github.phpd.cn/cilium/cilium@v1.6.12/test/provision/manifest/1.12/coredns_deployment.yaml

github.phpd.cn/cilium/cilium@v1.6.12/test/provision/manifest/1.12/coredns_deployment.yaml (about)

     1  # File source
     2  # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.12/cluster/addons/dns/coredns/coredns.yaml.base
     3  ---
     4  apiVersion: v1
     5  kind: ServiceAccount
     6  metadata:
     7    name: coredns
     8    namespace: kube-system
     9    labels:
    10      kubernetes.io/cluster-service: "true"
    11      addonmanager.kubernetes.io/mode: Reconcile
    12  ---
    13  apiVersion: rbac.authorization.k8s.io/v1
    14  kind: ClusterRole
    15  metadata:
    16    labels:
    17      kubernetes.io/bootstrapping: rbac-defaults
    18      addonmanager.kubernetes.io/mode: Reconcile
    19    name: system:coredns
    20  rules:
    21  - apiGroups:
    22    - ""
    23    resources:
    24    - endpoints
    25    - services
    26    - pods
    27    - namespaces
    28    verbs:
    29    - list
    30    - watch
    31  ---
    32  apiVersion: rbac.authorization.k8s.io/v1
    33  kind: ClusterRoleBinding
    34  metadata:
    35    annotations:
    36      rbac.authorization.kubernetes.io/autoupdate: "true"
    37    labels:
    38      kubernetes.io/bootstrapping: rbac-defaults
    39      addonmanager.kubernetes.io/mode: EnsureExists
    40    name: system:coredns
    41  roleRef:
    42    apiGroup: rbac.authorization.k8s.io
    43    kind: ClusterRole
    44    name: system:coredns
    45  subjects:
    46  - kind: ServiceAccount
    47    name: coredns
    48    namespace: kube-system
    49  ---
    50  apiVersion: v1
    51  kind: ConfigMap
    52  metadata:
    53    name: coredns
    54    namespace: kube-system
    55    labels:
    56      addonmanager.kubernetes.io/mode: EnsureExists
    57  data:
    58    Corefile: |
    59      .:53 {
    60          log
    61          errors
    62          health
    63          kubernetes cluster.local in-addr.arpa ip6.arpa {
    64              pods insecure
    65              upstream
    66              fallthrough in-addr.arpa ip6.arpa
    67          }
    68          proxy cilium.test 10.96.0.100:53
    69          prometheus :9153
    70          proxy . /etc/resolv.conf
    71          cache 30
    72          loop
    73          reload
    74          loadbalance
    75      }
    76  ---
    77  apiVersion: extensions/v1beta1
    78  kind: Deployment
    79  metadata:
    80    name: coredns
    81    namespace: kube-system
    82    labels:
    83      k8s-app: kube-dns
    84      kubernetes.io/cluster-service: "true"
    85      addonmanager.kubernetes.io/mode: Reconcile
    86      kubernetes.io/name: "CoreDNS"
    87  spec:
    88    # replicas: not specified here:
    89    # 1. In order to make Addon Manager do not reconcile this replicas parameter.
    90    # 2. Default is 1.
    91    # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
    92    strategy:
    93      type: RollingUpdate
    94      rollingUpdate:
    95        maxUnavailable: 1
    96    selector:
    97      matchLabels:
    98        k8s-app: kube-dns
    99    template:
   100      metadata:
   101        labels:
   102          k8s-app: kube-dns
   103        annotations:
   104          seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
   105      spec:
   106        serviceAccountName: coredns
   107        tolerations:
   108        - key: node-role.kubernetes.io/master
   109          effect: NoSchedule
   110        - key: "CriticalAddonsOnly"
   111          operator: "Exists"
   112        containers:
   113        - name: coredns
   114          image: k8s.gcr.io/coredns:1.2.2
   115          imagePullPolicy: IfNotPresent
   116          resources:
   117            limits:
   118              memory: 170Mi
   119            requests:
   120              cpu: 100m
   121              memory: 70Mi
   122          args: [ "-conf", "/etc/coredns/Corefile" ]
   123          volumeMounts:
   124          - name: config-volume
   125            mountPath: /etc/coredns
   126            readOnly: true
   127          ports:
   128          - containerPort: 53
   129            name: dns
   130            protocol: UDP
   131          - containerPort: 53
   132            name: dns-tcp
   133            protocol: TCP
   134          - containerPort: 9153
   135            name: metrics
   136            protocol: TCP
   137          livenessProbe:
   138            httpGet:
   139              path: /health
   140              port: 8080
   141              scheme: HTTP
   142            initialDelaySeconds: 60
   143            timeoutSeconds: 5
   144            successThreshold: 1
   145            failureThreshold: 5
   146          securityContext:
   147            allowPrivilegeEscalation: false
   148            capabilities:
   149              add:
   150              - NET_BIND_SERVICE
   151              drop:
   152              - all
   153            readOnlyRootFilesystem: true
   154        dnsPolicy: Default
   155        volumes:
   156        - name: config-volume
   157          configMap:
   158            name: coredns
   159            items:
   160            - key: Corefile
   161              path: Corefile
   162  ---
   163  apiVersion: v1
   164  kind: Service
   165  metadata:
   166    name: kube-dns
   167    namespace: kube-system
   168    annotations:
   169      prometheus.io/port: "9153"
   170      prometheus.io/scrape: "true"
   171    labels:
   172      k8s-app: kube-dns
   173      kubernetes.io/cluster-service: "true"
   174      addonmanager.kubernetes.io/mode: Reconcile
   175      kubernetes.io/name: "CoreDNS"
   176  spec:
   177    selector:
   178      k8s-app: kube-dns
   179    clusterIP: 10.96.0.10
   180    ports:
   181    - name: dns
   182      port: 53
   183      protocol: UDP
   184    - name: dns-tcp
   185      port: 53
   186      protocol: TCP