github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.16/eks/coredns_deployment.yaml (about)

     1  # File source
     2  # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.16/cluster/addons/dns/coredns/coredns.yaml.base
     3  # __MACHINE_GENERATED_WARNING__
     4  
     5  apiVersion: v1
     6  kind: ServiceAccount
     7  metadata:
     8    name: coredns
     9    namespace: kube-system
    10    labels:
    11        kubernetes.io/cluster-service: "true"
    12        addonmanager.kubernetes.io/mode: Reconcile
    13  ---
    14  apiVersion: rbac.authorization.k8s.io/v1
    15  kind: ClusterRole
    16  metadata:
    17    labels:
    18      kubernetes.io/bootstrapping: rbac-defaults
    19      addonmanager.kubernetes.io/mode: Reconcile
    20    name: system:coredns
    21  rules:
    22  - apiGroups:
    23    - ""
    24    resources:
    25    - endpoints
    26    - services
    27    - pods
    28    - namespaces
    29    verbs:
    30    - list
    31    - watch
    32  - apiGroups:
    33    - ""
    34    resources:
    35    - nodes
    36    verbs:
    37    - get
    38  ---
    39  apiVersion: rbac.authorization.k8s.io/v1
    40  kind: ClusterRoleBinding
    41  metadata:
    42    annotations:
    43      rbac.authorization.kubernetes.io/autoupdate: "true"
    44    labels:
    45      kubernetes.io/bootstrapping: rbac-defaults
    46      addonmanager.kubernetes.io/mode: EnsureExists
    47    name: system:coredns
    48  roleRef:
    49    apiGroup: rbac.authorization.k8s.io
    50    kind: ClusterRole
    51    name: system:coredns
    52  subjects:
    53  - kind: ServiceAccount
    54    name: coredns
    55    namespace: kube-system
    56  ---
    57  apiVersion: v1
    58  kind: ConfigMap
    59  metadata:
    60    name: coredns
    61    namespace: kube-system
    62    labels:
    63        addonmanager.kubernetes.io/mode: EnsureExists
    64  data:
    65    Corefile: |
    66      .:53 {
    67          log
    68          errors
    69          health
    70          ready
    71          kubernetes cluster.local in-addr.arpa ip6.arpa {
    72              pods insecure
    73              ttl 0
    74              fallthrough in-addr.arpa ip6.arpa
    75          }
    76          forward cilium.test 10.100.0.100:53 {
    77              max_fails 0
    78          }
    79          prometheus :9153
    80          loop
    81          reload
    82          loadbalance
    83      }
    84  ---
    85  apiVersion: apps/v1
    86  kind: Deployment
    87  metadata:
    88    name: coredns
    89    namespace: kube-system
    90    labels:
    91      k8s-app: kube-dns
    92      kubernetes.io/cluster-service: "true"
    93      addonmanager.kubernetes.io/mode: Reconcile
    94      kubernetes.io/name: "CoreDNS"
    95  spec:
    96    # replicas: not specified here:
    97    # 1. In order to make Addon Manager do not reconcile this replicas parameter.
    98    # 2. Default is 1.
    99    # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
   100    strategy:
   101      type: RollingUpdate
   102      rollingUpdate:
   103        maxUnavailable: 1
   104    selector:
   105      matchLabels:
   106        k8s-app: kube-dns
   107    template:
   108      metadata:
   109        labels:
   110          k8s-app: kube-dns
   111        annotations:
   112          seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
   113      spec:
   114        priorityClassName: system-cluster-critical
   115        serviceAccountName: coredns
   116        tolerations:
   117          - key: "CriticalAddonsOnly"
   118            operator: "Exists"
   119        containers:
   120        - name: coredns
   121          image: registry.k8s.io/coredns/coredns:v1.8.3
   122          imagePullPolicy: IfNotPresent
   123          resources:
   124            limits:
   125              memory: 170Mi
   126            requests:
   127              cpu: 100m
   128              memory: 70Mi
   129          args: [ "-conf", "/etc/coredns/Corefile" ]
   130          volumeMounts:
   131          - name: config-volume
   132            mountPath: /etc/coredns
   133            readOnly: true
   134          ports:
   135          - containerPort: 53
   136            name: dns
   137            protocol: UDP
   138          - containerPort: 53
   139            name: dns-tcp
   140            protocol: TCP
   141          - containerPort: 9153
   142            name: metrics
   143            protocol: TCP
   144          livenessProbe:
   145            httpGet:
   146              path: /health
   147              port: 8080
   148              scheme: HTTP
   149            initialDelaySeconds: 60
   150            timeoutSeconds: 5
   151            successThreshold: 1
   152            failureThreshold: 5
   153          readinessProbe:
   154            httpGet:
   155              path: /ready
   156              port: 8181
   157              scheme: HTTP
   158          securityContext:
   159            allowPrivilegeEscalation: false
   160            capabilities:
   161              add:
   162              - NET_BIND_SERVICE
   163              drop:
   164              - all
   165            readOnlyRootFilesystem: true
   166        dnsPolicy: Default
   167        volumes:
   168          - name: config-volume
   169            configMap:
   170              name: coredns
   171              items:
   172              - key: Corefile
   173                path: Corefile
   174  ---
   175  apiVersion: v1
   176  kind: Service
   177  metadata:
   178    name: kube-dns
   179    namespace: kube-system
   180    annotations:
   181      prometheus.io/port: "9153"
   182      prometheus.io/scrape: "true"
   183    labels:
   184      k8s-app: kube-dns
   185      kubernetes.io/cluster-service: "true"
   186      addonmanager.kubernetes.io/mode: Reconcile
   187      kubernetes.io/name: "CoreDNS"
   188  spec:
   189    selector:
   190      k8s-app: kube-dns
   191    clusterIP: 10.100.0.10
   192    ports:
   193    - name: dns
   194      port: 53
   195      protocol: UDP
   196    - name: dns-tcp
   197      port: 53
   198      protocol: TCP
   199    - name: metrics
   200      port: 9153
   201      protocol: TCP