github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.25/eks/coredns_deployment.yaml (about) 1 # File source with modifications to the coredns corefile 2 # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.24/cluster/addons/dns/coredns/coredns.yaml.base 3 # __MACHINE_GENERATED_WARNING__ 4 5 apiVersion: v1 6 kind: ServiceAccount 7 metadata: 8 name: coredns 9 namespace: kube-system 10 labels: 11 kubernetes.io/cluster-service: "true" 12 addonmanager.kubernetes.io/mode: Reconcile 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRole 16 metadata: 17 labels: 18 kubernetes.io/bootstrapping: rbac-defaults 19 addonmanager.kubernetes.io/mode: Reconcile 20 name: system:coredns 21 rules: 22 - apiGroups: 23 - "" 24 resources: 25 - endpoints 26 - services 27 - pods 28 - namespaces 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - "" 34 resources: 35 - nodes 36 verbs: 37 - get 38 - apiGroups: 39 - discovery.k8s.io 40 resources: 41 - endpointslices 42 verbs: 43 - list 44 - watch 45 --- 46 apiVersion: rbac.authorization.k8s.io/v1 47 kind: ClusterRoleBinding 48 metadata: 49 annotations: 50 rbac.authorization.kubernetes.io/autoupdate: "true" 51 labels: 52 kubernetes.io/bootstrapping: rbac-defaults 53 addonmanager.kubernetes.io/mode: EnsureExists 54 name: system:coredns 55 roleRef: 56 apiGroup: rbac.authorization.k8s.io 57 kind: ClusterRole 58 name: system:coredns 59 subjects: 60 - kind: ServiceAccount 61 name: coredns 62 namespace: kube-system 63 --- 64 apiVersion: v1 65 kind: ConfigMap 66 metadata: 67 name: coredns 68 namespace: kube-system 69 labels: 70 addonmanager.kubernetes.io/mode: EnsureExists 71 data: 72 Corefile: | 73 cilium.test:53 { 74 forward . 10.100.0.100:53 { 75 max_fails 0 76 } 77 } 78 .:53 { 79 log 80 errors 81 health { 82 lameduck 5s 83 } 84 ready 85 kubernetes cluster.local in-addr.arpa ip6.arpa { 86 pods insecure 87 fallthrough in-addr.arpa ip6.arpa 88 ttl 0 89 } 90 prometheus :9153 91 forward . /etc/resolv.conf { 92 max_concurrent 1000 93 max_fails 0 94 } 95 loop 96 reload 97 loadbalance 98 } 99 --- 100 apiVersion: apps/v1 101 kind: Deployment 102 metadata: 103 name: coredns 104 namespace: kube-system 105 labels: 106 k8s-app: kube-dns 107 kubernetes.io/cluster-service: "true" 108 addonmanager.kubernetes.io/mode: Reconcile 109 kubernetes.io/name: "CoreDNS" 110 spec: 111 # replicas: not specified here: 112 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 113 # 2. Default is 1. 114 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 115 strategy: 116 type: RollingUpdate 117 rollingUpdate: 118 maxUnavailable: 1 119 selector: 120 matchLabels: 121 k8s-app: kube-dns 122 template: 123 metadata: 124 labels: 125 k8s-app: kube-dns 126 spec: 127 securityContext: 128 seccompProfile: 129 type: RuntimeDefault 130 priorityClassName: system-cluster-critical 131 serviceAccountName: coredns 132 affinity: 133 podAntiAffinity: 134 preferredDuringSchedulingIgnoredDuringExecution: 135 - weight: 100 136 podAffinityTerm: 137 labelSelector: 138 matchExpressions: 139 - key: k8s-app 140 operator: In 141 values: ["kube-dns"] 142 topologyKey: kubernetes.io/hostname 143 tolerations: 144 - key: "CriticalAddonsOnly" 145 operator: "Exists" 146 nodeSelector: 147 kubernetes.io/os: linux 148 containers: 149 - name: coredns 150 image: registry.k8s.io/coredns/coredns:v1.8.6 151 imagePullPolicy: IfNotPresent 152 resources: 153 limits: 154 memory: 170Mi 155 requests: 156 cpu: 100m 157 memory: 70Mi 158 args: [ "-conf", "/etc/coredns/Corefile" ] 159 volumeMounts: 160 - name: config-volume 161 mountPath: /etc/coredns 162 readOnly: true 163 ports: 164 - containerPort: 53 165 name: dns 166 protocol: UDP 167 - containerPort: 53 168 name: dns-tcp 169 protocol: TCP 170 - containerPort: 9153 171 name: metrics 172 protocol: TCP 173 livenessProbe: 174 httpGet: 175 path: /health 176 port: 8080 177 scheme: HTTP 178 initialDelaySeconds: 60 179 timeoutSeconds: 5 180 successThreshold: 1 181 failureThreshold: 5 182 readinessProbe: 183 httpGet: 184 path: /ready 185 port: 8181 186 scheme: HTTP 187 securityContext: 188 allowPrivilegeEscalation: false 189 capabilities: 190 add: 191 - NET_BIND_SERVICE 192 drop: 193 - all 194 readOnlyRootFilesystem: true 195 dnsPolicy: Default 196 volumes: 197 - name: config-volume 198 configMap: 199 name: coredns 200 items: 201 - key: Corefile 202 path: Corefile 203 --- 204 apiVersion: v1 205 kind: Service 206 metadata: 207 name: kube-dns 208 namespace: kube-system 209 annotations: 210 prometheus.io/port: "9153" 211 prometheus.io/scrape: "true" 212 labels: 213 k8s-app: kube-dns 214 kubernetes.io/cluster-service: "true" 215 addonmanager.kubernetes.io/mode: Reconcile 216 kubernetes.io/name: "CoreDNS" 217 spec: 218 selector: 219 k8s-app: kube-dns 220 clusterIP: 10.100.0.10 221 ports: 222 - name: dns 223 port: 53 224 protocol: UDP 225 - name: dns-tcp 226 port: 53 227 protocol: TCP 228 - name: metrics 229 port: 9153 230 protocol: TCP