Deprecating the old kube-dns
77 views
Skip to first unread message
Dan Winship
Feb 26, 2026, 2:25:24 PMFeb 26
to sig-network
At this point virtually everyone is running CoreDNS, but there had been
this feeling that "well, kube-dns isn't hurting anyone, we should just
keep it around". But recently I discovered[1] that it still doesn't
support EndpointSlices (and thus by extension, doesn't support
dual-stack), and there doesn't seem to be any plan to address that[2],
which is a problem for the plan to finish deprecating Endpoints and
allow clusters to be conformant when they provide only EndpointSlices[3].
So... we discussed this at the SIG meeting today, and agreed that it
makes sense to deprecate kube-dns. At the moment, the plan is:
1. Migrate NodeLocal DNS Cache out of `kubernetes/dns` into a new
kubernetes-sigs repo. (It currently shares the `kubernetes/dns`
repo with kube-dns, but is based on CoreDNS, not kube-dns.)
Update build/release/image stuff for that. (We will not change
the name of the official NodeLocal DNS Cache image.)
2. Update k/community to remove kube-dns as a SIG Network subproject
and add NodeLocal DNS Cache.
3. Remove the kube-dns cluster addon from k/k
4. Make any other necessary updates to k/k and k/website (?)
5. Request that the kubernetes/dns repo be archived, and stop
providing new versions of the `k8s-dns-kube-dns` image.
6. In parallel, restart the conversation about where to put technical
documentation[4] and figure out a new home for the "Kubernetes
DNS-Based Service Discovery" specification[5].
Our deprecation procedures do not explicitly discuss official images,
but I suppose the "at least 1 year" rule probably applies to step 5
above (and maybe step 3? I don't know what the deprecation rules for
k/k/cluster/addons are either). In which case that would suggest a
target of 1.40 for it being completely gone?
-- Dan
[1]
https://github.com/kubernetes/enhancements/pull/5923#pullrequestreview-3809363331
[2] https://github.com/kubernetes/dns/issues/504
[3]
https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/4974-deprecate-endpoints/README.md
[4] https://github.com/kubernetes/community/issues/7421
[5] https://github.com/kubernetes/dns/blob/master/docs/specification.md
this feeling that "well, kube-dns isn't hurting anyone, we should just
keep it around". But recently I discovered[1] that it still doesn't
support EndpointSlices (and thus by extension, doesn't support
dual-stack), and there doesn't seem to be any plan to address that[2],
which is a problem for the plan to finish deprecating Endpoints and
allow clusters to be conformant when they provide only EndpointSlices[3].
So... we discussed this at the SIG meeting today, and agreed that it
makes sense to deprecate kube-dns. At the moment, the plan is:
1. Migrate NodeLocal DNS Cache out of `kubernetes/dns` into a new
kubernetes-sigs repo. (It currently shares the `kubernetes/dns`
repo with kube-dns, but is based on CoreDNS, not kube-dns.)
Update build/release/image stuff for that. (We will not change
the name of the official NodeLocal DNS Cache image.)
2. Update k/community to remove kube-dns as a SIG Network subproject
and add NodeLocal DNS Cache.
3. Remove the kube-dns cluster addon from k/k
4. Make any other necessary updates to k/k and k/website (?)
5. Request that the kubernetes/dns repo be archived, and stop
providing new versions of the `k8s-dns-kube-dns` image.
6. In parallel, restart the conversation about where to put technical
documentation[4] and figure out a new home for the "Kubernetes
DNS-Based Service Discovery" specification[5].
Our deprecation procedures do not explicitly discuss official images,
but I suppose the "at least 1 year" rule probably applies to step 5
above (and maybe step 3? I don't know what the deprecation rules for
k/k/cluster/addons are either). In which case that would suggest a
target of 1.40 for it being completely gone?
