[kubernetes] Fix CiliumNetworkPolicy endpointSelector for multi-node RWX volumes by mattia-eleuteri · Pull Request #2227

[kubernetes] Fix CiliumNetworkPolicy endpointSelector for multi-node RWX volumes by mattia-eleuteri · Pull Request #2227 · cozystack/cozystack

dosubot bot added size:M

This PR changes 30-99 lines, ignoring generated files.

bug

Something isn't working

labels

Mar 16, 2026

mattia-eleuteri changed the title ~~fix(kubernetes): update CNP endpointSelector for multi-node RWX volumes~~ [kubernetes] Fix CiliumNetworkPolicy endpointSelector for multi-node RWX volumes

Mar 16, 2026

…RWX volumes

When an NFS-backed RWX volume is published to multiple VMs, the
CiliumNetworkPolicy egress rule only allowed traffic from the first VM.
The endpointSelector.matchLabels was set once on creation and never
broadened, causing NFS mounts to hang on all nodes except the first.

Switch from matchLabels to matchExpressions (operator: In) so the
selector can list multiple VM names. Rebuild the selector whenever
ownerReferences are added or removed.

Signed-off-by: mattia-eleuteri <mattia@hidora.io>

dosubot bot added the lgtm

This PR has been approved by a maintainer

label

Mar 16, 2026

This was referenced

Mar 16, 2026

kvaps added a commit that referenced this pull request

Mar 17, 2026

…elector for multi-node RWX volumes (#2228)

# Description
Backport of #2227 to `release-1.0`.

kvaps added a commit that referenced this pull request

Mar 17, 2026

…elector for multi-node RWX volumes (#2229)

# Description
Backport of #2227 to `release-1.1`.