Remove DNS config docker in GKE sandbox.

The fix #11800 is relased.
No DNS config is needed for GKE standard nor GKE autopilot when running
docker in GKE sandbox.

PiperOrigin-RevId: 788584517

Author: milantracy

g3doc/user_guide/tutorials/docker-in-gke-sandbox.md

@@ -17,14 +17,15 @@ with gVisor enabled. You can view the full documentation
 ### GKE Autopilot cluster
 
 Alternatively to GKE standard cluster, you could run docker in gVisor at GKE
-autopilot cluster, the version needs to be 1.32 or higher. When creating the
-autopilot cluster, please add the option `--workload-policies=allow-net-admin`
-to allow NET_ADMIN capability that will be granted by the gVisor sandbox.
+autopilot cluster, the version needs to be 1.33.2-gke.4655000 or higher. When
+creating the autopilot cluster, please add the option
+`--workload-policies=allow-net-admin` to allow NET_ADMIN capability that will be
+granted by the gVisor sandbox.
 
 An example command to start an GKE autopilot cluster will be:
 
 ```sh
-gcloud container clusters create-auto [CLUTER_NAME] --workload-policies=allow-net-admin --location=[LOCATION] --cluster-version=1.32.2-gke.1182001
+gcloud container clusters create-auto [CLUTER_NAME] --workload-policies=allow-net-admin --location=[LOCATION] --cluster-version=1.33.2-gke.4655000
 ```
 
 ### Get started
@@ -45,17 +46,12 @@ metadata:
   name: docker-in-gvisor
 spec:
   runtimeClassName: gvisor
-  # DNS config is only needed for GKE Autopilot
-  dnsPolicy: "None"
-  dnsConfig:
-    nameservers:
-      - "1.1.1.1"
-      - "8.8.8.8"
   containers:
   - name: docker-in-gvisor
     image: {registry_url}/docker-in-gvisor:latest
     securityContext:
       capabilities:
+        # NET_ADMIN and SYS_ADMIN are required.
         add: [AUDIT_WRITE,CHOWN,DAC_OVERRIDE,FOWNER,FSETID,KILL,MKNOD,NET_BIND_SERVICE,NET_RAW,SETFCAP,SETGID,SETPCAP,SETUID,SYS_CHROOT,SYS_PTRACE,NET_ADMIN,SYS_ADMIN]
     volumeMounts:
       - name: docker
@@ -81,40 +77,6 @@ $ kubectl apply -f docker.yaml
 Verify that the docker-in-gvisor pid is running successfully: `shell $ kubectl
 get pods | grep docker-in-gvisor`
 
-#### DNS config
-
-##### GKE standard cluster
-
-The `dnsConfig` in the yaml file is not needed for GKE standard clusters.
-
-##### GKE Autopilot
-
-You have 3 options to deal with DNS config in the cluster:
-
-*   Public DNS
-
-If public DNS works for you, you will be able to leverage public DNS like
-`1.1.1.1` or `8.8.8.8` like we listed above;
-
-*   kube-dns
-
-Otherwise, `kube-dns` will be a helpful option. The `kube-dns` is a pod which
-deployed with your k8s cluster.
-
-You will look for kube-dns's address you can specify in the `dnsConfig`
-
-```
-$ kubectl get services kube-dns -n kube-system
-NAME       TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)         AGE
-kube-dns   ClusterIP   34.118.224.10   <none>        53/UDP,53/TCP   3d1h
-```
-
-*   Host network driver
-
-If you are OK with using Docker host network driver, you can ignore DNS config
-in the yaml file. For every command you execute in docker in gVisor, you have to
-specify host network driver as `--network=host`.
-
 ### Build and run the image with docker in gVisor
 
 You can access the container by executing a shell inside it. Use the following