Merge branch 'main' into sysdump-capture-top-nodes-pods

darox · web-flow · commit fcaecd949669 · 2025-09-09T13:03:15.000+02:00
diff --git a/Documentation/network/kubernetes/local-redirect-policy.rst b/Documentation/network/kubernetes/local-redirect-policy.rst
@@ -481,7 +481,7 @@ steers traffic to a local DNS node-cache which runs as a normal pod.
         need to modify those to match your deployment if they are different.
 
 After all ``node-local-dns`` pods are in ready status, DNS traffic will now go to the local node-cache first.
-You can verify by checking the DNS cache's metrics ``coredns_dns_request_count_total`` via curling
+You can verify by checking the DNS cache's metrics ``coredns_dns_requests_total`` via curling
 ``<node-local-dns pod IP>:9253/metrics``, the metric should increment as new DNS requests being issued from
 application pods are now redirected to the ``node-local-dns`` pod.
 
diff --git a/cilium-cli/connectivity/check/context.go b/cilium-cli/connectivity/check/context.go
@@ -1316,7 +1316,7 @@ func (ct *ConnectivityTest) KillMulticastTestSender() []string {
 	return cmd
 }
 
-func (ct *ConnectivityTest) ForEachIPFamily(hasNetworkPolicies bool, do func(features.IPFamily)) {
+func (ct *ConnectivityTest) ForEachIPFamily(do func(features.IPFamily)) {
 	ipFams := features.GetIPFamilies(ct.Params().IPFamilies)
 
 	for _, ipFam := range ipFams {
diff --git a/cilium-cli/connectivity/check/deployment.go b/cilium-cli/connectivity/check/deployment.go
@@ -1571,11 +1571,7 @@ func (ct *ConnectivityTest) createTestConnDisruptClientDeploymentForNSTraffic(ct
 			var errs error
 			np := uint16(svc.Spec.Ports[0].NodePort)
 			addrs := slices.Clone(n.node.Status.Addresses)
-			hasNetworkPolicies, err := ct.hasNetworkPolicies(ctx)
-			if err != nil {
-				return fmt.Errorf("failed to check if any netpol exists: %w", err)
-			}
-			ct.ForEachIPFamily(hasNetworkPolicies, func(family features.IPFamily) {
+			ct.ForEachIPFamily(func(family features.IPFamily) {
 				for _, addr := range addrs {
 					if features.GetIPFamily(addr.Address) != family {
 						continue
@@ -1738,36 +1734,6 @@ func (ct *ConnectivityTest) GetConnDisruptEgressPolicyEntries(ctx context.Contex
 	return targetEntries, nil
 }
 
-func (ct *ConnectivityTest) hasNetworkPolicies(ctx context.Context) (bool, error) {
-	for _, client := range ct.Clients() {
-		cnps, err := client.ListCiliumNetworkPolicies(ctx, ct.params.TestNamespace, metav1.ListOptions{Limit: 1})
-		if err != nil {
-			return false, err
-		}
-		if len(cnps.Items) > 0 {
-			return true, nil
-		}
-
-		ccnps, err := client.ListCiliumClusterwideNetworkPolicies(ctx, metav1.ListOptions{Limit: 1})
-		if err != nil {
-			return false, err
-		}
-		if len(ccnps.Items) > 0 {
-			return true, nil
-		}
-
-		nps, err := client.ListNetworkPolicies(ctx, metav1.ListOptions{Limit: 1})
-		if err != nil {
-			return false, err
-		}
-		if len(nps.Items) > 0 {
-			return true, nil
-		}
-	}
-
-	return false, nil
-}
-
 func (ct *ConnectivityTest) createClientPerfDeployment(ctx context.Context, name string, nodeName string, hostNetwork bool) error {
 	ct.Logf("✨ [%s] Deploying %s deployment...", ct.clients.src.ClusterName(), name)
 	gracePeriod := int64(1)
diff --git a/cilium-cli/connectivity/check/test.go b/cilium-cli/connectivity/check/test.go
@@ -913,7 +913,7 @@ func (t *Test) collectSysdump() {
 }
 
 func (t *Test) ForEachIPFamily(do func(features.IPFamily)) {
-	t.ctx.ForEachIPFamily(t.HasNetworkPolicies(), do)
+	t.ctx.ForEachIPFamily(do)
 }
 
 // CertificateCAs returns the CAs used to sign the certificates within the test.
diff --git a/cilium-cli/connectivity/tests/service.go b/cilium-cli/connectivity/tests/service.go
@@ -381,12 +381,14 @@ func (s *podToL7Service) Run(ctx context.Context, t *check.Test) {
 			if !hasAllLabels(svc, s.destinationLabels) {
 				continue
 			}
-			t.NewAction(s, fmt.Sprintf("curl-%d", i), &pod, svc, features.IPFamilyAny).Run(func(a *check.Action) {
-				a.ExecInPod(ctx, a.CurlCommand(svc))
-				a.ValidateFlows(ctx, pod, a.GetEgressRequirements(check.FlowParameters{
-					DNSRequired: true,
-					AltDstPort:  svc.Port(),
-				}))
+			t.ForEachIPFamily(func(ipFamily features.IPFamily) {
+				t.NewAction(s, fmt.Sprintf("curl-%s-%d", ipFamily, i), &pod, svc, ipFamily).Run(func(a *check.Action) {
+					a.ExecInPod(ctx, a.CurlCommand(svc))
+					a.ValidateFlows(ctx, pod, a.GetEgressRequirements(check.FlowParameters{
+						DNSRequired: true,
+						AltDstPort:  svc.Port(),
+					}))
+				})
 			})
 			i++
 		}

Original file line number	Diff line number	Diff line change
`@@ -1316,7 +1316,7 @@ func (ct *ConnectivityTest) KillMulticastTestSender() []string {`
`1316`	`1316`	`return cmd`
`1317`	`1317`	`}`
`1318`	`1318`
`1319`		`-func (ct *ConnectivityTest) ForEachIPFamily(hasNetworkPolicies bool, do func(features.IPFamily)) {`
	`1319`	`+func (ct *ConnectivityTest) ForEachIPFamily(do func(features.IPFamily)) {`
`1320`	`1320`	`ipFams := features.GetIPFamilies(ct.Params().IPFamilies)`
`1321`	`1321`
`1322`	`1322`	`for _, ipFam := range ipFams {`
Original file line number	Diff line number	Diff line change
`@@ -913,7 +913,7 @@ func (t *Test) collectSysdump() {`
`913`	`913`	`}`
`914`	`914`
`915`	`915`	`func (t *Test) ForEachIPFamily(do func(features.IPFamily)) {`
`916`		`- t.ctx.ForEachIPFamily(t.HasNetworkPolicies(), do)`
	`916`	`+ t.ctx.ForEachIPFamily(do)`
`917`	`917`	`}`
`918`	`918`
`919`	`919`	`// CertificateCAs returns the CAs used to sign the certificates within the test.`