Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

docs: clarify that L3 DNS policies require L7 proxy enabled #26180

Merged
merged 1 commit into from
Jun 20, 2023
Merged

docs: clarify that L3 DNS policies require L7 proxy enabled #26180

merged 1 commit into from
Jun 20, 2023

Conversation

wedaly
Copy link
Contributor

@wedaly wedaly commented Jun 13, 2023

Add a note to the L3 policy documentation clarifying that L3 DNS policies require the L7 proxy enabled and an L7 policy for DNS traffic so Cilium can intercept DNS responses.

Previously, the documentation linked to other sections describing the DNS Proxy, but I know at least a few people who were surprised that a policy under "L3 Examples" would require an L7 proxy. Hopefully adding a note near the beginning of the section will make this requirement more obvious.

@wedaly wedaly requested review from a team as code owners June 13, 2023 14:16
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Jun 13, 2023
@github-actions github-actions bot added the kind/community-contribution This was a contribution made by a community member. label Jun 13, 2023
@joestringer joestringer added release-note/misc This PR makes changes that have no direct user impact. needs-backport/1.11 needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Jun 13, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Jun 13, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Needs backport from main in 1.11.18 Jun 13, 2023
@michi-covalent michi-covalent added this to Needs backport from main in 1.11.19 Jun 14, 2023
@michi-covalent michi-covalent removed this from Needs backport from main in 1.11.18 Jun 14, 2023
zacharysarah
zacharysarah approved these changes Jun 14, 2023
View reviewed changes
Copy link
Contributor

@zacharysarah zacharysarah left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@wedaly One formatting nit, otherwise LGTM. Approving to unblock with the understanding that changes are required prior to merge.

Documentation/security/policy/language.rst Outdated Show resolved Hide resolved
@wedaly
docs: clarify that L3 DNS policies require L7 proxy enabled
2f00bee 
Add a note to the L3 policy documentation clarifying that
L3 DNS policies require the L7 proxy enabled and an L7
policy for DNS traffic so Cilium can intercept DNS responses.

Previously, the documentation linked to other sections describing
the DNS Proxy, but I know at least a few people who were surprised
that a policy under "L3 Examples" would require an L7 proxy.
Hopefully adding a note near the beginning of the section
will make this requirement more obvious.

Signed-off-by: Will Daly <widaly@microsoft.com>
@wedaly wedaly force-pushed the dns-l3-l7-documentation-rebase branch from e351bd6 to 2f00bee Compare June 14, 2023 12:59
@ti-mo
Copy link
Contributor

ti-mo commented Jun 20, 2023

Thanks!

@ti-mo ti-mo merged commit e0931df into cilium:main Jun 20, 2023
38 checks passed
@nbusseneau nbusseneau mentioned this pull request Jun 22, 2023
Merged
7 tasks
@maintainer-s-little-helper maintainer-s-little-helper bot added this to Backport pending to v1.11 in 1.11.18 Jun 22, 2023
@nbusseneau nbusseneau mentioned this pull request Jun 22, 2023
Merged
10 tasks
@nbusseneau nbusseneau mentioned this pull request Jun 22, 2023
Merged
19 tasks
@nbusseneau nbusseneau added backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. and removed needs-backport/1.13 This PR / issue needs backporting to the v1.13 branch labels Jun 22, 2023
@joestringer joestringer mentioned this pull request Jun 28, 2023
Merged
@tklauser tklauser added backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. and removed backport-pending/1.11 labels Jun 29, 2023
@maintainer-s-little-helper maintainer-s-little-helper bot moved this from Backport pending to v1.11 to Backport done to v1.11 in 1.11.18 Jun 29, 2023
@tklauser tklauser added backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. and removed backport-pending/1.12 backport-pending/1.13 The backport for Cilium 1.13.x for this PR is in progress. labels Jun 29, 2023
@gentoo-root gentoo-root moved this from Needs backport from main to Backport done to v1.11 in 1.11.19 Jul 26, 2023
This was referenced Jul 26, 2023
Merged
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@zacharysarah zacharysarah zacharysarah approved these changes

@aditighag aditighag Awaiting requested review from aditighag aditighag is a code owner automatically assigned from cilium/sig-policy

Assignees
No one assigned
Labels
backport-done/1.11 The backport for Cilium 1.11.x for this PR is done. backport-done/1.12 The backport for Cilium 1.12.x for this PR is done. backport-done/1.13 The backport for Cilium 1.13.x for this PR is done. kind/community-contribution This was a contribution made by a community member. release-note/misc This PR makes changes that have no direct user impact.
Projects
No open projects
1.11.18
Backport done to v1.11
1.11.19
Backport done to v1.11
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
6 participants
@wedaly @ti-mo @zacharysarah @tklauser @joestringer @nbusseneau