@@ -226,7 +226,7 @@ spec:
226226 valueFrom :
227227 fieldRef :
228228 fieldPath : status.podIP
229- image : docker.io/loftsh/vcluster:0.14.1
229+ image : docker.io/loftsh/vcluster:0.14.2
230230 livenessProbe :
231231 failureThreshold : 10
232232 httpGet :
@@ -282,10 +282,9 @@ spec:
282282---
283283apiVersion : v1
284284data :
285- manifests : ' ---
285+ manifests : |+
286+ ---
286287
287-
288- '
289288kind : ConfigMap
290289metadata :
291290 annotations : {}
@@ -296,70 +295,220 @@ metadata:
296295---
297296apiVersion : v1
298297data :
299- coredns.yaml : " apiVersion: v1\n kind: ServiceAccount\n metadata:\n name: coredns\n \
300- \ namespace: kube-system\n ---\n apiVersion: rbac.authorization.k8s.io/v1\n kind:\
301- \ ClusterRole\n metadata:\n labels:\n kubernetes.io/bootstrapping: rbac-defaults\n \
302- \ name: system:coredns\n rules:\n - apiGroups:\n - \"\"\n resources:\n \
303- \ - endpoints\n - services\n - pods\n - namespaces\n verbs:\n \
304- \ - list\n - watch\n - apiGroups:\n - discovery.k8s.io\n resources:\n \
305- \ - endpointslices\n verbs:\n - list\n - watch\n ---\n apiVersion:\
306- \ rbac.authorization.k8s.io/v1\n kind: ClusterRoleBinding\n metadata:\n annotations:\n \
307- \ rbac.authorization.kubernetes.io/autoupdate: \" true\"\n labels:\n kubernetes.io/bootstrapping:\
308- \ rbac-defaults\n name: system:coredns\n roleRef:\n apiGroup: rbac.authorization.k8s.io\n \
309- \ kind: ClusterRole\n name: system:coredns\n subjects:\n - kind: ServiceAccount\n \
310- \ name: coredns\n namespace: kube-system\n ---\n apiVersion: v1\n kind: ConfigMap\n \
311- metadata:\n name: coredns\n namespace: kube-system\n data:\n Corefile: |\n \
312- \ .:1053 {\n {{.LOG_IN_DEBUG}}\n errors\n health\n \
313- \ ready\n kubernetes cluster.local in-addr.arpa ip6.arpa {\n \
314- \ pods insecure\n fallthrough in-addr.arpa ip6.arpa\n }\n \
315- \ hosts /etc/coredns/NodeHosts {\n ttl 60\n reload 15s\n \
316- \ fallthrough\n }\n prometheus :9153\n forward .\
317- \ /etc/resolv.conf\n cache 30\n loop\n reload\n loadbalance\n \
318- \ }\n\n import /etc/coredns/custom/*.server\n NodeHosts: \"\"\n ---\n apiVersion:\
319- \ apps/v1\n kind: Deployment\n metadata:\n name: coredns\n namespace: kube-system\n \
320- \ labels:\n k8s-app: kube-dns\n kubernetes.io/name: \" CoreDNS\"\n spec:\n \
321- \ replicas: 1\n strategy:\n type: RollingUpdate\n rollingUpdate:\n \
322- \ maxUnavailable: 1\n selector:\n matchLabels:\n k8s-app: kube-dns\n \
323- \ template:\n metadata:\n labels:\n k8s-app: kube-dns\n spec:\n \
324- \ priorityClassName: \" system-cluster-critical\"\n serviceAccountName:\
325- \ coredns\n nodeSelector:\n kubernetes.io/os: linux\n topologySpreadConstraints:\n \
326- \ - maxSkew: 1\n topologyKey: kubernetes.io/hostname\n \
327- \ whenUnsatisfiable: DoNotSchedule\n labelSelector:\n matchLabels:\n \
328- \ k8s-app: kube-dns\n containers:\n - name: coredns\n \
329- \ image: {{.IMAGE}}\n imagePullPolicy: IfNotPresent\n \
330- \ resources:\n limits:\n cpu: 1000m\n \
331- \ memory: 170Mi\n requests:\n cpu: 100m\n \
332- \ memory: 70Mi\n args: [ \" -conf\" , \" /etc/coredns/Corefile\" ]\n \
333- \ volumeMounts:\n - name: config-volume\n mountPath:\
334- \ /etc/coredns\n readOnly: true\n - name: custom-config-volume\n \
