1414 - [ Risks and Mitigations] ( #risks-and-mitigations )
1515- [ Design Details] ( #design-details )
1616 - [ Test Plan] ( #test-plan )
17+ - [ Prerequisite testing updates] ( #prerequisite-testing-updates )
18+ - [ Unit tests] ( #unit-tests )
19+ - [ Integration tests] ( #integration-tests )
20+ - [ e2e tests] ( #e2e-tests )
1721 - [ Graduation Criteria] ( #graduation-criteria )
1822 - [ Alpha] ( #alpha )
19- - [ Alpha - & gt ; Beta Graduation ] ( #alpha--- beta-graduation )
20- - [ Beta - & gt ; GA Graduation ] ( #beta---ga-graduation )
23+ - [ Beta] ( #beta )
24+ - [ GA ] ( #ga )
2125 - [ Upgrade / Downgrade Strategy] ( #upgrade--downgrade-strategy )
2226 - [ Version Skew Strategy] ( #version-skew-strategy )
2327- [ Production Readiness Review Questionnaire] ( #production-readiness-review-questionnaire )
@@ -44,8 +48,8 @@ Items marked with (R) are required *prior to targeting to a milestone / release*
4448- [x] (R) Graduation criteria is in place
4549- [x] (R) Production readiness review completed
4650- [x] (R) Production readiness review approved
47- - [ ] "Implementation History" section is up-to-date for milestone
48- - [ ] User-facing documentation has been created in [ kubernetes/website] , for publication to [ kubernetes.io]
51+ - [x ] "Implementation History" section is up-to-date for milestone
52+ - [x ] User-facing documentation has been created in [ kubernetes/website] , for publication to [ kubernetes.io]
4953- [ ] Supporting documentation—e.g., additional design documents, links to mailing list discussions/SIG meetings, relevant PRs/issues, release notes
5054
5155[ kubernetes.io ] : https://kubernetes.io/
@@ -103,6 +107,14 @@ DNS search path list to an arbitrary number
103107
104108### Notes/Constraints/Caveats (Optional)
105109
110+ Some container runtimes of older versions have their own restrictions on the
111+ number of DNS search paths. For the container runtimes which are older than
112+ - containerd v1.5.6
113+ - CRI-O v1.22
114+
115+ , pods with expanded DNS configuration may get stuck in the pending state. (see
116+ [ kubernetes #104352 ] ( https://github.com/kubernetes/kubernetes/issues/104352 ) )
117+
106118This enhancement relaxes the validation of ` Pod ` and ` PodTemplate ` . Once the
107119feature is activated, it must be carefully disabled. Otherwise, the objects left
108120over from the previous version which have the expanded DNS configuration can be
@@ -126,7 +138,28 @@ DNS configuration
126138
127139### Test Plan
128140
129- - Add unit tests of validating expanded DNS config
141+ [ x] I/we understand the owners of the involved components may require updates to
142+ existing tests to make this code solid enough prior to committing the changes necessary
143+ to implement this enhancement.
144+
145+ ##### Prerequisite testing updates
146+
147+ N/A
148+
149+ ##### Unit tests
150+
151+ Verified that the API server accepts the pod or podTemplate with the expanded
152+ DNS config and the kubelet accepts the resolv.conf or pod with the expanded DNS
153+ config.
154+
155+ ##### Integration tests
156+
157+ No integration tests are planned.
158+
159+ ##### e2e tests
160+
161+ Will add an e2e test to ensure that the pod with the expanded DNS config can be
162+ created and run successfully.
130163
131164### Graduation Criteria
132165
@@ -135,12 +168,13 @@ DNS configuration
135168- Implement the feature
136169- Add appropriate unit tests
137170
138- #### Alpha -> Beta Graduation
171+ #### Beta
139172
140173- Address feedback from alpha
141- - Sufficient testing
174+ - Add e2e tests
175+ - All major container runtimes supported versions allows this feature
142176
143- #### Beta -> GA Graduation
177+ #### GA
144178
145179- Address feedback from beta
146180- Sufficient number of users using the feature
@@ -169,6 +203,8 @@ or disable the expanded DNS configuration feature.
169203 - Components depending on the feature gate:
170204 - ` kubelet `
171205 - ` kube-apiserver `
206+ - This feature is not compatible with some older container runtimes (see
207+ [ Notes/Constraints/Caveats] ( #notesconstraintscaveats-optional ) )
172208 - [ ] Other
173209 - Describe the mechanism:
174210 - Will enabling / disabling the feature require downtime of the control
@@ -185,9 +221,45 @@ the expanded DNS configuration.
