...

Source file src/k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns/manifests.go

Documentation: k8s.io/kubernetes/cmd/kubeadm/app/phases/addons/dns 

     1  /*
     2  Copyright 2017 The Kubernetes Authors.
     3  
     4  Licensed under the Apache License, Version 2.0 (the "License");
     5  you may not use this file except in compliance with the License.
     6  You may obtain a copy of the License at
     7  
     8      http://www.apache.org/licenses/LICENSE-2.0
     9  
    10  Unless required by applicable law or agreed to in writing, software
    11  distributed under the License is distributed on an "AS IS" BASIS,
    12  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
    13  See the License for the specific language governing permissions and
    14  limitations under the License.
    15  */
    16  
    17  package dns
    18  
    19  const (
    20  	// CoreDNSService is the CoreDNS Service manifest
    21  	CoreDNSService = `
    22  apiVersion: v1
    23  kind: Service
    24  metadata:
    25    labels:
    26      k8s-app: kube-dns
    27      kubernetes.io/cluster-service: "true"
    28      kubernetes.io/name: "CoreDNS"
    29    name: kube-dns
    30    namespace: kube-system
    31    annotations:
    32      prometheus.io/port: "9153"
    33      prometheus.io/scrape: "true"
    34    # Without this resourceVersion value, an update of the Service between versions will yield:
    35    #   Service "kube-dns" is invalid: metadata.resourceVersion: Invalid value: "": must be specified for an update
    36    resourceVersion: "0"
    37  spec:
    38    clusterIP: {{ .DNSIP }}
    39    ports:
    40    - name: dns
    41      port: 53
    42      protocol: UDP
    43      targetPort: 53
    44    - name: dns-tcp
    45      port: 53
    46      protocol: TCP
    47      targetPort: 53
    48    - name: metrics
    49      port: 9153
    50      protocol: TCP
    51      targetPort: 9153
    52    selector:
    53      k8s-app: kube-dns
    54  `
    55  
    56  	// CoreDNSDeployment is the CoreDNS Deployment manifest
    57  	CoreDNSDeployment = `
    58  apiVersion: apps/v1
    59  kind: Deployment
    60  metadata:
    61    name: {{ .DeploymentName }}
    62    namespace: kube-system
    63    labels:
    64      k8s-app: kube-dns
    65  spec:
    66    replicas: {{ .Replicas }}
    67    strategy:
    68      type: RollingUpdate
    69      rollingUpdate:
    70        maxUnavailable: 1
    71    selector:
    72      matchLabels:
    73        k8s-app: kube-dns
    74    template:
    75      metadata:
    76        labels:
    77          k8s-app: kube-dns
    78      spec:
    79        priorityClassName: system-cluster-critical
    80        serviceAccountName: coredns
    81        affinity:
    82          podAntiAffinity:
    83            preferredDuringSchedulingIgnoredDuringExecution:
    84            - weight: 100
    85              podAffinityTerm:
    86                labelSelector:
    87                  matchExpressions:
    88                  - key: k8s-app
    89                    operator: In
    90                    values: ["kube-dns"]
    91                topologyKey: kubernetes.io/hostname
    92        tolerations:
    93        - key: CriticalAddonsOnly
    94          operator: Exists
    95        - key: {{ .ControlPlaneTaintKey }}
    96          effect: NoSchedule
    97        nodeSelector:
    98          kubernetes.io/os: linux
    99        containers:
   100        - name: coredns
   101          image: {{ .Image }}
   102          imagePullPolicy: IfNotPresent
   103          resources:
   104            limits:
   105              memory: 170Mi
   106            requests:
   107              cpu: 100m
   108              memory: 70Mi
   109          args: [ "-conf", "/etc/coredns/Corefile" ]
   110          volumeMounts:
   111          - name: config-volume
   112            mountPath: /etc/coredns
   113            readOnly: true
   114          ports:
   115          - containerPort: 53
   116            name: dns
   117            protocol: UDP
   118          - containerPort: 53
   119            name: dns-tcp
   120            protocol: TCP
   121          - containerPort: 9153
   122            name: metrics
   123            protocol: TCP
   124          livenessProbe:
   125            httpGet:
   126              path: /health
   127              port: 8080
   128              scheme: HTTP
   129            initialDelaySeconds: 60
   130            timeoutSeconds: 5
   131            successThreshold: 1
   132            failureThreshold: 5
   133          readinessProbe:
   134            httpGet:
   135              path: /ready
   136              port: 8181
   137              scheme: HTTP
   138          securityContext:
   139            allowPrivilegeEscalation: false
   140            capabilities:
   141              add:
   142              - NET_BIND_SERVICE
   143              drop:
   144              - ALL
   145            readOnlyRootFilesystem: true
   146        dnsPolicy: Default
   147        volumes:
   148          - name: config-volume
   149            configMap:
   150              name: coredns
   151              items:
   152              - key: Corefile
   153                path: Corefile
   154  `
   155  
   156  	// CoreDNSConfigMap is the CoreDNS ConfigMap manifest
   157  	CoreDNSConfigMap = `
   158  apiVersion: v1
   159  kind: ConfigMap
   160  metadata:
   161    name: coredns
   162    namespace: kube-system
   163  data:
   164    Corefile: |
   165      .:53 {
   166          errors
   167          health {
   168             lameduck 5s
   169          }
   170          ready
   171          kubernetes {{ .DNSDomain }} in-addr.arpa ip6.arpa {
   172             pods insecure
   173             fallthrough in-addr.arpa ip6.arpa
   174             ttl 30
   175          }
   176          prometheus :9153
   177          forward . /etc/resolv.conf {
   178             max_concurrent 1000
   179          }
   180          cache 30
   181          loop
   182          reload
   183          loadbalance
   184      }
   185  `
   186  	// CoreDNSClusterRole is the CoreDNS ClusterRole manifest
   187  	CoreDNSClusterRole = `
   188  apiVersion: rbac.authorization.k8s.io/v1
   189  kind: ClusterRole
   190  metadata:
   191    name: system:coredns
   192  rules:
   193  - apiGroups:
   194    - ""
   195    resources:
   196    - endpoints
   197    - services
   198    - pods
   199    - namespaces
   200    verbs:
   201    - list
   202    - watch
   203  - apiGroups:
   204    - discovery.k8s.io
   205    resources:
   206    - endpointslices
   207    verbs:
   208    - list
   209    - watch
   210  `
   211  	// CoreDNSClusterRoleBinding is the CoreDNS Clusterrolebinding manifest
   212  	CoreDNSClusterRoleBinding = `
   213  apiVersion: rbac.authorization.k8s.io/v1
   214  kind: ClusterRoleBinding
   215  metadata:
   216    name: system:coredns
   217  roleRef:
   218    apiGroup: rbac.authorization.k8s.io
   219    kind: ClusterRole
   220    name: system:coredns
   221  subjects:
   222  - kind: ServiceAccount
   223    name: coredns
   224    namespace: kube-system
   225  `
   226  	// CoreDNSServiceAccount is the CoreDNS ServiceAccount manifest
   227  	CoreDNSServiceAccount = `
   228  apiVersion: v1
   229  kind: ServiceAccount
   230  metadata:
   231    name: coredns
   232    namespace: kube-system
   233  `
   234  )
   235  

View as plain text