Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

connectivity: Add node-local-dns match labels #995

Merged
merged 1 commit into from Jul 28, 2022
Merged

connectivity: Add node-local-dns match labels #995

merged 1 commit into from Jul 28, 2022

Conversation

aditighag
Copy link
Member

When node-local dns is deployed along with local
redirect policy [1], the DNS traffic is redirected
to node-local dns cache pods. Hence, allow such DNS
traffic in the connectivity test policy yamls.

[1] https://docs.cilium.io/en/latest/gettingstarted/local-redirect-policy/#node-local-dns-cache

Reported-by: Julien Boulanger julien.boulanger@fr.clara.net
Signed-off-by: Aditi Ghag aditi@cilium.io

@aditighag aditighag requested a review from a team as a code owner July 27, 2022 22:23
@aditighag aditighag requested a review from squeed July 27, 2022 22:23
@aditighag aditighag temporarily deployed to ci July 27, 2022 22:23 Inactive
@aditighag aditighag mentioned this pull request Jul 27, 2022
Closed
2 tasks
tklauser
tklauser reviewed Jul 28, 2022
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is there a reason we don't need the matchLabels for node-local DNS in the client-egress-to-entities-world policy?

@aditighag
connectivity: Add node-local-dns match labels
31452e4 
When node-local dns is deployed along with local
redirect policy [1], the DNS traffic is redirected
to node-local dns cache pods. Hence, allow such DNS
traffic in the connectivity test policy yamls.

[1] https://docs.cilium.io/en/latest/gettingstarted/local-redirect-policy/#node-local-dns-cache

Signed-off-by: Aditi Ghag <aditi@cilium.io>
@aditighag aditighag force-pushed the pr/aditighag/connectivity-allow-node-local-dns branch from 821cb66 to 31452e4 Compare July 28, 2022 14:03
@aditighag aditighag temporarily deployed to ci July 28, 2022 14:03 Inactive
@aditighag
Copy link
Member Author

Is there a reason we don't need the matchLabels for node-local DNS in the client-egress-to-entities-world policy?

Good catch, thanks! Fixed it. PTAL.

@aditighag aditighag requested a review from tklauser July 28, 2022 14:03
tklauser
tklauser approved these changes Jul 28, 2022
View reviewed changes
Copy link
Member

@tklauser tklauser left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks

@aditighag
Copy link
Member Author

aditighag commented Jul 28, 2022
edited

The sole failure in multicluster is a flake, previous failures - https://github.com/cilium/cilium-cli/runs/7496646101?check_suite_focus=true. The PR already have a successful run - https://github.com/cilium/cilium-cli/actions/runs/2750016556. As the changes are purely in the connectivity tests, marking it as ready to merge.

@aditighag aditighag added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Jul 28, 2022
@tklauser tklauser merged commit cc2739a into cilium:master Jul 28, 2022
@squeed squeed mentioned this pull request Sep 2, 2022
Merged
@sathieu sathieu mentioned this pull request Jan 16, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tklauser tklauser tklauser approved these changes

@squeed squeed Awaiting requested review from squeed squeed was automatically assigned from cilium/cli

Assignees
No one assigned
Labels
ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@aditighag @tklauser