github.phpd.cn/cilium/cilium@v1.6.12/test/provision/manifest/1.15/coredns_deployment.yaml (about) 1 # File source 2 # https://raw.githubusercontent.com/kubernetes/kubernetes/release-1.15/cluster/addons/dns/coredns/coredns.yaml.base 3 # __MACHINE_GENERATED_WARNING__ 4 5 apiVersion: v1 6 kind: ServiceAccount 7 metadata: 8 name: coredns 9 namespace: kube-system 10 labels: 11 kubernetes.io/cluster-service: "true" 12 addonmanager.kubernetes.io/mode: Reconcile 13 --- 14 apiVersion: rbac.authorization.k8s.io/v1 15 kind: ClusterRole 16 metadata: 17 labels: 18 kubernetes.io/bootstrapping: rbac-defaults 19 addonmanager.kubernetes.io/mode: Reconcile 20 name: system:coredns 21 rules: 22 - apiGroups: 23 - "" 24 resources: 25 - endpoints 26 - services 27 - pods 28 - namespaces 29 verbs: 30 - list 31 - watch 32 - apiGroups: 33 - "" 34 resources: 35 - nodes 36 verbs: 37 - get 38 --- 39 apiVersion: rbac.authorization.k8s.io/v1 40 kind: ClusterRoleBinding 41 metadata: 42 annotations: 43 rbac.authorization.kubernetes.io/autoupdate: "true" 44 labels: 45 kubernetes.io/bootstrapping: rbac-defaults 46 addonmanager.kubernetes.io/mode: EnsureExists 47 name: system:coredns 48 roleRef: 49 apiGroup: rbac.authorization.k8s.io 50 kind: ClusterRole 51 name: system:coredns 52 subjects: 53 - kind: ServiceAccount 54 name: coredns 55 namespace: kube-system 56 --- 57 apiVersion: v1 58 kind: ConfigMap 59 metadata: 60 name: coredns 61 namespace: kube-system 62 labels: 63 addonmanager.kubernetes.io/mode: EnsureExists 64 data: 65 Corefile: | 66 .:53 { 67 log 68 errors 69 health 70 kubernetes cluster.local in-addr.arpa ip6.arpa { 71 pods insecure 72 ttl 0 73 upstream 74 fallthrough in-addr.arpa ip6.arpa 75 } 76 proxy cilium.test 10.96.0.100:53 { 77 fail_timeout 10s 78 max_fails 0 79 } 80 proxy . /etc/resolv.conf { 81 fail_timeout 10s 82 max_fails 0 83 } 84 prometheus :9153 85 loop 86 reload 87 loadbalance 88 } 89 --- 90 apiVersion: apps/v1 91 kind: Deployment 92 metadata: 93 name: coredns 94 namespace: kube-system 95 labels: 96 k8s-app: kube-dns 97 kubernetes.io/cluster-service: "true" 98 addonmanager.kubernetes.io/mode: Reconcile 99 kubernetes.io/name: "CoreDNS" 100 spec: 101 # replicas: not specified here: 102 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 103 # 2. Default is 1. 104 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 105 strategy: 106 type: RollingUpdate 107 rollingUpdate: 108 maxUnavailable: 1 109 selector: 110 matchLabels: 111 k8s-app: kube-dns 112 template: 113 metadata: 114 labels: 115 k8s-app: kube-dns 116 annotations: 117 seccomp.security.alpha.kubernetes.io/pod: 'docker/default' 118 spec: 119 priorityClassName: system-cluster-critical 120 serviceAccountName: coredns 121 tolerations: 122 - key: "CriticalAddonsOnly" 123 operator: "Exists" 124 containers: 125 - name: coredns 126 image: k8s.gcr.io/coredns:1.3.1 127 imagePullPolicy: IfNotPresent 128 resources: 129 limits: 130 memory: 170Mi 131 requests: 132 cpu: 100m 133 memory: 70Mi 134 args: [ "-conf", "/etc/coredns/Corefile" ] 135 volumeMounts: 136 - name: config-volume 137 mountPath: /etc/coredns 138 readOnly: true 139 ports: 140 - containerPort: 53 141 name: dns 142 protocol: UDP 143 - containerPort: 53 144 name: dns-tcp 145 protocol: TCP 146 - containerPort: 9153 147 name: metrics 148 protocol: TCP 149 livenessProbe: 150 httpGet: 151 path: /health 152 port: 8080 153 scheme: HTTP 154 initialDelaySeconds: 60 155 timeoutSeconds: 5 156 successThreshold: 1 157 failureThreshold: 5 158 readinessProbe: 159 httpGet: 160 path: /health 161 port: 8080 162 scheme: HTTP 163 securityContext: 164 allowPrivilegeEscalation: false 165 capabilities: 166 add: 167 - NET_BIND_SERVICE 168 drop: 169 - all 170 readOnlyRootFilesystem: true 171 dnsPolicy: Default 172 volumes: 173 - name: config-volume 174 configMap: 175 name: coredns 176 items: 177 - key: Corefile 178 path: Corefile 179 --- 180 apiVersion: v1 181 kind: Service 182 metadata: 183 name: kube-dns 184 namespace: kube-system 185 annotations: 186 prometheus.io/port: "9153" 187 prometheus.io/scrape: "true" 188 labels: 189 k8s-app: kube-dns 190 kubernetes.io/cluster-service: "true" 191 addonmanager.kubernetes.io/mode: Reconcile 192 kubernetes.io/name: "CoreDNS" 193 spec: 194 selector: 195 k8s-app: kube-dns 196 clusterIP: 10.96.0.10 197 ports: 198 - name: dns 199 port: 53 200 protocol: UDP 201 - name: dns-tcp 202 port: 53 203 protocol: TCP 204 - name: metrics 205 port: 9153 206 protocol: TCP