openshift · Neilhamza · May 4, 2026 · May 4, 2026 · May 4, 2026 · May 4, 2026
diff --git a/assets/components/openshift-dns/dns/daemonset.yaml b/assets/components/openshift-dns/dns/daemonset.yaml
@@ -57,8 +57,15 @@ spec:
             failureThreshold: 5
           resources:
             requests:
-              cpu: 50m
-              memory: 70Mi
+              {{- range $key, $value := .DNSRequests }}
+              {{ $key }}: {{ $value }}
+              {{- end }}
+            {{- if .DNSLimits }}
+            limits:
+              {{- range $key, $value := .DNSLimits }}
+              {{ $key }}: {{ $value }}
+              {{- end }}
+            {{- end }}
           securityContext:
             readOnlyRootFilesystem: true
           image: '{{ .ReleaseImage.coredns }}'

diff --git a/cmd/generate-config/config/config-openapi-spec.json b/cmd/generate-config/config/config-openapi-spec.json
@@ -266,6 +266,26 @@
               "example": "Enabled"
             }
           }
+        },
+        "resources": {
+          "description": "Resources configures the CPU and memory resources for the dns container.",
+          "type": "object",
+          "properties": {
+            "limits": {
+              "description": "Limits specifies the maximum resources the dns container can use.\nValid keys are \"cpu\" and \"memory\". Values must be valid Kubernetes resource quantities.\nWhen not set, no limits are applied.",
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            },
+            "requests": {
+              "description": "Requests specifies the minimum resources required for the dns container.\nValid keys are \"cpu\" and \"memory\". Values must be valid Kubernetes resource quantities.\nWhen not set, defaults to cpu=50m, memory=70Mi.",
+              "type": "object",
+              "additionalProperties": {
+                "type": "string"
+              }
+            }
+          }
         }
       }
     },

diff --git a/docs/user/howto_config.md b/docs/user/howto_config.md
@@ -43,6 +43,9 @@ dns:
     hosts:
         file: ""
         status: ""
+    resources:
+        limits: {}
+        requests: {}
 etcd:
     memoryLimitMB: 0
 genericDevicePlugin:
@@ -201,6 +204,9 @@ dns:
     hosts:
         file: /etc/hosts
         status: Disabled
+    resources:
+        limits: {}
+        requests: {}
 etcd:
     memoryLimitMB: 0
 genericDevicePlugin:

diff --git a/packaging/microshift/config.yaml b/packaging/microshift/config.yaml
@@ -85,6 +85,16 @@ dns:
         # example:
         #   Enabled
         status: Disabled
+    # Resources configures the CPU and memory resources for the dns container.
+    resources:
+        # Limits specifies the maximum resources the dns container can use.
+        # Valid keys are "cpu" and "memory". Values must be valid Kubernetes resource quantities.
+        # When not set, no limits are applied.
+        limits: {}
+        # Requests specifies the minimum resources required for the dns container.
+        # Valid keys are "cpu" and "memory". Values must be valid Kubernetes resource quantities.
+        # When not set, defaults to cpu=50m, memory=70Mi.
+        requests: {}
 etcd:
     # Set a memory limit on the etcd process; etcd will begin paging
     # memory when it gets to this value. 0 means no limit.

diff --git a/pkg/components/controllers.go b/pkg/components/controllers.go
@@ -306,6 +306,8 @@ func startDNSController(ctx context.Context, cfg *config.Config, kubeconfigPath
 	extraParams := assets.RenderParams{
 		"ClusterIP":    cfg.Network.DNS,
 		"HostsEnabled": cfg.DNS.Hosts.Status == config.HostsStatusEnabled,
+		"DNSRequests":  cfg.DNS.Resources.Requests,
+		"DNSLimits":    cfg.DNS.Resources.Limits,
 	}
 
 	if err := assets.ApplyServices(ctx, svc, renderTemplate, renderParamsFromConfig(cfg, extraParams), kubeconfigPath); err != nil {

