Code Review / ta / caas-kubedns.git / blob
? search:
summary | shortlog | log | commit | commitdiff | review | tree
history | raw | HEAD
Set time zone
[ta/caas-kubedns.git] / ansible / roles / kubedns / templates / kubedns-deployment.yml
1 {#
2 Copyright 2019 Nokia
3
4 Licensed under the Apache License, Version 2.0 (the "License");
5 you may not use this file except in compliance with the License.
6 You may obtain a copy of the License at
7
8     http://www.apache.org/licenses/LICENSE-2.0
9
10 Unless required by applicable law or agreed to in writing, software
11 distributed under the License is distributed on an "AS IS" BASIS,
12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 See the License for the specific language governing permissions and
14 limitations under the License.
15 #}
16 ---
17 apiVersion: apps/v1beta2
18 kind: DaemonSet
19 metadata:
20   name: kube-dns
21   namespace: kube-system
22   labels:
23     {{ caas.kubernetes_component_label }}: kube-dns
24     kubernetes.io/cluster-service: "true"
25     addonmanager.kubernetes.io/mode: Reconcile
26 spec:
27   selector:
28     matchLabels:
29       {{ caas.kubernetes_component_label }}: kube-dns
30   template:
31     metadata:
32       labels:
33         {{ caas.kubernetes_component_label }}: kube-dns
34       annotations:
35         scheduler.alpha.kubernetes.io/critical-pod: ''
36         scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
37     spec:
38       hostNetwork: true
39       nodeSelector:
40         nodetype: caas_master
41       tolerations:
42       - key: "CriticalAddonsOnly"
43         operator: "Exists"
44       volumes:
45       - name: time-mount
46         hostPath:
47           path: /etc/localtime
48       - name: secret
49         hostPath:
50           path: /etc/kubernetes/ssl
51       - name: secret-root-ca
52         hostPath:
53           path: /etc/openssl/ca.pem
54       - name: resolv
55         hostPath:
56           path: /etc/resolv.conf
57       - name: kubeconfig
58         hostPath:
59           path: /etc/kubernetes/kubeconfig
60       - name: external-dns-conf
61         configMap:
62           name: external-dns-cm
63       containers:
64       - name: kubedns
65         image: {{ container_image_names | select('search', '/kubedns') | list | last }}
66         securityContext:
67           runAsUser: {{ caas.uid.kubedns }}
68         resources:
69           # TODO: Set memory limits when we've profiled the container for large
70           # clusters, then set request = limit to keep this container in
71           # guaranteed class. Currently, this container falls into the
72           # "burstable" category so the kubelet doesn't backoff from restarting it.
73           limits:
74             memory: 170Mi
75           requests:
76             cpu: 100m
77             memory: 70Mi
78         livenessProbe:
79           tcpSocket:
80             port: 53
81           initialDelaySeconds: 60
82           timeoutSeconds: 5
83           successThreshold: 1
84           failureThreshold: 5
85         readinessProbe:
86           httpGet:
87             path: /readiness
88             port: 8081
89             scheme: HTTP
90           # we poll on pod startup for the Kubernetes master service and
91           # only setup the /readiness HTTP server once that's available.
92           initialDelaySeconds: 3
93           timeoutSeconds: 5
94         command:
95         - /usr/bin/kube-dns
96         args:
97         - --domain={{ caas.dns_domain }}.
98         - --dns-port=10053
99         - --config-dir=/etc/dns_config
100         - --v=2
101         ports:
102         - containerPort: 10053
103           name: dns-local
104           protocol: UDP
105         - containerPort: 10053
106           name: dns-tcp-local
107           protocol: TCP
108         - containerPort: 10055
109           name: metrics
110           protocol: TCP
111         volumeMounts:
112         - name: time-mount
113           mountPath: /etc/localtime
114           readOnly: true
115         - name: secret
116           mountPath: /etc/kubernetes/ssl
117           readOnly: true
118         - name: secret-root-ca
119           mountPath: /etc/openssl/ca.pem
120           readOnly: true
121         - name: kubeconfig
122           mountPath: /etc/kubernetes/kubeconfig
123           readOnly: true
124         - name: resolv
125           mountPath: /etc/resolv.conf
126         - name: external-dns-conf
127           mountPath: /etc/dns_config
128       - name: dnsmasq
129         image: {{ container_image_names | select('search', '/kubedns') | list | last }}
130         securityContext:
131           capabilities:
132             add: ["NET_BIND_SERVICE"]
133           runAsUser: {{ caas.uid.kubedns }}
134         livenessProbe:
135           tcpSocket:
136             port: 53
137           initialDelaySeconds: 60
138           timeoutSeconds: 5
139           successThreshold: 1
140           failureThreshold: 5
141         command:
142         - /usr/bin/dnsmasq-nanny
143         args:
144         - -v=2
145         - -logtostderr
146         - -configDir=/etc/k8s/dns/dnsmasq-nanny
147         - -restartDnsmasq=true
148         - --
149         - -k
150         - --interface={{ networking.infra_internal.interface }}
151         - --bind-interfaces
152         - --dns-forward-max=1000
153         - --cache-size=10000
154         - --server=/{{ caas.dns_domain }}/127.0.0.1#10053
155         # see: https://github.com/kubernetes/kubernetes/issues/29055 for details
156         resources:
157           requests:
158             cpu: 150m
159             memory: 20Mi
160         volumeMounts:
161         - name: time-mount
162           mountPath: /etc/localtime
163           readOnly: true
164         - name: secret
165           mountPath: /etc/kubernetes/ssl
166           readOnly: true
167         - name: kubeconfig
168           mountPath: /etc/kubernetes/kubeconfig
169           readOnly: true
170         - name: resolv
171           mountPath: /etc/resolv.conf
172         - name: external-dns-conf
173           mountPath: /etc/k8s/dns/dnsmasq-nanny
174       dnsPolicy: Default  # Don't use cluster DNS.
175       serviceAccountName: kube-dns
packages, configures, and integrates the components of the upstream Kubernetes DNS project (https://github.com/kubernetes/dns ). Kube-DNS backs-up the CaaS in-built service discovery feature.