fix(rook-ceph): netpol allow CNPG to RGW

Signed-off-by: JJGadgets <git@jjgadgets.tech>
2026-03-20 15:39:33 +00:00 · 2023-05-13 05:32:00 +08:00
parent 4579962adf
commit bdc1bc3820
1 changed files with 10 additions and 0 deletions
--- a/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml
+++ b/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml
@@ -35,6 +35,7 @@ spec:
  endpointSelector:
    matchLabels:
      app.kubernetes.io/name: *app
+      rook_object_store: "${CLUSTER_NAME_LOWER}"
  ingress:
    # ingress controller
    - fromEndpoints:
@@ -45,11 +46,20 @@ spec:
      toPorts:
        - ports:
            - port: "6953"
+              protocol: TCP
+            - port: "6953"
+              protocol: UDP
+            - port: "8080"
+              protocol: TCP
+            - port: "8080"
+              protocol: UDP
    # allow CNPG to connect
    - fromEndpoints:
        - matchExpressions:
            - key: cnpg.io/cluster
              operator: Exists
+            - key: io.kubernetes.pod.namespace
+              operator: Exists
      toPorts:
        - ports:
            - port: "6953"