4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
8 http://www.apache.org/licenses/LICENSE-2.0
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
17 apiVersion: apps/v1beta2
21 namespace: kube-system
23 {{ caas.kubernetes_component_label }}: kube-dns
24 kubernetes.io/cluster-service: "true"
25 addonmanager.kubernetes.io/mode: Reconcile
29 {{ caas.kubernetes_component_label }}: kube-dns
33 {{ caas.kubernetes_component_label }}: kube-dns
35 scheduler.alpha.kubernetes.io/critical-pod: ''
36 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
42 - key: "CriticalAddonsOnly"
50 path: /etc/kubernetes/ssl
51 - name: secret-root-ca
53 path: /etc/openssl/ca.pem
56 path: /etc/resolv.conf
59 path: /etc/kubernetes/kubeconfig
60 - name: external-dns-conf
65 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
67 runAsUser: {{ caas.uid.kubedns }}
69 # TODO: Set memory limits when we've profiled the container for large
70 # clusters, then set request = limit to keep this container in
71 # guaranteed class. Currently, this container falls into the
72 # "burstable" category so the kubelet doesn't backoff from restarting it.
81 initialDelaySeconds: 60
90 # we poll on pod startup for the Kubernetes master service and
91 # only setup the /readiness HTTP server once that's available.
92 initialDelaySeconds: 3
97 - --domain={{ caas.dns_domain }}.
99 - --config-dir=/etc/dns_config
102 - containerPort: 10053
105 - containerPort: 10053
108 - containerPort: 10055
113 mountPath: /etc/localtime
116 mountPath: /etc/kubernetes/ssl
118 - name: secret-root-ca
119 mountPath: /etc/openssl/ca.pem
122 mountPath: /etc/kubernetes/kubeconfig
125 mountPath: /etc/resolv.conf
126 - name: external-dns-conf
127 mountPath: /etc/dns_config
129 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
132 add: ["NET_BIND_SERVICE"]
133 runAsUser: {{ caas.uid.kubedns }}
137 initialDelaySeconds: 60
142 - /usr/bin/dnsmasq-nanny
146 - -configDir=/etc/k8s/dns/dnsmasq-nanny
147 - -restartDnsmasq=true
150 - --interface={{ networking.infra_internal.interface }}
152 - --dns-forward-max=1000
154 - --server=/{{ caas.dns_domain }}/127.0.0.1#10053
155 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
162 mountPath: /etc/localtime
165 mountPath: /etc/kubernetes/ssl
168 mountPath: /etc/kubernetes/kubeconfig
171 mountPath: /etc/resolv.conf
172 - name: external-dns-conf
173 mountPath: /etc/k8s/dns/dnsmasq-nanny
174 dnsPolicy: Default # Don't use cluster DNS.
175 serviceAccountName: kube-dns