application/vcluster-0.21.1/templates/coredns-configmap.yaml

{{- if and .Values.controlPlane.coredns.enabled (not .Values.experimental.isolatedControlPlane.headless) }}
apiVersion: v1
kind: ConfigMap
metadata:
  name: vc-coredns-{{ .Release.Name }}
  namespace: {{ .Release.Namespace }}
  {{- if .Values.controlPlane.advanced.globalMetadata.annotations }}
  annotations:
{{ toYaml .Values.controlPlane.advanced.globalMetadata.annotations | indent 4 }}
  {{- end }}
data:
{{- if .Values.controlPlane.coredns.overwriteManifests }}
  coredns.yaml: |-
{{ .Values.controlPlane.coredns.overwriteManifests | indent 4 }}
{{- else if .Values.controlPlane.coredns.embedded }}
{{ include "vcluster.corefile" . | indent 2 }}
  coredns.yaml: |-
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: coredns
      namespace: kube-system
    data:
      NodeHosts: ""
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: kube-dns
      namespace: kube-system
      annotations:
        prometheus.io/port: "9153"
        prometheus.io/scrape: "true"
        {{- if .Values.controlPlane.coredns.service.annotations }}
{{ toYaml .Values.controlPlane.coredns.service.annotations | indent 8 }}
        {{- end }}
      labels:
        k8s-app: kube-dns
        kubernetes.io/cluster-service: "true"
        kubernetes.io/name: "CoreDNS"
        {{- if .Values.controlPlane.coredns.service.labels }}
{{ toYaml .Values.controlPlane.coredns.service.labels | indent 8 }}
        {{- end }}
    spec:
{{ toYaml .Values.controlPlane.coredns.service.spec | indent 6 }}
      {{- if not .Values.controlPlane.coredns.service.spec.ports }}
      ports:
        - name: dns
          port: 53
          targetPort: 1053
          protocol: UDP
        - name: dns-tcp
          port: 53
          targetPort: 1053
          protocol: TCP
        - name: metrics
          port: 9153
          protocol: TCP
    {{- end }}
{{- else }}
  coredns.yaml: |-
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: coredns
      namespace: kube-system
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRole
    metadata:
      labels:
        kubernetes.io/bootstrapping: rbac-defaults
      name: system:coredns
    rules:
      - apiGroups:
          - ""
        resources:
          - endpoints
          - services
          - pods
          - namespaces
        verbs:
          - list
          - watch
      - apiGroups:
          - discovery.k8s.io
        resources:
          - endpointslices
        verbs:
          - list
          - watch
    ---
    apiVersion: rbac.authorization.k8s.io/v1
    kind: ClusterRoleBinding
    metadata:
      annotations:
        rbac.authorization.kubernetes.io/autoupdate: "true"
      labels:
        kubernetes.io/bootstrapping: rbac-defaults
      name: system:coredns
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: system:coredns
    subjects:
      - kind: ServiceAccount
        name: coredns
        namespace: kube-system
    ---
    apiVersion: v1
    kind: ConfigMap
    metadata:
      name: coredns
      namespace: kube-system
    data:
{{ include "vcluster.corefile" . | indent 6 }}
      NodeHosts: ""
    ---
    apiVersion: apps/v1
    kind: Deployment
    metadata:
      name: coredns
      namespace: kube-system
      {{- if .Values.controlPlane.coredns.deployment.annotations }}
      annotations:
{{ toYaml .Values.controlPlane.coredns.deployment.annotations | indent 8 }}
      {{- end }}
      labels:
        k8s-app: kube-dns
        kubernetes.io/name: "CoreDNS"
        {{- if .Values.controlPlane.coredns.deployment.labels }}
{{ toYaml .Values.controlPlane.coredns.deployment.labels | indent 8 }}
        {{- end }}
    spec:
      replicas: {{ .Values.controlPlane.coredns.deployment.replicas }}
      strategy:
        type: RollingUpdate
        rollingUpdate:
          maxUnavailable: 1
      selector:
        matchLabels:
          k8s-app: kube-dns
      template:
        metadata:
          {{- if .Values.controlPlane.coredns.deployment.pods.annotations }}
          annotations:
{{ toYaml .Values.controlPlane.coredns.deployment.pods.annotations | indent 12 }}
          {{- end }}
          labels:
            k8s-app: kube-dns
          {{- if .Values.controlPlane.coredns.deployment.pods.labels }}
{{ toYaml .Values.controlPlane.coredns.deployment.pods.labels | indent 12 }}
          {{- end }}
        spec:
          priorityClassName: {{ .Values.controlPlane.coredns.priorityClassName | quote }}
          serviceAccountName: coredns
          nodeSelector:
            kubernetes.io/os: linux
            {{- if .Values.controlPlane.coredns.deployment.nodeSelector }}
