When we removed the memory limits on all other components (and set proportional CPU and minimim floor requests) in the control plane, we must have missed DNS.
DNS should not set a memory limit because limits can be managed by the OS and crash failing (limits are just worse failing). The memory request should already be roughly equal to the default memory usage in an idle state per node.
No need to backport unless we have evidence DNS gets excessively OOMKilled.
checked the cluster that launched by cluster-bot: 4.7.0-0.latest, openshift/cluster-dns-operator#207
the memory limit has been removed from ds/dns-default
# oc -n openshift-dns get ds/dns-default -oyaml
https://github.com/openshift/enhancements/pull/529 will codify this into conventions for future teams to rely on
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.