From 30d4d4ee6800d8b90f6d72c9d152a9db57d134f1 Mon Sep 17 00:00:00 2001 From: Gunju Kim Date: Mon, 24 May 2021 21:18:42 +0900 Subject: [PATCH] Add ExpandedDNSConfig feature gate --- .../concepts/services-networking/dns-pod-service.md | 11 +++++++++++ .../command-line-tools-reference/feature-gates.md | 4 ++++ .../administer-cluster/dns-debugging-resolution.md | 7 +++++++ 3 files changed, 22 insertions(+) diff --git a/content/en/docs/concepts/services-networking/dns-pod-service.md b/content/en/docs/concepts/services-networking/dns-pod-service.md index 2888064c2e..cd672c2845 100644 --- a/content/en/docs/concepts/services-networking/dns-pod-service.md +++ b/content/en/docs/concepts/services-networking/dns-pod-service.md @@ -310,6 +310,17 @@ search default.svc.cluster-domain.example svc.cluster-domain.example cluster-dom options ndots:5 ``` +#### Expanded DNS Configuration + +{{< feature-state for_k8s_version="1.22" state="alpha" >}} + +By default, for Pod's DNS Config, Kubernetes allows at most 6 search domains and +a list of search domains of up to 256 characters. + +If the feature gate `ExpandedDNSConfig` is enabled for the kube-apiserver and +the kubelet, it is allowed for Kubernetes to have at most 32 search domains and +a list of search domains of up to 2048 characters. + ### Feature availability The availability of Pod DNS Config and DNS Policy "`None`" is shown as below. diff --git a/content/en/docs/reference/command-line-tools-reference/feature-gates.md b/content/en/docs/reference/command-line-tools-reference/feature-gates.md index 78da234572..1357285dc4 100644 --- a/content/en/docs/reference/command-line-tools-reference/feature-gates.md +++ b/content/en/docs/reference/command-line-tools-reference/feature-gates.md @@ -113,6 +113,7 @@ different Kubernetes components. | `EphemeralContainers` | `false` | Alpha | 1.16 | | | `ExpandCSIVolumes` | `false` | Alpha | 1.14 | 1.15 | | `ExpandCSIVolumes` | `true` | Beta | 1.16 | | +| `ExpandedDNSConfig` | `false` | Alpha | 1.22 | | | `ExpandInUsePersistentVolumes` | `false` | Alpha | 1.11 | 1.14 | | `ExpandInUsePersistentVolumes` | `true` | Beta | 1.15 | | | `ExpandPersistentVolumes` | `false` | Alpha | 1.8 | 1.10 | @@ -629,6 +630,9 @@ Each feature gate is designed for enabling/disabling a specific feature: now-corrected fault where Kubernetes ignored exec probe timeouts. See [readiness probes](/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#configure-probes). - `ExpandCSIVolumes`: Enable the expanding of CSI volumes. +- `ExpandedDNSConfig`: Enable kubelet and kube-apiserver to allow more DNS + search paths and longer list of DNS search paths. See + [Expanded DNS Configuration](/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration). - `ExpandInUsePersistentVolumes`: Enable expanding in-use PVCs. See [Resizing an in-use PersistentVolumeClaim](/docs/concepts/storage/persistent-volumes/#resizing-an-in-use-persistentvolumeclaim). - `ExpandPersistentVolumes`: Enable the expanding of persistent volumes. See diff --git a/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md b/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md index faed4e1cb1..6bc41d2170 100644 --- a/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md +++ b/content/en/docs/tasks/administer-cluster/dns-debugging-resolution.md @@ -288,6 +288,13 @@ This should probably be implemented eventually. Linux's libc (a.k.a. glibc) has a limit for the DNS `nameserver` records to 3 by default. What's more, for the glibc versions which are older than glibc-2.17-222 ([the new versions update see this issue](https://access.redhat.com/solutions/58028)), the allowed number of DNS `search` records has been limited to 6 ([see this bug from 2005](https://bugzilla.redhat.com/show_bug.cgi?id=168253)). Kubernetes needs to consume 1 `nameserver` record and 3 `search` records. This means that if a local installation already uses 3 `nameserver`s or uses more than 3 `search`es while your glibc version is in the affected list, some of those settings will be lost. To work around the DNS `nameserver` records limit, the node can run `dnsmasq`, which will provide more `nameserver` entries. You can also use kubelet's `--resolv-conf` flag. To fix the DNS `search` records limit, consider upgrading your linux distribution or upgrading to an unaffected version of glibc. +{{< note >}} + +With [Expanded DNS Configuration](/docs/concepts/services-networking/dns-pod-service/#expanded-dns-configuration), +Kubernetes allows more DNS `search` records. + +{{< /note >}} + If you are using Alpine version 3.3 or earlier as your base image, DNS may not work properly due to a known issue with Alpine. Kubernetes [issue 30215](https://github.com/kubernetes/kubernetes/issues/30215)