Skip to content

Commit

Permalink
fix(connectivity): add dns rules and change protocol to ANY
Browse files Browse the repository at this point in the history
Signed-off-by: Emin Aktaş <[email protected]>
Signed-off-by: Emin Aktas <[email protected]>
  • Loading branch information
eminaktas authored and squeed committed Nov 8, 2023
1 parent 359ef3a commit 6a29b6b
Show file tree
Hide file tree
Showing 6 changed files with 34 additions and 8 deletions.
8 changes: 5 additions & 3 deletions connectivity/manifests/allow-all-except-world.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -19,9 +19,11 @@ spec:
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
toEntities:
- world
ingress:
Expand Down
4 changes: 3 additions & 1 deletion connectivity/manifests/client-egress-l7-tls.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,9 @@ specs:
- toPorts:
- ports:
- port: "53"
protocol: ANY
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
Expand Down
9 changes: 8 additions & 1 deletion connectivity/manifests/client-egress-only-dns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,9 @@ spec:
- toPorts:
- ports:
- port: "53"
protocol: ANY
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
Expand All @@ -26,5 +28,10 @@ spec:
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
toEntities:
- world
6 changes: 5 additions & 1 deletion connectivity/manifests/client-egress-to-echo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,9 @@ spec:
- toPorts:
- ports:
- port: "53"
protocol: ANY
protocol: UDP
- port: "53"
protocol: TCP
toEndpoints:
- matchExpressions:
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
Expand All @@ -31,5 +33,7 @@ spec:
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
toEntities:
- world
6 changes: 5 additions & 1 deletion connectivity/manifests/client-egress-to-entities-world.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ spec:
toPorts:
- ports:
- port: "53"
protocol: ANY
protocol: UDP
- port: "53"
protocol: TCP
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
Expand All @@ -29,5 +31,7 @@ spec:
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
toEntities:
- world
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,9 @@ spec:
- toPorts:
- ports:
- port: "53"
protocol: ANY
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
Expand All @@ -36,5 +38,10 @@ spec:
- ports:
- port: "53"
protocol: UDP
- port: "53"
protocol: TCP
rules:
dns:
- matchPattern: "*"
toEntities:
- world

0 comments on commit 6a29b6b

Please sign in to comment.