connectivity: include k8s-app=coredns matchLabels

A few policy tests explicitly allow egress to CoreDNS, using an ancient label selector that can't necessarily be relied on. Interestingly, some of the tests (such as client-egress-to-fqdns-one-one-one-one), already had network policies that included a label selector for k8s-app=coredns in addition to k8s-app=kube-dns, but not all. Signed-off-by: Sam Day <[email protected]>
cilium · Feb 1, 2022 · 4cc839f · 4cc839f
1 parent 79e9ae2
commit 4cc839f
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 0 deletions.
diff --git a/connectivity/manifests/client-egress-only-dns.yaml b/connectivity/manifests/client-egress-only-dns.yaml
@@ -19,3 +19,6 @@ spec:
     - matchLabels:
         k8s:io.kubernetes.pod.namespace: kube-system
         k8s:k8s-app: kube-dns
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: kube-system
+        k8s:k8s-app: coredns
diff --git a/connectivity/manifests/client-egress-to-echo.yaml b/connectivity/manifests/client-egress-to-echo.yaml
@@ -24,3 +24,6 @@ spec:
     - matchLabels:
         k8s:io.kubernetes.pod.namespace: kube-system
         k8s:k8s-app: kube-dns
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: kube-system
+        k8s:k8s-app: coredns
diff --git a/connectivity/manifests/client-egress-to-entities-world.yaml b/connectivity/manifests/client-egress-to-entities-world.yaml
@@ -18,6 +18,9 @@ spec:
     - matchLabels:
         k8s:io.kubernetes.pod.namespace: kube-system
         k8s-app: kube-dns
+    - matchLabels:
+        k8s:io.kubernetes.pod.namespace: kube-system
+        k8s:k8s-app: coredns
     toPorts:
     - ports:
       - port: "53"