Skip to content

KEP-4762: Allows setting any FQDN as the pod's hostname #132558

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

KEP-4762: Allows setting any FQDN as the pod's hostname #132558

wants to merge 5 commits into from
+1,399 −994

Conversation

HirazawaUi
Copy link
Contributor

@HirazawaUi HirazawaUi commented Jun 26, 2025
edited
Loading

What type of PR is this?

/kind feature

What this PR does / why we need it:

The HostnameOverride feature gate is scheduled for release-1.34. The associated KEP has been merged, and this PR implements the content of the KEP.
ref: https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/4762-allow-arbitrary-fqdn-as-pod-hostname .

Which issue(s) this PR is related to:

Special notes for your reviewer:

For this PR, we have added the following e2e tests:

  • When a pod has both podSpec.hostname and podSpec.hostnameOverride fields, the pod hostname shall be the value of podSpec.hostnameOverride.
  • When a pod has the podSpec.hostnameOverride field, the pod hostname shall be the value of podSpec.hostnameOverride.
  • When a pod has both podSpec.subdomain and podSpec.hostnameOverride fields, the pod hostname shall be the value of podSpec.hostnameOverride.
  • When a pod has both podSpec.setHostnameAsFQDN and podSpec.hostnameOverride fields, pod creation shall not be allowed.
  • When a pod has both podSpec.hostNetwork and podSpec.hostnameOverride fields, pod creation shall not be allowed.
  • When a pod uses a non-RFC 1123-compliant DNS subdomain string as the value for podSpec.hostnameOverride, pod creation shall not be allowed.

These cases sufficiently cover all entries related to the podSpec.hostnameOverride field mentioned in the table. Should additional test cases be required for other entries in the table, they should be addressed in a new PR, as they are unrelated to this Feature gate.

Does this PR introduce a user-facing change?

Added the `HostnameOverride` feature gate. 
This feature is in alpha and disabled by default. When enabled, it allows users to set the `hostnameOverride` field in `PodSpec` to specify any RFC 1123 DNS subdomain string as the pod's hostname.

Additional documentation e.g., KEPs (Kubernetes Enhancement Proposals), usage docs, etc.:

- [KEP]:  https://github.com/kubernetes/enhancements/tree/master/keps/sig-network/4762-allow-arbitrary-fqdn-as-pod-hostname

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. size/L Denotes a PR that changes 100-499 lines, ignoring generated files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Jun 26, 2025
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If a SIG or subproject determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

@k8s-ci-robot k8s-ci-robot added the needs-priority Indicates a PR lacks a `priority/foo` label and requires one. label Jun 26, 2025
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: HirazawaUi
Once this PR has been reviewed and has the lgtm label, please assign msau42, sjenning for approval. For more information see the Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added area/code-generation area/e2e-test-framework Issues or PRs related to refactoring the kubernetes e2e test framework area/kubelet area/test kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/node Categorizes an issue or PR as relevant to SIG Node. labels Jun 26, 2025
@k8s-ci-robot k8s-ci-robot added sig/testing Categorizes an issue or PR as relevant to SIG Testing. and removed do-not-merge/needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 26, 2025
@github-project-automation github-project-automation bot moved this to Needs Triage in SIG Apps Jun 26, 2025
@HirazawaUi
Copy link
Contributor Author

/sig network

@k8s-ci-robot k8s-ci-robot added the sig/network Categorizes an issue or PR as relevant to SIG Network. label Jun 26, 2025
@k8s-triage-robot
Copy link

This PR may require API review.

If so, when the changes are ready, complete the pre-review checklist and request an API review.

Status of requested reviews is tracked in the API Review project.

@HirazawaUi HirazawaUi changed the title KEP-4762: Allows setting any FQDN as the pod's hostname WIP KEP-4762: Allows setting any FQDN as the pod's hostname Jun 26, 2025
@k8s-ci-robot k8s-ci-robot added the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 26, 2025
@HirazawaUi
Copy link
Contributor Author

/retest

HirazawaUi
HirazawaUi commented Jun 27, 2025
View reviewed changes
pkg/apis/core/validation/validation.go
allErrs = append(allErrs, field.Forbidden(fldPath.Child("hostnameOverride"), "when `pod.Spec.SetHostnameAsFQDN` is true"))
}
// If HostNetwork is true, HostnameOverride must not be set.
if spec.SecurityContext != nil && spec.SecurityContext.HostNetwork {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Our description in the KEP appears to be slightly inaccurate. We state in the KEP:

if the hostNetwork field is true, it will always use the hostname of the host where the pod is located as the pod's name.

