From bdc1bc382010cedf959908453b7ca047245bb0b7 Mon Sep 17 00:00:00 2001
From: JJGadgets <git@jjgadgets.tech>
Date: Sat, 13 May 2023 05:32:00 +0800
Subject: [PATCH] fix(rook-ceph): netpol allow CNPG to RGW

Signed-off-by: JJGadgets <git@jjgadgets.tech>
---
 .../1-core/02-storage/rook-ceph/app/netpol.yaml        | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml b/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml
index 78fa4a5c..28306d4e 100644
--- a/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml
+++ b/kube/3-deploy/1-core/02-storage/rook-ceph/app/netpol.yaml
@@ -35,6 +35,7 @@ spec:
   endpointSelector:
     matchLabels:
       app.kubernetes.io/name: *app
+      rook_object_store: "${CLUSTER_NAME_LOWER}"
   ingress:
     # ingress controller
     - fromEndpoints:
@@ -45,11 +46,20 @@ spec:
       toPorts:
         - ports:
             - port: "6953"
+              protocol: TCP
+            - port: "6953"
+              protocol: UDP
+            - port: "8080"
+              protocol: TCP
+            - port: "8080"
+              protocol: UDP
     # allow CNPG to connect
     - fromEndpoints:
         - matchExpressions:
             - key: cnpg.io/cluster
               operator: Exists
+            - key: io.kubernetes.pod.namespace
+              operator: Exists
       toPorts:
         - ports:
             - port: "6953"