github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.28/coredns_deployment.yaml (about) 1 # File source with modifications to the coredns corefile 2 # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.28/cluster/addons/dns/coredns/coredns.yaml.base 3 # __MACHINE_GENERATED_WARNING__ 4 5 apiVersion: v1 6 kind: ServiceAccount 7 metadata: 8 name: coredns 9 namespace: kube-system 10 labels: 11 kubernetes.io/cluster-service: "true" 12 addonmanager.kubernetes.io/mode: Reconcile 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRole 16 metadata: 17 labels: 18 kubernetes.io/bootstrapping: rbac-defaults 19 addonmanager.kubernetes.io/mode: Reconcile 20 name: system:coredns 21 rules: 22 - apiGroups: 23 - "" 24 resources: 25 - endpoints 26 - services 27 - pods 28 - namespaces 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - discovery.k8s.io 34 resources: 35 - endpointslices 36 verbs: 37 - list 38 - watch 39 --- 40 apiVersion: rbac.authorization.k8s.io/v1 41 kind: ClusterRoleBinding 42 metadata: 43 annotations: 44 rbac.authorization.kubernetes.io/autoupdate: "true" 45 labels: 46 kubernetes.io/bootstrapping: rbac-defaults 47 addonmanager.kubernetes.io/mode: EnsureExists 48 name: system:coredns 49 roleRef: 50 apiGroup: rbac.authorization.k8s.io 51 kind: ClusterRole 52 name: system:coredns 53 subjects: 54 - kind: ServiceAccount 55 name: coredns 56 namespace: kube-system 57 --- 58 apiVersion: v1 59 kind: ConfigMap 60 metadata: 61 name: coredns 62 namespace: kube-system 63 labels: 64 addonmanager.kubernetes.io/mode: EnsureExists 65 data: 66 Corefile: | 67 cilium.test:53 { 68 forward . 10.96.0.100:53 { 69 max_fails 0 70 } 71 } 72 .:53 { 73 log 74 errors 75 health { 76 lameduck 5s 77 } 78 ready 79 kubernetes cluster.local in-addr.arpa ip6.arpa { 80 pods insecure 81 fallthrough in-addr.arpa ip6.arpa 82 ttl 0 83 } 84 prometheus :9153 85 forward . /etc/resolv.conf { 86 max_concurrent 1000 87 max_fails 0 88 } 89 loop 90 reload 91 loadbalance 92 } 93 --- 94 apiVersion: apps/v1 95 kind: Deployment 96 metadata: 97 name: coredns 98 namespace: kube-system 99 labels: 100 k8s-app: kube-dns 101 kubernetes.io/cluster-service: "true" 102 addonmanager.kubernetes.io/mode: Reconcile 103 kubernetes.io/name: "CoreDNS" 104 spec: 105 # replicas: not specified here: 106 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 107 # 2. Default is 1. 108 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 109 strategy: 110 type: RollingUpdate 111 rollingUpdate: 112 maxUnavailable: 1 113 selector: 114 matchLabels: 115 k8s-app: kube-dns 116 template: 117 metadata: 118 labels: 119 k8s-app: kube-dns 120 spec: 121 securityContext: 122 seccompProfile: 123 type: RuntimeDefault 124 priorityClassName: system-cluster-critical 125 serviceAccountName: coredns 126 affinity: 127 podAntiAffinity: 128 preferredDuringSchedulingIgnoredDuringExecution: 129 - weight: 100 130 podAffinityTerm: 131 labelSelector: 132 matchExpressions: 133 - key: k8s-app 134 operator: In 135 values: ["kube-dns"] 136 topologyKey: kubernetes.io/hostname 137 tolerations: 138 - key: "CriticalAddonsOnly" 139 operator: "Exists" 140 nodeSelector: 141 kubernetes.io/os: linux 142 containers: 143 - name: coredns 144 image: registry.k8s.io/coredns/coredns:v1.10.1 145 imagePullPolicy: IfNotPresent 146 resources: 147 limits: 148 memory: 170Mi 149 requests: 150 cpu: 100m 151 memory: 70Mi 152 args: [ "-conf", "/etc/coredns/Corefile" ] 153 volumeMounts: 154 - name: config-volume 155 mountPath: /etc/coredns 156 readOnly: true 157 ports: 158 - containerPort: 53 159 name: dns 160 protocol: UDP 161 - containerPort: 53 162 name: dns-tcp 163 protocol: TCP 164 - containerPort: 9153 165 name: metrics 166 protocol: TCP 167 livenessProbe: 168 httpGet: 169 path: /health 170 port: 8080 171 scheme: HTTP 172 initialDelaySeconds: 60 173 timeoutSeconds: 5 174 successThreshold: 1 175 failureThreshold: 5 176 readinessProbe: 177 httpGet: 178 path: /ready 179 port: 8181 180 scheme: HTTP 181 securityContext: 182 allowPrivilegeEscalation: false 183 capabilities: 184 add: 185 - NET_BIND_SERVICE 186 drop: 187 - all 188 readOnlyRootFilesystem: true 189 dnsPolicy: Default 190 volumes: 191 - name: config-volume 192 configMap: 193 name: coredns 194 items: 195 - key: Corefile 196 path: Corefile 197 --- 198 apiVersion: v1 199 kind: Service 200 metadata: 201 name: kube-dns 202 namespace: kube-system 203 annotations: 204 prometheus.io/port: "9153" 205 prometheus.io/scrape: "true" 206 labels: 207 k8s-app: kube-dns 208 kubernetes.io/cluster-service: "true" 209 addonmanager.kubernetes.io/mode: Reconcile 210 kubernetes.io/name: "CoreDNS" 211 spec: 212 selector: 213 k8s-app: kube-dns 214 clusterIP: 10.96.0.10 215 ports: 216 - name: dns 217 port: 53 218 protocol: UDP 219 - name: dns-tcp 220 port: 53 221 protocol: TCP 222 - name: metrics 223 port: 9153 224 protocol: TCP