Blame - cluster/kube/lib/coredns.libsonnet - hscloud

blob: 5fd54dfa1012d9efd8eae73a11c886a894d42109 [file] [log] [blame]

Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	1	# Deploy a per-cluster CoreDNS
				2
				3	local kube = import "../../../kube/kube.libsonnet";
				4
				5	{
				6	Environment: {
				7	local env = self,
				8	local cfg = env.cfg,
				9	cfg:: {
				10	image: "coredns/coredns:1.3.0",
				11	namespace: "kube-system",
				12	upstream_server: "185.236.240.1",
				13	cluster_domain: "cluster.local",
				14	reverse_cidrs: ["in-addr.arpa", "ip6.arpa"],
				15	clusterIP: "10.10.12.254",
				16	},
				17
				18	sa: kube.ServiceAccount("coredns") {
				19	metadata+: {
				20	namespace: cfg.namespace,
				21	},
				22	},
				23
				24	cr: kube.ClusterRole("system:coredns") {
				25	metadata+: {
				26	labels: {
				27	"kubernetes.io/bootstrapping": "rbac-defaults",
				28	},
				29	},
				30	rules: [
				31	{
				32	apiGroups: [""],
				33	resources: ["endpoints", "services", "pods", "namespaces"],
				34	verbs: ["list", "watch"],
				35	},
				36	{
				37	apiGroups: [""],
				38	resources: ["nodes"],
				39	verbs: ["get"],
				40	},
				41	],
				42	},
				43
				44	crb: kube.ClusterRoleBinding("system:coredns") {
				45	metadata+: {
				46	labels: {
				47	"kubernetes.io/bootstrapping": "rbac-defaults",
				48	},
				49	annotations+: {
				50	"rbac.authorization.kubernetes.io/autoupdate": "true",
				51	},
				52	},
				53	roleRef: {
				54	apiGroup: "rbac.authorization.k8s.io",
				55	kind: "ClusterRole",
				56	name: env.cr.metadata.name,
				57	},
				58	subjects: [
				59	{
				60	kind: "ServiceAccount",
				61	name: env.sa.metadata.name,
				62	namespace: env.sa.metadata.namespace,
				63	},
				64	],
				65	},
				66
				67	cm: kube.ConfigMap("coredns") {
				68	local map = self,
				69
				70	upstream_server:: cfg.upstream_server,
				71	cluster_domain:: cfg.cluster_domain,
				72	reverse_cidrs:: std.join(" ", cfg.reverse_cidrs),
				73
				74	metadata+: {
				75	namespace: cfg.namespace,
				76	},
				77	data: {
				78	Corefile: \|\|\|
				79	.:53 {
				80	log
				81	errors
				82	health
				83	kubernetes %s %s {
				84	pods insecure
				85	upstream
				86	fallthrough in-addr.arpa ip6.arpa
				87	}
Sergiusz Bazanski	5c75574	2019-01-17 21:35:10 +0100	[diff] [blame^]	88	rewrite name suffix .svc.k0.hswaw.net .svc.cluster.local
Sergiusz Bazanski	49b9a13	2019-01-14 00:02:59 +0100	[diff] [blame]	89	prometheus :9153
				90	proxy . %s
				91	cache 30
				92	loop
				93	reload
				94	loadbalance
				95	}
				96	\|\|\| % [map.cluster_domain, map.reverse_cidrs, map.upstream_server]
				97	},
				98	},
				99
				100	deployment: kube.Deployment("coredns") {
				101	metadata+: {
				102	namespace: cfg.namespace,
				103	labels+: {
				104	"k8s-app": "coredns",
				105	},
				106	},
				107	spec+: {
				108	replicas: 2,
				109	strategy: {
				110	type: "RollingUpdate",
				111	rollingUpdate: { maxUnavailable: 1 },
				112	},
				113	template+: {
				114	spec+: {
				115	serviceAccountName: env.sa.metadata.name,
				116	tolerations: [
				117	{ key: "CriticalAddonsOnly", operator: "Exists" },
				118	],
				119	dnsPolicy: "Default",
				120	volumes_: {
				121	config: {
				122	configMap: {
				123	name: env.cm.metadata.name,
				124	items: [ { key: "Corefile", path: "Corefile" } ],
				125	},
				126	},
				127	},
				128	containers_: {
				129	coredns: kube.Container("coredns") {
				130	local container = self,
				131
				132	image: cfg.image,
				133	args: [
				134	"-conf", "%s/Corefile" % container.volumeMounts[0].mountPath,
				135	],
				136	imagePullPolicy: "IfNotPresent",
				137	resources: {
				138	limits: { memory: "170Mi" },
				139	requests: { memory: "70Mi", cpu: "100m" },
				140	},
				141	volumeMounts_: {
				142	config: {
				143	mountPath: "/etc/coredns",
				144	},
				145	},
				146	ports_: {
				147	dns: {
				148	containerPort: 53,
				149	protocol: "UDP",
				150	},
				151	"dns-tcp": {
				152	containerPort: 53,
				153	protocol: "TCP",
				154	},
				155	metrics: {
				156	containerPort: 9153,
				157	protocol: "TCP",
				158	},
				159	},
				160	securityContext: {
				161	allowPrivilegeEscalation: false,
				162	capabilities: {
				163	add: ["NET_BIND_SERVICE"],
				164	drop: ["all"],
				165	},
				166	readOnlyRootFilesystem: true,
				167	},
				168	livenessProbe: {
				169	httpGet: {
				170	path: "/health",
				171	port: 8080,
				172	scheme: "HTTP",
				173	},
				174	initialDelaySeconds: 60,
				175	timeoutSeconds: 5,
				176	successThreshold: 1,
				177	failureThreshold: 5,
				178	},
				179	},
				180	},
				181	},
				182	},
				183	},
				184	},
				185	svc: kube.Service("coredns") {
				186	local svc = self,
				187	metadata+: {
				188	namespace: cfg.namespace,
				189	},
				190	target_pod: env.deployment.spec.template,
				191	spec+: {
				192	ports: [ { name: p.name, port: p.containerPort, protocol: p.protocol } for p in svc.target_pod.spec.containers[0].ports ],
				193	clusterIP: cfg.clusterIP,
				194	},
				195	},
				196	},
				197	}