Skip to content

Commit

Permalink
fix(connectivity): Add node-local-dns entitiy match for local ip usag…
Browse files Browse the repository at this point in the history
…e case

Signed-off-by: eminaktas <[email protected]>
  • Loading branch information
eminaktas authored and tklauser committed Jan 24, 2023
1 parent a9eada1 commit e6ef23e
Show file tree
Hide file tree
Showing 7 changed files with 68 additions and 13 deletions.
1 change: 1 addition & 0 deletions .gitignore
Original file line number Diff line number Diff line change
Expand Up @@ -24,3 +24,4 @@ cilium-sysdump-*.zip

# Editor metas
.vscode/
.idea/
10 changes: 10 additions & 0 deletions connectivity/manifests/allow-all-except-world-pre-v1.11.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,16 @@ spec:
- health
- toEndpoints:
- {}
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world
ingress:
- fromEntities:
- host
Expand Down
12 changes: 11 additions & 1 deletion connectivity/manifests/allow-all-except-world.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,17 @@ spec:
- health
- kube-apiserver
- toEndpoints:
- {}
- {}
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world
ingress:
- fromEntities:
- host
Expand Down
22 changes: 13 additions & 9 deletions connectivity/manifests/client-egress-only-dns.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,16 @@ spec:
dns:
- matchPattern: "*"
toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: coredns
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: node-local-dns
- matchExpressions:
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
- { key: 'io.kubernetes.pod.namespace', operator: In, values: [ "kube-system" ] }
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world
12 changes: 11 additions & 1 deletion connectivity/manifests/client-egress-to-echo.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -21,5 +21,15 @@ spec:
protocol: ANY
toEndpoints:
- matchExpressions:
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns" ] }
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
- { key: 'io.kubernetes.pod.namespace', operator: In, values: [ "kube-system" ] }
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world
12 changes: 11 additions & 1 deletion connectivity/manifests/client-egress-to-entities-world.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -15,9 +15,19 @@ spec:
protocol: TCP
- toEndpoints:
- matchExpressions:
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns" ] }
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
- { key: 'io.kubernetes.pod.namespace', operator: In, values: [ "kube-system" ] }
toPorts:
- ports:
- port: "53"
protocol: ANY
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world
Original file line number Diff line number Diff line change
Expand Up @@ -26,5 +26,15 @@ spec:
- matchPattern: "*"
toEndpoints:
- matchExpressions:
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns" ] }
- { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
- { key: 'io.kubernetes.pod.namespace', operator: In, values: [ "kube-system" ] }
# When node-local-dns is deployed with local IP,
# Cilium labels its ip as world.
# This change prevents failing the connectivity
# test for such environments.
- toPorts:
- ports:
- port: "53"
protocol: UDP
toEntities:
- world

0 comments on commit e6ef23e

Please sign in to comment.