Merge pull request #6998 from simonpasquier/follow-up-3899

chore: implement DNS options for DaemonSet
2025-04-09 02:24:16 +00:00 · 2024-10-16 09:33:05 +02:00 · 2024-10-16 09:33:05 +02:00 · f2aa677705
commit f2aa677705
parent 6a53dec271 12dd07585a
20 changed files with 199 additions and 155 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,6 +1,7 @@
 ## Unreleased

 * [CHANGE] Allow overlapping compactions by default in Prometheus when the Thanos sidecar is configured with uploads. #6906
+* [FEATURE] Add `dnsConfig` and `dnsPolicy` fields to `Alertmanager`, `Prometheus`, `PrometheusAgent` and `ThanosRuler` CRDs. #3889
 * [FEATURE] Add `ruleQueryOffset` field to `Prometheus` CRD and `query_offset` field to `PrometheusRule` CRD. #6957
 * [ENHANCEMENT] Add `goGC` field to `Prometheus` and `PrometheusAgent` CRDs. #6667
 * [BUGFIX] Fix label name validation in `ScrapeConfig` CRD. #6892
--- a/Documentation/api.md
+++ b/Documentation/api.md
@ -2679,7 +2679,8 @@ bool
 <p>Make sure to understand the security implications if you want to enable
 it (<a href="https://kubernetes.io/docs/concepts/configuration/overview/">https://kubernetes.io/docs/concepts/configuration/overview/</a>).</p>
 <p>When hostNetwork is enabled, this will set the DNS policy to
-<code>ClusterFirstWithHostNet</code> automatically.</p>
+<code>ClusterFirstWithHostNet</code> automatically (unless <code>.spec.DNSPolicy</code> is set
+to a different value).</p>
 </td>
 </tr>
 <tr>
@ -7542,7 +7543,8 @@ bool
 <p>Make sure to understand the security implications if you want to enable
 it (<a href="https://kubernetes.io/docs/concepts/configuration/overview/">https://kubernetes.io/docs/concepts/configuration/overview/</a>).</p>
 <p>When hostNetwork is enabled, this will set the DNS policy to
-<code>ClusterFirstWithHostNet</code> automatically.</p>
+<code>ClusterFirstWithHostNet</code> automatically (unless <code>.spec.DNSPolicy</code> is set
+to a different value).</p>
 </td>
 </tr>
 <tr>
@ -8120,6 +8122,34 @@ be ignored. A null or empty list means only match against labelSelector.</p>
 <div>
 <p>DNSPolicy specifies the DNS policy for the pod.</p>
 </div>
+<table>
+<thead>
+<tr>
+<th>Value</th>
+<th>Description</th>
+</tr>
+</thead>
+<tbody><tr><td><p>&#34;ClusterFirst&#34;</p></td>
+<td><p>DNSClusterFirst indicates that the pod should use cluster DNS
+first unless hostNetwork is true, if it is available, then
+fall back on the default (as determined by kubelet) DNS settings.</p>
+</td>
+</tr><tr><td><p>&#34;ClusterFirstWithHostNet&#34;</p></td>
+<td><p>DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS
+first, if it is available, then fall back on the default
+(as determined by kubelet) DNS settings.</p>
+</td>
+</tr><tr><td><p>&#34;Default&#34;</p></td>
+<td><p>DNSDefault indicates that the pod should use the default (as
+determined by kubelet) DNS settings.</p>
+</td>
+</tr><tr><td><p>&#34;None&#34;</p></td>
+<td><p>DNSNone indicates that the pod should use empty DNS settings. DNS
+parameters such as nameservers and search paths should be defined via
+DNSConfig.</p>
+</td>
+</tr></tbody>
+</table>
 <h3 id="monitoring.coreos.com/v1.Duration">Duration
 (<code>string</code> alias)</h3>
 <p>
@ -12043,7 +12073,8 @@ bool
 <p>Make sure to understand the security implications if you want to enable
 it (<a href="https://kubernetes.io/docs/concepts/configuration/overview/">https://kubernetes.io/docs/concepts/configuration/overview/</a>).</p>
 <p>When hostNetwork is enabled, this will set the DNS policy to
-<code>ClusterFirstWithHostNet</code> automatically.</p>
+<code>ClusterFirstWithHostNet</code> automatically (unless <code>.spec.DNSPolicy</code> is set
+to a different value).</p>
 </td>
 </tr>
 <tr>
@ -18473,7 +18504,8 @@ bool
 <p>Make sure to understand the security implications if you want to enable
 it (<a href="https://kubernetes.io/docs/concepts/configuration/overview/">https://kubernetes.io/docs/concepts/configuration/overview/</a>).</p>
 <p>When hostNetwork is enabled, this will set the DNS policy to
-<code>ClusterFirstWithHostNet</code> automatically.</p>
+<code>ClusterFirstWithHostNet</code> automatically (unless <code>.spec.DNSPolicy</code> is set
+to a different value).</p>
 </td>
 </tr>
 <tr>
@ -26226,7 +26258,8 @@ bool
 <p>Make sure to understand the security implications if you want to enable
 it (<a href="https://kubernetes.io/docs/concepts/configuration/overview/">https://kubernetes.io/docs/concepts/configuration/overview/</a>).</p>
 <p>When hostNetwork is enabled, this will set the DNS policy to
-<code>ClusterFirstWithHostNet</code> automatically.</p>
+<code>ClusterFirstWithHostNet</code> automatically (unless <code>.spec.DNSPolicy</code> is set
+to a different value).</p>
 </td>
 </tr>
 <tr>
--- a/bundle.yaml
+++ b/bundle.yaml
@ -24030,7 +24030,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
@ -35319,7 +35320,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheusagents.yaml
@ -3143,7 +3143,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
--- a/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd-full/monitoring.coreos.com_prometheuses.yaml
@ -3861,7 +3861,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheusagents.yaml
@ -3144,7 +3144,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
--- a/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
+++ b/example/prometheus-operator-crd/monitoring.coreos.com_prometheuses.yaml
@ -3862,7 +3862,8 @@ spec:
                  it (https://kubernetes.io/docs/concepts/configuration/overview/).