diff --git a/pkg/config/config.go b/pkg/config/config.go
@@ -439,6 +439,24 @@ func (c *Config) incorporateUserSettings(u *Config) {
 			c.DNS.Hosts.File = u.DNS.Hosts.File
 		}
 	}
+
+	// DNS resource configuration - merge key-by-key to preserve defaults
+	if u.DNS.Resources.Requests != nil {
+		if c.DNS.Resources.Requests == nil {
+			c.DNS.Resources.Requests = make(map[string]string)
+		}
+		for k, v := range u.DNS.Resources.Requests {
+			c.DNS.Resources.Requests[k] = v
+		}
+	}
+	if u.DNS.Resources.Limits != nil {
+		if c.DNS.Resources.Limits == nil {
+			c.DNS.Resources.Limits = make(map[string]string)
+		}
+		for k, v := range u.DNS.Resources.Limits {
+			c.DNS.Resources.Limits[k] = v
+		}
+	}
 	if u.ApiServer.FeatureGates.FeatureSet != "" {
 		c.ApiServer.FeatureGates.FeatureSet = u.ApiServer.FeatureGates.FeatureSet
 	}

diff --git a/pkg/config/config_test.go b/pkg/config/config_test.go
@@ -79,6 +79,63 @@ func TestGetActiveConfigFromYAML(t *testing.T) {
 				return c
 			}(),
 		},
+		{
+			name: "dns-resources-requests",
+			config: dedent(`
+            dns:
+              resources:
+                requests:
+                  cpu: "100m"
+                  memory: "150Mi"
+            `),
+			expected: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests = map[string]string{
+					"cpu":    "100m",
+					"memory": "150Mi",
+				}
+				return c
+			}(),
+		},
+		{
+			name: "dns-resources-partial-request",
+			config: dedent(`
+            dns:
+              resources:
+                requests:
+                  cpu: "100m"
+            `),
+			expected: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["cpu"] = "100m"
+				return c
+			}(),
+		},
+		{
+			name: "dns-resources-with-limits",
+			config: dedent(`
+            dns:
+              resources:
+                requests:
+                  cpu: "100m"
+                  memory: "150Mi"
+                limits:
+                  cpu: "200m"
+                  memory: "256Mi"
+            `),
+			expected: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests = map[string]string{
+					"cpu":    "100m",
+					"memory": "150Mi",
+				}
+				c.DNS.Resources.Limits = map[string]string{
+					"cpu":    "200m",
+					"memory": "256Mi",
+				}
+				return c
+			}(),
+		},
 		{
 			name: "network",
 			config: dedent(`
@@ -904,6 +961,113 @@ func TestValidate(t *testing.T) {
 			}(),
 			expectErr: true,
 		},
+		{
+			name: "dns-resources-valid-quantities",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests = map[string]string{
+					"cpu":    "100m",
+					"memory": "128Mi",
+				}
+				c.DNS.Resources.Limits = map[string]string{
+					"cpu":    "200m",
+					"memory": "256Mi",
+				}
+				return c
+			}(),
+			expectErr: false,
+		},
+		{
+			name: "dns-resources-invalid-request",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["cpu"] = "abc"
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-invalid-limit",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Limits = map[string]string{
+					"cpu": "not-a-quantity",
+				}
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-limit-less-than-request",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["cpu"] = "200m"
+				c.DNS.Resources.Limits = map[string]string{
+					"cpu": "50m",
+				}
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-limit-without-request",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Limits = map[string]string{
+					"cpu": "200m",
+				}
+				return c
+			}(),
+			expectErr: false,
+		},
+		{
+			name: "dns-resources-unsupported-request-key",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["gpu"] = "1"
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-unsupported-limit-key",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Limits = map[string]string{
+					"ephemeral-storage": "1Gi",
+				}
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-cpu-below-minimum",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["cpu"] = "10m"
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-memory-below-minimum",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["memory"] = "30Mi"
+				return c
+			}(),
+			expectErr: true,
+		},
+		{
+			name: "dns-resources-at-minimum",
+			config: func() *Config {
+				c := mkDefaultConfig()
+				c.DNS.Resources.Requests["cpu"] = "50m"
+				c.DNS.Resources.Requests["memory"] = "70Mi"
+				return c
+			}(),
+			expectErr: false,
+		},
 	}
 	for _, tt := range ttests {
 		t.Run(tt.name, func(t *testing.T) {