1apiVersion: extensions/v1beta1
2kind: Deployment
3metadata:
4 name: kube-dns
5 namespace: kube-system
6 labels:
7 k8s-app: kube-dns
8 kubernetes.io/cluster-service: "true"
9 addonmanager.kubernetes.io/mode: Reconcile
10spec:
11 # replicas: not specified here:
12 # 1. In order to make Addon Manager do not reconcile this replicas parameter.
13 # 2. Default is 1.
14 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
15 strategy:
16 rollingUpdate:
17 maxSurge: 10%
18 maxUnavailable: 0
19 selector:
20 matchLabels:
21 k8s-app: kube-dns
22 template:
23 metadata:
24 labels:
25 k8s-app: kube-dns
26 annotations:
27 scheduler.alpha.kubernetes.io/critical-pod: ''
28 seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
29 spec:
30 priorityClassName: system-cluster-critical
31 tolerations:
32 - key: "CriticalAddonsOnly"
33 operator: "Exists"
34 volumes:
35 - name: kube-dns-config
36 configMap:
37 name: kube-dns
38 optional: true
39 containers:
40 - name: kubedns
41 image: registry.k8s.io/k8s-dns-kube-dns-amd64:1.14.10
42 resources:
43 # TODO: Set memory limits when we've profiled the container for large
44 # clusters, then set request = limit to keep this container in
45 # guaranteed class. Currently, this container falls into the
46 # "burstable" category so the kubelet doesn't backoff from restarting it.
47 limits:
48 memory: 170Mi
49 requests:
50 cpu: 100m
51 memory: 70Mi
52 livenessProbe:
53 httpGet:
54 path: /healthcheck/kubedns
55 port: 10054
56 scheme: HTTP
57 initialDelaySeconds: 60
58 timeoutSeconds: 5
59 successThreshold: 1
60 failureThreshold: 5
61 readinessProbe:
62 httpGet:
63 path: /readiness
64 port: 8081
65 scheme: HTTP
66 # we poll on pod startup for the Kubernetes master service and
67 # only setup the /readiness HTTP server once that's available.
68 initialDelaySeconds: 3
69 timeoutSeconds: 5
70 args:
71 - --domain=__PILLAR__DNS__DOMAIN__.
72 - --dns-port=10053
73 - --config-dir=/kube-dns-config
74 - --v=2
75 env:
76 - name: PROMETHEUS_PORT
77 value: "10055"
78 ports:
79 - containerPort: 10053
80 name: dns-local
81 protocol: UDP
82 - containerPort: 10053
83 name: dns-tcp-local
84 protocol: TCP
85 - containerPort: 10055
86 name: metrics
87 protocol: TCP
88 volumeMounts:
89 - name: kube-dns-config
90 mountPath: /kube-dns-config
91 - name: dnsmasq
92 image: registry.k8s.io/k8s-dns-dnsmasq-nanny-amd64:1.14.10
93 livenessProbe:
94 httpGet:
95 path: /healthcheck/dnsmasq
96 port: 10054
97 scheme: HTTP
98 initialDelaySeconds: 60
99 timeoutSeconds: 5
100 successThreshold: 1
101 failureThreshold: 5
102 args:
103 - -v=2
104 - -logtostderr
105 - -configDir=/etc/k8s/dns/dnsmasq-nanny
106 - -restartDnsmasq=true
107 - --
108 - -k
109 - --cache-size=1000
110 - --no-negcache
111 - --log-facility=-
112 - --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053
113 - --server=/in-addr.arpa/127.0.0.1#10053
114 - --server=/ip6.arpa/127.0.0.1#10053
115 ports:
116 - containerPort: 53
117 name: dns
118 protocol: UDP
119 - containerPort: 53
120 name: dns-tcp
121 protocol: TCP
122 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
123 resources:
124 requests:
125 cpu: 150m
126 memory: 20Mi
127 volumeMounts:
128 - name: kube-dns-config
129 mountPath: /etc/k8s/dns/dnsmasq-nanny
130 - name: sidecar
131 image: registry.k8s.io/k8s-dns-sidecar-amd64:1.14.10
132 livenessProbe:
133 httpGet:
134 path: /metrics
135 port: 10054
136 scheme: HTTP
137 initialDelaySeconds: 60
138 timeoutSeconds: 5
139 successThreshold: 1
140 failureThreshold: 5
141 args:
142 - --v=2
143 - --logtostderr
144 - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
145 - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
146 ports:
147 - containerPort: 10054
148 name: metrics
149 protocol: TCP
150 resources:
151 requests:
152 memory: 20Mi
153 cpu: 10m
154 dnsPolicy: Default # Don't use cluster DNS.
155 serviceAccountName: kube-dns
View as plain text