chore: bundled more helm charts
diff --git a/charts/coredns/templates/NOTES.txt b/charts/coredns/templates/NOTES.txt
new file mode 100644
index 0000000..3a1883b
--- /dev/null
+++ b/charts/coredns/templates/NOTES.txt
@@ -0,0 +1,30 @@
+{{- if .Values.isClusterService }}
+CoreDNS is now running in the cluster as a cluster-service.
+{{- else }}
+CoreDNS is now running in the cluster.
+It can be accessed using the below endpoint
+{{- if contains "NodePort" .Values.serviceType }}
+ export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ template "coredns.fullname" . }})
+ export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+ echo "$NODE_IP:$NODE_PORT"
+{{- else if contains "LoadBalancer" .Values.serviceType }}
+ NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+ You can watch the status by running 'kubectl get svc -w {{ template "coredns.fullname" . }}'
+
+ export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ template "coredns.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
+ echo $SERVICE_IP
+{{- else if contains "ClusterIP" .Values.serviceType }}
+ "{{ template "coredns.fullname" . }}.{{ .Release.Namespace }}.svc.cluster.local"
+ from within the cluster
+{{- end }}
+{{- end }}
+
+It can be tested with the following:
+
+1. Launch a Pod with DNS tools:
+
+kubectl run -it --rm --restart=Never --image=infoblox/dnstools:latest dnstools
+
+2. Query the DNS server:
+
+/ # host kubernetes
diff --git a/charts/coredns/templates/_helpers.tpl b/charts/coredns/templates/_helpers.tpl
new file mode 100644
index 0000000..ade1523
--- /dev/null
+++ b/charts/coredns/templates/_helpers.tpl
@@ -0,0 +1,162 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "coredns.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+*/}}
+{{- define "coredns.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Generate the list of ports automatically from the server definitions
+*/}}
+{{- define "coredns.servicePorts" -}}
+ {{/* Set ports to be an empty dict */}}
+ {{- $ports := dict -}}
+ {{/* Iterate through each of the server blocks */}}
+ {{- range .Values.servers -}}
+ {{/* Capture port to avoid scoping awkwardness */}}
+ {{- $port := toString .port -}}
+
+ {{/* If none of the server blocks has mentioned this port yet take note of it */}}
+ {{- if not (hasKey $ports $port) -}}
+ {{- $ports := set $ports $port (dict "istcp" false "isudp" false) -}}
+ {{- end -}}
+ {{/* Retrieve the inner dict that holds the protocols for a given port */}}
+ {{- $innerdict := index $ports $port -}}
+
+ {{/*
+ Look at each of the zones and check which protocol they serve
+ At the moment the following are supported by CoreDNS:
+ UDP: dns://
+ TCP: tls://, grpc://
+ */}}
+ {{- range .zones -}}
+ {{- if has (default "" .scheme) (list "dns://") -}}
+ {{/* Optionally enable tcp for this service as well */}}
+ {{- if eq (default false .use_tcp) true }}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end }}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- end -}}
+
+ {{- if has (default "" .scheme) (list "tls://" "grpc://") -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{/* If none of the zones specify scheme, default to dns:// on both tcp & udp */}}
+ {{- if and (not (index $innerdict "istcp")) (not (index $innerdict "isudp")) -}}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+
+ {{- if .nodePort -}}
+ {{- $innerdict := set $innerdict "nodePort" .nodePort -}}
+ {{- end -}}
+
+ {{/* Write the dict back into the outer dict */}}
+ {{- $ports := set $ports $port $innerdict -}}
+ {{- end -}}
+
+ {{/* Write out the ports according to the info collected above */}}
+ {{- range $port, $innerdict := $ports -}}
+ {{- $portList := list -}}
+ {{- if index $innerdict "isudp" -}}
+ {{- $portList = append $portList (dict "port" ($port | int) "protocol" "UDP" "name" (printf "udp-%s" $port)) -}}
+ {{- end -}}
+ {{- if index $innerdict "istcp" -}}
+ {{- $portList = append $portList (dict "port" ($port | int) "protocol" "TCP" "name" (printf "tcp-%s" $port)) -}}
+ {{- end -}}
+
+ {{- range $portDict := $portList -}}
+ {{- if index $innerdict "nodePort" -}}
+ {{- $portDict := set $portDict "nodePort" (get $innerdict "nodePort" | int) -}}
+ {{- end -}}
+
+ {{- printf "- %s\n" (toJson $portDict) -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Generate the list of ports automatically from the server definitions
+*/}}
+{{- define "coredns.containerPorts" -}}
+ {{/* Set ports to be an empty dict */}}
+ {{- $ports := dict -}}
+ {{/* Iterate through each of the server blocks */}}