335- \ mountPath: /etc/coredns/custom\n readOnly: true\n \
336- \ ports:\n - containerPort: 1053\n name: dns\n \
337- \ protocol: UDP\n - containerPort: 1053\n \
338- \ name: dns-tcp\n protocol: TCP\n - containerPort: 9153\n \
339- \ name: metrics\n protocol: TCP\n securityContext:\n \
340- \ runAsUser: {{.RUN_AS_USER}}\n runAsNonRoot: {{.RUN_AS_NON_ROOT}}\n \
341- \ allowPrivilegeEscalation: false\n capabilities:\n \
342- \ drop:\n - ALL\n readOnlyRootFilesystem: true\n \
343- \ livenessProbe:\n httpGet:\n path: /health\n \
344- \ port: 8080\n scheme: HTTP\n initialDelaySeconds:\
345- \ 60\n periodSeconds: 10\n timeoutSeconds: 1\n \
346- \ successThreshold: 1\n failureThreshold: 3\n readinessProbe:\n \
347- \ httpGet:\n path: /ready\n port: 8181\n \
348- \ scheme: HTTP\n initialDelaySeconds: 0\n periodSeconds:\
349- \ 2\n timeoutSeconds: 1\n successThreshold: 1\n \
350- \ failureThreshold: 3\n dnsPolicy: Default\n volumes:\n -\
351- \ name: config-volume\n configMap:\n name: coredns\n \
352- \ items:\n - key: Corefile\n path: Corefile\n \
353- \ - key: NodeHosts\n path: NodeHosts\n - name:\
354- \ custom-config-volume\n configMap:\n name: coredns-custom\n \
355- \ optional: true\n ---\n apiVersion: v1\n kind: Service\n metadata:\n \
356- \ name: kube-dns\n namespace: kube-system\n annotations:\n prometheus.io/port:\
357- \ \" 9153\"\n prometheus.io/scrape: \" true\"\n labels:\n k8s-app: kube-dns\n \
358- \ kubernetes.io/cluster-service: \" true\"\n kubernetes.io/name: \" CoreDNS\" \
359- \n spec:\n selector:\n k8s-app: kube-dns\n type: ClusterIP\n ports:\n \
360- \ - name: dns\n port: 53\n targetPort: 1053\n protocol: UDP\n \
361- \ - name: dns-tcp\n port: 53\n targetPort: 1053\n protocol: TCP\n \
362- \ - name: metrics\n port: 9153\n protocol: TCP\n "
298+ coredns.yaml : |
299+ apiVersion: v1
300+ kind: ServiceAccount
301+ metadata:
302+ name: coredns
303+ namespace: kube-system
304+ ---
305+ apiVersion: rbac.authorization.k8s.io/v1
306+ kind: ClusterRole
307+ metadata:
308+ labels:
309+ kubernetes.io/bootstrapping: rbac-defaults
310+ name: system:coredns
311+ rules:
312+ - apiGroups:
313+ - ""
314+ resources:
315+ - endpoints
316+ - services
317+ - pods
318+ - namespaces
319+ verbs:
320+ - list
321+ - watch
322+ - apiGroups:
323+ - discovery.k8s.io
324+ resources:
325+ - endpointslices
326+ verbs:
327+ - list
328+ - watch
329+ ---
330+ apiVersion: rbac.authorization.k8s.io/v1
331+ kind: ClusterRoleBinding
332+ metadata:
333+ annotations:
334+ rbac.authorization.kubernetes.io/autoupdate: "true"
335+ labels:
336+ kubernetes.io/bootstrapping: rbac-defaults
337+ name: system:coredns
338+ roleRef:
339+ apiGroup: rbac.authorization.k8s.io
340+ kind: ClusterRole
341+ name: system:coredns
342+ subjects:
343+ - kind: ServiceAccount
344+ name: coredns
345+ namespace: kube-system
346+ ---
347+ apiVersion: v1
348+ kind: ConfigMap
349+ metadata:
350+ name: coredns
351+ namespace: kube-system
352+ data:
353+ Corefile: |
354+ .:1053 {
355+ {{.LOG_IN_DEBUG}}
356+ errors
357+ health
358+ ready
359+ kubernetes cluster.local in-addr.arpa ip6.arpa {
360+ pods insecure
361+ fallthrough in-addr.arpa ip6.arpa
362+ }
363+ hosts /etc/coredns/NodeHosts {
