Pin point extra DNS request

YuryHrytsuk · YuryHrytsuk · commit 8b9bd887b6b6 · 2025-08-07T09:27:21.000+02:00
diff --git a/charts/adminer/templates/networkpolicy.yaml b/charts/adminer/templates/networkpolicy.yaml
@@ -18,9 +18,3 @@ spec:
       destination:
         ports:
           - 5432
-    # allow dns requests to public dns servers
-    - action: Allow
-      protocol: UDP
-      destination:
-        ports:
-          - 53
diff --git a/charts/calico-configuration/templates/globalpolicy.yaml b/charts/calico-configuration/templates/globalpolicy.yaml
@@ -22,9 +22,23 @@ spec:
         selector: 'k8s-app == "kube-dns"'
         ports:
           - 53
+    # nodelocaldns: https://github.com/kubernetes/kubernetes/blob/master/cluster/addons/dns/nodelocaldns/README.md#nodelocal-dns-cache
+    # IP from https://github.com/kubernetes-sigs/kubespray/blob/v2.24.1/roles/kubespray-defaults/defaults/main/main.yml#L108
+    - action: Allow
+      protocol: UDP
+      nets:
+        - 169.254.25.10/32
+      ports:
+        - 53
     - action: Allow
       protocol: TCP
       destination:
         selector: 'k8s-app == "kube-dns"'
         ports:
           - 53
+    - action: Allow
+      protocol: TCP
+      nets:
+        - 169.254.25.10/32
+      ports:
+        - 53
diff --git a/charts/simcore-charts/resource-usage-tracker/templates/networkpolicy.yaml b/charts/simcore-charts/resource-usage-tracker/templates/networkpolicy.yaml
@@ -13,13 +13,6 @@ spec:
         ports:
           - {{ .Values.service.port }}
   egress:
-    # allow dns requests to public dns servers
-    - action: Allow
-      protocol: UDP
-      destination:
-        # allow DNS requests to public DNS servers
-        ports:
-          - 53
     - action: Allow
       protocol: TCP
       destination:
