4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
8 http://www.apache.org/licenses/LICENSE-2.0
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
21 namespace: kube-system
23 {{ caas.kubernetes_component_label }}: kube-dns
24 kubernetes.io/cluster-service: "true"
25 addonmanager.kubernetes.io/mode: Reconcile
29 {{ caas.kubernetes_component_label }}: kube-dns
33 {{ caas.kubernetes_component_label }}: kube-dns
35 scheduler.alpha.kubernetes.io/critical-pod: ''
36 scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
38 priorityClassName: "system-cluster-critical"
43 - key: "CriticalAddonsOnly"
45 - key: "node-maintenancemode"
55 path: /etc/kubernetes/ssl
56 - name: secret-root-ca
58 path: /etc/openssl/ca.pem
61 path: /etc/resolv.conf
64 path: /etc/kubernetes/kubeconfig
65 - name: external-dns-conf
70 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
72 runAsUser: {{ caas.uid.kubedns }}
74 # TODO: Set memory limits when we've profiled the container for large
75 # clusters, then set request = limit to keep this container in
76 # guaranteed class. Currently, this container falls into the
77 # "burstable" category so the kubelet doesn't backoff from restarting it.
86 initialDelaySeconds: 60
95 # we poll on pod startup for the Kubernetes master service and
96 # only setup the /readiness HTTP server once that's available.
97 initialDelaySeconds: 3
102 - --domain={{ caas.dns_domain }}.
104 - --config-dir=/etc/dns_config
107 - containerPort: 10053
110 - containerPort: 10053
113 - containerPort: 10055
122 mountPath: /etc/localtime
125 mountPath: /etc/kubernetes/ssl
127 - name: secret-root-ca
128 mountPath: /etc/openssl/ca.pem
131 mountPath: /etc/kubernetes/kubeconfig
134 mountPath: /etc/resolv.conf
135 - name: external-dns-conf
136 mountPath: /etc/dns_config
138 image: {{ container_image_names | select('search', '/kubedns') | list | last }}
141 add: ["NET_BIND_SERVICE"]
142 runAsUser: {{ caas.uid.kubedns }}
146 initialDelaySeconds: 60
151 - /usr/bin/dnsmasq-nanny
155 - -configDir=/etc/k8s/dns/dnsmasq-nanny
156 - -restartDnsmasq=true
159 - --interface={{ networking.infra_internal.interface }}
161 - --dns-forward-max=1000
163 - --server=/{{ caas.dns_domain }}/127.0.0.1#10053
164 # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
171 mountPath: /etc/localtime
174 mountPath: /etc/kubernetes/ssl
177 mountPath: /etc/kubernetes/kubeconfig
180 mountPath: /etc/resolv.conf
181 - name: external-dns-conf
182 mountPath: /etc/k8s/dns/dnsmasq-nanny
183 dnsPolicy: Default # Don't use cluster DNS.
184 serviceAccountName: kube-dns