Kubernetes DNS
This is the repository for Kubernetes DNS(kube-dns and nodelocaldns).
Images
Building
make
targets:
target | description |
---|---|
all, build | build all binaries |
test | run unit tests |
containers | build the containers |
images-clean | clear image build artifacts from workdir |
push | push containers to the registry |
help | this help message |
version | show package version |
{build,containers,push}-ARCH | do action for specific ARCH |
all-{build,containers,push} | do action for all ARCH |
only-push-BINARY | push just BINARY |
- Setting
VERBOSE=1
will show additional build logging. - Setting
VERSION
will override the container version tag.
Vulnerability patching
Vulnerability patches are mainly for debian-base or debian-iptables images. They can be updated to the latest by modifying rules.mk and dnsmasq Makefile. Example PR.
Once the PR has merged, a new release tag should be cut. The rest of the release process is described below.
Release process
Follow these steps to make changes and release a new binary.
- Make the necessary code changes and create a PR.
- Build and test locally (
make images-clean
;make build
;make containers
;make test
). - To build just the node-cache container, use
make containers CONTAINER_BINARIES=node-cache
. - The same steps are executed via the presubmit script
presubmits.sh
which is run by the test-infra prow job. - Merge the PR.
- Cut a new release tag. We use semantic versioning to
name releases.
Example:
git tag -a 1.21.4 -m "Build images using golang 1.17." git push upstream 1.21.4
- Wait for container images to be pushed via cloudbuild yaml. This will be done automatically by
k8s.io/test-infra/.../k8s-staging-dns.yaml
. A manual cloud build can be submitted viagcloud builds submit --config cloudbuild.yaml
, but this requires owner permissions in k8s-staging-dns project. The automated job pushes images for all architectures and makes them available ingcr.io/k8s-staging-dns
. Status for build jobs can be checked at - https://testgrid.k8s.io/sig-network-dns#dns-push-images - Promote the images to
gcr.io/k8s-artifacts-prod
using the process described in this link. The image SHAs should be added toimages/k8s-staging-dns/images.yaml
. The SHAs can be obtained by running the commandpython parse-image-sha.py <TAG>
This will return the SHAs for kube-dns as well as node-cache images. Node-cache images are always promoted, kube-dns images are promoted if there is a change to kubedns/vulnerability fix. - Images will be available in the repo registry.k8s.io/dns/. The node-cache image with tag 1.15.14 can be found at registry.k8s.io/dns/k8s-dns-node-cache:1.15.14. Older versions are at registry.k8s.io/k8s-dns-node-cache:
- Submit a PR for the kubernetes/kubernetes repository to switch to the new version of the containers. Example - kubernetes/kubernetes#106189
Version compatibility
There is no version compatibility requirements with Kubernetes releases. Version numbers in this repo are not related to Kubernetes versions.