                  When hostNetwork is enabled, this will set the DNS policy to
-                  `ClusterFirstWithHostNet` automatically.
+                  `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+                  to a different value).
                type: boolean
              ignoreNamespaceSelectors:
                description: |-
--- a/jsonnet/prometheus-operator/prometheusagents-crd.json
+++ b/jsonnet/prometheus-operator/prometheusagents-crd.json
@ -2654,7 +2654,7 @@
                    "x-kubernetes-list-type": "map"
                  },
                  "hostNetwork": {
-                    "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically.",
+                    "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).",
                    "type": "boolean"
                  },
                  "ignoreNamespaceSelectors": {
--- a/jsonnet/prometheus-operator/prometheuses-crd.json
+++ b/jsonnet/prometheus-operator/prometheuses-crd.json
@ -3263,7 +3263,7 @@
                    "x-kubernetes-list-type": "map"
                  },
                  "hostNetwork": {
-                    "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically.",
+                    "description": "Use the host's network namespace if true.\n\nMake sure to understand the security implications if you want to enable\nit (https://kubernetes.io/docs/concepts/configuration/overview/).\n\nWhen hostNetwork is enabled, this will set the DNS policy to\n`ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set\nto a different value).",
                    "type": "boolean"
                  },
                  "ignoreNamespaceSelectors": {
--- a/pkg/alertmanager/statefulset.go
+++ b/pkg/alertmanager/statefulset.go
@ -342,17 +342,6 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
 		}
 	}

-	// Handle DNSPolicy
-	var dnsPolicy v1.DNSPolicy
-	if a.Spec.DNSPolicy != nil {
-		dnsPolicy = k8sutil.ConvertDNSPolicy(a.Spec.DNSPolicy)
-	} else {
-		dnsPolicy = v1.DNSClusterFirst
-	}
-
-	// Handle DNSConfig
-	dnsConfig := k8sutil.ConvertToK8sDNSConfig(a.Spec.DNSConfig)
-
 	podAnnotations := map[string]string{}
 	podLabels := map[string]string{
 		"app.kubernetes.io/version": version.String(),
@ -760,12 +749,12 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
 		return nil, fmt.Errorf("failed to merge init containers spec: %w", err)
 	}

