Merge pull request #57683 from vainu-arto/kube-dns-anti-affinity

Automatic merge from submit-queue (batch tested with PRs 57683, 59116, 58728, 59140, 58976). If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>. Add self anti-affinity to kube-dns pods Otherwise the "no single point of failure" setting doesn't actually work (a single node failure can still take down the entire cluster). Fixes #40063 ```release-note Added anti-affinity to kube-dns pods ```
2025-07-23 03:41:45 +00:00 · 2018-02-01 07:04:34 -08:00 · 2018-02-01 07:04:34 -08:00 · 76b29312e9
commit 76b29312e9
parent 0d900769d6 4565150f3d
3 changed files with 33 additions and 0 deletions
--- a/cluster/addons/dns/kube-dns.yaml.base
+++ b/cluster/addons/dns/kube-dns.yaml.base
@ -84,6 +84,17 @@ spec:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: k8s-app
+                    operator: In
+                    values: ["kube-dns"]
+              topologyKey: kubernetes.io/hostname
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
--- a/cluster/addons/dns/kube-dns.yaml.in
+++ b/cluster/addons/dns/kube-dns.yaml.in
@ -84,6 +84,17 @@ spec:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: k8s-app
+                    operator: In
+                    values: ["kube-dns"]
+              topologyKey: kubernetes.io/hostname
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"
--- a/cluster/addons/dns/kube-dns.yaml.sed
+++ b/cluster/addons/dns/kube-dns.yaml.sed
@ -84,6 +84,17 @@ spec:
      annotations:
        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
+      affinity:
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - weight: 100
+            podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                  - key: k8s-app
+                    operator: In
+                    values: ["kube-dns"]
+              topologyKey: kubernetes.io/hostname
      tolerations:
      - key: "CriticalAddonsOnly"
        operator: "Exists"