github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.16/coredns_deployment.yaml (about)

     1  # File source
     2  # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.16/cluster/addons/dns/coredns/coredns.yaml.base
     3  # __MACHINE_GENERATED_WARNING__
     4  
     5  apiVersion: v1
     6  kind: ServiceAccount
     7  metadata:
     8    name: coredns
     9    namespace: kube-system
    10    labels:
    11        kubernetes.io/cluster-service: "true"
    12        addonmanager.kubernetes.io/mode: Reconcile
    13  ---
    14  apiVersion: rbac.authorization.k8s.io/v1
    15  kind: ClusterRole
    16  metadata:
    17    labels:
    18      kubernetes.io/bootstrapping: rbac-defaults
    19      addonmanager.kubernetes.io/mode: Reconcile
    20    name: system:coredns
    21  rules:
    22  - apiGroups:
    23    - ""
    24    resources:
    25    - endpoints
    26    - services
    27    - pods
    28    - namespaces
    29    verbs:
    30    - list
    31    - watch
    32  - apiGroups:
    33    - ""
    34    resources:
    35    - nodes
    36    verbs:
    37    - get
    38  - apiGroups:
    39      - discovery.k8s.io
    40    resources:
    41      - endpointslices
    42    verbs:
    43      - list
    44      - watch
    45  ---
    46  apiVersion: rbac.authorization.k8s.io/v1
    47  kind: ClusterRoleBinding
    48  metadata:
    49    annotations:
    50      rbac.authorization.kubernetes.io/autoupdate: "true"
    51    labels:
    52      kubernetes.io/bootstrapping: rbac-defaults
    53      addonmanager.kubernetes.io/mode: EnsureExists
    54    name: system:coredns
    55  roleRef:
    56    apiGroup: rbac.authorization.k8s.io
    57    kind: ClusterRole
    58    name: system:coredns
    59  subjects:
    60  - kind: ServiceAccount
    61    name: coredns
    62    namespace: kube-system
    63  ---
    64  apiVersion: v1
    65  kind: ConfigMap
    66  metadata:
    67    name: coredns
    68    namespace: kube-system
    69    labels:
    70        addonmanager.kubernetes.io/mode: EnsureExists
    71  data:
    72    Corefile: |
    73      cilium.test:53 {
    74          forward . 10.96.0.100:53 {
    75              max_fails 0
    76          }
    77      }
    78      .:53 {
    79          log
    80          errors
    81          health
    82          ready
    83          kubernetes cluster.local in-addr.arpa ip6.arpa {
    84              pods insecure
    85              ttl 0
    86              fallthrough in-addr.arpa ip6.arpa
    87          }
    88          forward . /etc/resolv.conf {
    89              max_fails 0
    90          }
    91          prometheus :9153
    92          loop
    93          reload
    94          loadbalance
    95      }
    96  ---
    97  apiVersion: apps/v1
    98  kind: Deployment
    99  metadata:
   100    name: coredns
   101    namespace: kube-system
   102    labels:
   103      k8s-app: kube-dns
   104      kubernetes.io/cluster-service: "true"
   105      addonmanager.kubernetes.io/mode: Reconcile
   106      kubernetes.io/name: "CoreDNS"
   107  spec:
   108    # replicas: not specified here:
   109    # 1. In order to make Addon Manager do not reconcile this replicas parameter.
   110    # 2. Default is 1.
   111    # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
   112    strategy:
   113      type: RollingUpdate
   114      rollingUpdate:
   115        maxUnavailable: 1
   116    selector:
   117      matchLabels:
   118        k8s-app: kube-dns
   119    template:
   120      metadata:
   121        labels:
   122          k8s-app: kube-dns
   123        annotations:
   124          seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
   125      spec:
   126        priorityClassName: system-cluster-critical
   127        serviceAccountName: coredns
   128        tolerations:
   129          - key: "CriticalAddonsOnly"
   130            operator: "Exists"
   131        containers:
   132        - name: coredns
   133          image: registry.k8s.io/coredns/coredns:v1.8.3
   134          imagePullPolicy: IfNotPresent
   135          resources:
   136            limits:
   137              memory: 170Mi
   138            requests:
   139              cpu: 100m
   140              memory: 70Mi
   141          args: [ "-conf", "/etc/coredns/Corefile" ]
   142          volumeMounts:
   143          - name: config-volume
   144            mountPath: /etc/coredns
   145            readOnly: true
   146          ports:
   147          - containerPort: 53
   148            name: dns
   149            protocol: UDP
   150          - containerPort: 53
   151            name: dns-tcp
   152            protocol: TCP
   153          - containerPort: 9153
   154            name: metrics
   155            protocol: TCP
   156          livenessProbe:
   157            httpGet:
   158              path: /health
   159              port: 8080
   160              scheme: HTTP
   161            initialDelaySeconds: 60
   162            timeoutSeconds: 5
   163            successThreshold: 1
   164            failureThreshold: 5
   165          readinessProbe:
   166            httpGet:
   167              path: /ready
   168              port: 8181
   169              scheme: HTTP
   170          securityContext:
   171            allowPrivilegeEscalation: false
   172            capabilities:
   173              add:
   174              - NET_BIND_SERVICE
   175              drop:
   176              - all
   177            readOnlyRootFilesystem: true
   178        dnsPolicy: Default
   179        volumes:
   180          - name: config-volume
   181            configMap:
   182              name: coredns
   183              items:
   184              - key: Corefile
   185                path: Corefile
   186  ---
   187  apiVersion: v1
   188  kind: Service
   189  metadata:
   190    name: kube-dns
   191    namespace: kube-system
   192    annotations:
   193      prometheus.io/port: "9153"
   194      prometheus.io/scrape: "true"
   195    labels:
   196      k8s-app: kube-dns
   197      kubernetes.io/cluster-service: "true"
   198      addonmanager.kubernetes.io/mode: Reconcile
   199      kubernetes.io/name: "CoreDNS"
   200  spec:
   201    selector:
   202      k8s-app: kube-dns
   203    clusterIP: 10.96.0.10
   204    ports:
   205    - name: dns
   206      port: 53
   207      protocol: UDP
   208    - name: dns-tcp
   209      port: 53
   210      protocol: TCP
   211    - name: metrics
   212      port: 9153
   213      protocol: TCP