-	// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
-	// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
-	return &appsv1.StatefulSetSpec{
-		ServiceName:         governingServiceName,
-		Replicas:            a.Spec.Replicas,
-		MinReadySeconds:     minReadySeconds,
+	spec := appsv1.StatefulSetSpec{
+		ServiceName:     governingServiceName,
+		Replicas:        a.Spec.Replicas,
+		MinReadySeconds: minReadySeconds,
+		// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
+		// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
 		PodManagementPolicy: appsv1.ParallelPodManagement,
 		UpdateStrategy: appsv1.StatefulSetUpdateStrategy{
 			Type: appsv1.RollingUpdateStatefulSetStrategyType,
@ -792,11 +781,13 @@ func makeStatefulSetSpec(logger *slog.Logger, a *monitoringv1.Alertmanager, conf
 				Affinity:                      a.Spec.Affinity,
 				TopologySpreadConstraints:     a.Spec.TopologySpreadConstraints,
 				HostAliases:                   operator.MakeHostAliases(a.Spec.HostAliases),
-				DNSPolicy:                     dnsPolicy,
-				DNSConfig:                     dnsConfig,
 			},
 		},
-	}, nil
+	}
+
+	k8sutil.UpdateDNSPolicy(&spec.Template.Spec, a.Spec.DNSPolicy)
+	k8sutil.UpdateDNSConfig(&spec.Template.Spec, a.Spec.DNSConfig)
+	return &spec, nil
 }

 func defaultConfigSecretName(am *monitoringv1.Alertmanager) string {
--- a/pkg/alertmanager/statefulset_test.go
+++ b/pkg/alertmanager/statefulset_test.go
@ -32,7 +32,6 @@ import (
 	"k8s.io/utils/ptr"

 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
-	"github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
 	"github.com/prometheus-operator/prometheus-operator/pkg/operator"
 )

@ -1283,32 +1282,34 @@ func TestEnableFeatures(t *testing.T) {
 }

 func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) {
-	k8sDNSPolicy := v1.DNSClusterFirst
-	k8sDNSConfig := monitoringv1.PodDNSConfig{
-		Nameservers: []string{"8.8.8.8"},
-		Searches:    []string{"custom.search"},
-		Options: []monitoringv1.PodDNSConfigOption{
-			{
-				Name:  "ndots",
-				Value: ptr.To("5"),
-			},
-		},
-	}
-
-	monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(k8sDNSPolicy))
-	convertedDNSConfig := k8sutil.ConvertToK8sDNSConfig(&k8sDNSConfig)
-
 	sset, err := makeStatefulSet(nil, &monitoringv1.Alertmanager{
 		ObjectMeta: metav1.ObjectMeta{},
 		Spec: monitoringv1.AlertmanagerSpec{
-			DNSPolicy: monitoringDNSPolicyPtr,
-			DNSConfig: &k8sDNSConfig,
+			DNSPolicy: ptr.To(monitoringv1.DNSClusterFirst),
+			DNSConfig: &monitoringv1.PodDNSConfig{
+				Nameservers: []string{"8.8.8.8"},
+				Searches:    []string{"custom.search"},
+				Options: []monitoringv1.PodDNSConfigOption{
+					{
+						Name:  "ndots",
+						Value: ptr.To("5"),
+					},
+				},
+			},
 		},
 	}, defaultTestConfig, "", &operator.ShardedSecret{})
-
 	require.NoError(t, err)

