[Backport release-1.0] [kubernetes] Fix CiliumNetworkPolicy endpointSelector for multi-node RWX volumes by github-actions[bot] · Pull Request #2228 · cozystack/cozystack
…RWX volumes When an NFS-backed RWX volume is published to multiple VMs, the CiliumNetworkPolicy egress rule only allowed traffic from the first VM. The endpointSelector.matchLabels was set once on creation and never broadened, causing NFS mounts to hang on all nodes except the first. Switch from matchLabels to matchExpressions (operator: In) so the selector can list multiple VM names. Rebuild the selector whenever ownerReferences are added or removed. Signed-off-by: mattia-eleuteri <mattia@hidora.io> (cherry picked from commit cc5ec0b)
This PR changes 30-99 lines, ignoring generated files.
label
Mar 16, 2026
kvaps
deleted the
backport-2227-to-release-1.0
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode characters