github.com/cilium/cilium@v1.16.2/test/provision/manifest/1.28/coredns_deployment.yaml (about)

     1  # File source with modifications to the coredns corefile
     2  # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.28/cluster/addons/dns/coredns/coredns.yaml.base
     3  # __MACHINE_GENERATED_WARNING__
     4  
     5  apiVersion: v1
     6  kind: ServiceAccount
     7  metadata:
     8    name: coredns
     9    namespace: kube-system
    10    labels:
    11        kubernetes.io/cluster-service: "true"
    12        addonmanager.kubernetes.io/mode: Reconcile
    13  ---
    14  apiVersion: rbac.authorization.k8s.io/v1
    15  kind: ClusterRole
    16  metadata:
    17    labels:
    18      kubernetes.io/bootstrapping: rbac-defaults
    19      addonmanager.kubernetes.io/mode: Reconcile
    20    name: system:coredns
    21  rules:
    22  - apiGroups:
    23    - ""
    24    resources:
    25    - endpoints
    26    - services
    27    - pods
    28    - namespaces
    29    verbs:
    30    - list
    31    - watch
    32  - apiGroups:
    33    - discovery.k8s.io
    34    resources:
    35    - endpointslices
    36    verbs:
    37    - list
    38    - watch
    39  ---
    40  apiVersion: rbac.authorization.k8s.io/v1
    41  kind: ClusterRoleBinding
    42  metadata:
    43    annotations:
    44      rbac.authorization.kubernetes.io/autoupdate: "true"
    45    labels:
    46      kubernetes.io/bootstrapping: rbac-defaults
    47      addonmanager.kubernetes.io/mode: EnsureExists
    48    name: system:coredns
    49  roleRef:
    50    apiGroup: rbac.authorization.k8s.io
    51    kind: ClusterRole
    52    name: system:coredns
    53  subjects:
    54  - kind: ServiceAccount
    55    name: coredns
    56    namespace: kube-system
    57  ---
    58  apiVersion: v1
    59  kind: ConfigMap
    60  metadata:
    61    name: coredns
    62    namespace: kube-system
    63    labels:
    64        addonmanager.kubernetes.io/mode: EnsureExists
    65  data:
    66    Corefile: |
    67      cilium.test:53 {
    68          forward . 10.96.0.100:53 {
    69              max_fails 0
    70          }
    71      }
    72      .:53 {
    73          log
    74          errors
    75          health {
    76              lameduck 5s
    77          }
    78          ready
    79          kubernetes cluster.local in-addr.arpa ip6.arpa {
    80              pods insecure
    81              fallthrough in-addr.arpa ip6.arpa
    82              ttl 0
    83          }
    84          prometheus :9153
    85          forward . /etc/resolv.conf {
    86              max_concurrent 1000
    87              max_fails 0
    88          }
    89          loop
    90          reload
    91          loadbalance
    92      }
    93  ---
    94  apiVersion: apps/v1
    95  kind: Deployment
    96  metadata:
    97    name: coredns
    98    namespace: kube-system
    99    labels:
   100      k8s-app: kube-dns
   101      kubernetes.io/cluster-service: "true"
   102      addonmanager.kubernetes.io/mode: Reconcile
   103      kubernetes.io/name: "CoreDNS"
   104  spec:
   105    # replicas: not specified here:
   106    # 1. In order to make Addon Manager do not reconcile this replicas parameter.
   107    # 2. Default is 1.
   108    # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
   109    strategy:
   110      type: RollingUpdate
   111      rollingUpdate:
   112        maxUnavailable: 1
   113    selector:
   114      matchLabels:
   115        k8s-app: kube-dns
   116    template:
   117      metadata:
   118        labels:
   119          k8s-app: kube-dns
   120      spec:
   121        securityContext:
   122          seccompProfile:
   123            type: RuntimeDefault
   124        priorityClassName: system-cluster-critical
   125        serviceAccountName: coredns
   126        affinity:
   127          podAntiAffinity:
   128            preferredDuringSchedulingIgnoredDuringExecution:
   129            - weight: 100
   130              podAffinityTerm:
   131                labelSelector:
   132                  matchExpressions:
   133                    - key: k8s-app
   134                      operator: In
   135                      values: ["kube-dns"]
   136                topologyKey: kubernetes.io/hostname
   137        tolerations:
   138          - key: "CriticalAddonsOnly"
   139            operator: "Exists"
   140        nodeSelector:
   141          kubernetes.io/os: linux
   142        containers:
   143        - name: coredns
   144          image: registry.k8s.io/coredns/coredns:v1.10.1
   145          imagePullPolicy: IfNotPresent
   146          resources:
   147            limits:
   148              memory: 170Mi
   149            requests:
   150              cpu: 100m
   151              memory: 70Mi
   152          args: [ "-conf", "/etc/coredns/Corefile" ]
   153          volumeMounts:
   154          - name: config-volume
   155            mountPath: /etc/coredns
   156            readOnly: true
   157          ports:
   158          - containerPort: 53
   159            name: dns
   160            protocol: UDP
   161          - containerPort: 53
   162            name: dns-tcp
   163            protocol: TCP
   164          - containerPort: 9153
   165            name: metrics
   166            protocol: TCP
   167          livenessProbe:
   168            httpGet:
   169              path: /health
   170              port: 8080
   171              scheme: HTTP
   172            initialDelaySeconds: 60
   173            timeoutSeconds: 5
   174            successThreshold: 1
   175            failureThreshold: 5
   176          readinessProbe:
   177            httpGet:
   178              path: /ready
   179              port: 8181
   180              scheme: HTTP
   181          securityContext:
   182            allowPrivilegeEscalation: false
   183            capabilities:
   184              add:
   185              - NET_BIND_SERVICE
   186              drop:
   187              - all
   188            readOnlyRootFilesystem: true
   189        dnsPolicy: Default
   190        volumes:
   191          - name: config-volume
   192            configMap:
   193              name: coredns
   194              items:
   195              - key: Corefile
   196                path: Corefile
   197  ---
   198  apiVersion: v1
   199  kind: Service
   200  metadata:
   201    name: kube-dns
   202    namespace: kube-system
   203    annotations:
   204      prometheus.io/port: "9153"
   205      prometheus.io/scrape: "true"
   206    labels:
   207      k8s-app: kube-dns
   208      kubernetes.io/cluster-service: "true"
   209      addonmanager.kubernetes.io/mode: Reconcile
   210      kubernetes.io/name: "CoreDNS"
   211  spec:
   212    selector:
   213      k8s-app: kube-dns
   214    clusterIP: 10.96.0.10
   215    ports:
   216    - name: dns
   217      port: 53
   218      protocol: UDP
   219    - name: dns-tcp
   220      port: 53
   221      protocol: TCP
   222    - name: metrics
   223      port: 9153
   224      protocol: TCP