github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.20/coredns_deployment.yaml (about)

     1  # File source
     2  # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.19/cluster/addons/dns/coredns/coredns.yaml.base
     3  # __MACHINE_GENERATED_WARNING__
     4  
     5  apiVersion: v1
     6  kind: ServiceAccount
     7  metadata:
     8    name: coredns
     9    namespace: kube-system
    10    labels:
    11        kubernetes.io/cluster-service: "true"
    12        addonmanager.kubernetes.io/mode: Reconcile
    13  ---
    14  apiVersion: rbac.authorization.k8s.io/v1
    15  kind: ClusterRole
    16  metadata:
    17    labels:
    18      kubernetes.io/bootstrapping: rbac-defaults
    19      addonmanager.kubernetes.io/mode: Reconcile
    20    name: system:coredns
    21  rules:
    22  - apiGroups:
    23    - ""
    24    resources:
    25    - endpoints
    26    - services
    27    - pods
    28    - namespaces
    29    verbs:
    30    - list
    31    - watch
    32  - apiGroups:
    33    - ""
    34    resources:
    35    - nodes
    36    verbs:
    37    - get
    38  - apiGroups:
    39    - discovery.k8s.io
    40    resources:
    41    - endpointslices
    42    verbs:
    43    - list
    44    - watch
    45  ---
    46  apiVersion: rbac.authorization.k8s.io/v1
    47  kind: ClusterRoleBinding
    48  metadata:
    49    annotations:
    50      rbac.authorization.kubernetes.io/autoupdate: "true"
    51    labels:
    52      kubernetes.io/bootstrapping: rbac-defaults
    53      addonmanager.kubernetes.io/mode: EnsureExists
    54    name: system:coredns
    55  roleRef:
    56    apiGroup: rbac.authorization.k8s.io
    57    kind: ClusterRole
    58    name: system:coredns
    59  subjects:
    60  - kind: ServiceAccount
    61    name: coredns
    62    namespace: kube-system
    63  ---
    64  apiVersion: v1
    65  kind: ConfigMap
    66  metadata:
    67    name: coredns
    68    namespace: kube-system
    69    labels:
    70        addonmanager.kubernetes.io/mode: EnsureExists
    71  data:
    72    Corefile: |
    73      cilium.test:53 {
    74          forward . 10.96.0.100:53 {
    75              max_fails 0
    76          }
    77      }
    78      .:53 {
    79          log
    80          errors
    81          health {
    82              lameduck 5s
    83          }
    84          ready
    85          kubernetes cluster.local in-addr.arpa ip6.arpa {
    86              pods insecure
    87              ttl 0
    88              fallthrough in-addr.arpa ip6.arpa
    89          }
    90          prometheus :9153
    91          forward . /etc/resolv.conf {
    92              max_fails 0
    93          }
    94          loop
    95          reload
    96          loadbalance
    97      }
    98  ---
    99  apiVersion: apps/v1
   100  kind: Deployment
   101  metadata:
   102    name: coredns
   103    namespace: kube-system
   104    labels:
   105      k8s-app: kube-dns
   106      kubernetes.io/cluster-service: "true"
   107      addonmanager.kubernetes.io/mode: Reconcile
   108      kubernetes.io/name: "CoreDNS"
   109  spec:
   110    # replicas: not specified here:
   111    # 1. In order to make Addon Manager do not reconcile this replicas parameter.
   112    # 2. Default is 1.
   113    # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
   114    strategy:
   115      type: RollingUpdate
   116      rollingUpdate:
   117        maxUnavailable: 1
   118    selector:
   119      matchLabels:
   120        k8s-app: kube-dns
   121    template:
   122      metadata:
   123        labels:
   124          k8s-app: kube-dns
   125        annotations:
   126          seccomp.security.alpha.kubernetes.io/pod: 'runtime/default'
   127      spec:
   128        priorityClassName: system-cluster-critical
   129        serviceAccountName: coredns
   130        affinity:
   131          podAntiAffinity:
   132            preferredDuringSchedulingIgnoredDuringExecution:
   133            - weight: 100
   134              podAffinityTerm:
   135                labelSelector:
   136                  matchExpressions:
   137                    - key: k8s-app
   138                      operator: In
   139                      values: ["kube-dns"]
   140                topologyKey: kubernetes.io/hostname
   141        tolerations:
   142          - key: "CriticalAddonsOnly"
   143            operator: "Exists"
   144        nodeSelector:
   145          kubernetes.io/os: linux
   146        containers:
   147        - name: coredns
   148          image: registry.k8s.io/coredns/coredns:v1.8.3
   149          imagePullPolicy: IfNotPresent
   150          resources:
   151            limits:
   152              memory: 170Mi
   153            requests:
   154              cpu: 100m
   155              memory: 70Mi
   156          args: [ "-conf", "/etc/coredns/Corefile" ]
   157          volumeMounts:
   158          - name: config-volume
   159            mountPath: /etc/coredns
   160            readOnly: true
   161          ports:
   162          - containerPort: 53
   163            name: dns
   164            protocol: UDP
   165          - containerPort: 53
   166            name: dns-tcp
   167            protocol: TCP
   168          - containerPort: 9153
   169            name: metrics
   170            protocol: TCP
   171          livenessProbe:
   172            httpGet:
   173              path: /health
   174              port: 8080
   175              scheme: HTTP
   176            initialDelaySeconds: 60
   177            timeoutSeconds: 5
   178            successThreshold: 1
   179            failureThreshold: 5
   180          readinessProbe:
   181            httpGet:
   182              path: /ready
   183              port: 8181
   184              scheme: HTTP
   185          securityContext:
   186            allowPrivilegeEscalation: false
   187            capabilities:
   188              add:
   189              - NET_BIND_SERVICE
   190              drop:
   191              - all
   192            readOnlyRootFilesystem: true
   193        dnsPolicy: Default
   194        volumes:
   195          - name: config-volume
   196            configMap:
   197              name: coredns
   198              items:
   199              - key: Corefile
   200                path: Corefile
   201  ---
   202  apiVersion: v1
   203  kind: Service
   204  metadata:
   205    name: kube-dns
   206    namespace: kube-system
   207    annotations:
   208      prometheus.io/port: "9153"
   209      prometheus.io/scrape: "true"
   210    labels:
   211      k8s-app: kube-dns
   212      kubernetes.io/cluster-service: "true"
   213      addonmanager.kubernetes.io/mode: Reconcile
   214      kubernetes.io/name: "CoreDNS"
   215  spec:
   216    selector:
   217      k8s-app: kube-dns
   218    clusterIP: 10.96.0.10
   219    ports:
   220    - name: dns
   221      port: 53
   222      protocol: UDP
   223    - name: dns-tcp
   224      port: 53
   225      protocol: TCP
   226    - name: metrics
   227      port: 9153
   228      protocol: TCP