-- Dan
[1]
https://github.com/kubernetes/enhancements/pull/5923#pullrequestreview-3809363331
[2] https://github.com/kubernetes/dns/issues/504
[3]
https://github.com/kubernetes/enhancements/blob/master/keps/sig-network/4974-deprecate-endpoints/README.md
[4] https://github.com/kubernetes/community/issues/7421
[5] https://github.com/kubernetes/dns/blob/master/docs/specification.md
Dave Protasowski
Feb 26, 2026, 2:32:27 PMFeb 26
to Dan Winship, sig-network
I know two years ago GKE was still using kube-dns and didn't include CoreDNS. Has that changed?
The other thing to note - with the deprecation of `kube-dns` will we want to shore up conformance around k8s <> dns. For example [1] if you create a headless service and manually manage endpoint slices DNS doesn't work on clusters using `kube-dns` - since like you said `kube-dns`doesn't support endpoint slices
cheers
- dave
[1] Test I wrote to verify - https://gist.github.com/dprotaso/cb3dc0a6786ddc407019949db9dfcf70
--
You received this message because you are subscribed to the Google Groups "sig-network" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sig-network...@kubernetes.io.
To view this discussion visit https://groups.google.com/a/kubernetes.io/d/msgid/sig-network/c813c21e-482e-4804-be77-01cc1a82ee0d%40redhat.com.
Dan Winship
Feb 26, 2026, 3:56:36 PMFeb 26
to Dave Protasowski, sig-network
On 2/26/26 2:32 PM, Dave Protasowski wrote:
> I know two years ago GKE was still using kube-dns and didn't include
> CoreDNS. Has that changed?
AIUI they already use CoreDNS in some cluster types and are moving away
> I know two years ago GKE was still using kube-dns and didn't include
> CoreDNS. Has that changed?
from kube-dns in general. (At any rate, multiple Google people agreed
with the plan in the meeting.)
> The other thing to note - with the deprecation of `kube-dns` will we
> want to shore up conformance around k8s <> dns.
7. Add conformance tests confirming that the Service DNS
implementation uses EndpointSlice, like we did for the
service proxy.
> For example [1] if you
> create a headless service and manually manage endpoint slices DNS
> doesn't work on clusters using `kube-dns` - since like you said `kube-
> dns`doesn't support endpoint slices
>
> cheers
> - dave
>
> [1] Test I wrote to verify - https://gist.github.com/dprotaso/
> cb3dc0a6786ddc407019949db9dfcf70>
> kubernetes/enhancements/pull/5923#pullrequestreview-3809363331>
> [2] https://github.com/kubernetes/dns/issues/504 <https://
> github.com/kubernetes/dns/issues/504>
> [3]
> https://github.com/kubernetes/enhancements/blob/master/keps/sig-
> network/4974-deprecate-endpoints/README.md <https://github.com/
> kubernetes/enhancements/blob/master/keps/sig-network/4974-deprecate-
> endpoints/README.md>
> [4] https://github.com/kubernetes/community/issues/7421 <https://
> github.com/kubernetes/community/issues/7421>
> [5] https://github.com/kubernetes/dns/blob/master/docs/
> specification.md <https://github.com/kubernetes/dns/blob/master/
> docs/specification.md>
>
> --
> You received this message because you are subscribed to the Google
> Groups "sig-network" group.
> To unsubscribe from this group and stop receiving emails from it,
> send an email to sig-network...@kubernetes.io <mailto:sig-
> --
> You received this message because you are subscribed to the Google
> Groups "sig-network" group.
> To unsubscribe from this group and stop receiving emails from it,
> network%2Bunsu...@kubernetes.io>.
> To view this discussion visit https://groups.google.com/a/
> kubernetes.io/d/msgid/sig-network/c813c21e-482e-4804-
> be77-01cc1a82ee0d%40redhat.com <https://groups.google.com/a/
> kubernetes.io/d/msgid/sig-network/c813c21e-482e-4804-
> kubernetes.io/d/msgid/sig-network/c813c21e-482e-4804-
> be77-01cc1a82ee0d%40redhat.com>.
>
Reply all
Reply to author
Forward
0 new messages