-
Notifications
You must be signed in to change notification settings - Fork 2
/
60-globaldns.yaml
189 lines (189 loc) · 4.03 KB
/
60-globaldns.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
apiVersion: v1
kind: ServiceAccount
metadata:
name: kubelink-globaldns
namespace: kubelink
---
apiVersion: rbac.authorization.k8s.io/v1beta1
kind: ClusterRole
metadata:
labels:
app: kubelink-globaldns
name: kubelink:globaldns
rules:
- apiGroups:
- coredns.mandelsoft.org
resources:
- corednsentries
- corednsentries/status
verbs:
- get
- list
- update
- watch
---
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: kubelink:globaldns
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: kubelink:globaldns
subjects:
- kind: ServiceAccount
name: kubelink-globaldns
namespace: kubelink
---
apiVersion: v1
kind: Service
metadata:
labels:
app: kubelink-globaldns
name: kubelink-globaldns
namespace: kubelink
spec:
clusterIP: 100.64.0.12
ports:
- name: dns
port: 53
protocol: UDP
targetPort: 8053
- name: dns-tcp
port: 53
protocol: TCP
targetPort: 8053
- name: metrics
port: 9153
protocol: TCP
targetPort: 9153
selector:
app: kubelink-globaldns
sessionAffinity: None
type: ClusterIP
---
apiVersion: v1
kind: ConfigMap
metadata:
name: globaldns-corefile
namespace: kubelink
data:
Corefile: |
.:8053 {
errors
health
ready
kubedyndns svc.global.kubelink in-addr.arpa ip6.arpa {
ttl 30
fallthrough
}
forward kubelink 100.64.0.11 {
except global.kubelink
}
cache 30
loop
reload
}
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: kubelink-globaldns
name: kubelink-globaldns
namespace: kubelink
spec:
progressDeadlineSeconds: 600
replicas: 2
revisionHistoryLimit: 0
selector:
matchLabels:
app: kubelink-globaldns
strategy:
rollingUpdate:
maxSurge: 25%
maxUnavailable: 1
type: RollingUpdate
template:
metadata:
annotations:
# scheduler.alpha.kubernetes.io/critical-pod: ""
creationTimestamp: null
labels:
app: kubelink-globaldns
spec:
containers:
- args:
- -conf
- /etc/coredns/Corefile
image: mandelsoft/coredns:latest
imagePullPolicy: Always
livenessProbe:
failureThreshold: 5
httpGet:
path: /health
port: 8080
scheme: HTTP
initialDelaySeconds: 60
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 5
name: coredns
ports:
- containerPort: 8053
name: dns-udp
protocol: UDP
- containerPort: 8053
name: dns-tcp
protocol: TCP
- containerPort: 9153
name: metrics
protocol: TCP
readinessProbe:
failureThreshold: 3
httpGet:
path: /ready
port: 8181
scheme: HTTP
periodSeconds: 10
successThreshold: 1
timeoutSeconds: 1
resources:
limits:
cpu: 250m
memory: 100Mi
requests:
cpu: 50m
memory: 15Mi
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- all
readOnlyRootFilesystem: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /etc/coredns
name: config-volume
readOnly: true
dnsPolicy: Default
# priorityClassName: system-cluster-critical
restartPolicy: Always
schedulerName: default-scheduler
securityContext:
runAsNonRoot: true
runAsUser: 65534
serviceAccountName: kubelink-globaldns
terminationGracePeriodSeconds: 30
tolerations:
- key: CriticalAddonsOnly
operator: Exists
volumes:
- configMap:
name: globaldns-corefile
defaultMode: 420
items:
- key: Corefile
path: Corefile
name: config-volume