4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
8 http://www.apache.org/licenses/LICENSE-2.0
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
17 apiVersion: apps/v1beta2
21 namespace: kube-system
23 {{ caas.kubernetes_component_label }}: kube-dns
24 kubernetes.io/cluster-service: "true"
25 addonmanager.kubernetes.io/mode: Reconcile
29 {{ caas.kubernetes_component_label }}: kube-dns
33 {{ caas.kubernetes_component_label }}: kube-dns
35 scheduler.alpha.kubernetes.io/critical-pod: ''
36 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
42 - key: "CriticalAddonsOnly"
47 path: /etc/kubernetes/ssl
48 - name: secret-root-ca
50 path: /etc/openssl/ca.pem
53 path: /etc/resolv.conf
56 path: /etc/kubernetes/kubeconfig
57 - name: external-dns-conf
62 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
64 runAsUser: {{ caas.uid.kubedns }}
66 # TODO: Set memory limits when we've profiled the container for large
67 # clusters, then set request = limit to keep this container in
68 # guaranteed class. Currently, this container falls into the
69 # "burstable" category so the kubelet doesn't backoff from restarting it.
78 initialDelaySeconds: 60
87 # we poll on pod startup for the Kubernetes master service and
88 # only setup the /readiness HTTP server once that's available.
89 initialDelaySeconds: 3
94 - --domain={{ caas.dns_domain }}.
96 - --config-dir=/etc/dns_config
99 - containerPort: 10053
102 - containerPort: 10053
105 - containerPort: 10055
110 mountPath: /etc/kubernetes/ssl
112 - name: secret-root-ca
113 mountPath: /etc/openssl/ca.pem
116 mountPath: /etc/kubernetes/kubeconfig
119 mountPath: /etc/resolv.conf
120 - name: external-dns-conf
121 mountPath: /etc/dns_config
123 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
126 add: ["NET_BIND_SERVICE"]
127 runAsUser: {{ caas.uid.kubedns }}
131 initialDelaySeconds: 60
136 - /usr/bin/dnsmasq-nanny
140 - -configDir=/etc/k8s/dns/dnsmasq-nanny
141 - -restartDnsmasq=true
144 - --interface={{ networking.infra_internal.interface }}
146 - --dns-forward-max=1000
148 - --server=/{{ caas.dns_domain }}/127.0.0.1#10053
149 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
156 mountPath: /etc/kubernetes/ssl
159 mountPath: /etc/kubernetes/kubeconfig
162 mountPath: /etc/resolv.conf
163 - name: external-dns-conf
164 mountPath: /etc/k8s/dns/dnsmasq-nanny
165 dnsPolicy: Default # Don't use cluster DNS.
166 serviceAccountName: kube-dns