364+ ttl 60
365+ reload 15s
366+ fallthrough
367+ }
368+ prometheus :9153
369+ forward . /etc/resolv.conf
370+ cache 30
371+ loop
372+ reload
373+ loadbalance
374+ }
375+
376+ import /etc/coredns/custom/*.server
377+ NodeHosts: ""
378+ ---
379+ apiVersion: apps/v1
380+ kind: Deployment
381+ metadata:
382+ name: coredns
383+ namespace: kube-system
384+ labels:
385+ k8s-app: kube-dns
386+ kubernetes.io/name: "CoreDNS"
387+ spec:
388+ replicas: 1
389+ strategy:
390+ type: RollingUpdate
391+ rollingUpdate:
392+ maxUnavailable: 1
393+ selector:
394+ matchLabels:
395+ k8s-app: kube-dns
396+ template:
397+ metadata:
398+ labels:
399+ k8s-app: kube-dns
400+ spec:
401+ priorityClassName: "system-cluster-critical"
402+ serviceAccountName: coredns
403+ nodeSelector:
404+ kubernetes.io/os: linux
405+ topologySpreadConstraints:
406+ - maxSkew: 1
407+ topologyKey: kubernetes.io/hostname
408+ whenUnsatisfiable: DoNotSchedule
409+ labelSelector:
410+ matchLabels:
411+ k8s-app: kube-dns
412+ containers:
413+ - name: coredns
414+ image: {{.IMAGE}}
415+ imagePullPolicy: IfNotPresent
416+ resources:
417+ limits:
418+ cpu: 1000m
419+ memory: 170Mi
420+ requests:
421+ cpu: 100m
422+ memory: 70Mi
423+ args: [ "-conf", "/etc/coredns/Corefile" ]
424+ volumeMounts:
425+ - name: config-volume
426+ mountPath: /etc/coredns
427+ readOnly: true
428+ - name: custom-config-volume
429+ mountPath: /etc/coredns/custom
430+ readOnly: true
431+ ports:
432+ - containerPort: 1053
433+ name: dns
434+ protocol: UDP
435+ - containerPort: 1053
436+ name: dns-tcp
437+ protocol: TCP
438+ - containerPort: 9153
439+ name: metrics
440+ protocol: TCP
441+ securityContext:
442+ runAsUser: {{.RUN_AS_USER}}
443+ runAsNonRoot: {{.RUN_AS_NON_ROOT}}
444+ allowPrivilegeEscalation: false
445+ capabilities:
446+ drop:
447+ - ALL
448+ readOnlyRootFilesystem: true
449+ livenessProbe:
450+ httpGet:
451+ path: /health
452+ port: 8080
453+ scheme: HTTP
454+ initialDelaySeconds: 60
455+ periodSeconds: 10
456+ timeoutSeconds: 1
457+ successThreshold: 1
458+ failureThreshold: 3
459+ readinessProbe:
460+ httpGet:
461+ path: /ready
462+ port: 8181
463+ scheme: HTTP
464+ initialDelaySeconds: 0
465+ periodSeconds: 2
466+ timeoutSeconds: 1
467+ successThreshold: 1
468+ failureThreshold: 3
469+ dnsPolicy: Default
470+ volumes:
471+ - name: config-volume
472+ configMap:
473+ name: coredns
474+ items:
475+ - key: Corefile
476+ path: Corefile
477+ - key: NodeHosts
478+ path: NodeHosts
479+ - name: custom-config-volume
480+ configMap:
481+ name: coredns-custom
482+ optional: true
483+ ---
484+ apiVersion: v1
485+ kind: Service
486+ metadata:
487+ name: kube-dns
488+ namespace: kube-system
489+ annotations:
490+ prometheus.io/port: "9153"
491+ prometheus.io/scrape: "true"
492+ labels:
493+ k8s-app: kube-dns
494+ kubernetes.io/cluster-service: "true"
495+ kubernetes.io/name: "CoreDNS"
496+ spec:
497+ selector:
498+ k8s-app: kube-dns
499+ type: ClusterIP
500+ ports:
501+ - name: dns
502+ port: 53
503+ targetPort: 1053
504+ protocol: UDP
505+ - name: dns-tcp
506+ port: 53
507+ targetPort: 1053
508+ protocol: TCP
509+ - name: metrics
510+ port: 9153
511+ protocol: TCP
363512kind : ConfigMap
364513metadata :
365514 annotations : {}
0 commit comments