However, we declare this as invalid behavior in the table, so I also disallow it. If we have any other thoughts on this, I can remove this validation.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think that this is because of this #67019 , if the runtime implement proper UTS namespaces for hostNetwork pods this will be completely possible , so I think the rationale was to not block this possibility despite we know is not well implemented in the runtime, @thockin ?

@HirazawaUi HirazawaUi changed the title WIP KEP-4762: Allows setting any FQDN as the pod's hostname KEP-4762: Allows setting any FQDN as the pod's hostname Jun 27, 2025
@k8s-ci-robot k8s-ci-robot removed the do-not-merge/work-in-progress Indicates that a PR should not merge because it is a work in progress. label Jun 27, 2025
@HirazawaUi
Copy link
Contributor Author

/cc @thockin

@k8s-ci-robot k8s-ci-robot requested a review from thockin June 27, 2025 15:24
@HirazawaUi
Copy link
Contributor Author

/test pull-kubernetes-node-e2e-containerd-alpha-features

1 similar comment
@HirazawaUi
Copy link
Contributor Author

/test pull-kubernetes-node-e2e-containerd-alpha-features

@k8s-ci-robot
Copy link
Contributor

@HirazawaUi: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
pull-kubernetes-unit-windows-master df177ae link false /test pull-kubernetes-unit-windows-master
pull-kubernetes-node-e2e-containerd-alpha-features df177ae link false /test pull-kubernetes-node-e2e-containerd-alpha-features

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@HirazawaUi HirazawaUi mentioned this pull request Jun 28, 2025
Open
toVersus
toVersus reviewed Jul 1, 2025
View reviewed changes
staging/src/k8s.io/api/core/v1/types.go
// - `hostNetwork` must be set to false.
//
// This field must be a valid DNS subdomain as defined in RFC 1123 and contain at most 64 characters.
// Requires the HostnameOverride feature gate to be enabled.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe it should be like this?

Suggested change
// Requires the HostnameOverride feature gate to be enabled.
// Requires the HostnameOverride feature gate to be enabled.
//
// +featureGate=HostnameOverride
// +optional

aojea
aojea reviewed Jul 1, 2025
View reviewed changes
pkg/apis/core/validation/validation.go
func validatePodHostName(spec *core.PodSpec, fldPath *field.Path) field.ErrorList {
allErrs := field.ErrorList{}

if spec.HostnameOverride != nil {
Copy link
Member

@aojea aojea Jul 1, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

remove just one indententation by returning early if is nil

if spec.HostnameOverride == nil {
   return allErrs
}

@aojea
Copy link
Member

aojea commented Jul 1, 2025

you are missing one important part, pkg/api/pod/util.go needs to deal with the skewed problem where the feature was enablled and later roll back per example, see https://github.com/kubernetes/kubernetes/pull/91699/files#diff-40853a2fe474b6bde454934dc4e0742a3d9bbf98c31336d8d74520ebe8a2e300 for reference

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@aojea aojea aojea left review comments

@toVersus toVersus toVersus left review comments

@BenTheElder BenTheElder Awaiting requested review from BenTheElder

@caesarxuchao caesarxuchao Awaiting requested review from caesarxuchao

@thockin thockin Awaiting requested review from thockin

Assignees
No one assigned
Labels
area/code-generation area/e2e-test-framework Issues or PRs related to refactoring the kubernetes e2e test framework area/kubelet area/test cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/api-change Categorizes issue or PR as related to adding, removing, or otherwise changing an API kind/feature Categorizes issue or PR as related to a new feature. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/api-machinery Categorizes an issue or PR as relevant to SIG API Machinery. sig/apps Categorizes an issue or PR as relevant to SIG Apps. sig/network Categorizes an issue or PR as relevant to SIG Network. sig/node Categorizes an issue or PR as relevant to SIG Node. sig/testing Categorizes an issue or PR as relevant to SIG Testing. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.
Projects
SIG Apps
Status: Needs Triage
SIG Node CI/Test Board
Status: Triage
SIG Node: code and documentation PRs
Status: Triage
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@HirazawaUi @k8s-ci-robot @k8s-triage-robot @aojea @toVersus