From 5e2e63ebe3fb5a71b81e0b5857d9b2d70316f206 Mon Sep 17 00:00:00 2001 From: ChengHao Yang <17496418+tico88612@users.noreply.github.com> Date: Mon, 12 May 2025 12:40:06 +0800 Subject: [PATCH] Make cilium dnsProxy transparent mode configure When Cilium is configured to replace kube-proxy, it automatically enables dnsProxy, which can conflict with nodelocaldns. --- roles/network_plugin/cilium/defaults/main.yml | 6 ++++++ roles/network_plugin/cilium/templates/values.yaml.j2 | 5 +++++ 2 files changed, 11 insertions(+) diff --git a/roles/network_plugin/cilium/defaults/main.yml b/roles/network_plugin/cilium/defaults/main.yml index a7bca970f..4f75d0009 100644 --- a/roles/network_plugin/cilium/defaults/main.yml +++ b/roles/network_plugin/cilium/defaults/main.yml @@ -58,6 +58,12 @@ cilium_monitor_aggregation: medium # Kube Proxy Replacement mode (true/false) cilium_kube_proxy_replacement: false +# If not defined `cilium_dns_proxy_enable_transparent_mode`, it will following the Cilium behavior. +# When Cilium is configured to replace kube-proxy, it automatically enables dnsProxy, which will conflict with nodelocaldns. +# You can set `false` avoid conflict with nodelocaldns. +# https://github.com/cilium/cilium/issues/33144 +# cilium_dns_proxy_enable_transparent_mode: + # If upgrading from Cilium < 1.5, you may want to override some of these options # to prevent service disruptions. See also: # http://docs.cilium.io/en/stable/install/upgrade/#changes-that-may-require-action diff --git a/roles/network_plugin/cilium/templates/values.yaml.j2 b/roles/network_plugin/cilium/templates/values.yaml.j2 index d083a0e39..5aa2a226c 100644 --- a/roles/network_plugin/cilium/templates/values.yaml.j2 +++ b/roles/network_plugin/cilium/templates/values.yaml.j2 @@ -28,6 +28,11 @@ loadbalancer: kubeProxyReplacement: {{ cilium_kube_proxy_replacement }} +{% if cilium_dns_proxy_enable_transparent_mode is defined %} +dnsProxy: + enableTransparentMode: {{ cilium_dns_proxy_enable_transparent_mode }} +{% endif %} + extraVolumes: {{ cilium_agent_extra_volumes | to_nice_yaml(indent=2) | indent(2) }}