From 829ed95c65336be3795bdc08d84c6efa773f58fa Mon Sep 17 00:00:00 2001
From: Chris Werner Rau <cwr@teuto.net>
Date: Mon, 3 Feb 2025 09:27:00 +0100
Subject: [PATCH] fix(base-cluster): allow all protocols for DNS (#1306)

---
 .../templates/cert-manager/ciliumNetworkPolicy.yaml             | 1 -
 .../templates/global/ciliumClusterwideNetworkPolicy.yaml        | 2 --
 .../monitoring/deadMansSwitch/ciliumNetworkPolicy.yaml          | 1 -
 .../templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml | 1 -
 4 files changed, 5 deletions(-)

diff --git a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
index 6880fc623..46849412e 100644
--- a/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
+++ b/charts/base-cluster/templates/cert-manager/ciliumNetworkPolicy.yaml
@@ -30,7 +30,6 @@ spec:
     - toPorts: # needs to talk to all possible DNS servers
         - ports:
             - port: "53"
-              protocol: UDP
           rules:
             dns:
               - matchPattern: "*"
diff --git a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml
index 6e8822b40..189d0bbd3 100644
--- a/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml
+++ b/charts/base-cluster/templates/global/ciliumClusterwideNetworkPolicy.yaml
@@ -21,7 +21,6 @@ spec:
       toPorts:
         - ports:
             - port: "53"
-              protocol: UDP
           rules:
             dns:
               - matchPattern: "*"
@@ -43,5 +42,4 @@ spec:
       toPorts:
         - ports:
             - port: "53"
-              protocol: UDP
 {{- end }}
diff --git a/charts/base-cluster/templates/monitoring/deadMansSwitch/ciliumNetworkPolicy.yaml b/charts/base-cluster/templates/monitoring/deadMansSwitch/ciliumNetworkPolicy.yaml
index 405401f8c..3f64eeba6 100644
--- a/charts/base-cluster/templates/monitoring/deadMansSwitch/ciliumNetworkPolicy.yaml
+++ b/charts/base-cluster/templates/monitoring/deadMansSwitch/ciliumNetworkPolicy.yaml
@@ -29,7 +29,6 @@ spec:
       toPorts:
         - ports:
             - port: "53"
-              protocol: UDP
           rules:
             dns:
               - matchName: hc-ping.com
diff --git a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
index eb7deefb6..291b867b9 100644
--- a/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
+++ b/charts/base-cluster/templates/monitoring/kube-prometheus-stack/oauth-proxy.yaml
@@ -109,7 +109,6 @@ spec:
       toPorts:
         - ports:
             - port: "53"
-              protocol: UDP
           rules:
             dns:
               - matchName: {{ $.Values.global.authentication.config.issuerHost | quote }}