1
# Copyright (c) 2022 Gitpod GmbH. All rights reserved.
2
# Licensed under the GNU Affero General Public License (AGPL).
3
# See License.AGPL.txt in the project root for license information.
4

5
apiVersion: v1
6
kind: ServiceAccount
7
metadata:
8
  name: coredns
9
  namespace: kube-system
10
---
11
apiVersion: rbac.authorization.k8s.io/v1beta1
12
kind: ClusterRole
13
metadata:
14
  labels:
15
    kubernetes.io/bootstrapping: rbac-defaults
16
  name: system:coredns
17
rules:
18
- apiGroups:
19
  - ""
20
  resources:
21
  - endpoints
22
  - services
23
  - pods
24
  - namespaces
25
  verbs:
26
  - list
27
  - watch
28
- apiGroups:
29
  - discovery.k8s.io
30
  resources:
31
  - endpointslices
32
  verbs:
33
  - list
34
  - watch
35
---
36
apiVersion: rbac.authorization.k8s.io/v1beta1
37
kind: ClusterRoleBinding
38
metadata:
39
  annotations:
40
    rbac.authorization.kubernetes.io/autoupdate: "true"
41
  labels:
42
    kubernetes.io/bootstrapping: rbac-defaults
43
  name: system:coredns
44
roleRef:
45
  apiGroup: rbac.authorization.k8s.io
46
  kind: ClusterRole
47
  name: system:coredns
48
subjects:
49
- kind: ServiceAccount
50
  name: coredns
51
  namespace: kube-system
52
---
53
apiVersion: v1
54
kind: ConfigMap
55
metadata:
56
  name: coredns
57
  namespace: kube-system
58
data:
59
  gitpod.db: |
60
    ; preview.gitpod-self-hosted.com test file
61
    preview.gitpod-self-hosted.com.       IN      SOA    sns.dns.icann.org. noc.dns.icann.org. 2015082541 7200 3600 1209600 3600
62
    preview.gitpod-self-hosted.com.       IN      CNAME  proxy.default.svc.cluster.local.
63
    *.preview.gitpod-self-hosted.com.     IN      CNAME  proxy.default.svc.cluster.local.
64
    *.ws.preview.gitpod-self-hosted.com.  IN      CNAME  proxy.default.svc.cluster.local.
65
  Corefile: |
66
    .:53 {
67
        errors
68
        health
69
        ready
70
        # extra configuration for `preview.gitpod-self-hosted.com`
71
        file /etc/coredns/gitpod.db preview.gitpod-self-hosted.com
72
        kubernetes cluster.local in-addr.arpa ip6.arpa {
73
          pods insecure
74
          fallthrough in-addr.arpa ip6.arpa
75
        }
76
        hosts /etc/coredns/NodeHosts {
77
          ttl 60
78
          reload 15s
79
          fallthrough
80
        }
81
        prometheus :9153
82
        forward . /etc/resolv.conf
83
        cache 30
84
        loop
85
        reload
86
        loadbalance
87
    }
88
---
89
apiVersion: apps/v1
90
kind: Deployment
91
metadata:
92
  name: coredns
93
  namespace: kube-system
94
  labels:
95
    k8s-app: kube-dns
96
    kubernetes.io/name: "CoreDNS"
97
spec:
98
  #replicas: 1
99
  strategy:
100
    type: RollingUpdate
101
    rollingUpdate:
102
      maxUnavailable: 1
103
  selector:
104
    matchLabels:
105
      k8s-app: kube-dns
106
  template:
107
    metadata:
108
      labels:
109
        k8s-app: kube-dns
110
    spec:
111
      priorityClassName: "system-cluster-critical"
112
      serviceAccountName: coredns
113
      tolerations:
114
        - key: "CriticalAddonsOnly"
115
          operator: "Exists"
116
        - key: "node-role.kubernetes.io/control-plane"
117
          operator: "Exists"
118
          effect: "NoSchedule"
119
        - key: "node-role.kubernetes.io/master"
120
          operator: "Exists"
121
          effect: "NoSchedule"
122
      nodeSelector:
123
        beta.kubernetes.io/os: linux
124
      containers:
125
      - name: coredns
126
        image: rancher/mirrored-coredns-coredns:1.9.1
127
        imagePullPolicy: IfNotPresent
128
        resources:
129
          limits:
130
            memory: 170Mi
131
          requests:
132
            cpu: 100m
133
            memory: 70Mi
134
        args: [ "-conf", "/etc/coredns/Corefile" ]
135
        volumeMounts:
136
        - name: config-volume
137
          mountPath: /etc/coredns
138
          readOnly: true
139
        ports:
140
        - containerPort: 53
141
          name: dns
142
          protocol: UDP
143
        - containerPort: 53
144
          name: dns-tcp
145
          protocol: TCP
146
        - containerPort: 9153
147
          name: metrics
148
          protocol: TCP
149
        securityContext:
150
          allowPrivilegeEscalation: false
151
          capabilities:
152
            add:
153
            - NET_BIND_SERVICE
154
            drop:
155
            - all
156
          readOnlyRootFilesystem: true
157
        livenessProbe:
158
          httpGet:
159
            path: /health
160
            port: 8080
161
            scheme: HTTP
162
          initialDelaySeconds: 60
163
          periodSeconds: 10
164
          timeoutSeconds: 1
165
          successThreshold: 1
166
          failureThreshold: 3
167
        readinessProbe:
168
          httpGet:
169
            path: /ready
170
            port: 8181
171
            scheme: HTTP
172
          initialDelaySeconds: 0
173
          periodSeconds: 2
174
          timeoutSeconds: 1
175
          successThreshold: 1
176
          failureThreshold: 3
177
      dnsPolicy: Default
178
      volumes:
179
        - name: config-volume
180
          configMap:
181
            name: coredns
182
            items:
183
            - key: gitpod.db
184
              path: gitpod.db
185
            - key: Corefile
186
              path: Corefile
187
            - key: NodeHosts
188
              path: NodeHosts
189
---
190
apiVersion: v1
191
kind: Service
192
metadata:
193
  name: kube-dns
194
  namespace: kube-system
195
  annotations:
196
    prometheus.io/port: "9153"
197
    prometheus.io/scrape: "true"
198
  labels:
199
    k8s-app: kube-dns
200
    kubernetes.io/cluster-service: "true"
201
    kubernetes.io/name: "CoreDNS"
202
spec:
203
  selector:
204
    k8s-app: kube-dns
205
  clusterIP: 10.43.0.10
206
  ports:
207
  - name: dns
208
    port: 53
209
    protocol: UDP
210
  - name: dns-tcp
211
    port: 53
212
    protocol: TCP
213
  - name: metrics
214
    port: 9153
215
    protocol: TCP
216

217