github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.19/coredns_deployment.yaml (about) 1 # File source 2 # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.19/cluster/addons/dns/coredns/coredns.yaml.base 3 # __MACHINE_GENERATED_WARNING__ 4 5 apiVersion: v1 6 kind: ServiceAccount 7 metadata: 8 name: coredns 9 namespace: kube-system 10 labels: 11 kubernetes.io/cluster-service: "true" 12 addonmanager.kubernetes.io/mode: Reconcile 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRole 16 metadata: 17 labels: 18 kubernetes.io/bootstrapping: rbac-defaults 19 addonmanager.kubernetes.io/mode: Reconcile 20 name: system:coredns 21 rules: 22 - apiGroups: 23 - "" 24 resources: 25 - endpoints 26 - services 27 - pods 28 - namespaces 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - "" 34 resources: 35 - nodes 36 verbs: 37 - get 38 - apiGroups: 39 - discovery.k8s.io 40 resources: 41 - endpointslices 42 verbs: 43 - list 44 - watch 45 --- 46 apiVersion: rbac.authorization.k8s.io/v1 47 kind: ClusterRoleBinding 48 metadata: 49 annotations: 50 rbac.authorization.kubernetes.io/autoupdate: "true" 51 labels: 52 kubernetes.io/bootstrapping: rbac-defaults 53 addonmanager.kubernetes.io/mode: EnsureExists 54 name: system:coredns 55 roleRef: 56 apiGroup: rbac.authorization.k8s.io 57 kind: ClusterRole 58 name: system:coredns 59 subjects: 60 - kind: ServiceAccount 61 name: coredns 62 namespace: kube-system 63 --- 64 apiVersion: v1 65 kind: ConfigMap 66 metadata: 67 name: coredns 68 namespace: kube-system 69 labels: 70 addonmanager.kubernetes.io/mode: EnsureExists 71 data: 72 Corefile: | 73 cilium.test:53 { 74 forward . 10.96.0.100:53 { 75 max_fails 0 76 } 77 } 78 .:53 { 79 log 80 errors 81 health { 82 lameduck 5s 83 } 84 ready 85 kubernetes cluster.local in-addr.arpa ip6.arpa { 86 pods insecure 87 fallthrough in-addr.arpa ip6.arpa 88 ttl 30 89 } 90 prometheus :9153 91 forward . /etc/resolv.conf { 92 max_concurrent 1000 93 } 94 cache 30 95 loop 96 reload 97 loadbalance 98 } 99 --- 100 apiVersion: apps/v1 101 kind: Deployment 102 metadata: 103 name: coredns 104 namespace: kube-system 105 labels: 106 k8s-app: kube-dns 107 kubernetes.io/cluster-service: "true" 108 addonmanager.kubernetes.io/mode: Reconcile 109 kubernetes.io/name: "CoreDNS" 110 spec: 111 # replicas: not specified here: 112 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 113 # 2. Default is 1. 114 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 115 strategy: 116 type: RollingUpdate 117 rollingUpdate: 118 maxUnavailable: 1 119 selector: 120 matchLabels: 121 k8s-app: kube-dns 122 template: 123 metadata: 124 labels: 125 k8s-app: kube-dns 126 annotations: 127 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' 128 spec: 129 priorityClassName: system-cluster-critical 130 serviceAccountName: coredns 131 affinity: 132 podAntiAffinity: 133 preferredDuringSchedulingIgnoredDuringExecution: 134 - weight: 100 135 podAffinityTerm: 136 labelSelector: 137 matchExpressions: 138 - key: k8s-app 139 operator: In 140 values: ["kube-dns"] 141 topologyKey: kubernetes.io/hostname 142 tolerations: 143 - key: "CriticalAddonsOnly" 144 operator: "Exists" 145 nodeSelector: 146 kubernetes.io/os: linux 147 containers: 148 - name: coredns 149 image: registry.k8s.io/coredns/coredns:v1.8.3 150 imagePullPolicy: IfNotPresent 151 resources: 152 limits: 153 memory: 170Mi 154 requests: 155 cpu: 100m 156 memory: 70Mi 157 args: [ "-conf", "/etc/coredns/Corefile" ] 158 volumeMounts: 159 - name: config-volume 160 mountPath: /etc/coredns 161 readOnly: true 162 ports: 163 - containerPort: 53 164 name: dns 165 protocol: UDP 166 - containerPort: 53 167 name: dns-tcp 168 protocol: TCP 169 - containerPort: 9153 170 name: metrics 171 protocol: TCP 172 livenessProbe: 173 httpGet: 174 path: /health 175 port: 8080 176 scheme: HTTP 177 initialDelaySeconds: 60 178 timeoutSeconds: 5 179 successThreshold: 1 180 failureThreshold: 5 181 readinessProbe: 182 httpGet: 183 path: /ready 184 port: 8181 185 scheme: HTTP 186 securityContext: 187 allowPrivilegeEscalation: false 188 capabilities: 189 add: 190 - NET_BIND_SERVICE 191 drop: 192 - all 193 readOnlyRootFilesystem: true 194 dnsPolicy: Default 195 volumes: 196 - name: config-volume 197 configMap: 198 name: coredns 199 items: 200 - key: Corefile 201 path: Corefile 202 --- 203 apiVersion: v1 204 kind: Service 205 metadata: 206 name: kube-dns 207 namespace: kube-system 208 annotations: 209 prometheus.io/port: "9153" 210 prometheus.io/scrape: "true" 211 labels: 212 k8s-app: kube-dns 213 kubernetes.io/cluster-service: "true" 214 addonmanager.kubernetes.io/mode: Reconcile 215 kubernetes.io/name: "CoreDNS" 216 spec: 217 selector: 218 k8s-app: kube-dns 219 clusterIP: 10.96.0.10 220 ports: 221 - name: dns 222 port: 53 223 protocol: UDP 224 - name: dns-tcp 225 port: 53 226 protocol: TCP 227 - name: metrics 228 port: 9153 229 protocol: TCP