-
Notifications
You must be signed in to change notification settings - Fork 2
/
50-coredns.yaml
150 lines (150 loc) · 3.4 KB
/
50-coredns.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubelink-coredns
namespace: kubelink
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelink:coredns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: system:coredns
subjects:
- kind: ServiceAccount
name: kubelink-coredns
namespace: kubelink
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kubelink-coredns
name: kubelink-dns
namespace: kubelink
spec:
clusterIP: 100.64.0.11 # change-me
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 8053
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 8053
- name: metrics
port: 9153
protocol: TCP
targetPort: 9153
selector:
app: kubelink-coredns
sessionAffinity: None
type: ClusterIP
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kubelink-coredns
name: kubelink-coredns
namespace: kubelink
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 0
selector:
matchLabels:
app: kubelink-coredns
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
# scheduler.alpha.kubernetes.io/critical-pod: ""
creationTimestamp: null
labels:
app: kubelink-coredns
spec:
containers:
- args:
- -conf
- /etc/coredns/Corefile
image: eu.gcr.io/sap-se-gcr-k8s-public/coredns/coredns:1.6.3
imagePullPolicy: IfNotPresent
livenessProbe:
failureThreshold: 5
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: coredns
ports:
- containerPort: 8053
name: dns-udp
protocol: UDP
- containerPort: 8053
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8181
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 250m
memory: 100Mi
requests:
cpu: 50m
memory: 15Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/coredns
name: secret-volume
readOnly: true
dnsPolicy: Default
# priorityClassName: system-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: kubelink-coredns
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- secret:
defaultMode: 420
items:
- key: Corefile
path: Corefile
- key: kubeconfig
path: kubeconfig
secretName: kubelink-coredns
name: secret-volume