Kubernetes DNS service

Go to file

Kubernetes Prow Robot 38d057a382 Merge pull request #705 from DamianSawicki/add-k8s-to-k8s Add missing k8s.io/kubernetes to the k8s.io group in dependabot config		2025-06-06 12:30:39 -07:00
.github	Add missing k8s.io/kubernetes to the k8s.io group	2025-06-06 15:57:42 +00:00
build	Remove deprecated -i flag	2023-02-16 23:18:03 +00:00
cmd	Send SIGUSR1 to dnsmasq periodically	2025-05-06 08:27:59 +00:00
docs	Fix formatting in specification.md	2024-10-14 11:10:18 +08:00
images	Bump base-debian12 to fix CVE-2024-13176	2025-05-22 12:06:47 +00:00
pkg	Bump K8s dependencies to latest v1.30 release	2025-05-19 11:29:23 -07:00
test	Test for SendSIGUSR1()	2025-05-06 08:28:46 +00:00
third_party/forked/skydns	Move old coreos etcd module, use modern etcd-io based one	2025-02-21 12:06:06 -08:00
vendor	Bump K8s dependencies to latest v1.30 release	2025-05-19 11:29:23 -07:00
.gitignore	Build files	2016-12-19 11:24:47 -08:00
.travis.yml	Update modules	2021-06-23 08:48:37 +02:00
CONTRIBUTING.md	Update "Adding dependencies" section	2022-12-02 12:40:38 +01:00
Dockerfile.dnsmasq-nanny	Switch kube-dns base images to distroless	2022-06-14 09:58:30 +02:00
Dockerfile.kube-dns	Use debian-iptables for k8s-dns-node-cache, bump debian-base version	2020-10-28 18:55:43 +00:00
Dockerfile.node-cache	466 remove setupebtables option	2021-06-29 23:27:12 +01:00
Dockerfile.sidecar	Switch kube-dns base images to distroless	2022-06-14 09:58:30 +02:00
LICENSE	Add boilerplate files to the project	2016-12-15 13:38:16 -08:00
Makefile	Bump Go versions to fix CVE-2025-22870	2025-03-14 09:39:54 +00:00
OWNERS	update OWNERS file	2025-02-14 11:02:08 +00:00
README.md	docs: Grid validation in README#Release process	2024-12-16 14:08:07 +00:00
SECURITY_CONTACTS	Update embargo doc link in SECURITY_OWNERS and changes PST to PSC	2019-03-08 10:23:48 -07:00
Vagrantfile	add vagrantfile for local development	2017-02-01 11:39:34 -05:00
cloudbuild.yaml	Increase build timeout	2023-01-08 21:04:30 +01:00
code-of-conduct.md	Update code-of-conduct.md	2017-12-20 13:31:55 -05:00
go.mod	Bump K8s dependencies to latest v1.30 release	2025-05-19 11:29:23 -07:00
go.sum	Bump K8s dependencies to latest v1.30 release	2025-05-19 11:29:23 -07:00
image-checks.sh	updated image repository	2025-01-27 14:15:51 +05:30
parse-image-sha.py	Add a new script to parse image shas for new tags.	2021-12-06 10:54:12 -08:00
presubmits.sh	Fail presubmit if any of the build commands fail.	2021-12-22 15:36:38 -08:00
rules.mk	Bump base images	2025-05-15 11:28:58 +00:00

README.md

Kubernetes DNS

This is the repository for Kubernetes DNS(kube-dns and nodelocaldns).

Images

Building

make targets:

target	description
all, build	build all binaries
test	run unit tests
containers	build the containers
images-clean	clear image build artifacts from workdir
push	push containers to the registry
help	this help message
version	show package version
{build,containers,push}-ARCH	do action for specific ARCH
all-{build,containers,push}	do action for all ARCH
only-push-BINARY	push just BINARY

Setting VERBOSE=1 will show additional build logging.
Setting VERSION will override the container version tag.

Vulnerability patching

Vulnerability patches are mainly for debian-base or debian-iptables images. They can be updated to the latest by modifying rules.mk and dnsmasq Makefile. Example PR.

Once the PR has merged, a new release tag should be cut. The rest of the release process is described below.

Release process

Follow these steps to make changes and release a new binary.

Make the necessary code changes and create a PR.
Build and test locally (make images-clean; make build; make containers; make test).
To build just the node-cache container, use make containers CONTAINER_BINARIES=node-cache.
The same steps are executed via the presubmit script presubmits.sh which is run by the test-infra prow job.
Merge the PR.

Cut a new release tag. We use semantic versioning to name releases. Example:

git tag -a 1.21.4 -m "Build images using golang 1.17."
git push upstream 1.21.4

Wait for container images to be pushed via cloudbuild yaml. This will be done automatically by k8s.io/test-infra/.../k8s-staging-dns.yaml. A manual cloud build can be submitted via gcloud builds submit --config cloudbuild.yaml, but this requires owner permissions in k8s-staging-dns project. The automated job pushes images for all architectures and makes them available in gcr.io/k8s-staging-dns. Status for build jobs can be checked at - https://testgrid.k8s.io/sig-network-dns#dns-push-images
Promote the images to gcr.io/k8s-artifacts-prod using the process described in this link. The image SHAs should be added to images/k8s-staging-dns/images.yaml. The SHAs can be obtained by running the command python parse-image-sha.py <TAG> This will return the SHAs for kube-dns as well as node-cache images. Node-cache images are always promoted, kube-dns images are promoted if there is a change to kubedns/vulnerability fix.
Images will be available in the repo registry.k8s.io/dns/. The node-cache image with tag 1.15.14 can be found at registry.k8s.io/dns/k8s-dns-node-cache:1.15.14. Older versions are at registry.k8s.io/k8s-dns-node-cache:
Prepare a PR for the kubernetes/kubernetes repository to switch to the new version of the containers. Example - https://github.com/kubernetes/kubernetes/pull/106189. Trigger the optional presubmit pull-kubernetes-e2e-gci-gce-kube-dns-nodecache and correct your PR if needed before merging.
Verify the kubedns-related and nodecache-related tabs of the test grid at https://testgrid.k8s.io/sig-network-gce for regressions caused by the new image and revert if needed.

Version compatibility

There is no version compatibility requirements with Kubernetes releases. Version numbers in this repo are not related to Kubernetes versions.