in operator/pkg/controllers/addons/coredns.go [183:262]
func (c *CoreDNS) deployment(ctx context.Context) error {
return c.kubeClient.EnsurePatch(ctx, &appsv1.Deployment{}, &appsv1.Deployment{
ObjectMeta: metav1.ObjectMeta{
Name: "coredns",
Namespace: kubeSystem,
Labels: coreDNSLabels(),
},
Spec: appsv1.DeploymentSpec{
Replicas: ptr.Int32(2),
Selector: &metav1.LabelSelector{
MatchLabels: coreDNSLabels(),
},
Template: v1.PodTemplateSpec{
ObjectMeta: metav1.ObjectMeta{
Labels: coreDNSLabels(),
},
Spec: v1.PodSpec{
DNSPolicy: v1.DNSDefault,
PriorityClassName: "system-cluster-critical",
ServiceAccountName: "coredns",
Containers: []v1.Container{{
Name: "coredns",
Image: imageprovider.CoreDNS(),
ImagePullPolicy: v1.PullIfNotPresent,
Resources: v1.ResourceRequirements{
Requests: map[v1.ResourceName]resource.Quantity{
v1.ResourceCPU: resource.MustParse("1"),
v1.ResourceMemory: resource.MustParse("70"),
},
Limits: map[v1.ResourceName]resource.Quantity{
v1.ResourceCPU: resource.MustParse("1.7"),
},
},
Args: []string{"-conf", "/etc/coredns/Corefile"},
Ports: []v1.ContainerPort{{
Name: "dns",
ContainerPort: 53,
Protocol: "UDP",
}, {
Name: "dns-tcp",
ContainerPort: 53,
Protocol: "TCP",
}, {
Name: "metrics",
ContainerPort: 9153,
Protocol: "TCP",
}},
SecurityContext: &v1.SecurityContext{
AllowPrivilegeEscalation: ptr.Bool(false),
Capabilities: &v1.Capabilities{
Add: []v1.Capability{"NET_BIND_SERVICE"},
Drop: []v1.Capability{"all"},
},
ReadOnlyRootFilesystem: ptr.Bool(true),
},
VolumeMounts: []v1.VolumeMount{{
Name: "config-volume",
MountPath: "/etc/coredns",
ReadOnly: true,
}},
}},
Volumes: []v1.Volume{{
Name: "config-volume",
VolumeSource: v1.VolumeSource{
ConfigMap: &v1.ConfigMapVolumeSource{
LocalObjectReference: v1.LocalObjectReference{
Name: "coredns",
},
Items: []v1.KeyToPath{{
Key: "Corefile",
Path: "Corefile",
}},
},
},
}},
},
},
},
})
}