k8s.io/kubernetes@v1.31.0-alpha.0.0.20240520171757-56147500dadc/cluster/addons/dns/nodelocaldns/nodelocaldns.yaml (about) 1 # Copyright 2018 The Kubernetes Authors. 2 # 3 # Licensed under the Apache License, Version 2.0 (the "License"); 4 # you may not use this file except in compliance with the License. 5 # You may obtain a copy of the License at 6 # 7 # http://www.apache.org/licenses/LICENSE-2.0 8 # 9 # Unless required by applicable law or agreed to in writing, software 10 # distributed under the License is distributed on an "AS IS" BASIS, 11 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 # See the License for the specific language governing permissions and 13 # limitations under the License. 14 # 15 16 apiVersion: v1 17 kind: ServiceAccount 18 metadata: 19 name: node-local-dns 20 namespace: kube-system 21 labels: 22 kubernetes.io/cluster-service: "true" 23 addonmanager.kubernetes.io/mode: Reconcile 24 --- 25 apiVersion: v1 26 kind: Service 27 metadata: 28 name: kube-dns-upstream 29 namespace: kube-system 30 labels: 31 k8s-app: kube-dns 32 kubernetes.io/cluster-service: "true" 33 addonmanager.kubernetes.io/mode: Reconcile 34 kubernetes.io/name: "KubeDNSUpstream" 35 spec: 36 ports: 37 - name: dns 38 port: 53 39 protocol: UDP 40 targetPort: 53 41 - name: dns-tcp 42 port: 53 43 protocol: TCP 44 targetPort: 53 45 selector: 46 k8s-app: kube-dns 47 --- 48 apiVersion: v1 49 kind: ConfigMap 50 metadata: 51 name: node-local-dns 52 namespace: kube-system 53 labels: 54 addonmanager.kubernetes.io/mode: Reconcile 55 data: 56 Corefile: | 57 __PILLAR__DNS__DOMAIN__:53 { 58 errors 59 cache { 60 success 9984 30 61 denial 9984 5 62 } 63 reload 64 loop 65 bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__ 66 forward . __PILLAR__CLUSTER__DNS__ { 67 force_tcp 68 } 69 prometheus :9253 70 health __PILLAR__LOCAL__DNS__:8080 71 } 72 in-addr.arpa:53 { 73 errors 74 cache 30 75 reload 76 loop 77 bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__ 78 forward . __PILLAR__CLUSTER__DNS__ { 79 force_tcp 80 } 81 prometheus :9253 82 } 83 ip6.arpa:53 { 84 errors 85 cache 30 86 reload 87 loop 88 bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__ 89 forward . __PILLAR__CLUSTER__DNS__ { 90 force_tcp 91 } 92 prometheus :9253 93 } 94 .:53 { 95 errors 96 cache 30 97 reload 98 loop 99 bind __PILLAR__LOCAL__DNS__ __PILLAR__DNS__SERVER__ 100 forward . __PILLAR__UPSTREAM__SERVERS__ 101 prometheus :9253 102 } 103 --- 104 apiVersion: apps/v1 105 kind: DaemonSet 106 metadata: 107 name: node-local-dns 108 namespace: kube-system 109 labels: 110 k8s-app: node-local-dns 111 kubernetes.io/cluster-service: "true" 112 addonmanager.kubernetes.io/mode: Reconcile 113 spec: 114 updateStrategy: 115 rollingUpdate: 116 maxUnavailable: 10% 117 selector: 118 matchLabels: 119 k8s-app: node-local-dns 120 template: 121 metadata: 122 labels: 123 k8s-app: node-local-dns 124 annotations: 125 prometheus.io/port: "9253" 126 prometheus.io/scrape: "true" 127 spec: 128 priorityClassName: system-node-critical 129 serviceAccountName: node-local-dns 130 hostNetwork: true 131 dnsPolicy: Default # Don't use cluster DNS. 132 tolerations: 133 - key: "CriticalAddonsOnly" 134 operator: "Exists" 135 - effect: "NoExecute" 136 operator: "Exists" 137 - effect: "NoSchedule" 138 operator: "Exists" 139 containers: 140 - name: node-cache 141 image: registry.k8s.io/dns/k8s-dns-node-cache:1.23.0 142 resources: 143 requests: 144 cpu: 25m 145 memory: 5Mi 146 args: [ "-localip", "__PILLAR__LOCAL__DNS__,__PILLAR__DNS__SERVER__", "-conf", "/etc/Corefile", "-upstreamsvc", "kube-dns-upstream" ] 147 securityContext: 148 capabilities: 149 add: 150 - NET_ADMIN 151 ports: 152 - containerPort: 53 153 name: dns 154 protocol: UDP 155 - containerPort: 53 156 name: dns-tcp 157 protocol: TCP 158 - containerPort: 9253 159 name: metrics 160 protocol: TCP 161 livenessProbe: 162 httpGet: 163 host: __PILLAR__LOCAL__DNS__ 164 path: /health 165 port: 8080 166 initialDelaySeconds: 60 167 timeoutSeconds: 5 168 volumeMounts: 169 - mountPath: /run/xtables.lock 170 name: xtables-lock 171 readOnly: false 172 - name: config-volume 173 mountPath: /etc/coredns 174 - name: kube-dns-config 175 mountPath: /etc/kube-dns 176 volumes: 177 - name: xtables-lock 178 hostPath: 179 path: /run/xtables.lock 180 type: FileOrCreate 181 - name: kube-dns-config 182 configMap: 183 name: kube-dns 184 optional: true 185 - name: config-volume 186 configMap: 187 name: node-local-dns 188 items: 189 - key: Corefile 190 path: Corefile.base 191 --- 192 # A headless service is a service with a service IP but instead of load-balancing it will return the IPs of our associated Pods. 193 # We use this to expose metrics to Prometheus. 194 apiVersion: v1 195 kind: Service 196 metadata: 197 annotations: 198 prometheus.io/port: "9253" 199 prometheus.io/scrape: "true" 200 labels: 201 k8s-app: node-local-dns 202 name: node-local-dns 203 namespace: kube-system 204 spec: 205 clusterIP: None 206 ports: 207 - name: metrics 208 port: 9253 209 targetPort: 9253 210 selector: 211 k8s-app: node-local-dns