| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220 |
- # Copyright 2016 The Kubernetes Authors.
- #
- # Licensed under the Apache License, Version 2.0 (the "License");
- # you may not use this file except in compliance with the License.
- # You may obtain a copy of the License at
- #
- # http://www.apache.org/licenses/LICENSE-2.0
- #
- # Unless required by applicable law or agreed to in writing, software
- # distributed under the License is distributed on an "AS IS" BASIS,
- # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- # See the License for the specific language governing permissions and
- # limitations under the License.
- # Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
- # in sync with this file.
- # __MACHINE_GENERATED_WARNING__
- apiVersion: v1
- kind: Service
- metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- k8s-app: kube-dns
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- kubernetes.io/name: "KubeDNS"
- spec:
- selector:
- k8s-app: kube-dns
- clusterIP: __PILLAR__DNS__SERVER__
- ports:
- - name: dns
- port: 53
- protocol: UDP
- - name: dns-tcp
- port: 53
- protocol: TCP
- ---
- apiVersion: v1
- kind: ServiceAccount
- metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- ---
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- addonmanager.kubernetes.io/mode: EnsureExists
- ---
- apiVersion: apps/v1
- kind: Deployment
- metadata:
- name: kube-dns
- namespace: kube-system
- labels:
- k8s-app: kube-dns
- kubernetes.io/cluster-service: "true"
- addonmanager.kubernetes.io/mode: Reconcile
- spec:
- # replicas: not specified here:
- # 1. In order to make Addon Manager do not reconcile this replicas parameter.
- # 2. Default is 1.
- # 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
- strategy:
- rollingUpdate:
- maxSurge: 10%
- maxUnavailable: 0
- selector:
- matchLabels:
- k8s-app: kube-dns
- template:
- metadata:
- labels:
- k8s-app: kube-dns
- annotations:
- scheduler.alpha.kubernetes.io/critical-pod: ''
- seccomp.security.alpha.kubernetes.io/pod: 'docker/default'
- prometheus.io/port: "10054"
- prometheus.io/scrape: "true"
- spec:
- priorityClassName: system-cluster-critical
- securityContext:
- supplementalGroups: [ 65534 ]
- fsGroup: 65534
- tolerations:
- - key: "CriticalAddonsOnly"
- operator: "Exists"
- volumes:
- - name: kube-dns-config
- configMap:
- name: kube-dns
- optional: true
- containers:
- - name: kubedns
- image: k8s.gcr.io/k8s-dns-kube-dns:1.14.13
- resources:
- # TODO: Set memory limits when we've profiled the container for large
- # clusters, then set request = limit to keep this container in
- # guaranteed class. Currently, this container falls into the
- # "burstable" category so the kubelet doesn't backoff from restarting it.
- limits:
- memory: __PILLAR__DNS__MEMORY__LIMIT__
- requests:
- cpu: 100m
- memory: 70Mi
- livenessProbe:
- httpGet:
- path: /healthcheck/kubedns
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 5
- readinessProbe:
- httpGet:
- path: /readiness
- port: 8081
- scheme: HTTP
- # we poll on pod startup for the Kubernetes master service and
- # only setup the /readiness HTTP server once that's available.
- initialDelaySeconds: 3
- timeoutSeconds: 5
- args:
- - --domain=__PILLAR__DNS__DOMAIN__.
- - --dns-port=10053
- - --config-dir=/kube-dns-config
- - --v=2
- env:
- - name: PROMETHEUS_PORT
- value: "10055"
- ports:
- - containerPort: 10053
- name: dns-local
- protocol: UDP
- - containerPort: 10053
- name: dns-tcp-local
- protocol: TCP
- - containerPort: 10055
- name: metrics
- protocol: TCP
- volumeMounts:
- - name: kube-dns-config
- mountPath: /kube-dns-config
- - name: dnsmasq
- image: k8s.gcr.io/k8s-dns-dnsmasq-nanny:1.14.13
- livenessProbe:
- httpGet:
- path: /healthcheck/dnsmasq
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 5
- args:
- - -v=2
- - -logtostderr
- - -configDir=/etc/k8s/dns/dnsmasq-nanny
- - -restartDnsmasq=true
- - --
- - -k
- - --cache-size=1000
- - --no-negcache
- - --dns-loop-detect
- - --log-facility=-
- - --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053
- - --server=/in-addr.arpa/127.0.0.1#10053
- - --server=/ip6.arpa/127.0.0.1#10053
- ports:
- - containerPort: 53
- name: dns
- protocol: UDP
- - containerPort: 53
- name: dns-tcp
- protocol: TCP
- # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
- resources:
- requests:
- cpu: 150m
- memory: 20Mi
- volumeMounts:
- - name: kube-dns-config
- mountPath: /etc/k8s/dns/dnsmasq-nanny
- - name: sidecar
- image: k8s.gcr.io/k8s-dns-sidecar:1.14.13
- livenessProbe:
- httpGet:
- path: /metrics
- port: 10054
- scheme: HTTP
- initialDelaySeconds: 60
- timeoutSeconds: 5
- successThreshold: 1
- failureThreshold: 5
- args:
- - --v=2
- - --logtostderr
- - --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
- - --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,SRV
- ports:
- - containerPort: 10054
- name: metrics
- protocol: TCP
- resources:
- requests:
- memory: 20Mi
- cpu: 10m
- dnsPolicy: Default # Don't use cluster DNS.
- serviceAccountName: kube-dns
|
