/dns

Kubernetes DNS service

Primary LanguageGoApache License 2.0Apache-2.0

Kubernetes DNS

Build Status Coverage Status Go Report Card

This is the repository for Kubernetes DNS(kube-dns and nodelocaldns).

Images

Building

make targets:

target description
all, build build all binaries
test run unit tests
containers build the containers
images-clean clear image build artifacts from workdir
push push containers to the registry
help this help message
version show package version
{build,containers,push}-ARCH do action for specific ARCH
all-{build,containers,push} do action for all ARCH
only-push-BINARY push just BINARY
  • Setting VERBOSE=1 will show additional build logging.
  • Setting VERSION will override the container version tag.

Vulnerability patching

Vulnerability patches are mainly for debian-base or debian-iptables images. They can be updated to the latest by modifying rules.mk and dnsmasq Makefile. Example PR.

Once the PR has merged, a new release tag should be cut. The rest of the release process is described below.

Release process

Follow these steps to make changes and release a new binary.

  1. Make the necessary code changes and create a PR.
  2. Build and test locally (make images-clean; make build; make containers; make test).
  3. To build just the node-cache container, use make containers CONTAINER_BINARIES=node-cache.
  4. The same steps are executed via the presubmit script presubmits.sh which is run by the test-infra prow job.
  5. Merge the PR.
  6. Cut a new release tag. We use semantic versioning to name releases. Example:
    git tag -a 1.21.4 -m "Build images using golang 1.17."
    git push upstream 1.21.4
    
  7. Wait for container images to be pushed via cloudbuild yaml. This will be done automatically by k8s.io/test-infra/.../k8s-staging-dns.yaml. A manual cloud build can be submitted via gcloud builds submit --config cloudbuild.yaml, but this requires owner permissions in k8s-staging-dns project. The automated job pushes images for all architectures and makes them available in gcr.io/k8s-staging-dns. Status for build jobs can be checked at - https://testgrid.k8s.io/sig-network-dns#dns-push-images
  8. Promote the images to gcr.io/k8s-artifacts-prod using the process described in this link. The image SHAs should be added to images/k8s-staging-dns/images.yaml. The SHAs can be obtained by running the command python parse-image-sha.py <TAG> This will return the SHAs for kube-dns as well as node-cache images. Node-cache images are always promoted, kube-dns images are promoted if there is a change to kubedns/vulnerability fix.
  9. Images will be available in the repo registry.k8s.io/dns/. The node-cache image with tag 1.15.14 can be found at registry.k8s.io/dns/k8s-dns-node-cache:1.15.14. Older versions are at registry.k8s.io/k8s-dns-node-cache:
  10. Submit a PR for the kubernetes/kubernetes repository to switch to the new version of the containers. Example - kubernetes/kubernetes#106189

Version compatibility

There is no version compatibility requirements with Kubernetes releases. Version numbers in this repo are not related to Kubernetes versions.