parts/k8s/addons/coredns.yaml

apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system labels: kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: Reconcile name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch - apiGroups: - "" resources: - nodes verbs: - get - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults addonmanager.kubernetes.io/mode: Reconcile name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system labels: addonmanager.kubernetes.io/mode: Reconcile data: Corefile: | import conf.d/Corefile* .:53 { errors health { # this should be > readiness probe failure time lameduck 35s } ready kubernetes {{ContainerConfig "domain"}} in-addr.arpa ip6.arpa { pods insecure fallthrough in-addr.arpa ip6.arpa } prometheus :9153 forward . /etc/resolv.conf cache 30 loop reload loadbalance import custom/*.override } import custom/*.server --- apiVersion: v1 kind: ConfigMap metadata: name: coredns-custom namespace: kube-system labels: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | # Add custom CoreDNS configuration here. {{- /* See https://github.com/coredns/coredns/tree/master/plugin/azure for information about the Azure DNS plugin. */}} --- apiVersion: apps/v1 kind: Deployment metadata: name: coredns namespace: kube-system labels: k8s-app: kube-dns kubernetes.io/name: "CoreDNS" kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: {{- /* replicas: not specified here: 1. In order to make Addon Manager do not reconcile this replicas parameter. 2. Default is 1. 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. */}} strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: labels: k8s-app: kube-dns spec: priorityClassName: system-cluster-critical affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - podAffinityTerm: labelSelector: matchExpressions: - key: k8s-app operator: In values: - kube-dns topologyKey: topology.kubernetes.io/zone weight: 10 - podAffinityTerm: labelSelector: matchExpressions: - key: k8s-app operator: In values: - kube-dns topologyKey: kubernetes.io/hostname weight: 5 serviceAccountName: coredns tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" - key: CriticalAddonsOnly operator: "Exists" - operator: "Exists" effect: NoExecute - operator: "Exists" effect: NoSchedule nodeSelector: kubernetes.io/os: linux {{- if ContainerConfig "use-host-network"}} kubernetes.azure.com/role: agent {{end}} containers: - name: coredns image: {{ContainerImage "coredns"}} imagePullPolicy: IfNotPresent resources: limits: memory: 170Mi requests: cpu: 100m memory: 70Mi args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true - mountPath: /etc/coredns/conf.d name: config-custom readOnly: true ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 readinessProbe: httpGet: path: /ready port: 8181 scheme: HTTP periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 securityContext: allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - all readOnlyRootFilesystem: true dnsPolicy: Default {{- if ContainerConfig "use-host-network"}} hostNetwork: {{ContainerConfig "use-host-network"}} {{end}} volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile - name: config-custom configMap: name: coredns-custom items: - key: Corefile path: Corefile optional: true --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: CoreDNS addonmanager.kubernetes.io/mode: Reconcile spec: selector: k8s-app: kube-dns clusterIP: {{ContainerConfig "clusterIP"}} ports: - name: dns port: 53 protocol: UDP - name: dns-tcp port: 53 protocol: TCP - name: metrics port: 9153 protocol: TCP --- apiVersion: v1 kind: ServiceAccount metadata: name: coredns-autoscaler namespace: kube-system labels: k8s-addon: coredns.addons.k8s.io addonmanager.kubernetes.io/mode: Reconcile --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-addon: coredns.addons.k8s.io addonmanager.kubernetes.io/mode: Reconcile name: coredns-autoscaler rules: - apiGroups: [""] resources: ["nodes"] verbs: ["list","watch"] - apiGroups: [""] resources: ["replicationcontrollers/scale"] verbs: ["get", "update"] - apiGroups: ["extensions", "apps"] resources: ["deployments/scale", "replicasets/scale"] verbs: ["get", "update"] - apiGroups: [""] resources: ["configmaps"] verbs: ["get", "create"] --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-addon: coredns.addons.k8s.io addonmanager.kubernetes.io/mode: Reconcile name: coredns-autoscaler roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: coredns-autoscaler subjects: - kind: ServiceAccount name: coredns-autoscaler namespace: kube-system --- apiVersion: apps/v1 kind: Deployment metadata: name: coredns-autoscaler namespace: kube-system labels: k8s-app: coredns-autoscaler kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile spec: selector: matchLabels: k8s-app: coredns-autoscaler template: metadata: labels: k8s-app: coredns-autoscaler spec: priorityClassName: system-cluster-critical tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule operator: "Exists" - key: node-role.kubernetes.io/control-plane effect: NoSchedule operator: "Exists" - key: CriticalAddonsOnly operator: "Exists" - operator: "Exists" effect: NoExecute - operator: "Exists" effect: NoSchedule nodeSelector: kubernetes.io/os: linux containers: - name: autoscaler image: {{ContainerImage "coredns-autoscaler"}} resources: requests: cpu: 20m memory: 10Mi command: - /cluster-proportional-autoscaler - --namespace=kube-system - --configmap=coredns-autoscaler - --target=Deployment/coredns - --default-params={"linear":{"coresPerReplica":{{ContainerConfig "cores-per-replica"}},"nodesPerReplica":{{ContainerConfig "nodes-per-replica"}},"min":{{ContainerConfig "min-replicas"}}}} - --logtostderr=true - --v=2 serviceAccount: coredns-autoscaler serviceAccountName: coredns-autoscaler

parts/k8s/addons/coredns.yaml (368 lines of code) (raw):