From 8d7ddd488a4508de862a43ae99b838db102049f4 Mon Sep 17 00:00:00 2001 From: Sam Day Date: Tue, 1 Feb 2022 08:15:52 +0100 Subject: [PATCH] connectivity: include k8s-app=coredns matchLabels A few policy tests explicitly allow egress to CoreDNS, using an ancient label selector that can't necessarily be relied on. Interestingly, some of the tests (such as client-egress-to-fqdns-one-one-one-one), already had network policies that included a label selector for k8s-app=coredns in addition to k8s-app=kube-dns, but not all. --- connectivity/manifests/client-egress-only-dns.yaml | 3 +++ connectivity/manifests/client-egress-to-echo.yaml | 3 +++ connectivity/manifests/client-egress-to-entities-world.yaml | 3 +++ 3 files changed, 9 insertions(+) diff --git a/connectivity/manifests/client-egress-only-dns.yaml b/connectivity/manifests/client-egress-only-dns.yaml index 2fadec4cf0..471ca49a78 100644 --- a/connectivity/manifests/client-egress-only-dns.yaml +++ b/connectivity/manifests/client-egress-only-dns.yaml @@ -19,3 +19,6 @@ spec: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns + - matchLabels: + k8s:io.kubernetes.pod.namespace: kube-system + k8s:k8s-app: coredns diff --git a/connectivity/manifests/client-egress-to-echo.yaml b/connectivity/manifests/client-egress-to-echo.yaml index 28addb460c..8f3394c5a3 100644 --- a/connectivity/manifests/client-egress-to-echo.yaml +++ b/connectivity/manifests/client-egress-to-echo.yaml @@ -24,3 +24,6 @@ spec: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s:k8s-app: kube-dns + - matchLabels: + k8s:io.kubernetes.pod.namespace: kube-system + k8s:k8s-app: coredns diff --git a/connectivity/manifests/client-egress-to-entities-world.yaml b/connectivity/manifests/client-egress-to-entities-world.yaml index d97962195a..01c2f0e09a 100644 --- a/connectivity/manifests/client-egress-to-entities-world.yaml +++ b/connectivity/manifests/client-egress-to-entities-world.yaml @@ -18,6 +18,9 @@ spec: - matchLabels: k8s:io.kubernetes.pod.namespace: kube-system k8s-app: kube-dns + - matchLabels: + k8s:io.kubernetes.pod.namespace: kube-system + k8s:k8s-app: coredns toPorts: - ports: - port: "53"