-	require.Equal(t, k8sDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected dns policy to match")
-
-	require.Equal(t, *convertedDNSConfig, *sset.Spec.Template.Spec.DNSConfig, "expected dns configuration to match")
+	require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected dns policy to match")
+	require.Equal(t,
+		&v1.PodDNSConfig{
+			Nameservers: []string{"8.8.8.8"},
+			Searches:    []string{"custom.search"},
+			Options: []v1.PodDNSConfigOption{
+				{
+					Name:  "ndots",
+					Value: ptr.To("5"),
+				},
+			},
+		}, sset.Spec.Template.Spec.DNSConfig, "expected dns configuration to match")
 }
--- a/pkg/apis/monitoring/v1/dns_types.go
+++ b/pkg/apis/monitoring/v1/dns_types.go
@ -54,3 +54,29 @@ type PodDNSConfigOption struct {
 // DNSPolicy specifies the DNS policy for the pod.
 // +kubebuilder:validation:Enum=ClusterFirstWithHostNet;ClusterFirst;Default;None
 type DNSPolicy string
+
+const (
+	// DNSClusterFirstWithHostNet indicates that the pod should use cluster DNS
+	// first, if it is available, then fall back on the default
+	// (as determined by kubelet) DNS settings.
+	DNSClusterFirstWithHostNet DNSPolicy = "ClusterFirstWithHostNet"
+
+	// DNSClusterFirst indicates that the pod should use cluster DNS
+	// first unless hostNetwork is true, if it is available, then
+	// fall back on the default (as determined by kubelet) DNS settings.
+	DNSClusterFirst DNSPolicy = "ClusterFirst"
+
+	// DNSDefault indicates that the pod should use the default (as
+	// determined by kubelet) DNS settings.
+	DNSDefault DNSPolicy = "Default"
+
+	// DNSNone indicates that the pod should use empty DNS settings. DNS
+	// parameters such as nameservers and search paths should be defined via
+	// DNSConfig.
+	DNSNone DNSPolicy = "None"
+)
+
+const (
+// DefaultTerminationGracePeriodSeconds indicates the default duration in
+// seconds a pod needs to terminate gracefully.
+)
--- a/pkg/apis/monitoring/v1/prometheus_types.go
+++ b/pkg/apis/monitoring/v1/prometheus_types.go
@ -700,7 +700,8 @@ type CommonPrometheusFields struct {
 	// it (https://kubernetes.io/docs/concepts/configuration/overview/).
 	//
 	// When hostNetwork is enabled, this will set the DNS policy to
-	// `ClusterFirstWithHostNet` automatically.
+	// `ClusterFirstWithHostNet` automatically (unless `.spec.DNSPolicy` is set
+	// to a different value).
 	HostNetwork bool `json:"hostNetwork,omitempty"`

 	// PodTargetLabels are appended to the `spec.podTargetLabels` field of all
--- a/pkg/k8sutil/k8sutil.go
+++ b/pkg/k8sutil/k8sutil.go
@ -539,31 +539,30 @@ func mergeMapsByPrefix(from map[string]string, to map[string]string, prefix stri
 	return to
 }

-// ConvertToK8sDNSConfig converts a monitoringv1.PodDNSConfig to a corev1.PodDNSConfig.
-func ConvertToK8sDNSConfig(config *monitoringv1.PodDNSConfig) *v1.PodDNSConfig {
+func UpdateDNSConfig(podSpec *v1.PodSpec, config *monitoringv1.PodDNSConfig) {
 	if config == nil {
-		return nil
+		return
 	}

-	k8sConfig := &v1.PodDNSConfig{
+	dnsConfig := v1.PodDNSConfig{
 		Nameservers: config.Nameservers,
 		Searches:    config.Searches,
 	}

 	for _, opt := range config.Options {
-		k8sConfig.Options = append(k8sConfig.Options, v1.PodDNSConfigOption{
+		dnsConfig.Options = append(dnsConfig.Options, v1.PodDNSConfigOption{
 			Name:  opt.Name,
 			Value: opt.Value,
 		})
 	}

-	return k8sConfig
+	podSpec.DNSConfig = &dnsConfig
 }

-// ConvertDNSPolicy converts a monitoringv1.DNSPolicy to a corev1.DNSPolicy.
-func ConvertDNSPolicy(dnsPolicy *monitoringv1.DNSPolicy) v1.DNSPolicy {
+func UpdateDNSPolicy(podSpec *v1.PodSpec, dnsPolicy *monitoringv1.DNSPolicy) {
 	if dnsPolicy == nil {
-		return v1.DNSClusterFirst
+		return
 	}
-	return v1.DNSPolicy(*dnsPolicy)
+
+	podSpec.DNSPolicy = v1.DNSPolicy(*dnsPolicy)
 }
--- a/pkg/k8sutil/k8sutil_test.go
+++ b/pkg/k8sutil/k8sutil_test.go
@ -23,9 +23,11 @@ import (
 	"github.com/stretchr/testify/require"
 	appsv1 "k8s.io/api/apps/v1"
 	corev1 "k8s.io/api/core/v1"
+	v1 "k8s.io/api/core/v1"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
 	"k8s.io/apimachinery/pkg/util/validation"
 	"k8s.io/client-go/kubernetes/fake"
+	"k8s.io/utils/ptr"

