From d89e97a6846ef2a324134841b1029042952549c7 Mon Sep 17 00:00:00 2001 From: rsavchuk Date: Thu, 25 May 2023 22:16:51 +0200 Subject: [PATCH] Add coredn manifest file --- manifests/coredns.yml | 165 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 165 insertions(+) create mode 100644 manifests/coredns.yml diff --git a/manifests/coredns.yml b/manifests/coredns.yml new file mode 100644 index 0000000..0d17eac --- /dev/null +++ b/manifests/coredns.yml @@ -0,0 +1,165 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns + labels: + k8s-app: coredns +data: + Corefile: |- + .:53 { + errors + health { + lameduck 5s + } + ready + kubernetes cluster.local in-addr.arpa ip6.arpa { + pods insecure + fallthrough in-addr.arpa ip6.arpa + ttl 30 + } + prometheus 0.0.0.0:9153 + forward . /etc/resolv.conf + cache 30 + loop + reload + loadbalance + } + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRole +metadata: + name: coredns + labels: + k8s-app: coredns +rules: + - apiGroups: + - "" + resources: + - endpoints + - services + - pods + - namespaces + verbs: + - list + - watch + - apiGroups: + - discovery.k8s.io + resources: + - endpointslices + verbs: + - list + - watch + +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: ClusterRoleBinding +metadata: + name: coredns + labels: + k8s-app: coredns +roleRef: + apiGroup: rbac.authorization.k8s.io + kind: ClusterRole + name: coredns +subjects: + - kind: ServiceAccount + name: default + namespace: kube-system + +--- +apiVersion: v1 +kind: Service +metadata: + name: coredns + labels: + k8s-app: coredns +spec: + selector: + k8s-app: coredns + ports: + - { "name": "udp-53", "port": 53, "protocol": "UDP" } + - { "name": "tcp-53", "port": 53, "protocol": "TCP" } + type: ClusterIP + clusterIP: 10.32.0.10 + +--- +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coredns + labels: + k8s-app: coredns +spec: + replicas: 1 + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 1 + maxSurge: 25% + selector: + matchLabels: + k8s-app: coredns + template: + metadata: + labels: + k8s-app: coredns + annotations: + checksum/config: 158d059c22a85c971e58da7eb18cd7fdf4ddd759f217f75f61d7d1a82e1167e6 + scheduler.alpha.kubernetes.io/critical-pod: "" + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + spec: + terminationGracePeriodSeconds: 30 + serviceAccountName: default + dnsPolicy: Default + containers: + - name: "coredns" + image: "coredns/coredns:1.10.1" + imagePullPolicy: IfNotPresent + args: ["-conf", "/etc/coredns/Corefile"] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + resources: + limits: + cpu: 100m + memory: 128Mi + requests: + cpu: 100m + memory: 128Mi + ports: + - { "containerPort": 53, "name": "udp-53", "protocol": "UDP" } + - { "containerPort": 53, "name": "tcp-53", "protocol": "TCP" } + - { "containerPort": 9153, "name": "tcp-9153", "protocol": "TCP" } + + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 5 + successThreshold: 1 + failureThreshold: 5 + securityContext: + capabilities: + add: + - NET_BIND_SERVICE + volumes: + - name: config-volume + configMap: + name: coredns + items: + - key: Corefile + path: Corefile