Skip to content

Commit

Permalink
fix(cilium): dns netpols
Browse files Browse the repository at this point in the history
  • Loading branch information
@JJGadgets
JJGadgets committed Jun 20, 2024
1 parent b552aac commit fb3a8f8
Showing 1 changed file with 15 additions and 28 deletions.
43 changes: 15 additions & 28 deletions kube/deploy/core/_networking/cilium/netpols/cluster-default-kube-dns.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,33 +20,20 @@ spec:
apiVersion: "cilium.io/v2"
kind: CiliumClusterwideNetworkPolicy
metadata:
name: "cluster-default-kube-dns-ingress-old"
spec:
description: "Policy for ingress allow to kube-dns from all Cilium managed endpoints in the cluster (1.13.4)"
endpointSelector:
matchLabels:
k8s:io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
ingress:
- fromEndpoints:
- {}
toPorts:
- ports:
- port: "53"
protocol: "ANY"
---
apiVersion: "cilium.io/v2"
kind: CiliumClusterwideNetworkPolicy
metadata:
name: "cluster-default-kube-dns-egress"
name: "cluster-default-kube-dns-egress-l7"
spec:
description: "Policy for egress allow to kube-dns from all Cilium managed endpoints in the cluster"
endpointSelector: {}
endpointSelector:
matchExpressions:
- {key: dns.home.arpa/l7, operator: NotIn, values: ["false"]}
egress:
- toEndpoints:
- matchLabels:
"k8s:io.kubernetes.pod.namespace": kube-system
"k8s:k8s-app": kube-dns
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
Expand All @@ -58,21 +45,21 @@ spec:
apiVersion: "cilium.io/v2"
kind: CiliumClusterwideNetworkPolicy
metadata:
name: "cluster-default-kube-dns-egress-old"
name: "cluster-default-kube-dns-egress"
spec:
description: "Policy for egress allow to kube-dns from all Cilium managed endpoints in the cluster (1.13.4)"
endpointSelector: {}
description: "Policy for egress allow to kube-dns from all Cilium managed endpoints in the cluster"
endpointSelector:
matchExpressions:
- {key: dns.home.arpa/l7, operator: In, values: ["false"]}
egress:
- toEndpoints:
- matchLabels:
"k8s:io.kubernetes.pod.namespace": kube-system
"k8s:k8s-app": kube-dns
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: "ANY"
rules:
dns:
- matchPattern: "*"
- {}

0 comments on commit fb3a8f8

Please sign in to comment.