New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
connectivity: Add node-local-dns match labels #995
connectivity: Add node-local-dns match labels #995
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is there a reason we don't need the matchLabels
for node-local DNS in the client-egress-to-entities-world
policy?
When node-local dns is deployed along with local redirect policy [1], the DNS traffic is redirected to node-local dns cache pods. Hence, allow such DNS traffic in the connectivity test policy yamls. [1] https://docs.cilium.io/en/latest/gettingstarted/local-redirect-policy/#node-local-dns-cache Signed-off-by: Aditi Ghag <aditi@cilium.io>
821cb66
to
31452e4
Compare
Good catch, thanks! Fixed it. PTAL. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks
The sole failure in multicluster is a flake, previous failures - https://github.com/cilium/cilium-cli/runs/7496646101?check_suite_focus=true. The PR already have a successful run - https://github.com/cilium/cilium-cli/actions/runs/2750016556. As the changes are purely in the connectivity tests, marking it as ready to merge. |
When node-local dns is deployed along with local
redirect policy [1], the DNS traffic is redirected
to node-local dns cache pods. Hence, allow such DNS
traffic in the connectivity test policy yamls.
[1] https://docs.cilium.io/en/latest/gettingstarted/local-redirect-policy/#node-local-dns-cache
Reported-by: Julien Boulanger julien.boulanger@fr.clara.net
Signed-off-by: Aditi Ghag aditi@cilium.io