[helm] Parameterize the DNS egress NetworkPolicy #15344
Comments
lindhe
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
lindhe
changed the title
Is your feature request related to a problem? Please describe.
The DNS egress NetwrokPolicy is using a hard-coded port name,
dns:loki/production/helm/loki/templates/networkpolicy.yaml
Line 38 in 2c5eabd
This is incompatible with some environments, for example the coredns installation used by RKE2 by default (it has port names
udp-53andtcp-53).Describe the solution you'd like
I suggest we make this configurable via Helm values.
Describe alternatives you've considered
As a work-around, I'll be using Kustomize to edit the NetworkPolicy object. Another alternative would be to create a new NetworkPolicy manually.
Additional context
Additionally, the NetworkPolicy also has a hard-coded namespaceSelector:
loki/production/helm/loki/templates/networkpolicy.yaml
Line 41 in 2c5eabd
I suggest we make that configurable as well, for similar reasons (and also for the security minded folks that want to restrict network policies even further).
I'm happy to help implement this!
The text was updated successfully, but these errors were encountered: