github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.20/coredns_deployment.yaml (about) 1 # File source 2 # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.19/cluster/addons/dns/coredns/coredns.yaml.base 3 # __MACHINE_GENERATED_WARNING__ 4 5 apiVersion: v1 6 kind: ServiceAccount 7 metadata: 8 name: coredns 9 namespace: kube-system 10 labels: 11 kubernetes.io/cluster-service: "true" 12 addonmanager.kubernetes.io/mode: Reconcile 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRole 16 metadata: 17 labels: 18 kubernetes.io/bootstrapping: rbac-defaults 19 addonmanager.kubernetes.io/mode: Reconcile 20 name: system:coredns 21 rules: 22 - apiGroups: 23 - "" 24 resources: 25 - endpoints 26 - services 27 - pods 28 - namespaces 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - "" 34 resources: 35 - nodes 36 verbs: 37 - get 38 - apiGroups: 39 - discovery.k8s.io 40 resources: 41 - endpointslices 42 verbs: 43 - list 44 - watch 45 --- 46 apiVersion: rbac.authorization.k8s.io/v1 47 kind: ClusterRoleBinding 48 metadata: 49 annotations: 50 rbac.authorization.kubernetes.io/autoupdate: "true" 51 labels: 52 kubernetes.io/bootstrapping: rbac-defaults 53 addonmanager.kubernetes.io/mode: EnsureExists 54 name: system:coredns 55 roleRef: 56 apiGroup: rbac.authorization.k8s.io 57 kind: ClusterRole 58 name: system:coredns 59 subjects: 60 - kind: ServiceAccount 61 name: coredns 62 namespace: kube-system 63 --- 64 apiVersion: v1 65 kind: ConfigMap 66 metadata: 67 name: coredns 68 namespace: kube-system 69 labels: 70 addonmanager.kubernetes.io/mode: EnsureExists 71 data: 72 Corefile: | 73 cilium.test:53 { 74 forward . 10.96.0.100:53 { 75 max_fails 0 76 } 77 } 78 .:53 { 79 log 80 errors 81 health { 82 lameduck 5s 83 } 84 ready 85 kubernetes cluster.local in-addr.arpa ip6.arpa { 86 pods insecure 87 ttl 0 88 fallthrough in-addr.arpa ip6.arpa 89 } 90 prometheus :9153 91 forward . /etc/resolv.conf { 92 max_fails 0 93 } 94 loop 95 reload 96 loadbalance 97 } 98 --- 99 apiVersion: apps/v1 100 kind: Deployment 101 metadata: 102 name: coredns 103 namespace: kube-system 104 labels: 105 k8s-app: kube-dns 106 kubernetes.io/cluster-service: "true" 107 addonmanager.kubernetes.io/mode: Reconcile 108 kubernetes.io/name: "CoreDNS" 109 spec: 110 # replicas: not specified here: 111 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 112 # 2. Default is 1. 113 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 114 strategy: 115 type: RollingUpdate 116 rollingUpdate: 117 maxUnavailable: 1 118 selector: 119 matchLabels: 120 k8s-app: kube-dns 121 template: 122 metadata: 123 labels: 124 k8s-app: kube-dns 125 annotations: 126 seccomp.security.alpha.kubernetes.io/pod: 'runtime/default' 127 spec: 128 priorityClassName: system-cluster-critical 129 serviceAccountName: coredns 130 affinity: 131 podAntiAffinity: 132 preferredDuringSchedulingIgnoredDuringExecution: 133 - weight: 100 134 podAffinityTerm: 135 labelSelector: 136 matchExpressions: 137 - key: k8s-app 138 operator: In 139 values: ["kube-dns"] 140 topologyKey: kubernetes.io/hostname 141 tolerations: 142 - key: "CriticalAddonsOnly" 143 operator: "Exists" 144 nodeSelector: 145 kubernetes.io/os: linux 146 containers: 147 - name: coredns 148 image: registry.k8s.io/coredns/coredns:v1.8.3 149 imagePullPolicy: IfNotPresent 150 resources: 151 limits: 152 memory: 170Mi 153 requests: 154 cpu: 100m 155 memory: 70Mi 156 args: [ "-conf", "/etc/coredns/Corefile" ] 157 volumeMounts: 158 - name: config-volume 159 mountPath: /etc/coredns 160 readOnly: true 161 ports: 162 - containerPort: 53 163 name: dns 164 protocol: UDP 165 - containerPort: 53 166 name: dns-tcp 167 protocol: TCP 168 - containerPort: 9153 169 name: metrics 170 protocol: TCP 171 livenessProbe: 172 httpGet: 173 path: /health 174 port: 8080 175 scheme: HTTP 176 initialDelaySeconds: 60 177 timeoutSeconds: 5 178 successThreshold: 1 179 failureThreshold: 5 180 readinessProbe: 181 httpGet: 182 path: /ready 183 port: 8181 184 scheme: HTTP 185 securityContext: 186 allowPrivilegeEscalation: false 187 capabilities: 188 add: 189 - NET_BIND_SERVICE 190 drop: 191 - all 192 readOnlyRootFilesystem: true 193 dnsPolicy: Default 194 volumes: 195 - name: config-volume 196 configMap: 197 name: coredns 198 items: 199 - key: Corefile 200 path: Corefile 201 --- 202 apiVersion: v1 203 kind: Service 204 metadata: 205 name: kube-dns 206 namespace: kube-system 207 annotations: 208 prometheus.io/port: "9153" 209 prometheus.io/scrape: "true" 210 labels: 211 k8s-app: kube-dns 212 kubernetes.io/cluster-service: "true" 213 addonmanager.kubernetes.io/mode: Reconcile 214 kubernetes.io/name: "CoreDNS" 215 spec: 216 selector: 217 k8s-app: kube-dns 218 clusterIP: 10.96.0.10 219 ports: 220 - name: dns 221 port: 53 222 protocol: UDP 223 - name: dns-tcp 224 port: 53 225 protocol: TCP 226 - name: metrics 227 port: 9153 228 protocol: TCP