{{- if and .Values.controlPlane.coredns.enabled (not .Values.experimental.isolatedControlPlane.headless) }} apiVersion: v1 kind: ConfigMap metadata: name: vc-coredns-{{ .Release.Name }} namespace: {{ .Release.Namespace }} {{- if .Values.controlPlane.advanced.globalMetadata.annotations }} annotations: {{ toYaml .Values.controlPlane.advanced.globalMetadata.annotations | indent 4 }} {{- end }} data: {{- if .Values.controlPlane.coredns.overwriteManifests }} coredns.yaml: |- {{ .Values.controlPlane.coredns.overwriteManifests | indent 4 }} {{- else if .Values.controlPlane.coredns.embedded }} {{ include "vcluster.corefile" . | indent 2 }} coredns.yaml: |- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: NodeHosts: "" --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" {{- if .Values.controlPlane.coredns.service.annotations }} {{ toYaml .Values.controlPlane.coredns.service.annotations | indent 8 }} {{- end }} labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" {{- if .Values.controlPlane.coredns.service.labels }} {{ toYaml .Values.controlPlane.coredns.service.labels | indent 8 }} {{- end }} spec: {{ toYaml .Values.controlPlane.coredns.service.spec | indent 6 }} {{- if not .Values.controlPlane.coredns.service.spec.ports }} ports: - name: dns port: 53 targetPort: 1053 protocol: UDP - name: dns-tcp port: 53 targetPort: 1053 protocol: TCP - name: metrics port: 9153 protocol: TCP {{- end }} {{- else }} coredns.yaml: |- apiVersion: v1 kind: ServiceAccount metadata: name: coredns namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns rules: - apiGroups: - "" resources: - endpoints - services - pods - namespaces verbs: - list - watch - apiGroups: - discovery.k8s.io resources: - endpointslices verbs: - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: annotations: rbac.authorization.kubernetes.io/autoupdate: "true" labels: kubernetes.io/bootstrapping: rbac-defaults name: system:coredns roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: system:coredns subjects: - kind: ServiceAccount name: coredns namespace: kube-system --- apiVersion: v1 kind: ConfigMap metadata: name: coredns namespace: kube-system data: {{ include "vcluster.corefile" . | indent 6 }} NodeHosts: "" --- apiVersion: apps/v1 kind: Deployment metadata: name: coredns namespace: kube-system {{- if .Values.controlPlane.coredns.deployment.annotations }} annotations: {{ toYaml .Values.controlPlane.coredns.deployment.annotations | indent 8 }} {{- end }} labels: k8s-app: kube-dns kubernetes.io/name: "CoreDNS" {{- if .Values.controlPlane.coredns.deployment.labels }} {{ toYaml .Values.controlPlane.coredns.deployment.labels | indent 8 }} {{- end }} spec: replicas: {{ .Values.controlPlane.coredns.deployment.replicas }} strategy: type: RollingUpdate rollingUpdate: maxUnavailable: 1 selector: matchLabels: k8s-app: kube-dns template: metadata: {{- if .Values.controlPlane.coredns.deployment.pods.annotations }} annotations: {{ toYaml .Values.controlPlane.coredns.deployment.pods.annotations | indent 12 }} {{- end }} labels: k8s-app: kube-dns {{- if .Values.controlPlane.coredns.deployment.pods.labels }} {{ toYaml .Values.controlPlane.coredns.deployment.pods.labels | indent 12 }} {{- end }} spec: priorityClassName: {{ .Values.controlPlane.coredns.priorityClassName | quote }} serviceAccountName: coredns nodeSelector: kubernetes.io/os: linux {{- if .Values.controlPlane.coredns.deployment.nodeSelector }} {{ toYaml .Values.controlPlane.coredns.deployment.nodeSelector | indent 12 }} {{- end }} {{- if .Values.controlPlane.coredns.deployment.affinity }} affinity: {{ toYaml .Values.controlPlane.coredns.deployment.affinity | indent 12 }} {{- end }} {{- if .Values.controlPlane.coredns.deployment.tolerations }} tolerations: {{ toYaml .Values.controlPlane.coredns.deployment.tolerations | indent 12 }} {{- end }} {{- if .Values.controlPlane.coredns.deployment.topologySpreadConstraints }} topologySpreadConstraints: {{ toYaml .Values.controlPlane.coredns.deployment.topologySpreadConstraints | indent 12 }} {{- end }} {{- if .Values.policies.podSecurityStandard }} securityContext: seccompProfile: type: RuntimeDefault {{- end }} containers: - name: coredns {{- if .Values.controlPlane.coredns.deployment.image }} {{- if .Values.controlPlane.advanced.defaultImageRegistry }} image: {{ .Values.controlPlane.advanced.defaultImageRegistry }}/{{ .Values.controlPlane.coredns.deployment.image }} {{- else }} image: {{ .Values.controlPlane.coredns.deployment.image }} {{- end }} {{- else }} image: {{`{{.IMAGE}}`}} {{- end }} imagePullPolicy: IfNotPresent {{- if .Values.controlPlane.coredns.deployment.resources }} resources: {{ toYaml .Values.controlPlane.coredns.deployment.resources | indent 16 }} {{- end }} args: [ "-conf", "/etc/coredns/Corefile" ] volumeMounts: - name: config-volume mountPath: /etc/coredns readOnly: true - name: custom-config-volume mountPath: /etc/coredns/custom readOnly: true securityContext: runAsNonRoot: true runAsUser: {{`{{.RUN_AS_USER}}`}} runAsGroup: {{`{{.RUN_AS_GROUP}}`}} allowPrivilegeEscalation: false capabilities: add: - NET_BIND_SERVICE drop: - ALL readOnlyRootFilesystem: true livenessProbe: httpGet: path: /health port: 8080 scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 readinessProbe: httpGet: path: /ready port: 8181 scheme: HTTP initialDelaySeconds: 0 periodSeconds: 2 timeoutSeconds: 1 successThreshold: 1 failureThreshold: 3 dnsPolicy: Default volumes: - name: config-volume configMap: name: coredns items: - key: Corefile path: Corefile - key: NodeHosts path: NodeHosts - name: custom-config-volume configMap: name: coredns-custom optional: true --- apiVersion: v1 kind: Service metadata: name: kube-dns namespace: kube-system annotations: prometheus.io/port: "9153" prometheus.io/scrape: "true" {{- if .Values.controlPlane.coredns.service.annotations }} {{ toYaml .Values.controlPlane.coredns.service.annotations | indent 8 }} {{- end }} labels: k8s-app: kube-dns kubernetes.io/cluster-service: "true" kubernetes.io/name: "CoreDNS" {{- if .Values.controlPlane.coredns.service.labels }} {{ toYaml .Values.controlPlane.coredns.service.labels | indent 8 }} {{- end }} spec: {{ toYaml .Values.controlPlane.coredns.service.spec | indent 6 }} {{- if not .Values.controlPlane.coredns.service.spec.selector }} selector: k8s-app: kube-dns {{- end }} {{- if not .Values.controlPlane.coredns.service.spec.ports }} ports: - name: dns port: 53 targetPort: 1053 protocol: UDP - name: dns-tcp port: 53 targetPort: 1053 protocol: TCP - name: metrics port: 9153 protocol: TCP {{- end }} {{- end }} {{- end }}