openshift
diff --git a/‎bindata/external-secrets/networkpolicy_allow-dns.yaml‎
Lines changed: 28 additions & 0 deletions b/‎bindata/external-secrets/networkpolicy_allow-dns.yaml‎
Lines changed: 28 additions & 0 deletions
diff --git a/‎pkg/controller/external_secrets/constants.go‎
Lines changed: 1 addition & 0 deletions b/‎pkg/controller/external_secrets/constants.go‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/controller/external_secrets/networkpolicy.go‎
Lines changed: 4 additions & 0 deletions b/‎pkg/controller/external_secrets/networkpolicy.go‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎pkg/operator/assets/bindata.go‎
Lines changed: 48 additions & 0 deletions b/‎pkg/operator/assets/bindata.go‎
Lines changed: 48 additions & 0 deletions
diff --git a/‎test/e2e/testdata/clusterrolebinding.yaml‎ b/‎test/e2e/testdata/clusterrolebinding.yaml‎
diff --git a/‎test/e2e/testdata/config.yaml‎ b/‎test/e2e/testdata/config.yaml‎
diff --git a/‎test/e2e/testdata/external_secret.yaml‎
Lines changed: 2 additions & 2 deletions b/‎test/e2e/testdata/external_secret.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎test/e2e/testdata/secret.yaml‎ b/‎test/e2e/testdata/secret.yaml‎
diff --git a/‎test/e2e/testdata/servicemonitoring.yaml‎ b/‎test/e2e/testdata/servicemonitoring.yaml‎
@@ -0,0 +1,28 @@
+apiVersion: networking.k8s.io/v1
+kind: NetworkPolicy
+metadata:
+  labels:
+    app.kubernetes.io/name: external-secrets
+    app.kubernetes.io/instance: external-secrets
+    app.kubernetes.io/version: "v0.19.0"
+    app.kubernetes.io/managed-by: external-secrets-operator
+  name: allow-to-dns
+spec:
+  podSelector:
+    matchLabels:
+      app.kubernetes.io/name: external-secrets
+  egress:
+    - to:
+        - namespaceSelector:
+            matchLabels:
+              kubernetes.io/metadata.name: openshift-dns
+          podSelector:
+            matchLabels:
+              dns.operator.openshift.io/daemonset-dns: default
+      ports:
+        - protocol: TCP
+          port: 5353
+        - protocol: UDP
+          port: 5353
+  policyTypes:
+      - Egress
@@ -101,6 +101,7 @@ const (
 	allowWebhookTrafficAssetName                  = "external-secrets/networkpolicy_allow-api-server-and-webhook-traffic.yaml"
 	allowCertControllerTrafficAssetName           = "external-secrets/networkpolicy_allow-api-server-egress-for-cert-controller-traffic.yaml"
 	allowBitwardenServerTrafficAssetName          = "external-secrets/networkpolicy_allow-api-server-egress-for-bitwarden-sever.yaml"
+	allowDnsTrafficAsserName                      = "external-secrets/networkpolicy_allow-dns.yaml"
 )
 
 var (
 
@@ -56,6 +56,10 @@ func (r *Reconciler) createOrApplyStaticNetworkPolicies(esc *operatorv1alpha1.Ex
 			assetName: allowBitwardenServerTrafficAssetName,
 			condition: isBitwardenConfigEnabled(esc), // Only if bitwarden is enabled
 		},
+		{
+			assetName: allowDnsTrafficAsserName,
+			condition: true,
+		},
 	}
 
 	// Apply static network policies based on conditions
 
@@ -19,6 +19,6 @@ spec:
             - protocol: TCP
               port: 443   # HTTPS (AWS Secrets Manager)
             - protocol: TCP
-              port: 53    # DNS
+              port: 5353    # DNS
             - protocol: UDP
-              port: 53    # DNS
+              port: 5353    # DNS
Original file line number	Diff line number	Diff line change
`@@ -101,6 +101,7 @@ const (`
`101`	`101`	`allowWebhookTrafficAssetName = "external-secrets/networkpolicy_allow-api-server-and-webhook-traffic.yaml"`
`102`	`102`	`allowCertControllerTrafficAssetName = "external-secrets/networkpolicy_allow-api-server-egress-for-cert-controller-traffic.yaml"`
`103`	`103`	`allowBitwardenServerTrafficAssetName = "external-secrets/networkpolicy_allow-api-server-egress-for-bitwarden-sever.yaml"`
	`104`	`+ allowDnsTrafficAsserName = "external-secrets/networkpolicy_allow-dns.yaml"`
`104`	`105`	`)`
`105`	`106`
`106`	`107`	`var (`