k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/dns/kube-dns/kube-dns.yaml.in (about) 1 # Copyright 2016 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 15 # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml 16 # in sync with this file. 17 18 # Warning: This is a file generated from the base underscore template file: kube-dns.yaml.base 19 20 apiVersion: v1 21 kind: Service 22 metadata: 23 name: kube-dns 24 namespace: kube-system 25 labels: 26 k8s-app: kube-dns 27 kubernetes.io/cluster-service: "true" 28 addonmanager.kubernetes.io/mode: Reconcile 29 kubernetes.io/name: "KubeDNS" 30 spec: 31 selector: 32 k8s-app: kube-dns 33 clusterIP: dns_server 34 ports: 35 - name: dns 36 port: 53 37 protocol: UDP 38 - name: dns-tcp 39 port: 53 40 protocol: TCP 41 --- 42 apiVersion: v1 43 kind: ServiceAccount 44 metadata: 45 name: kube-dns 46 namespace: kube-system 47 labels: 48 kubernetes.io/cluster-service: "true" 49 addonmanager.kubernetes.io/mode: Reconcile 50 --- 51 apiVersion: v1 52 kind: ConfigMap 53 metadata: 54 name: kube-dns 55 namespace: kube-system 56 labels: 57 addonmanager.kubernetes.io/mode: EnsureExists 58 --- 59 apiVersion: apps/v1 60 kind: Deployment 61 metadata: 62 name: kube-dns 63 namespace: kube-system 64 labels: 65 k8s-app: kube-dns 66 kubernetes.io/cluster-service: "true" 67 addonmanager.kubernetes.io/mode: Reconcile 68 spec: 69 # replicas: not specified here: 70 # 1. In order to make Addon Manager do not reconcile this replicas parameter. 71 # 2. Default is 1. 72 # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. 73 strategy: 74 rollingUpdate: 75 maxSurge: 10% 76 maxUnavailable: 0 77 selector: 78 matchLabels: 79 k8s-app: kube-dns 80 template: 81 metadata: 82 labels: 83 k8s-app: kube-dns 84 annotations: 85 prometheus.io/port: "10054" 86 prometheus.io/scrape: "true" 87 spec: 88 priorityClassName: system-cluster-critical 89 securityContext: 90 seccompProfile: 91 type: RuntimeDefault 92 supplementalGroups: [ 65534 ] 93 fsGroup: 65534 94 affinity: 95 podAntiAffinity: 96 preferredDuringSchedulingIgnoredDuringExecution: 97 - weight: 100 98 podAffinityTerm: 99 labelSelector: 100 matchExpressions: 101 - key: k8s-app 102 operator: In 103 values: ["kube-dns"] 104 topologyKey: kubernetes.io/hostname 105 tolerations: 106 - key: "CriticalAddonsOnly" 107 operator: "Exists" 108 volumes: 109 - name: kube-dns-config 110 configMap: 111 name: kube-dns 112 optional: true 113 nodeSelector: 114 kubernetes.io/os: linux 115 containers: 116 - name: kubedns 117 image: registry.k8s.io/dns/k8s-dns-kube-dns:1.23.0 118 resources: 119 # TODO: Set memory limits when we've profiled the container for large 120 # clusters, then set request = limit to keep this container in 121 # guaranteed class. Currently, this container falls into the 122 # "burstable" category so the kubelet doesn't backoff from restarting it. 123 limits: 124 memory: 'dns_memory_limit' 125 requests: 126 cpu: 100m 127 memory: 70Mi 128 livenessProbe: 129 httpGet: 130 path: /healthcheck/kubedns 131 port: 10054 132 scheme: HTTP 133 initialDelaySeconds: 60 134 timeoutSeconds: 5 135 successThreshold: 1 136 failureThreshold: 5 137 readinessProbe: 138 httpGet: 139 path: /readiness 140 port: 8081 141 scheme: HTTP 142 # we poll on pod startup for the Kubernetes master service and 143 # only setup the /readiness HTTP server once that's available. 144 initialDelaySeconds: 3 145 timeoutSeconds: 5 146 args: 147 - --domain=dns_domain. 148 - --dns-port=10053 149 - --config-dir=/kube-dns-config 150 - --v=2 151 env: 152 - name: PROMETHEUS_PORT 153 value: "10055" 154 ports: 155 - containerPort: 10053 156 name: dns-local 157 protocol: UDP 158 - containerPort: 10053 159 name: dns-tcp-local 160 protocol: TCP 161 - containerPort: 10055 162 name: metrics 163 protocol: TCP 164 volumeMounts: 165 - name: kube-dns-config 166 mountPath: /kube-dns-config 167 securityContext: 168 allowPrivilegeEscalation: false 169 readOnlyRootFilesystem: true 170 runAsUser: 1001 171 runAsGroup: 1001 172 - name: dnsmasq 173 image: registry.k8s.io/dns/k8s-dns-dnsmasq-nanny:1.23.0 174 livenessProbe: 175 httpGet: 176 path: /healthcheck/dnsmasq 177 port: 10054 178 scheme: HTTP 179 initialDelaySeconds: 60 180 timeoutSeconds: 5 181 successThreshold: 1 182 failureThreshold: 5 183 args: 184 - -v=2 185 - -logtostderr 186 - -configDir=/etc/k8s/dns/dnsmasq-nanny 187 - -restartDnsmasq=true 188 - -- 189 - -k 190 - --cache-size=1000 191 - --no-negcache 192 - --dns-loop-detect 193 - --log-facility=- 194 - --server=/dns_domain/127.0.0.1#10053 195 - --server=/in-addr.arpa/127.0.0.1#10053 196 - --server=/ip6.arpa/127.0.0.1#10053 197 ports: 198 - containerPort: 53 199 name: dns 200 protocol: UDP 201 - containerPort: 53 202 name: dns-tcp 203 protocol: TCP 204 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details 205 resources: 206 requests: 207 cpu: 150m 208 memory: 20Mi 209 volumeMounts: 210 - name: kube-dns-config 211 mountPath: /etc/k8s/dns/dnsmasq-nanny 212 securityContext: 213 capabilities: 214 drop: 215 - all 216 add: 217 - NET_BIND_SERVICE 218 - SETGID 219 - name: sidecar 220 image: registry.k8s.io/dns/k8s-dns-sidecar:1.23.0 221 livenessProbe: 222 httpGet: 223 path: /metrics 224 port: 10054 225 scheme: HTTP 226 initialDelaySeconds: 60 227 timeoutSeconds: 5 228 successThreshold: 1 229 failureThreshold: 5 230 args: 231 - --v=2 232 - --logtostderr 233 - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.dns_domain,5,SRV 234 - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.dns_domain,5,SRV 235 ports: 236 - containerPort: 10054 237 name: metrics 238 protocol: TCP 239 resources: 240 requests: 241 memory: 20Mi 242 cpu: 10m 243 securityContext: 244 allowPrivilegeEscalation: false 245 readOnlyRootFilesystem: true 246 runAsUser: 1001 247 runAsGroup: 1001 248 dnsPolicy: Default # Don't use cluster DNS. 249 serviceAccountName: kube-dns