A addons/coredns.yaml => addons/coredns.yaml +200 -0
@@ 0,0 1,200 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: coredns
+ namespace: kube-system
+ labels:
+ k8s-app: kube-dns
+spec:
+ replicas: 2
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: 1
+ selector:
+ matchLabels:
+ k8s-app: kube-dns
+ template:
+ metadata:
+ labels:
+ k8s-app: kube-dns
+ spec:
+ priorityClassName: system-cluster-critical
+ serviceAccountName: coredns
+ affinity:
+ podAntiAffinity:
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ matchExpressions:
+ - key: k8s-app
+ operator: In
+ values: ["kube-dns"]
+ topologyKey: kubernetes.io/hostname
+ tolerations:
+ - key: CriticalAddonsOnly
+ operator: Exists
+ - key: node-role.kubernetes.io/control-plane
+ effect: NoSchedule
+ nodeSelector:
+ kubernetes.io/os: linux
+ containers:
+ - name: coredns
+ image: registry.k8s.io/coredns/coredns:v1.11.3
+ imagePullPolicy: IfNotPresent
+ resources:
+ limits:
+ memory: 170Mi
+ requests:
+ cpu: 100m
+ memory: 70Mi
+ args: [ "-conf", "/etc/coredns/Corefile" ]
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/coredns
+ readOnly: true
+ ports:
+ - containerPort: 53
+ name: dns
+ protocol: UDP
+ - containerPort: 53
+ name: dns-tcp
+ protocol: TCP
+ - containerPort: 9153
+ name: metrics
+ protocol: TCP
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: 60
+ timeoutSeconds: 5
+ successThreshold: 1
+ failureThreshold: 5
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8181
+ scheme: HTTP
+ securityContext:
+ allowPrivilegeEscalation: false
+ capabilities:
+ add:
+ - NET_BIND_SERVICE
+ drop:
+ - ALL
+ readOnlyRootFilesystem: true
+ dnsPolicy: Default
+ volumes:
+ - name: config-volume
+ configMap:
+ name: coredns
+ items:
+ - key: Corefile
+ path: Corefile
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: coredns
+ namespace: kube-system
+data:
+ Corefile: |
+ .:53 {
+ errors
+ health {
+ lameduck 5s
+ }
+ ready
+ kubernetes cluster.local in-addr.arpa ip6.arpa {
+ pods insecure
+ fallthrough in-addr.arpa ip6.arpa
+ ttl 30
+ }
+ prometheus :9153
+ forward . /etc/resolv.conf {
+ max_concurrent 1000
+ }
+ cache 30
+ loop
+ reload
+ loadbalance
+ }
+---
+apiVersion: v1
+kind: Service
+metadata:
+ labels:
+ k8s-app: kube-dns
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ name: kube-dns
+ namespace: kube-system
+ annotations:
+ prometheus.io/port: "9153"
+ prometheus.io/scrape: "true"
+ # Without this resourceVersion value, an update of the Service between versions will yield:
+ # Service "kube-dns" is invalid: metadata.resourceVersion: Invalid value: "": must be specified for an update
+ resourceVersion: "0"
+spec:
+ clusterIP: 10.96.0.10
+ ports:
+ - name: dns
+ port: 53
+ protocol: UDP
+ targetPort: 53
+ - name: dns-tcp
+ port: 53
+ protocol: TCP
+ targetPort: 53
+ - name: metrics
+ port: 9153
+ protocol: TCP
+ targetPort: 9153
+ selector:
+ k8s-app: kube-dns
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: system:coredns
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - pods
+ - namespaces
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: system:coredns
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: system:coredns
+subjects:
+- kind: ServiceAccount
+ name: coredns
+ namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: coredns
+ namespace: kube-system
M clusters/egloga/flux-system/sync.yaml => clusters/egloga/flux-system/sync.yaml +13 -0
@@ 50,3 50,16 @@ spec:
sourceRef:
kind: GitRepository
name: flux-system
+---
+apiVersion: kustomize.toolkit.fluxcd.io/v1
+kind: Kustomization
+metadata:
+ name: addons
+ namespace: flux-system
+spec:
+ interval: 1h0m0s
+ path: ./addons
+ prune: true
+ sourceRef:
+ kind: GitRepository
+ name: flux-system