185221
186222Yes, the feature can be disabled by disabling the feature gate.
187223
188- Once the feature is disabled, kube-apiserver will reject the pod having expanded
189- DNS configuration and kubelet will create a resolver configuration excluding the
190- overage.
224+ Before disabling the feature gate, is is recommended to remove objects
225+ containing podsTemplate with the expanded DNS config as newly created pods will
226+ be rejected by the apiserver.
227+
228+ ``` sh
229+ $ cat << \EOF > get-expanded-dns-config-objects.tpl
230+ {{- range $_ , $objects := .items}}
231+ {{- with $searches := .spec.template.spec.dnsConfig}}
232+ {{- $length := len .searches }}
233+ {{- if gt $length 6 }}
234+ {{- $objects .metadata.name }}
235+ {{- printf " " }}
236+ {{- continue }}
237+ {{- end}}
238+
239+ {{- $searchStr := "" }}
240+ {{- range $search := .searches}}
241+ {{- $searchStr = printf "%s %s" $searchStr $search }}
242+ {{- end}}
243+ {{- $searchLen := len $searchStr }}
244+ {{- if gt $searchLen 256}}
245+ {{- $objects .metadata.name }}
246+ {{- printf " " }}
247+ {{- continue }}
248+ {{- end }}
249+ {{- end}}
250+ {{- end}}
251+ EOF
252+
253+ # get deployments having the expanded DNS configuration
254+ $ kubectl get deployments.apps --all-namespaces -o go-template-file=get-expanded-dns-config-objects.tpl
255+ ```
256+
257+ Once the feature is disabled, kube-apiserver will reject the newly requested pod
258+ having expanded DNS configuration and kubelet will create a resolver
259+ configuration excluding the overage.
260+
261+ If there is a problem with an object that already has expanded DNS
262+ configuration, the object should be removed manually.
191263
192264- ** What happens if we reenable the feature if it was previously rolled back?**
193265
@@ -196,7 +268,15 @@ and new Pods with expanded configuration will be created by the kubelet.
196268
197269- ** Are there any tests for feature enablement/disablement?**
198270
199- We will add unit tests.
271+ Yes.
272+
273+ We verified in unit tests that existing pods work with the feature enabled and
274+ already created pods with the expanded DNS config work fine with the feature
275+ disabled.
276+
277+ When this feature is disabled, objects containing podTemplate with the expanded
278+ DNS config cannot create new pods until that podTemplate is fixed to have the
279+ non-expanded DNS config.
200280
201281### Rollout, Upgrade and Rollback Planning
202282
@@ -213,7 +293,7 @@ enablement.
213293
214294- ** Were upgrade and rollback tested? Was the upgrade->downgrade->upgrade path tested?**
215295
216- We will do test.
296+ Yes
217297
218298- ** Is the rollout accompanied by any deprecations and/or removals of features, APIs, fields of API types, flags, etc.?**
219299
247327
248328- ** Does this feature depend on any specific services running in the cluster?**
249329
250- No
330+ This feature requires container runtime support. See
331+ [ Notes/Constraints/Caveats] ( #notesconstraintscaveats-optional ) .
251332
252333### Scalability
253334
@@ -293,8 +374,16 @@ they are too old.
293374
294375## Implementation History
295376
296- - 2021-03-26: [ Initial
297- discussion at #100583 ] ( https://github.com/kubernetes/kubernetes/pull/100583 )
377+ - 2021-03-26: [ Initial discussion at
378+ #100583 ] ( https://github.com/kubernetes/kubernetes/pull/100583 )
379+ - 2021-05-11: [ Initial KEP
380+ approved] ( https://github.com/kubernetes/enhancements/pull/2596 )
381+ - 2021-05-27: [ Initial alpha implementations
382+ merged] ( https://github.com/kubernetes/kubernetes/pull/100651 )
383+ - 2021-06-05: [ Initial docs
384+ merged] ( https://github.com/kubernetes/website/pull/28096 )
385+ - 2022-01-12: [ Docs updated to add requirements for the
386+ feature] ( https://github.com/kubernetes/website/pull/31305 )
298387
299388## Drawbacks
300389
0 commit comments