mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-10-31 05:40:42 +00:00
212 lines
6.0 KiB
YAML
212 lines
6.0 KiB
YAML
# Copyright 2016 The Kubernetes Authors.
|
|
#
|
|
# Licensed under the Apache License, Version 2.0 (the "License");
|
|
# you may not use this file except in compliance with the License.
|
|
# You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing, software
|
|
# distributed under the License is distributed on an "AS IS" BASIS,
|
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
# See the License for the specific language governing permissions and
|
|
# limitations under the License.
|
|
|
|
# Should keep target in cluster/addons/dns-horizontal-autoscaler/dns-horizontal-autoscaler.yaml
|
|
# in sync with this file.
|
|
|
|
# Warning: This is a file generated from the base underscore template file: kube-dns.yaml.base
|
|
|
|
apiVersion: v1
|
|
kind: Service
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kube-dns
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
kubernetes.io/name: "KubeDNS"
|
|
spec:
|
|
selector:
|
|
k8s-app: kube-dns
|
|
clusterIP: {{ pillar['dns_server'] }}
|
|
ports:
|
|
- name: dns
|
|
port: 53
|
|
protocol: UDP
|
|
- name: dns-tcp
|
|
port: 53
|
|
protocol: TCP
|
|
---
|
|
apiVersion: v1
|
|
kind: ServiceAccount
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
labels:
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
---
|
|
apiVersion: v1
|
|
kind: ConfigMap
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
labels:
|
|
addonmanager.kubernetes.io/mode: EnsureExists
|
|
---
|
|
apiVersion: extensions/v1beta1
|
|
kind: Deployment
|
|
metadata:
|
|
name: kube-dns
|
|
namespace: kube-system
|
|
labels:
|
|
k8s-app: kube-dns
|
|
kubernetes.io/cluster-service: "true"
|
|
addonmanager.kubernetes.io/mode: Reconcile
|
|
spec:
|
|
# replicas: not specified here:
|
|
# 1. In order to make Addon Manager do not reconcile this replicas parameter.
|
|
# 2. Default is 1.
|
|
# 3. Will be tuned in real time if DNS horizontal auto-scaling is turned on.
|
|
strategy:
|
|
rollingUpdate:
|
|
maxSurge: 10%
|
|
maxUnavailable: 0
|
|
selector:
|
|
matchLabels:
|
|
k8s-app: kube-dns
|
|
template:
|
|
metadata:
|
|
labels:
|
|
k8s-app: kube-dns
|
|
annotations:
|
|
scheduler.alpha.kubernetes.io/critical-pod: ''
|
|
spec:
|
|
tolerations:
|
|
- key: "CriticalAddonsOnly"
|
|
operator: "Exists"
|
|
volumes:
|
|
- name: kube-dns-config
|
|
configMap:
|
|
name: kube-dns
|
|
optional: true
|
|
containers:
|
|
- name: kubedns
|
|
image: gcr.io/google_containers/k8s-dns-kube-dns-amd64:1.14.8
|
|
resources:
|
|
# TODO: Set memory limits when we've profiled the container for large
|
|
# clusters, then set request = limit to keep this container in
|
|
# guaranteed class. Currently, this container falls into the
|
|
# "burstable" category so the kubelet doesn't backoff from restarting it.
|
|
limits:
|
|
memory: 170Mi
|
|
requests:
|
|
cpu: 100m
|
|
memory: 70Mi
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthcheck/kubedns
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
readinessProbe:
|
|
httpGet:
|
|
path: /readiness
|
|
port: 8081
|
|
scheme: HTTP
|
|
# we poll on pod startup for the Kubernetes master service and
|
|
# only setup the /readiness HTTP server once that's available.
|
|
initialDelaySeconds: 3
|
|
timeoutSeconds: 5
|
|
args:
|
|
- --domain={{ pillar['dns_domain'] }}.
|
|
- --dns-port=10053
|
|
- --config-dir=/kube-dns-config
|
|
- --v=2
|
|
env:
|
|
- name: PROMETHEUS_PORT
|
|
value: "10055"
|
|
ports:
|
|
- containerPort: 10053
|
|
name: dns-local
|
|
protocol: UDP
|
|
- containerPort: 10053
|
|
name: dns-tcp-local
|
|
protocol: TCP
|
|
- containerPort: 10055
|
|
name: metrics
|
|
protocol: TCP
|
|
volumeMounts:
|
|
- name: kube-dns-config
|
|
mountPath: /kube-dns-config
|
|
- name: dnsmasq
|
|
image: gcr.io/google_containers/k8s-dns-dnsmasq-nanny-amd64:1.14.8
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /healthcheck/dnsmasq
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
args:
|
|
- -v=2
|
|
- -logtostderr
|
|
- -configDir=/etc/k8s/dns/dnsmasq-nanny
|
|
- -restartDnsmasq=true
|
|
- --
|
|
- -k
|
|
- --cache-size=1000
|
|
- --no-negcache
|
|
- --log-facility=-
|
|
- --server=/{{ pillar['dns_domain'] }}/127.0.0.1#10053
|
|
- --server=/in-addr.arpa/127.0.0.1#10053
|
|
- --server=/ip6.arpa/127.0.0.1#10053
|
|
ports:
|
|
- containerPort: 53
|
|
name: dns
|
|
protocol: UDP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
# see: https://github.com/kubernetes/kubernetes/issues/29055 for details
|
|
resources:
|
|
requests:
|
|
cpu: 150m
|
|
memory: 20Mi
|
|
volumeMounts:
|
|
- name: kube-dns-config
|
|
mountPath: /etc/k8s/dns/dnsmasq-nanny
|
|
- name: sidecar
|
|
image: gcr.io/google_containers/k8s-dns-sidecar-amd64:1.14.8
|
|
livenessProbe:
|
|
httpGet:
|
|
path: /metrics
|
|
port: 10054
|
|
scheme: HTTP
|
|
initialDelaySeconds: 60
|
|
timeoutSeconds: 5
|
|
successThreshold: 1
|
|
failureThreshold: 5
|
|
args:
|
|
- --v=2
|
|
- --logtostderr
|
|
- --probe=kubedns,127.0.0.1:10053,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,SRV
|
|
- --probe=dnsmasq,127.0.0.1:53,kubernetes.default.svc.{{ pillar['dns_domain'] }},5,SRV
|
|
ports:
|
|
- containerPort: 10054
|
|
name: metrics
|
|
protocol: TCP
|
|
resources:
|
|
requests:
|
|
memory: 20Mi
|
|
cpu: 10m
|
|
dnsPolicy: Default # Don't use cluster DNS.
|
|
serviceAccountName: kube-dns
|