mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-12-07 01:03:19 +00:00
3b9f358eb9
The NetworkPolicy tests work by trying to connect to a service by its name, which means that for the tests that involved creating egress policies, it had to always create an extra rule allowing egress for DNS, but this assumed that DNS was running on UDP port 53. If it was running somewhere else (eg if you changed the CoreDNS pods to use port 5353 to avoid needing to give them the NET_BIND_SERVICE capability) then the NetworkPolicy tests would fail. Fix this by making the tests connect to their services by IP rather than by name, and removing all the DNS special-case rules. There are other tests that ensure that Service DNS works.