1# Warning: This is a file generated from the base underscore template file: coredns.yaml.base
2
3apiVersion: v1
4kind: ServiceAccount
5metadata:
6 name: coredns
7 namespace: kube-system
8 labels:
9 kubernetes.io/cluster-service: "true"
10 addonmanager.kubernetes.io/mode: Reconcile
11---
12apiVersion: rbac.authorization.k8s.io/v1
13kind: ClusterRole
14metadata:
15 labels:
16 kubernetes.io/bootstrapping: rbac-defaults
17 addonmanager.kubernetes.io/mode: Reconcile
18 name: system:coredns
19rules:
20- apiGroups:
21 - ""
22 resources:
23 - endpoints
24 - services
25 - pods
26 - namespaces
27 verbs:
28 - list
29 - watch
30- apiGroups:
31 - discovery.k8s.io
32 resources:
33 - endpointslices
34 verbs:
35 - list
36 - watch
37---
38apiVersion: rbac.authorization.k8s.io/v1
39kind: ClusterRoleBinding
40metadata:
41 annotations:
42 rbac.authorization.kubernetes.io/autoupdate: "true"
43 labels:
44 kubernetes.io/bootstrapping: rbac-defaults
45 addonmanager.kubernetes.io/mode: EnsureExists
46 name: system:coredns
47roleRef:
48 apiGroup: rbac.authorization.k8s.io
49 kind: ClusterRole
50 name: system:coredns
51subjects:
52- kind: ServiceAccount
53 name: coredns
54 namespace: kube-system
55---
56apiVersion: v1
57kind: ConfigMap
58metadata:
59 name: coredns
60 namespace: kube-system
61 labels:
62 addonmanager.kubernetes.io/mode: EnsureExists
63data:
64 Corefile: |
65 .:53 {
66 errors
67 health {
68 lameduck 5s
69 }
70 ready
71 kubernetes $DNS_DOMAIN in-addr.arpa ip6.arpa {
72 pods insecure
73 fallthrough in-addr.arpa ip6.arpa
74 ttl 30
75 }
76 prometheus :9153
77 forward . /etc/resolv.conf {
78 max_concurrent 1000
79 }
80 cache 30
81 loop
82 reload
83 loadbalance
84 }
85---
86apiVersion: apps/v1
87kind: Deployment
88metadata:
89 name: coredns
90 namespace: kube-system
91 labels:
92 k8s-app: kube-dns
93 kubernetes.io/cluster-service: "true"
94 addonmanager.kubernetes.io/mode: Reconcile
95 kubernetes.io/name: "CoreDNS"
96spec:
97 # replicas: not specified here:
98 # 1. In order to make Addon Manager do not reconcile this replicas parameter.
99 # 2. Default is 1.
100 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
101 strategy:
102 type: RollingUpdate
103 rollingUpdate:
104 maxUnavailable: 1
105 selector:
106 matchLabels:
107 k8s-app: kube-dns
108 template:
109 metadata:
110 labels:
111 k8s-app: kube-dns
112 spec:
113 securityContext:
114 seccompProfile:
115 type: RuntimeDefault
116 priorityClassName: system-cluster-critical
117 serviceAccountName: coredns
118 affinity:
119 podAntiAffinity:
120 preferredDuringSchedulingIgnoredDuringExecution:
121 - weight: 100
122 podAffinityTerm:
123 labelSelector:
124 matchExpressions:
125 - key: k8s-app
126 operator: In
127 values: ["kube-dns"]
128 topologyKey: kubernetes.io/hostname
129 tolerations:
130 - key: "CriticalAddonsOnly"
131 operator: "Exists"
132 nodeSelector:
133 kubernetes.io/os: linux
134 containers:
135 - name: coredns
136 image: registry.k8s.io/coredns/coredns:v1.12.0
137 imagePullPolicy: IfNotPresent
138 resources:
139 limits:
140 memory: $DNS_MEMORY_LIMIT
141 requests:
142 cpu: 100m
143 memory: 70Mi
144 args: [ "-conf", "/etc/coredns/Corefile" ]
145 volumeMounts:
146 - name: config-volume
147 mountPath: /etc/coredns
148 readOnly: true
149 ports:
150 - containerPort: 53
151 name: dns
152 protocol: UDP
153 - containerPort: 53
154 name: dns-tcp
155 protocol: TCP
156 - containerPort: 9153
157 name: metrics
158 protocol: TCP
159 livenessProbe:
160 httpGet:
161 path: /health
162 port: 8080
163 scheme: HTTP
164 initialDelaySeconds: 60
165 timeoutSeconds: 5
166 successThreshold: 1
167 failureThreshold: 5
168 readinessProbe:
169 httpGet:
170 path: /ready
171 port: 8181
172 scheme: HTTP
173 securityContext:
174 allowPrivilegeEscalation: false
175 capabilities:
176 add:
177 - NET_BIND_SERVICE
178 drop:
179 - ALL
180 readOnlyRootFilesystem: true
181 dnsPolicy: Default
182 volumes:
183 - name: config-volume
184 configMap:
185 name: coredns
186 items:
187 - key: Corefile
188 path: Corefile
189---
190apiVersion: v1
191kind: Service
192metadata:
193 name: kube-dns
194 namespace: kube-system
195 annotations:
196 prometheus.io/port: "9153"
197 prometheus.io/scrape: "true"
198 labels:
199 k8s-app: kube-dns
200 kubernetes.io/cluster-service: "true"
201 addonmanager.kubernetes.io/mode: Reconcile
202 kubernetes.io/name: "CoreDNS"
203spec:
204 selector:
205 k8s-app: kube-dns
206 clusterIP: $DNS_SERVER_IP
207 ports:
208 - name: dns
209 port: 53
210 protocol: UDP
211 - name: dns-tcp
212 port: 53
213 protocol: TCP
214 - name: metrics
215 port: 9153
216 protocol: TCP
View as plain text