kiali DNS netpol does not allow port 5353 for Openshift

kiali DNS netpol does not allow port 5353 for Openshift

Looking at the DNS netpol here: https://repo1.dso.mil/platform-one/big-bang/apps/core/kiali/-/blob/1c6bef52ca574fb39e504146751da44b8eecd659/chart/templates/bigbang/networkpolicies/egress-kube-dns.yaml#L15 Only port 53 is allowed. Openshift needs port 5353 for DNS lookups.

Using BB 1.11.0, Openshift 4.6.4

assigned to @kenna81

added BB Customer Issues kiali labels

Sample MR ~> https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/-/merge_requests/54/diffs

added Good First Issue label

Refer to the Gitlab MRs for how to do it. Carefully review the changes that were made.
Gitlab Package MR example
https://repo1.dso.mil/platform-one/big-bang/apps/developer-tools/gitlab/-/merge_requests/54/diffs
BigBang MR example
https://repo1.dso.mil/platform-one/big-bang/bigbang/-/merge_requests/664/diffs

set weight to 1

unassigned @kenna81

changed milestone to %1.14.0

changed iteration to Big Bang Iterations Jul 27, 2021 - Aug 9, 2021

changed iteration to Big Bang Iterations Jul 13, 2021 - Jul 26, 2021

changed milestone to %1.13.0

changed milestone to %1.14.0

changed iteration to Big Bang Iterations Jul 27, 2021 - Aug 9, 2021

changed iteration to Big Bang Iterations Jul 13, 2021 - Jul 26, 2021

assigned to @mark.sanchez

added statusdoing label

created merge request !681 (merged) to address this issue

mentioned in merge request !681 (merged)

Tested using helm template kiali ./chart/ with value openshift: false Output

# Source: kiali-operator/templates/bigbang/networkpolicies/egress-kube-dns.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: egress-kube-dns
  namespace: "default"
spec:
  podSelector: {} # all pods in Release namespace
  policyTypes:
    - Egress
  egress:
    - to:
      - namespaceSelector: {} # all namespaces
      ports:
        - port: 53
          protocol: UDP

Tested using helm template kiali ./chart/ with value openshift: true Output

# Source: kiali-operator/templates/bigbang/networkpolicies/egress-kube-dns.yaml
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: egress-kube-dns
  namespace: "default"
spec:
  podSelector: {} # all pods in Release namespace
  policyTypes:
    - Egress
  egress:
    - to:
      - namespaceSelector: {} # all namespaces
      ports:
        - port: 53
          protocol: UDP
        - port: 5353
          protocol: UDP