From ca6d76ba4606bd9060cf0b71ab3151a497727d61 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Emin=20Akta=C5=9F?= <eminaktas34@gmail.com>
Date: Fri, 17 Feb 2023 18:58:42 +0300
Subject: [PATCH] fix(connectivity): add dns rules and change protocol to ANY
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Emin Aktaş <eminaktas34@gmail.com>
Signed-off-by: Emin Aktas <eminaktas34@gmail.com>
---
 connectivity/manifests/allow-all-except-world.yaml       | 8 +++++---
 connectivity/manifests/client-egress-l7-tls.yaml         | 4 +++-
 connectivity/manifests/client-egress-only-dns.yaml       | 9 ++++++++-
 connectivity/manifests/client-egress-to-echo.yaml        | 6 +++++-
 .../manifests/client-egress-to-entities-world.yaml       | 6 +++++-
 .../client-egress-to-fqdns-one-one-one-one.yaml          | 9 ++++++++-
 6 files changed, 34 insertions(+), 8 deletions(-)

diff --git a/connectivity/manifests/allow-all-except-world.yaml b/connectivity/manifests/allow-all-except-world.yaml
index e4e4caaf50..7a60b9e232 100644
--- a/connectivity/manifests/allow-all-except-world.yaml
+++ b/connectivity/manifests/allow-all-except-world.yaml
@@ -19,9 +19,11 @@ spec:
   # This change prevents failing the connectivity
   # test for such environments.
   - toPorts:
-      - ports:
-          - port: "53"
-            protocol: UDP
+    - ports:
+      - port: "53"
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
     toEntities:
       - world
   ingress:
diff --git a/connectivity/manifests/client-egress-l7-tls.yaml b/connectivity/manifests/client-egress-l7-tls.yaml
index 3d98910a7a..519045a8cd 100644
--- a/connectivity/manifests/client-egress-l7-tls.yaml
+++ b/connectivity/manifests/client-egress-l7-tls.yaml
@@ -12,7 +12,9 @@ specs:
   - toPorts:
     - ports:
       - port: "53"
-        protocol: ANY
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
       rules:
         dns:
           - matchPattern: "*"
diff --git a/connectivity/manifests/client-egress-only-dns.yaml b/connectivity/manifests/client-egress-only-dns.yaml
index 32e4acc534..b817727092 100644
--- a/connectivity/manifests/client-egress-only-dns.yaml
+++ b/connectivity/manifests/client-egress-only-dns.yaml
@@ -10,7 +10,9 @@ spec:
   - toPorts:
     - ports:
       - port: "53"
-        protocol: ANY
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
       rules:
         dns:
         - matchPattern: "*"
@@ -26,5 +28,10 @@ spec:
     - ports:
       - port: "53"
         protocol: UDP
+      - port: "53"
+        protocol: TCP
+      rules:
+        dns:
+        - matchPattern: "*"
     toEntities:
     - world
diff --git a/connectivity/manifests/client-egress-to-echo.yaml b/connectivity/manifests/client-egress-to-echo.yaml
index 2b1f9f1e48..f46598707c 100644
--- a/connectivity/manifests/client-egress-to-echo.yaml
+++ b/connectivity/manifests/client-egress-to-echo.yaml
@@ -18,7 +18,9 @@ spec:
   - toPorts:
     - ports:
       - port: "53"
-        protocol: ANY
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
     toEndpoints:
     - matchExpressions:
       - { key: 'k8s-app', operator: In, values: [ "kube-dns", "coredns", "node-local-dns", "nodelocaldns" ] }
@@ -31,5 +33,7 @@ spec:
     - ports:
       - port: "53"
         protocol: UDP
+      - port: "53"
+        protocol: TCP
     toEntities:
     - world
diff --git a/connectivity/manifests/client-egress-to-entities-world.yaml b/connectivity/manifests/client-egress-to-entities-world.yaml
index cb0d0d2221..48ed871d94 100644
--- a/connectivity/manifests/client-egress-to-entities-world.yaml
+++ b/connectivity/manifests/client-egress-to-entities-world.yaml
@@ -20,7 +20,9 @@ spec:
     toPorts:
     - ports:
       - port: "53"
-        protocol: ANY
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
   # When node-local-dns is deployed with local IP,
   # Cilium labels its ip as world.
   # This change prevents failing the connectivity
@@ -29,5 +31,7 @@ spec:
     - ports:
       - port: "53"
         protocol: UDP
+      - port: "53"
+        protocol: TCP
     toEntities:
     - world
diff --git a/connectivity/manifests/client-egress-to-fqdns-one-one-one-one.yaml b/connectivity/manifests/client-egress-to-fqdns-one-one-one-one.yaml
index 8cd674ae68..d6aecb1b6d 100644
--- a/connectivity/manifests/client-egress-to-fqdns-one-one-one-one.yaml
+++ b/connectivity/manifests/client-egress-to-fqdns-one-one-one-one.yaml
@@ -20,7 +20,9 @@ spec:
   - toPorts:
     - ports:
       - port: "53"
-        protocol: ANY
+        protocol: UDP
+      - port: "53"
+        protocol: TCP
       rules:
         dns:
         - matchPattern: "*"
@@ -36,5 +38,10 @@ spec:
     - ports:
       - port: "53"
         protocol: UDP
+      - port: "53"
+        protocol: TCP
+      rules:
+        dns:
+        - matchPattern: "*"
     toEntities:
     - world