| # Copyright 2016 The Kubernetes Authors. |
| # |
| # Licensed under the Apache License, Version 2.0 (the "License"); |
| # you may not use this file except in compliance with the License. |
| # You may obtain a copy of the License at |
| # |
| # http://www.apache.org/licenses/LICENSE-2.0 |
| # |
| # Unless required by applicable law or agreed to in writing, software |
| # distributed under the License is distributed on an "AS IS" BASIS, |
| # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| # See the License for the specific language governing permissions and |
| # limitations under the License. |
| |
| # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml |
| # in sync with this file. |
| |
| # __MACHINE_GENERATED_WARNING__ |
| |
| apiVersion: v1 |
| kind: Service |
| metadata: |
| name: kube-dns |
| namespace: kube-system |
| labels: |
| k8s-app: kube-dns |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| kubernetes.io/name: "KubeDNS" |
| spec: |
| selector: |
| k8s-app: kube-dns |
| clusterIP: __PILLAR__DNS__SERVER__ |
| ports: |
| - name: dns |
| port: 53 |
| protocol: UDP |
| - name: dns-tcp |
| port: 53 |
| protocol: TCP |
| --- |
| apiVersion: v1 |
| kind: ServiceAccount |
| metadata: |
| name: kube-dns |
| namespace: kube-system |
| labels: |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| --- |
| apiVersion: v1 |
| kind: ConfigMap |
| metadata: |
| name: kube-dns |
| namespace: kube-system |
| labels: |
| addonmanager.kubernetes.io/mode: EnsureExists |
| --- |
| apiVersion: extensions/v1beta1 |
| kind: Deployment |
| metadata: |
| name: kube-dns |
| namespace: kube-system |
| labels: |
| k8s-app: kube-dns |
| kubernetes.io/cluster-service: "true" |
| addonmanager.kubernetes.io/mode: Reconcile |
| spec: |
| # replicas: not specified here: |
| # 1. In order to make Addon Manager do not reconcile this replicas parameter. |
| # 2. Default is 1. |
| # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on. |
| strategy: |
| rollingUpdate: |
| maxSurge: 10% |
| maxUnavailable: 0 |
| selector: |
| matchLabels: |
| k8s-app: kube-dns |
| template: |
| metadata: |
| labels: |
| k8s-app: kube-dns |
| annotations: |
| scheduler.alpha.kubernetes.io/critical-pod: '' |
| seccomp.security.alpha.kubernetes.io/pod: 'docker/default' |
| spec: |
| priorityClassName: system-cluster-critical |
| tolerations: |
| - key: "CriticalAddonsOnly" |
| operator: "Exists" |
| volumes: |
| - name: kube-dns-config |
| configMap: |
| name: kube-dns |
| optional: true |
| containers: |
| - name: kubedns |
| image: k8s.gcr.io/k8s-dns-kube-dns:1.14.13 |
| resources: |
| # TODO: Set memory limits when we've profiled the container for large |
| # clusters, then set request = limit to keep this container in |
| # guaranteed class. Currently, this container falls into the |
| # "burstable" category so the kubelet doesn't backoff from restarting it. |
| limits: |
| memory: 170Mi |
| requests: |
| cpu: 100m |
| memory: 70Mi |
| livenessProbe: |
| httpGet: |
| path: /healthcheck/kubedns |
| port: 10054 |
| scheme: HTTP |
| initialDelaySeconds: 60 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 5 |
| readinessProbe: |
| httpGet: |
| path: /readiness |
| port: 8081 |
| scheme: HTTP |
| # we poll on pod startup for the Kubernetes master service and |
| # only setup the /readiness HTTP server once that's available. |
| initialDelaySeconds: 3 |
| timeoutSeconds: 5 |
| args: |
| - --domain=__PILLAR__DNS__DOMAIN__. |
| - --dns-port=10053 |
| - --config-dir=/kube-dns-config |
| - --v=2 |
| env: |
| - name: PROMETHEUS_PORT |
| value: "10055" |
| ports: |
| - containerPort: 10053 |
| name: dns-local |
| protocol: UDP |
| - containerPort: 10053 |
| name: dns-tcp-local |
| protocol: TCP |
| - containerPort: 10055 |
| name: metrics |
| protocol: TCP |
| volumeMounts: |
| - name: kube-dns-config |
| mountPath: /kube-dns-config |
| - name: dnsmasq |
| image: k8s.gcr.io/k8s-dns-dnsmasq-nanny:1.14.13 |
| livenessProbe: |
| httpGet: |
| path: /healthcheck/dnsmasq |
| port: 10054 |
| scheme: HTTP |
| initialDelaySeconds: 60 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 5 |
| args: |
| - -v=2 |
| - -logtostderr |
| - -configDir=/etc/k8s/dns/dnsmasq-nanny |
| - -restartDnsmasq=true |
| - -- |
| - -k |
| - --cache-size=1000 |
| - --no-negcache |
| - --dns-loop-detect |
| - --log-facility=- |
| - --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053 |
| - --server=/in-addr.arpa/127.0.0.1#10053 |
| - --server=/ip6.arpa/127.0.0.1#10053 |
| ports: |
| - containerPort: 53 |
| name: dns |
| protocol: UDP |
| - containerPort: 53 |
| name: dns-tcp |
| protocol: TCP |
| # see: https://github.com/kubernetes/kubernetes/issues/29055 for details |
| resources: |
| requests: |
| cpu: 150m |
| memory: 20Mi |
| volumeMounts: |
| - name: kube-dns-config |
| mountPath: /etc/k8s/dns/dnsmasq-nanny |
| - name: sidecar |
| image: k8s.gcr.io/k8s-dns-sidecar:1.14.13 |
| livenessProbe: |
| httpGet: |
| path: /metrics |
| port: 10054 |
| scheme: HTTP |
| initialDelaySeconds: 60 |
| timeoutSeconds: 5 |
| successThreshold: 1 |
| failureThreshold: 5 |
| args: |
| - --v=2 |
| - --logtostderr |
| - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV |
| - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV |
| ports: |
| - containerPort: 10054 |
| name: metrics |
| protocol: TCP |
| resources: |
| requests: |
| memory: 20Mi |
| cpu: 10m |
| dnsPolicy: Default # Don't use cluster DNS. |
| serviceAccountName: kube-dns |