Skip to content

feat(chart): add NetworkPolicy templates for all Slurm components #166

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
giuliocalzo wants to merge 5 commits into
base: main
Choose a base branch
from
Open

feat(chart): add NetworkPolicy templates for all Slurm components #166

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
b89d01c
feat(chart): add NetworkPolicy templates for all Slurm components
giuliocalzo Apr 1, 2026
8410343
feat(chart): per-instance NetworkPolicy for loginsets and nodesets
giuliocalzo Apr 1, 2026
27f5db4
feat(chart): add srun/sacct flows and instance-scoped selectors
giuliocalzo Apr 8, 2026
d96e352
feat(chart): use per-instance app.kubernetes.io/instance in all selec…
giuliocalzo Apr 8, 2026
7c9f442
Merge branch 'main' into feat/helm-networkpolicy
giuliocalzo Apr 13, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
56 changes: 56 additions & 0 deletions helm/slurm-operator/templates/networkpolicy/operator-netpol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
{{- /*
SPDX-FileCopyrightText: Copyright (C) SchedMD LLC.
SPDX-License-Identifier: Apache-2.0
*/}}

{{- if and .Values.networkPolicy.enabled .Values.operator.enabled .Values.operator.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "slurm-operator.name" . }}
namespace: {{ include "slurm-operator.namespace" . }}
labels:
{{- include "slurm-operator.operator.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "slurm-operator.operator.selectorLabels" . | nindent 6 }}
policyTypes:
- Ingress
- Egress
ingress:
{{- if ne (int .Values.operator.metricsPort) 0 }}
- ports:
- protocol: TCP
port: {{ .Values.operator.metricsPort | default 8080 }}
{{- end }}
{{- with .Values.networkPolicy.extraIngress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.operator.networkPolicy.extraIngress }}
{{- toYaml . | nindent 4 }}
{{- end }}
egress:
- ports:
- protocol: TCP
port: 443
- ports:
- protocol: TCP
port: 6820
to:
- namespaceSelector: {}
podSelector:
matchLabels:
app.kubernetes.io/name: slurmrestd
- ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 53
{{- with .Values.networkPolicy.extraEgress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.operator.networkPolicy.extraEgress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
51 changes: 51 additions & 0 deletions helm/slurm-operator/templates/networkpolicy/webhook-netpol.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,51 @@
{{- /*
SPDX-FileCopyrightText: Copyright (C) SchedMD LLC.
SPDX-License-Identifier: Apache-2.0
*/}}

{{- if and .Values.networkPolicy.enabled .Values.webhook.enabled .Values.webhook.networkPolicy.enabled }}
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
name: {{ include "slurm-operator.webhook.name" . }}
namespace: {{ include "slurm-operator.namespace" . }}
labels:
{{- include "slurm-operator.webhook.labels" . | nindent 4 }}
spec:
podSelector:
matchLabels:
{{- include "slurm-operator.webhook.selectorLabels" . | nindent 6 }}
policyTypes:
- Ingress
- Egress
ingress:
- ports:
- protocol: TCP
port: {{ .Values.webhook.serverPort | default 9443 }}
{{- if ne (int .Values.webhook.metricsPort) 0 }}
- ports:
- protocol: TCP
port: {{ .Values.webhook.metricsPort }}
{{- end }}
{{- with .Values.networkPolicy.extraIngress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.networkPolicy.extraIngress }}
{{- toYaml . | nindent 4 }}
{{- end }}
egress:
- ports:
- protocol: TCP
port: 443
- ports:
- protocol: UDP
port: 53
- protocol: TCP
port: 53
{{- with .Values.networkPolicy.extraEgress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- with .Values.webhook.networkPolicy.extraEgress }}
{{- toYaml . | nindent 4 }}
{{- end }}
{{- end }}
78 changes: 78 additions & 0 deletions helm/slurm-operator/tests/__snapshot__/networkpolicy_test.yaml.snap
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,78 @@
operator manifest should match snapshot:
1: |
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: test-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: slurm-operator
app.kubernetes.io/part-of: slurm-operator
app.kubernetes.io/version: 1.2.3
helm.sh/chart: slurm-operator-1.2.3
name: slurm-operator
namespace: test-namespace
spec:
egress:
- ports:
- port: 443
protocol: TCP
- ports:
- port: 6820
protocol: TCP
to:
- namespaceSelector: {}
podSelector:
matchLabels:
app.kubernetes.io/name: slurmrestd
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
ingress:
- ports:
- port: 8080
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: test-release
app.kubernetes.io/name: slurm-operator
policyTypes:
- Ingress
- Egress
webhook manifest should match snapshot:
1: |
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
labels:
app.kubernetes.io/instance: test-release
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/name: slurm-operator-webhook
app.kubernetes.io/part-of: slurm-operator
app.kubernetes.io/version: 1.2.3
helm.sh/chart: slurm-operator-1.2.3
name: slurm-operator-webhook
namespace: test-namespace
spec:
egress:
- ports:
- port: 443
protocol: TCP
- ports:
- port: 53
protocol: UDP
- port: 53
protocol: TCP
ingress:
- ports:
- port: 9443
protocol: TCP
podSelector:
matchLabels:
app.kubernetes.io/instance: test-release
app.kubernetes.io/name: slurm-operator-webhook
policyTypes:
- Ingress
- Egress
Loading