dns
dns copied to clipboard
Published
20 hours ago •
kubernetes
kubernetes
Kubernetes DNS service
Kubernetes DNS
This is the repository for Kubernetes DNS.
Images
- kube-dns
- sidecar
- dnsmasq
- node-cache
Building
make targets:
| target | description |
|---|---|
| all, build | build all binaries |
| test | run unit tests |
| containers | build the containers |
| images-clean | clear image build artifacts from workdir |
| push | push containers to the registry |
| help | this help message |
| version | show package version |
| {build,containers,push}-ARCH | do action for specific ARCH |
| all-{build,containers,push} | do action for all ARCH |
| only-push-BINARY | push just BINARY |
- Setting
VERBOSE=1will show additional build logging. - Setting
VERSIONwill override the container version tag.
Vulnerability patching
Vulnerability patches are mainly for debian-base or debian-iptables images. They can be updated to the latest by modifying rules.mk and dnsmasq Makefile. Example PR.
Once the PR has merged, a new release tag should be cut. The rest of the release process is described below.
Release process
Follow these steps to make changes and release a new binary.
- Make the necessary code changes and create a PR.
- Build and test locally (
make images-clean;make build;make containers;make test). - To build just the node-cache container, use
make containers CONTAINER_BINARIES=node-cache. - The same steps are executed via the presubmit script
presubmits.shwhich is run by the test-infra prow job. - Merge the PR.
- Cut a new release tag. We use semantic versioning to
name releases.
Example:
git tag -a 1.21.4 -m "Build images using golang 1.17." git push upstream 1.21.4 - Wait for container images to be pushed via cloudbuild yaml. This will be done automatically by
k8s.io/test-infra/.../k8s-staging-dns.yaml. A manual cloud build can be submitted viagcloud builds submit --config cloudbuild.yaml, but this requires owner permissions in k8s-staging-dns project. The automated job pushes images for all architectures and makes them available ingcr.io/k8s-staging-dns. Status for build jobs can be checked at - https://k8s-testgrid.appspot.com/sig-network-dns#dns-push-images - Promote the images to
gcr.io/k8s-artifacts-produsing the process described in this link. The image SHAs should be added toimages/k8s-staging-dns/images.yaml. The SHAs can be obtained by running the commandpython parse-image-sha.py <TAG>This will return the SHAs for kube-dns as well as node-cache images. Node-cache images are always promoted, kube-dns images are promoted if there is a change to kubedns/vulnerability fix. - Images will be available in the repo k8s.gcr.io/dns/. The node-cache image with tag 1.15.14 can be found at k8s.gcr.io/dns/k8s-dns-node-cache:1.15.14. Older versions are at k8s.gcr.io/k8s-dns-node-cache:<TAG>
- Submit a PR for the kubernetes/kubernetes repository to switch to the new version of the containers. Example - https://github.com/kubernetes/kubernetes/pull/106189
kubernetes