 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
 )
@ -530,31 +532,26 @@ func TestConvertToK8sDNSConfig(t *testing.T) {
 		Options: []monitoringv1.PodDNSConfigOption{
 			{
 				Name:  "ndots",
-				Value: ptrTo("5"),
+				Value: ptr.To("5"),
 			},
 			{
 				Name:  "timeout",
-				Value: ptrTo("1"),
+				Value: ptr.To("1"),
 			},
 		},
 	}

-	k8sDNSConfig := ConvertToK8sDNSConfig(monitoringDNSConfig)
+	var spec v1.PodSpec
+	UpdateDNSConfig(&spec, monitoringDNSConfig)

 	// Verify the conversion matches the original content
-	require.Equal(t, monitoringDNSConfig.Nameservers, k8sDNSConfig.Nameservers, "expected nameservers to match")
-	require.Equal(t, monitoringDNSConfig.Searches, k8sDNSConfig.Searches, "expected searches to match")
+	require.Equal(t, monitoringDNSConfig.Nameservers, spec.DNSConfig.Nameservers, "expected nameservers to match")
+	require.Equal(t, monitoringDNSConfig.Searches, spec.DNSConfig.Searches, "expected searches to match")

 	// Check if DNSConfig options match
-	require.Equal(t, len(monitoringDNSConfig.Options), len(k8sDNSConfig.Options), "expected options length to match")
-	for i, option := range monitoringDNSConfig.Options {
-		k8sOption := k8sDNSConfig.Options[i]
-		require.Equal(t, option.Name, k8sOption.Name, "expected option names to match")
-		require.Equal(t, option.Value, k8sOption.Value, "expected option values to match")
+	require.Equal(t, len(monitoringDNSConfig.Options), len(spec.DNSConfig.Options), "expected options length to match")
+	for i, opt := range monitoringDNSConfig.Options {
+		require.Equal(t, opt.Name, spec.DNSConfig.Options[i].Name, "expected option names to match")
+		require.Equal(t, opt.Value, spec.DNSConfig.Options[i].Value, "expected option values to match")
 	}
 }
-
-// ptrTo is a helper function to get a pointer to a string value.
-func ptrTo(val string) *string {
-	return &val
-}
--- a/pkg/prometheus/agent/daemonset.go
+++ b/pkg/prometheus/agent/daemonset.go
@ -71,10 +71,6 @@ func makeDaemonSet(
 		daemonSet.Spec.Template.Spec.ImagePullSecrets = cpf.ImagePullSecrets
 	}

-	if cpf.HostNetwork {
-		daemonSet.Spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
-	}
-
 	return daemonSet, nil
 }

@ -205,7 +201,7 @@ func makeDaemonSetSpec(
 		return nil, fmt.Errorf("failed to merge containers spec: %w", err)
 	}

-	return &appsv1.DaemonSetSpec{
+	spec := appsv1.DaemonSetSpec{
 		Selector: &metav1.LabelSelector{
 			MatchLabels: finalSelectorLabels,
 		},
@ -235,5 +231,13 @@ func makeDaemonSetSpec(
 				HostNetwork:                   cpf.HostNetwork,
 			},
 		},
-	}, nil
+	}
+
+	if cpf.HostNetwork {
+		spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
+	}
+	k8sutil.UpdateDNSPolicy(&spec.Template.Spec, cpf.DNSPolicy)
+	k8sutil.UpdateDNSConfig(&spec.Template.Spec, cpf.DNSConfig)
+
+	return &spec, nil
 }
--- a/pkg/prometheus/agent/statefulset.go
+++ b/pkg/prometheus/agent/statefulset.go
@ -132,10 +132,6 @@ func makeStatefulSet(
 		statefulset.Spec.PersistentVolumeClaimRetentionPolicy = cpf.PersistentVolumeClaimRetentionPolicy
 	}

-	if cpf.HostNetwork {
-		statefulset.Spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
-	}
-
 	return statefulset, nil
 }

@ -299,15 +295,11 @@ func makeStatefulSetSpec(
 		HostNetwork:                   cpf.HostNetwork,
 	}

