Blame - cluster/kube/lib/coredns.libsonnet - hscloud

blob: 27720a94fe94b19dd95cee6835875d6a1bd18dd7 [file] [log] [blame]

Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	1	# Deploy a per-cluster CoreDNS
				2
				3	local kube = import "../../../kube/kube.libsonnet";
				4
				5	{
				6	Environment: {
				7	local env = self,
				8	local cfg = env.cfg,
				9	cfg:: {
				10	image: "coredns/coredns:1.3.0",
				11	namespace: "kube-system",
				12	upstream_server: "185.236.240.1",
Sergiusz Bazanski	54490d3	2019-10-02 20:47:18 +0200	[diff] [blame]	13	cluster_domains: [
				14	"cluster.local",
				15	],
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	16	reverse_cidrs: ["in-addr.arpa", "ip6.arpa"],
				17	clusterIP: "10.10.12.254",
				18	},
				19
				20	sa: kube.ServiceAccount("coredns") {
				21	metadata+: {
				22	namespace: cfg.namespace,
				23	},
				24	},
				25
				26	cr: kube.ClusterRole("system:coredns") {
				27	metadata+: {
				28	labels: {
				29	"kubernetes.io/bootstrapping": "rbac-defaults",
				30	},
				31	},
				32	rules: [
				33	{
				34	apiGroups: [""],
				35	resources: ["endpoints", "services", "pods", "namespaces"],
				36	verbs: ["list", "watch"],
				37	},
				38	{
				39	apiGroups: [""],
				40	resources: ["nodes"],
				41	verbs: ["get"],
				42	},
				43	],
				44	},
				45
				46	crb: kube.ClusterRoleBinding("system:coredns") {
				47	metadata+: {
				48	labels: {
				49	"kubernetes.io/bootstrapping": "rbac-defaults",
				50	},
				51	annotations+: {
				52	"rbac.authorization.kubernetes.io/autoupdate": "true",
				53	},
				54	},
				55	roleRef: {
				56	apiGroup: "rbac.authorization.k8s.io",
				57	kind: "ClusterRole",
				58	name: env.cr.metadata.name,
				59	},
				60	subjects: [
				61	{
				62	kind: "ServiceAccount",
				63	name: env.sa.metadata.name,
				64	namespace: env.sa.metadata.namespace,
				65	},
				66	],
				67	},
				68
				69	cm: kube.ConfigMap("coredns") {
				70	local map = self,
				71
				72	upstream_server:: cfg.upstream_server,
Sergiusz Bazanski	54490d3	2019-10-02 20:47:18 +0200	[diff] [blame]	73	cluster_domains:: std.join(" ", cfg.cluster_domains),
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	74	reverse_cidrs:: std.join(" ", cfg.reverse_cidrs),
				75
				76	metadata+: {
				77	namespace: cfg.namespace,
				78	},
				79	data: {
				80	Corefile: \|\|\|
				81	.:53 {
				82	log
				83	errors
				84	health
				85	kubernetes %s %s {
				86	pods insecure
				87	upstream
				88	fallthrough in-addr.arpa ip6.arpa
				89	}
Sergiusz Bazanski	5c75574	2019-01-17 21:35:10 +0100	[diff] [blame]	90	rewrite name suffix .svc.k0.hswaw.net .svc.cluster.local
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	91	prometheus :9153
				92	proxy . %s
				93	cache 30
				94	loop
				95	reload
				96	loadbalance
				97	}
Sergiusz Bazanski	54490d3	2019-10-02 20:47:18 +0200	[diff] [blame]	98	\|\|\| % [map.cluster_domains, map.reverse_cidrs, map.upstream_server]
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	99	},
				100	},
				101
				102	deployment: kube.Deployment("coredns") {
				103	metadata+: {
				104	namespace: cfg.namespace,
				105	labels+: {
				106	"k8s-app": "coredns",
				107	},
				108	},
				109	spec+: {
				110	replicas: 2,
				111	strategy: {
				112	type: "RollingUpdate",
				113	rollingUpdate: { maxUnavailable: 1 },
				114	},
				115	template+: {
				116	spec+: {
				117	serviceAccountName: env.sa.metadata.name,
				118	tolerations: [
				119	{ key: "CriticalAddonsOnly", operator: "Exists" },
				120	],
				121	dnsPolicy: "Default",
				122	volumes_: {
				123	config: {
				124	configMap: {
				125	name: env.cm.metadata.name,
				126	items: [ { key: "Corefile", path: "Corefile" } ],
				127	},
				128	},
				129	},
				130	containers_: {
				131	coredns: kube.Container("coredns") {
				132	local container = self,
				133
				134	image: cfg.image,
				135	args: [
				136	"-conf", "%s/Corefile" % container.volumeMounts[0].mountPath,
				137	],
				138	imagePullPolicy: "IfNotPresent",
				139	resources: {
				140	limits: { memory: "170Mi" },
				141	requests: { memory: "70Mi", cpu: "100m" },
				142	},
				143	volumeMounts_: {
				144	config: {
				145	mountPath: "/etc/coredns",
				146	},
				147	},
				148	ports_: {
				149	dns: {
				150	containerPort: 53,
				151	protocol: "UDP",
				152	},
				153	"dns-tcp": {
				154	containerPort: 53,
				155	protocol: "TCP",
				156	},
				157	metrics: {
				158	containerPort: 9153,
				159	protocol: "TCP",
				160	},
				161	},
				162	securityContext: {
				163	allowPrivilegeEscalation: false,
				164	capabilities: {
				165	add: ["NET_BIND_SERVICE"],
				166	drop: ["all"],
				167	},
				168	readOnlyRootFilesystem: true,
				169	},
				170	livenessProbe: {
				171	httpGet: {
				172	path: "/health",
				173	port: 8080,
				174	scheme: "HTTP",
				175	},
				176	initialDelaySeconds: 60,
				177	timeoutSeconds: 5,
				178	successThreshold: 1,
				179	failureThreshold: 5,
				180	},
				181	},
				182	},
				183	},
				184	},
				185	},
				186	},
				187	svc: kube.Service("coredns") {
				188	local svc = self,
				189	metadata+: {
				190	namespace: cfg.namespace,
				191	},
				192	target_pod: env.deployment.spec.template,
				193	spec+: {
				194	ports: [ { name: p.name, port: p.containerPort, protocol: p.protocol } for p in svc.target_pod.spec.containers[0].ports ],
				195	clusterIP: cfg.clusterIP,
				196	},
				197	},
				198	},
				199	}