{{ toYaml .Values.controlPlane.coredns.deployment.nodeSelector | indent 12 }}
            {{- end }}
          {{- if .Values.controlPlane.coredns.deployment.affinity }}
          affinity:
{{ toYaml .Values.controlPlane.coredns.deployment.affinity | indent 12 }}
          {{- end }}
          {{- if .Values.controlPlane.coredns.deployment.tolerations }}
          tolerations:
{{ toYaml .Values.controlPlane.coredns.deployment.tolerations | indent 12 }}
          {{- end }}
            {{- if .Values.controlPlane.coredns.deployment.topologySpreadConstraints  }}
          topologySpreadConstraints:
{{ toYaml .Values.controlPlane.coredns.deployment.topologySpreadConstraints  | indent 12 }}
          {{- end }}
          {{- if .Values.policies.podSecurityStandard }}
          securityContext:
            seccompProfile:
              type: RuntimeDefault
          {{- end }}
          containers:
            - name: coredns
              {{- if .Values.controlPlane.coredns.deployment.image }}
              {{- if .Values.controlPlane.advanced.defaultImageRegistry }}
              image: {{ .Values.controlPlane.advanced.defaultImageRegistry }}/{{ .Values.controlPlane.coredns.deployment.image }}
              {{- else }}
              image: {{ .Values.controlPlane.coredns.deployment.image }}
              {{- end }}
              {{- else }}
              image: {{`{{.IMAGE}}`}}
              {{- end }}
              imagePullPolicy: IfNotPresent
              {{- if .Values.controlPlane.coredns.deployment.resources }}
              resources:
{{ toYaml .Values.controlPlane.coredns.deployment.resources | indent 16 }}
              {{- end }}
              args: [ "-conf", "/etc/coredns/Corefile" ]
              volumeMounts:
                - name: config-volume
                  mountPath: /etc/coredns
                  readOnly: true
                - name: custom-config-volume
                  mountPath: /etc/coredns/custom
                  readOnly: true
              securityContext:
                runAsNonRoot: true
                runAsUser: {{`{{.RUN_AS_USER}}`}}
                runAsGroup: {{`{{.RUN_AS_GROUP}}`}}
                allowPrivilegeEscalation: false
                capabilities:
                  add:
                    - NET_BIND_SERVICE
                  drop:
                    - ALL
                readOnlyRootFilesystem: true
              livenessProbe:
                httpGet:
                  path: /health
                  port: 8080
                  scheme: HTTP
                initialDelaySeconds: 60
                periodSeconds: 10
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
              readinessProbe:
                httpGet:
                  path: /ready
                  port: 8181
                  scheme: HTTP
                initialDelaySeconds: 0
                periodSeconds: 2
                timeoutSeconds: 1
                successThreshold: 1
                failureThreshold: 3
          dnsPolicy: Default
          volumes:
            - name: config-volume
              configMap:
                name: coredns
                items:
                  - key: Corefile
                    path: Corefile
                  - key: NodeHosts
                    path: NodeHosts
            - name: custom-config-volume
              configMap:
                name: coredns-custom
                optional: true
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: kube-dns
      namespace: kube-system
      annotations:
        prometheus.io/port: "9153"
        prometheus.io/scrape: "true"
        {{- if .Values.controlPlane.coredns.service.annotations }}
{{ toYaml .Values.controlPlane.coredns.service.annotations | indent 8 }}
        {{- end }}
      labels:
        k8s-app: kube-dns
        kubernetes.io/cluster-service: "true"
        kubernetes.io/name: "CoreDNS"
        {{- if .Values.controlPlane.coredns.service.labels }}
{{ toYaml .Values.controlPlane.coredns.service.labels | indent 8 }}
        {{- end }}
    spec:
{{ toYaml .Values.controlPlane.coredns.service.spec | indent 6 }}
      {{- if not .Values.controlPlane.coredns.service.spec.selector }}
      selector:
        k8s-app: kube-dns
      {{- end }}
      {{- if not .Values.controlPlane.coredns.service.spec.ports }}
      ports:
        - name: dns
          port: 53
          targetPort: 1053
          protocol: UDP
        - name: dns-tcp
          port: 53
          targetPort: 1053
          protocol: TCP
        - name: metrics
          port: 9153
          protocol: TCP
      {{- end }}
{{- end }}
{{- end }}