kube/deploy/core/storage/rook-ceph/app/netpol.yaml
@@ -52,6 +52,17 @@ spec:
             io.kubernetes.pod.namespace: rook-ceph
     - toFQDNs:
         - matchName: "rgw-biohazard.${DNS_TS}"
+    - toCIDRSet:
+        - cidr: "${IP_VLAN_CEPH_CIDR}"
+      toPorts:
+        - ports:
+            - port: "6953"
+    - toEntities:
+        - "host"
+        - "remote-node"
+      toPorts:
+        - ports:
+            - port: "6953"
 ---
 # yaml-language-server: $schema=https://raw.githubusercontent.com/datreeio/CRDs-catalog/main/cilium.io/ciliumnetworkpolicy_v2.json
 apiVersion: cilium.io/v2
@@ -86,4 +97,4 @@ spec:
             s3.home.arpa/store: rgw-${CLUSTER_NAME}
         - matchExpressions:
             - key: io.kubernetes.pod.namespace
-              operator: Exists
\ No newline at end of file
+              operator: Exists