| # Warning: This is a file generated from the base underscore template file: coredns.yaml.base |
| |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: coredns |
| namespace: kube-system |
| labels: |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRole |
| metadata: |
| labels: |
| kubernetes.io/bootstrapping: rbac-defaults |
| addonmanager.kubernetes.io/mode: Reconcile |
| name: system:coredns |
| rules: |
| - apiGroups: |
| - "" |
| resources: |
| - endpoints |
| - services |
| - pods |
| - namespaces |
| verbs: |
| - list |
| - watch |
| - apiGroups: |
| - "" |
| resources: |
| - nodes |
| verbs: |
| - get |
| --- |
| apiVersion: rbac.authorization.k8s.io/v1 |
| kind: ClusterRoleBinding |
| metadata: |
| annotations: |
| rbac.authorization.kubernetes.io/autoupdate: "true" |
| labels: |
| kubernetes.io/bootstrapping: rbac-defaults |
| addonmanager.kubernetes.io/mode: EnsureExists |
| name: system:coredns |
| roleRef: |
| apiGroup: rbac.authorization.k8s.io |
| kind: ClusterRole |
| name: system:coredns |
| subjects: |
| - kind: ServiceAccount |
| name: coredns |
| namespace: kube-system |
| --- |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| name: coredns |
| namespace: kube-system |
| labels: |
| addonmanager.kubernetes.io/mode: EnsureExists |
| data: |
| Corefile: | |
| .:53 { |
| errors |
| health |
| kubernetes $DNS_DOMAIN in-addr.arpa ip6.arpa { |
| pods insecure |
| upstream |
| fallthrough in-addr.arpa ip6.arpa |
| } |
| prometheus :9153 |
| proxy . /etc/resolv.conf |
| cache 30 |
| loop |
| reload |
| loadbalance |
| } |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: coredns |
| namespace: kube-system |
| labels: |
| k8s-app: kube-dns |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| kubernetes.io/name: "CoreDNS" |
| spec: |
| # replicas: not specified here: |
| # 1. In order to make Addon Manager do not reconcile this replicas parameter. |
| # 2. Default is 1. |
| # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. |
| strategy: |
| type: RollingUpdate |
| rollingUpdate: |
| maxUnavailable: 1 |
| selector: |
| matchLabels: |
| k8s-app: kube-dns |
| template: |
| metadata: |
| labels: |
| k8s-app: kube-dns |
| annotations: |
| seccomp.security.alpha.kubernetes.io/pod: 'docker/default' |
| spec: |
| serviceAccountName: coredns |
| tolerations: |
| - key: "CriticalAddonsOnly" |
| operator: "Exists" |
| containers: |
| - name: coredns |
| image: k8s.gcr.io/coredns:1.2.6 |
| imagePullPolicy: IfNotPresent |
| resources: |
| limits: |
| memory: 170Mi |
| requests: |
| cpu: 100m |
| memory: 70Mi |
| args: [ "-conf", "/etc/coredns/Corefile" ] |
| volumeMounts: |
| - name: config-volume |
| mountPath: /etc/coredns |
| readOnly: true |
| ports: |
| - containerPort: 53 |
| name: dns |
| protocol: UDP |
| - containerPort: 53 |
| name: dns-tcp |
| protocol: TCP |
| - containerPort: 9153 |
| name: metrics |
| protocol: TCP |
| livenessProbe: |
| httpGet: |
| path: /health |
| port: 8080 |
| scheme: HTTP |
| initialDelaySeconds: 60 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 5 |
| securityContext: |
| allowPrivilegeEscalation: false |
| capabilities: |
| add: |
| - NET_BIND_SERVICE |
| drop: |
| - all |
| readOnlyRootFilesystem: true |
| dnsPolicy: Default |
| volumes: |
| - name: config-volume |
| configMap: |
| name: coredns |
| items: |
| - key: Corefile |
| path: Corefile |
| --- |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: kube-dns |
| namespace: kube-system |
| annotations: |
| prometheus.io/port: "9153" |
| prometheus.io/scrape: "true" |
| labels: |
| k8s-app: kube-dns |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| kubernetes.io/name: "CoreDNS" |
| spec: |
| selector: |
| k8s-app: kube-dns |
| clusterIP: $DNS_SERVER_IP |
| ports: |
| - name: dns |
| port: 53 |
| protocol: UDP |
| - name: dns-tcp |
| port: 53 |
| protocol: TCP |