grafana
fix: toEndpoints in CiliumNetworkPolicy for DNS egress
What this PR does / why we need it: The current CiliumNetworkPolicy for DNS egress traffic is not valid
Currently:
spec:
egress:
- toEndpoints:
- namespaceSelector: {}
The correct way to specify all namespaces is as below (according to https://docs.cilium.io/en/latest/security/policy/language/#egress-allow-all-endpoints) but unfortunately that is also not working somehow.
spec:
egress:
- toEndpoints:
- {}
However, the recommended way to target DNS is using the below config from https://editor.networkpolicy.io
egress:
- toEndpoints:
- matchLabels:
io.kubernetes.pod.namespace: kube-system
k8s-app: kube-dns
toPorts:
- ports:
- port: "53"
protocol: UDP
rules:
dns:
- matchPattern: "*"
Which issue(s) this PR fixes: N/A
Special notes for your reviewer:
Checklist
- [x] Reviewed the
CONTRIBUTING.mdguide (required) - [x] Documentation added
- [x] Tests updated
- [x] Title matches the required conventional commits format, see here
- [x] Changes that require user attention or interaction to upgrade are documented in
docs/sources/setup/upgrade/_index.md - [x] For Helm chart changes bump the Helm chart version in
production/helm/loki/Chart.yamland updateproduction/helm/loki/CHANGELOG.mdandproduction/helm/loki/README.md. Example PR - [x] If the change is deprecating or removing a configuration option, update the
deprecated-config.yamlanddeleted-config.yamlfiles respectively in thetools/deprecated-config-checkerdirectory. Example PR
@Pionerd Please update the other files listed in the checklist. For Helm chart changes bump the Helm chart version in production/helm/loki/Chart.yaml and update production/helm/loki/CHANGELOG.md and production/helm/loki/README.md. Example PR
Any way to get some traction on this PR?
The Argo CD OutOfSync status is killing me and it would be silly to ignore changes to the policy 🚀
