mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-04 07:49:35 +00:00
d731dc7546
Automatic merge from submit-queue (batch tested with PRs 41826, 42405)
Add stubDomains and upstreamNameservers configuration to kube-dns
```release-note
Updates the dnsmasq cache/mux layer to be managed by dnsmasq-nanny.
dnsmasq-nanny manages dnsmasq based on values from the
kube-system:kube-dns configmap:
"stubDomains": {
"acme.local": ["1.2.3.4"]
},
is a map of domain to list of nameservers for the domain. This is used
to inject private DNS domains into the kube-dns namespace. In the above
example, any DNS requests for *.acme.local will be served by the
nameserver 1.2.3.4.
"upstreamNameservers": ["8.8.8.8", "8.8.4.4"]
is a list of upstreamNameservers to use, overriding the configuration
specified in /etc/resolv.conf.
```
173 lines
5.2 KiB
Plaintext
173 lines
5.2 KiB
Plaintext
# Copyright 2016 The Kubernetes Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
|
|
# in sync with this file.
|
|
|
|
# __MACHINE_GENERATED_WARNING__
|
|
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kube-dns
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
spec:
|
|
# replicas: not specified here:
|
|
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
|
|
# 2. Default is 1.
|
|
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 10%
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: kube-dns
|
|
annotations:
|
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
spec:
|
|
tolerations:
|
|
- key: "CriticalAddonsOnly"
|
|
operator: "Exists"
|
|
volumes:
|
|
- name: kube-dns-config
|
|
configMap:
|
|
name: kube-dns
|
|
optional: true
|
|
containers:
|
|
- name: kubedns
|
|
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.1
|
|
resources:
|
|
# TODO: Set memory limits when we've profiled the container for large
|
|
# clusters, then set request = limit to keep this container in
|
|
# guaranteed class. Currently, this container falls into the
|
|
# "burstable" category so the kubelet doesn't backoff from restarting it.
|
|
limits:
|
|
memory: 170Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 70Mi
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthcheck/kubedns
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readiness
|
|
port: 8081
|
|
scheme: HTTP
|
|
# we poll on pod startup for the Kubernetes master service and
|
|
# only setup the /readiness HTTP server once that's available.
|
|
initialDelaySeconds: 3
|
|
timeoutSeconds: 5
|
|
args:
|
|
- --domain=__PILLAR__DNS__DOMAIN__.
|
|
- --dns-port=10053
|
|
- --config-dir=/kube-dns-config
|
|
- --v=2
|
|
__PILLAR__FEDERATIONS__DOMAIN__MAP__
|
|
env:
|
|
- name: PROMETHEUS_PORT
|
|
value: "10055"
|
|
ports:
|
|
- containerPort: 10053
|
|
name: dns-local
|
|
protocol: UDP
|
|
- containerPort: 10053
|
|
name: dns-tcp-local
|
|
protocol: TCP
|
|
- containerPort: 10055
|
|
name: metrics
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: kube-dns-config
|
|
mountPath: /kube-dns-config
|
|
- name: dnsmasq
|
|
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.1
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthcheck/dnsmasq
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
args:
|
|
- -v=2
|
|
- -logtostderr
|
|
- -configDir=/etc/k8s/dns/dnsmasq-nanny
|
|
- -restartDnsmasq=true
|
|
- --
|
|
- -k
|
|
- --cache-size=1000
|
|
- --log-facility=-
|
|
- --server=/__PILLAR__DNS__DOMAIN__/127.0.0.1#10053
|
|
- --server=/in-addr.arpa/127.0.0.1#10053
|
|
- --server=/ip6.arpa/127.0.0.1#10053
|
|
ports:
|
|
- containerPort: 53
|
|
name: dns
|
|
protocol: UDP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
# see: https://github.com/kubernetes/kubernetes/issues/29055 for details
|
|
resources:
|
|
requests:
|
|
cpu: 150m
|
|
memory: 20Mi
|
|
volumeMounts:
|
|
- name: kube-dns-config
|
|
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
|
- name: sidecar
|
|
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.1
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
args:
|
|
- --v=2
|
|
- --logtostderr
|
|
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
|
|
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.__PILLAR__DNS__DOMAIN__,5,A
|
|
ports:
|
|
- containerPort: 10054
|
|
name: metrics
|
|
protocol: TCP
|
|
resources:
|
|
requests:
|
|
memory: 20Mi
|
|
cpu: 10m
|
|
dnsPolicy: Default # Don't use cluster DNS.
|
|
serviceAccountName: kube-dns
|