-	// Set DNSPolicy if not nil
-	if cpf.DNSPolicy != nil {
-		spec.DNSPolicy = k8sutil.ConvertDNSPolicy(cpf.DNSPolicy)
-	}
-
-	// Set DNSConfig if not nil
-	if cpf.DNSConfig != nil {
-		spec.DNSConfig = k8sutil.ConvertToK8sDNSConfig(cpf.DNSConfig)
+	if cpf.HostNetwork {
+		spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
 	}
+	k8sutil.UpdateDNSPolicy(&spec, cpf.DNSPolicy)
+	k8sutil.UpdateDNSConfig(&spec, cpf.DNSConfig)

 	// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
 	// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
--- a/pkg/prometheus/server/statefulset.go
+++ b/pkg/prometheus/server/statefulset.go
@ -180,10 +180,6 @@ func makeStatefulSet(
 		statefulset.Spec.PersistentVolumeClaimRetentionPolicy = cpf.PersistentVolumeClaimRetentionPolicy
 	}

-	if cpf.HostNetwork {
-		statefulset.Spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
-	}
-
 	return statefulset, nil
 }

@ -381,11 +377,11 @@ func makeStatefulSetSpec(
 		return nil, fmt.Errorf("failed to merge containers spec: %w", err)
 	}

-	// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
-	// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
-	return &appsv1.StatefulSetSpec{
-		ServiceName:         governingServiceName,
-		Replicas:            cpf.Replicas,
+	spec := appsv1.StatefulSetSpec{
+		ServiceName: governingServiceName,
+		Replicas:    cpf.Replicas,
+		// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
+		// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
 		PodManagementPolicy: appsv1.ParallelPodManagement,
 		UpdateStrategy: appsv1.StatefulSetUpdateStrategy{
 			Type: appsv1.RollingUpdateStatefulSetStrategyType,
@ -417,11 +413,17 @@ func makeStatefulSetSpec(
 				TopologySpreadConstraints:     prompkg.MakeK8sTopologySpreadConstraint(finalSelectorLabels, cpf.TopologySpreadConstraints),
 				HostAliases:                   operator.MakeHostAliases(cpf.HostAliases),
 				HostNetwork:                   cpf.HostNetwork,
-				DNSPolicy:                     k8sutil.ConvertDNSPolicy(cpf.DNSPolicy),
-				DNSConfig:                     k8sutil.ConvertToK8sDNSConfig(cpf.DNSConfig),
 			},
 		},
-	}, nil
+	}
+
+	if cpf.HostNetwork {
+		spec.Template.Spec.DNSPolicy = v1.DNSClusterFirstWithHostNet
+	}
+	k8sutil.UpdateDNSPolicy(&spec.Template.Spec, cpf.DNSPolicy)
+	k8sutil.UpdateDNSConfig(&spec.Template.Spec, cpf.DNSConfig)
+
+	return &spec, nil
 }

 // appendServerArgs appends arguments that are only valid for the Prometheus server.
--- a/pkg/thanos/statefulset.go
+++ b/pkg/thanos/statefulset.go
@ -358,17 +358,6 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
 		)
 	}

-	// Handle DNSPolicy
-	var dnsPolicy v1.DNSPolicy
-	if tr.Spec.DNSPolicy != nil {
-		dnsPolicy = k8sutil.ConvertDNSPolicy(tr.Spec.DNSPolicy)
-	} else {
-		dnsPolicy = v1.DNSClusterFirst
-	}
-
-	// Handle DNSConfig
-	dnsConfig := k8sutil.ConvertToK8sDNSConfig(tr.Spec.DNSConfig)
-
 	podAnnotations := map[string]string{}
 	podLabels := map[string]string{}
 	if tr.Spec.PodMetadata != nil {
@ -452,12 +441,12 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
 		minReadySeconds = int32(*tr.Spec.MinReadySeconds)
 	}

