From 0e87420d2cd607a490d1b6f20684266a64b9cedf Mon Sep 17 00:00:00 2001
From: Alistair Mackay <34012094+fireflycons@users.noreply.github.com>
Date: Wed, 19 Oct 2022 20:11:48 +0100
Subject: [PATCH] Ugrade coredns

---
 README.md                |  2 +-
 deployments/coredns.yaml | 58 ++++++++++++++++++++++++++++------------
 2 files changed, 42 insertions(+), 18 deletions(-)

diff --git a/README.md b/README.md
index a3fa57e..d21881c 100644
--- a/README.md
+++ b/README.md
@@ -30,7 +30,7 @@ Kubernetes The Hard Way guides you through bootstrapping a highly available Kube
 * [CNI Container Networking](https://github.com/containernetworking/cni) 0.8.6
 * [Weave Networking](https://www.weave.works/docs/net/latest/kubernetes/kube-addon/)
 * [etcd](https://github.com/coreos/etcd) v3.5.3
-* [CoreDNS](https://github.com/coredns/coredns) v1.8.6
+* [CoreDNS](https://github.com/coredns/coredns) v1.9.4
 
 ### Node configuration
 
diff --git a/deployments/coredns.yaml b/deployments/coredns.yaml
index 807ef1b..1e7a204 100644
--- a/deployments/coredns.yaml
+++ b/deployments/coredns.yaml
@@ -11,16 +11,23 @@ metadata:
     kubernetes.io/bootstrapping: rbac-defaults
   name: system:coredns
 rules:
-- apiGroups:
-  - ""
-  resources:
-  - endpoints
-  - services
-  - pods
-  - namespaces
-  verbs:
-  - list
-  - watch
+  - apiGroups:
+    - ""
+    resources:
+    - endpoints
+    - services
+    - pods
+    - namespaces
+    verbs:
+    - list
+    - watch
+  - apiGroups:
+    - discovery.k8s.io
+    resources:
+    - endpointslices
+    verbs:
+    - list
+    - watch
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
@@ -49,17 +56,16 @@ data:
     .:53 {
         errors
         health {
-           lameduck 5s
+          lameduck 5s
         }
         ready
         kubernetes cluster.local in-addr.arpa ip6.arpa {
            pods insecure
-           fallthrough in-addr.arpa ip6.arpa
-           ttl 30
+          fallthrough in-addr.arpa ip6.arpa
         }
         prometheus :9153
         forward . /etc/resolv.conf {
-           max_concurrent 1000
+          max_concurrent 1000
         }
         cache 30
         loop
@@ -89,15 +95,25 @@ spec:
       labels:
         k8s-app: kube-dns
     spec:
+      priorityClassName: system-cluster-critical
       serviceAccountName: coredns
       tolerations:
-        - key: node-role.kubernetes.io/master
-          effect: NoSchedule
         - key: "CriticalAddonsOnly"
           operator: "Exists"
+      nodeSelector:
+        kubernetes.io/os: linux
+      affinity:
+         podAntiAffinity:
+           requiredDuringSchedulingIgnoredDuringExecution:
+           - labelSelector:
+               matchExpressions:
+               - key: k8s-app
+                 operator: In
+                 values: ["kube-dns"]
+             topologyKey: kubernetes.io/hostname
       containers:
       - name: coredns
-        image: coredns/coredns:1.8.6
+        image: coredns/coredns:1.9.4
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -137,6 +153,11 @@ spec:
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 5
+        readinessProbe:
+          httpGet:
+            path: /ready
+            port: 8181
+            scheme: HTTP
       dnsPolicy: Default
       volumes:
         - name: config-volume
@@ -169,3 +190,6 @@ spec:
   - name: dns-tcp
     port: 53
     protocol: TCP
+  - name: metrics
+    port: 9153
+    protocol: TCP
\ No newline at end of file