openyurtio · openyurt-bot · Aug 18, 2022 · Aug 18, 2022
@@ -0,0 +1,159 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: yurt-tunnel-dns
+  namespace: kube-system
+data:
+  Corefile: |
+    .:53 {
+        errors
+        health {
+          lameduck 5s
+        }
+        ready
+        hosts /etc/edge/tunnel-nodes {
+            reload 300ms
+            fallthrough
+        }
+        prometheus :9153
+        forward . /etc/resolv.conf {
+          max_concurrent 1000
+        }
+        cache 30
+        loop
+        reload
+        loadbalance
+    }
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: yurt-tunnel-nodes
+  namespace: kube-system
+data:
+  tunnel-nodes: |
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: yurt-tunnel-dns
+  namespace: kube-system
+  labels:
+    k8s-app: yurt-tunnel-dns
+    kubernetes.io/name: "CoreDNS"
+spec:
+  replicas: 1
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxUnavailable: 1
+  selector:
+    matchLabels:
+      k8s-app: yurt-tunnel-dns
+  template:
+    metadata:
+      labels:
+        k8s-app: yurt-tunnel-dns
+    spec:
+      priorityClassName: system-cluster-critical
+      tolerations:
+        - operator: "Exists"
+      nodeSelector:
+        kubernetes.io/os: linux
+        openyurt.io/is-edge-worker: "false"
+      affinity:
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            - labelSelector:
+                matchExpressions:
+                  - key: k8s-app
+                    operator: In
+                    values: ["yurt-tunnel-dns"]
+              topologyKey: kubernetes.io/hostname
+      containers:
+        - name: yurt-tunnel-dns
+          image: coredns/coredns:1.9.3
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              memory: 170Mi
+            requests:
+              cpu: 100m
+              memory: 70Mi
+          args: [ "-conf", "/etc/yurt-tunnel-dns/Corefile" ]
+          volumeMounts:
+            - name: config-volume
+              mountPath: /etc/yurt-tunnel-dns
+              readOnly: true
+            - name: hosts
+              mountPath: /etc/edge
+              readOnly: true
+          ports:
+            - containerPort: 53
+              name: dns
+              protocol: UDP
+            - containerPort: 53
+              name: dns-tcp
+              protocol: TCP
+            - containerPort: 9153
+              name: metrics
+              protocol: TCP
+          securityContext:
+            allowPrivilegeEscalation: false
+            capabilities:
+              add:
+                - NET_BIND_SERVICE
+              drop:
+                - all
+            readOnlyRootFilesystem: true
+          livenessProbe:
+            httpGet:
+              path: /health
+              port: 8080
+              scheme: HTTP
+            initialDelaySeconds: 60
+            timeoutSeconds: 5
+            successThreshold: 1
+            failureThreshold: 5
+          readinessProbe:
+            httpGet:
+              path: /ready
+              port: 8181
+              scheme: HTTP
+      dnsPolicy: Default
+      volumes:
+        - name: config-volume
+          configMap:
+            name: yurt-tunnel-dns
+            items:
+              - key: Corefile
+                path: Corefile
+        - name: hosts
+          configMap:
+            name: yurt-tunnel-nodes
+            defaultMode: 420
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: yurt-tunnel-dns
+  namespace: kube-system
+  annotations:
+    prometheus.io/port: "9153"
+    prometheus.io/scrape: "true"
+  labels:
+    k8s-app: yurt-tunnel-dns
+spec:
+  selector:
+    k8s-app: yurt-tunnel-dns
+  type: ClusterIP
+  ports:
+    - name: dns
+      port: 53
+      protocol: UDP
+    - name: dns-tcp
+      port: 53
+      protocol: TCP
+    - name: metrics
+      port: 9153
+      protocol: TCP