diff --git a/infrastructure/core/coredns-deployment.yaml b/infrastructure/core/coredns-deployment.yaml new file mode 100644 index 0000000..4b74159 --- /dev/null +++ b/infrastructure/core/coredns-deployment.yaml @@ -0,0 +1,127 @@ +# infrastructure/core/coredns-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: coredns + namespace: kube-system + labels: + k8s-app: kube-dns + kubernetes.io/name: CoreDNS +spec: + progressDeadlineSeconds: 600 + replicas: 2 + revisionHistoryLimit: 0 + selector: + matchLabels: + k8s-app: kube-dns + strategy: + type: RollingUpdate + rollingUpdate: + maxSurge: 25% + maxUnavailable: 1 + template: + metadata: + labels: + k8s-app: kube-dns + spec: + containers: + - name: coredns + image: rancher/mirrored-coredns-coredns:1.12.1 + imagePullPolicy: IfNotPresent + args: + - -conf + - /etc/coredns/Corefile + ports: + - containerPort: 53 + name: dns + protocol: UDP + - containerPort: 53 + name: dns-tcp + protocol: TCP + - containerPort: 9153 + name: metrics + protocol: TCP + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: 60 + periodSeconds: 10 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + periodSeconds: 2 + timeoutSeconds: 1 + successThreshold: 1 + failureThreshold: 3 + resources: + limits: + memory: 170Mi + requests: + cpu: 100m + memory: 70Mi + securityContext: + allowPrivilegeEscalation: false + capabilities: + add: + - NET_BIND_SERVICE + drop: + - all + readOnlyRootFilesystem: true + volumeMounts: + - name: config-volume + mountPath: /etc/coredns + readOnly: true + - name: custom-config-volume + mountPath: /etc/coredns/custom + readOnly: true + dnsPolicy: Default + nodeSelector: + kubernetes.io/os: linux + priorityClassName: system-cluster-critical + restartPolicy: Always + schedulerName: default-scheduler + serviceAccountName: coredns + tolerations: + - key: CriticalAddonsOnly + operator: Exists + - key: node-role.kubernetes.io/control-plane + operator: Exists + effect: NoSchedule + - key: node-role.kubernetes.io/master + operator: Exists + effect: NoSchedule + topologySpreadConstraints: + - maxSkew: 1 + topologyKey: kubernetes.io/hostname + whenUnsatisfiable: DoNotSchedule + labelSelector: + matchLabels: + k8s-app: kube-dns + - maxSkew: 1 + topologyKey: topology.kubernetes.io/zone + whenUnsatisfiable: ScheduleAnyway + labelSelector: + matchLabels: + k8s-app: kube-dns + volumes: + - name: config-volume + configMap: + name: coredns + defaultMode: 420 + items: + - key: Corefile + path: Corefile + - key: NodeHosts + path: NodeHosts + - name: custom-config-volume + configMap: + name: coredns-custom + optional: true + defaultMode: 420 diff --git a/infrastructure/core/coredns-replicas.yaml b/infrastructure/core/coredns-replicas.yaml deleted file mode 100644 index 52b2aa8..0000000 --- a/infrastructure/core/coredns-replicas.yaml +++ /dev/null @@ -1,8 +0,0 @@ -# infrastructure/core/coredns-replicas.yaml -apiVersion: apps/v1 -kind: Deployment -metadata: - name: coredns - namespace: kube-system -spec: - replicas: 2 diff --git a/infrastructure/core/kustomization.yaml b/infrastructure/core/kustomization.yaml index 7a262ba..6286186 100644 --- a/infrastructure/core/kustomization.yaml +++ b/infrastructure/core/kustomization.yaml @@ -5,6 +5,6 @@ resources: - ../modules/base - ../modules/profiles/atlas-ha - coredns-custom.yaml - - coredns-replicas.yaml + - coredns-deployment.yaml - ../sources/cert-manager/letsencrypt.yaml - ../sources/cert-manager/letsencrypt-prod.yaml