-	// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
-	// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
-	return &appsv1.StatefulSetSpec{
-		ServiceName:         governingServiceName,
-		Replicas:            tr.Spec.Replicas,
-		MinReadySeconds:     minReadySeconds,
+	spec := appsv1.StatefulSetSpec{
+		ServiceName:     governingServiceName,
+		Replicas:        tr.Spec.Replicas,
+		MinReadySeconds: minReadySeconds,
+		// PodManagementPolicy is set to Parallel to mitigate issues in kubernetes: https://github.com/kubernetes/kubernetes/issues/60164
+		// This is also mentioned as one of limitations of StatefulSets: https://kubernetes.io/docs/concepts/workloads/controllers/statefulset/#limitations
 		PodManagementPolicy: appsv1.ParallelPodManagement,
 		UpdateStrategy: appsv1.StatefulSetUpdateStrategy{
 			Type: appsv1.RollingUpdateStatefulSetStrategyType,
@ -483,11 +472,14 @@ func makeStatefulSetSpec(tr *monitoringv1.ThanosRuler, config Config, ruleConfig
 				Affinity:                      tr.Spec.Affinity,
 				TopologySpreadConstraints:     tr.Spec.TopologySpreadConstraints,
 				HostAliases:                   operator.MakeHostAliases(tr.Spec.HostAliases),
-				DNSPolicy:                     dnsPolicy,
-				DNSConfig:                     dnsConfig,
 			},
 		},
-	}, nil
+	}
+
+	k8sutil.UpdateDNSConfig(&spec.Template.Spec, tr.Spec.DNSConfig)
+	k8sutil.UpdateDNSPolicy(&spec.Template.Spec, tr.Spec.DNSPolicy)
+
+	return &spec, nil
 }

 func makeStatefulSetService(tr *monitoringv1.ThanosRuler, config Config) *v1.Service {
--- a/pkg/thanos/statefulset_test.go
+++ b/pkg/thanos/statefulset_test.go
@ -27,7 +27,6 @@ import (
 	"k8s.io/utils/ptr"

 	monitoringv1 "github.com/prometheus-operator/prometheus-operator/pkg/apis/monitoring/v1"
-	"github.com/prometheus-operator/prometheus-operator/pkg/k8sutil"
 	"github.com/prometheus-operator/prometheus-operator/pkg/operator"
 )

@ -985,34 +984,34 @@ func TestThanosVersion(t *testing.T) {
 }

 func TestStatefulSetDNSPolicyAndDNSConfig(t *testing.T) {
-	k8sDNSPolicy := v1.DNSClusterFirst
-	monitoringDNSConfig := monitoringv1.PodDNSConfig{
+	sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{
+		ObjectMeta: metav1.ObjectMeta{},
+		Spec: monitoringv1.ThanosRulerSpec{
+			QueryEndpoints: emptyQueryEndpoints,
+			DNSPolicy:      ptr.To(monitoringv1.DNSClusterFirst),
+			DNSConfig: &monitoringv1.PodDNSConfig{
+				Nameservers: []string{"8.8.8.8"},
+				Searches:    []string{"custom.search"},
+				Options: []monitoringv1.PodDNSConfigOption{
+					{
+						Name:  "ndots",
+						Value: ptr.To("5"),
+					},
+				},
+			},
+		},
+	}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
+	require.NoError(t, err)
+
+	require.Equal(t, v1.DNSClusterFirst, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match")
+	require.Equal(t, &v1.PodDNSConfig{
 		Nameservers: []string{"8.8.8.8"},
 		Searches:    []string{"custom.search"},
-		Options: []monitoringv1.PodDNSConfigOption{
+		Options: []v1.PodDNSConfigOption{
 			{
 				Name:  "ndots",
 				Value: ptr.To("5"),
 			},
 		},
-	}
-
-	k8sDNSConfig := k8sutil.ConvertToK8sDNSConfig(&monitoringDNSConfig)
-
-	monitoringDNSPolicyPtr := ptr.To(monitoringv1.DNSPolicy(k8sDNSPolicy))
-
-	sset, err := makeStatefulSet(&monitoringv1.ThanosRuler{
-		ObjectMeta: metav1.ObjectMeta{},
-		Spec: monitoringv1.ThanosRulerSpec{
-			QueryEndpoints: emptyQueryEndpoints,
-			DNSPolicy:      monitoringDNSPolicyPtr,
-			DNSConfig:      &monitoringDNSConfig,
-		},
-	}, defaultTestConfig, nil, "", &operator.ShardedSecret{})
-
-	require.NoError(t, err)
-
-	require.Equal(t, k8sDNSPolicy, sset.Spec.Template.Spec.DNSPolicy, "expected DNS policy to match")
-
-	require.Equal(t, k8sDNSConfig, sset.Spec.Template.Spec.DNSConfig, "expected DNS configuration to match")
+	}, sset.Spec.Template.Spec.DNSConfig, "expected DNS configuration to match")
 }