Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Narrow egress rule down targeting DNS service only #186

Merged
merged 3 commits into from
Feb 17, 2025
Merged

Narrow egress rule down targeting DNS service only #186

merged 3 commits into from
Feb 17, 2025
+15 −4

Conversation

mcharriere
Copy link
Contributor

@mcharriere mcharriere commented Feb 17, 2025
edited
Loading

Signed-off-by: Matias Charriere [email protected]

Having both egress and ingress targeting entire cluster is causing issues to schedule the trivy pod on big clusters. This is because the policy is big enough to fill the BPF map up.

In the egress case, I understand that you are only meant to target the DNS service; so narrowing it down to only the DNS service pods labels makes sense to me.

On the ingress side, I'm not sure what is the real traffic that comes in.

Checklist

  • Update changelog in CHANGELOG.md.
  • Make sure values.yaml and values.schema.json are valid.

Important: After this PR is tested and approved, ensure you "Squash and Merge" unless you are updating a subtree. The release automation in use on this repository relies on squashing, but git subtrees will be lost if squashed. This repo allows both, so you may need to change the merge type when merging.

@mcharriere mcharriere requested a review from a team as a code owner February 17, 2025 10:23
ubergesundheit
ubergesundheit previously approved these changes Feb 17, 2025
View reviewed changes
@mcharriere
Copy link
Contributor Author

mcharriere commented Feb 17, 2025
edited
Loading

Ref https://github.com/giantswarm/giantswarm/issues/32653 and https://github.com/giantswarm/giantswarm/issues/32658

fhielpos
fhielpos previously approved these changes Feb 17, 2025
View reviewed changes
@fhielpos fhielpos dismissed stale reviews from ubergesundheit and themself via f55b09c February 17, 2025 12:26
@mcharriere
switch to namespace
13dea82 
Signed-off-by: Matias Charriere <[email protected]>
@mcharriere mcharriere requested a review from fhielpos February 17, 2025 16:37
@fhielpos
Copy link
Member

Feel free to merge it if you are done Mati, I can release it later today 😄

@mcharriere mcharriere merged commit 72cee19 into main Feb 17, 2025
4 of 5 checks passed
@mcharriere mcharriere deleted the dns-netpol branch February 17, 2025 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@fhielpos fhielpos fhielpos approved these changes

@ubergesundheit ubergesundheit ubergesundheit left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mcharriere @fhielpos @ubergesundheit