--- apiVersion: extensions/v1beta1 kind: Deployment metadata: name: coredns{{ coredns_ordinal_suffix | default('') }} namespace: {{ system_namespace }} labels: k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} kubernetes.io/cluster-service: "true" addonmanager.kubernetes.io/mode: Reconcile kubernetes.io/name: "CoreDNS" spec: replicas: {{ coredns_replicas }} strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 0 maxSurge: 10% selector: matchLabels: k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} template: metadata: labels: k8s-app: coredns{{ coredns_ordinal_suffix | default('') }} annotations: scheduler.alpha.kubernetes.io/critical-pod: '' spec: {% if rbac_enabled %} serviceAccountName: coredns {% endif %} tolerations: - key: node-role.kubernetes.io/master effect: NoSchedule - key: "CriticalAddonsOnly" operator: "Exists" containers: - name: coredns image: "{{ coredns_image_repo }}:{{ coredns_image_tag }}" imagePullPolicy: {{ k8s_image_pull_policy }} resources: # TODO: Set memory limits when we've profiled the container for large # clusters, then set request = limit to keep this container in # guaranteed class. Currently, this container falls into the # "burstable" category so the kubelet doesn't backoff from restarting it. limits: memory: {{ dns_memory_limit }} requests: cpu: {{ dns_cpu_requests }} memory: {{ dns_memory_requests }} args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns ports: - containerPort: 53 name: dns protocol: UDP - containerPort: 53 name: dns-tcp protocol: TCP - containerPort: 9153 name: metrics protocol: TCP livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 timeoutSeconds: 5 successThreshold: 1 failureThreshold: 5 dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile