1# Copyright 2016 The Kubernetes Authors.
2#
3# Licensed under the Apache License, Version 2.0 (the "License");
4# you may not use this file except in compliance with the License.
5# You may obtain a copy of the License at
6#
7# http://www.apache.org/licenses/LICENSE-2.0
8#
9# Unless required by applicable law or agreed to in writing, software
10# distributed under the License is distributed on an "AS IS" BASIS,
11# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12# See the License for the specific language governing permissions and
13# limitations under the License.
14
15# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
16# in sync with this file.
17
18# Warning: This is a file generated from the base underscore template file: kube-dns.yaml.base
19
20apiVersion: v1
21kind: Service
22metadata:
23 name: kube-dns
24 namespace: kube-system
25 labels:
26 k8s-app: kube-dns
27 kubernetes.io/cluster-service: "true"
28 addonmanager.kubernetes.io/mode: Reconcile
29 kubernetes.io/name: "KubeDNS"
30spec:
31 selector:
32 k8s-app: kube-dns
33 clusterIP: $DNS_SERVER_IP
34 ports:
35 - name: dns
36 port: 53
37 protocol: UDP
38 - name: dns-tcp
39 port: 53
40 protocol: TCP
41---
42apiVersion: v1
43kind: ServiceAccount
44metadata:
45 name: kube-dns
46 namespace: kube-system
47 labels:
48 kubernetes.io/cluster-service: "true"
49 addonmanager.kubernetes.io/mode: Reconcile
50---
51apiVersion: v1
52kind: ConfigMap
53metadata:
54 name: kube-dns
55 namespace: kube-system
56 labels:
57 addonmanager.kubernetes.io/mode: EnsureExists
58---
59apiVersion: apps/v1
60kind: Deployment
61metadata:
62 name: kube-dns
63 namespace: kube-system
64 labels:
65 k8s-app: kube-dns
66 kubernetes.io/cluster-service: "true"
67 addonmanager.kubernetes.io/mode: Reconcile
68spec:
69 # replicas: not specified here:
70 # 1. In order to make Addon Manager do not reconcile this replicas parameter.
71 # 2. Default is 1.
72 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
73 strategy:
74 rollingUpdate:
75 maxSurge: 10%
76 maxUnavailable: 0
77 selector:
78 matchLabels:
79 k8s-app: kube-dns
80 template:
81 metadata:
82 labels:
83 k8s-app: kube-dns
84 annotations:
85 prometheus.io/port: "10054"
86 prometheus.io/scrape: "true"
87 spec:
88 priorityClassName: system-cluster-critical
89 securityContext:
90 seccompProfile:
91 type: RuntimeDefault
92 supplementalGroups: [ 65534 ]
93 fsGroup: 65534
94 affinity:
95 podAntiAffinity:
96 preferredDuringSchedulingIgnoredDuringExecution:
97 - weight: 100
98 podAffinityTerm:
99 labelSelector:
100 matchExpressions:
101 - key: k8s-app
102 operator: In
103 values: ["kube-dns"]
104 topologyKey: kubernetes.io/hostname
105 tolerations:
106 - key: "CriticalAddonsOnly"
107 operator: "Exists"
108 volumes:
109 - name: kube-dns-config
110 configMap:
111 name: kube-dns
112 optional: true
113 nodeSelector:
114 kubernetes.io/os: linux
115 containers:
116 - name: kubedns
117 image: registry.k8s.io/dns/k8s-dns-kube-dns:1.22.28
118 resources:
119 # TODO: Set memory limits when we've profiled the container for large
120 # clusters, then set request = limit to keep this container in
121 # guaranteed class. Currently, this container falls into the
122 # "burstable" category so the kubelet doesn't backoff from restarting it.
123 limits:
124 memory: $DNS_MEMORY_LIMIT
125 requests:
126 cpu: 100m
127 memory: 70Mi
128 livenessProbe:
129 httpGet:
130 path: /healthcheck/kubedns
131 port: 10054
132 scheme: HTTP
133 initialDelaySeconds: 60
134 timeoutSeconds: 5
135 successThreshold: 1
136 failureThreshold: 5
137 readinessProbe:
138 httpGet:
139 path: /readiness
140 port: 8081
141 scheme: HTTP
142 # we poll on pod startup for the Kubernetes master service and
143 # only setup the /readiness HTTP server once that's available.
144 initialDelaySeconds: 3
145 timeoutSeconds: 5
146 args:
147 - --domain=$DNS_DOMAIN.
148 - --dns-port=10053
149 - --config-dir=/kube-dns-config
150 - --v=2
151 env:
152 - name: PROMETHEUS_PORT
153 value: "10055"
154 ports:
155 - containerPort: 10053
156 name: dns-local
157 protocol: UDP
158 - containerPort: 10053
159 name: dns-tcp-local
160 protocol: TCP
161 - containerPort: 10055
162 name: metrics
163 protocol: TCP
164 volumeMounts:
165 - name: kube-dns-config
166 mountPath: /kube-dns-config
167 securityContext:
168 allowPrivilegeEscalation: false
169 readOnlyRootFilesystem: true
170 runAsUser: 1001
171 runAsGroup: 1001
172 - name: dnsmasq
173 image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.22.28
174 livenessProbe:
175 httpGet:
176 path: /healthcheck/dnsmasq
177 port: 10054
178 scheme: HTTP
179 initialDelaySeconds: 60
180 timeoutSeconds: 5
181 successThreshold: 1
182 failureThreshold: 5
183 args:
184 - -v=2
185 - -logtostderr
186 - -configDir=/etc/k8s/dns/dnsmasq-nanny
187 - -restartDnsmasq=true
188 - --
189 - -k
190 - --cache-size=1000
191 - --no-negcache
192 - --dns-loop-detect
193 - --log-facility=-
194 - --server=/$DNS_DOMAIN/127.0.0.1#10053
195 - --server=/in-addr.arpa/127.0.0.1#10053
196 - --server=/ip6.arpa/127.0.0.1#10053
197 ports:
198 - containerPort: 53
199 name: dns
200 protocol: UDP
201 - containerPort: 53
202 name: dns-tcp
203 protocol: TCP
204 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
205 resources:
206 requests:
207 cpu: 150m
208 memory: 20Mi
209 volumeMounts:
210 - name: kube-dns-config
211 mountPath: /etc/k8s/dns/dnsmasq-nanny
212 securityContext:
213 capabilities:
214 drop:
215 - all
216 add:
217 - NET_BIND_SERVICE
218 - SETGID
219 - name: sidecar
220 image: registry.k8s.io/dns/k8s-dns-sidecar:1.22.28
221 livenessProbe:
222 httpGet:
223 path: /metrics
224 port: 10054
225 scheme: HTTP
226 initialDelaySeconds: 60
227 timeoutSeconds: 5
228 successThreshold: 1
229 failureThreshold: 5
230 args:
231 - --v=2
232 - --logtostderr
233 - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.$DNS_DOMAIN,5,SRV
234 - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.$DNS_DOMAIN,5,SRV
235 ports:
236 - containerPort: 10054
237 name: metrics
238 protocol: TCP
239 resources:
240 requests:
241 memory: 20Mi
242 cpu: 10m
243 securityContext:
244 allowPrivilegeEscalation: false
245 readOnlyRootFilesystem: true
246 runAsUser: 1001
247 runAsGroup: 1001
248 dnsPolicy: Default # Don't use cluster DNS.
249 serviceAccountName: kube-dns
View as plain text