+ {{- range .Values.servers -}}
+ {{/* Capture port to avoid scoping awkwardness */}}
+ {{- $port := toString .port -}}
+
+ {{/* If none of the server blocks has mentioned this port yet take note of it */}}
+ {{- if not (hasKey $ports $port) -}}
+ {{- $ports := set $ports $port (dict "istcp" false "isudp" false) -}}
+ {{- end -}}
+ {{/* Retrieve the inner dict that holds the protocols for a given port */}}
+ {{- $innerdict := index $ports $port -}}
+
+ {{/*
+ Look at each of the zones and check which protocol they serve
+ At the moment the following are supported by CoreDNS:
+ UDP: dns://
+ TCP: tls://, grpc://
+ */}}
+ {{- range .zones -}}
+ {{- if has (default "" .scheme) (list "dns://") -}}
+ {{/* Optionally enable tcp for this service as well */}}
+ {{- if eq (default false .use_tcp) true }}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end }}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- end -}}
+
+ {{- if has (default "" .scheme) (list "tls://" "grpc://") -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+ {{- end -}}
+
+ {{/* If none of the zones specify scheme, default to dns:// on both tcp & udp */}}
+ {{- if and (not (index $innerdict "istcp")) (not (index $innerdict "isudp")) -}}
+ {{- $innerdict := set $innerdict "isudp" true -}}
+ {{- $innerdict := set $innerdict "istcp" true -}}
+ {{- end -}}
+
+ {{/* Write the dict back into the outer dict */}}
+ {{- $ports := set $ports $port $innerdict -}}
+ {{- end -}}
+
+ {{/* Write out the ports according to the info collected above */}}
+ {{- range $port, $innerdict := $ports -}}
+ {{- if index $innerdict "isudp" -}}
+ {{- printf "- {containerPort: %v, protocol: UDP, name: udp-%s}\n" $port $port -}}
+ {{- end -}}
+ {{- if index $innerdict "istcp" -}}
+ {{- printf "- {containerPort: %v, protocol: TCP, name: tcp-%s}\n" $port $port -}}
+ {{- end -}}
+ {{- end -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "coredns.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+ {{ default (include "coredns.fullname" .) .Values.serviceAccount.name }}
+{{- else -}}
+ {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
diff --git a/charts/coredns/templates/clusterrole-autoscaler.yaml b/charts/coredns/templates/clusterrole-autoscaler.yaml
new file mode 100644
index 0000000..1d738fa
--- /dev/null
+++ b/charts/coredns/templates/clusterrole-autoscaler.yaml
@@ -0,0 +1,39 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+rules:
+ - apiGroups: [""]
+ resources: ["nodes"]
+ verbs: ["list","watch"]
+ - apiGroups: [""]
+ resources: ["replicationcontrollers/scale"]
+ verbs: ["get", "update"]
+ - apiGroups: ["extensions", "apps"]
+ resources: ["deployments/scale", "replicasets/scale"]
+ verbs: ["get", "update"]
+# Remove the configmaps rule once below issue is fixed:
+# kubernetes-incubator/cluster-proportional-autoscaler#16
+ - apiGroups: [""]
+ resources: ["configmaps"]
+ verbs: ["get", "create"]
+{{- end }}
diff --git a/charts/coredns/templates/clusterrole.yaml b/charts/coredns/templates/clusterrole.yaml
new file mode 100644
index 0000000..8544681
--- /dev/null
+++ b/charts/coredns/templates/clusterrole.yaml
@@ -0,0 +1,45 @@
+{{- if and .Values.deployment.enabled .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRole
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+rules:
+- apiGroups:
+ - ""
+ resources:
+ - endpoints
+ - services
+ - pods
+ - namespaces
+ verbs:
+ - list
+ - watch
+- apiGroups:
+ - discovery.k8s.io
+ resources:
+ - endpointslices
+ verbs:
+ - list
+ - watch
+{{- if .Values.rbac.pspEnable }}
+- apiGroups:
+ - policy
+ - extensions
+ resources:
+ - podsecuritypolicies
+ verbs:
+ - use
+ resourceNames:
+ - {{ template "coredns.fullname" . }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/clusterrolebinding-autoscaler.yaml b/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
new file mode 100644
index 0000000..82a91d0
--- /dev/null
+++ b/charts/coredns/templates/clusterrolebinding-autoscaler.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "coredns.fullname" . }}-autoscaler
+subjects:
+- kind: ServiceAccount
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/coredns/templates/clusterrolebinding.yaml b/charts/coredns/templates/clusterrolebinding.yaml
new file mode 100644
index 0000000..1d3cb53
--- /dev/null
+++ b/charts/coredns/templates/clusterrolebinding.yaml
@@ -0,0 +1,24 @@
+{{- if and .Values.deployment.enabled .Values.rbac.create }}
+apiVersion: rbac.authorization.k8s.io/v1
+kind: ClusterRoleBinding
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+roleRef:
+ apiGroup: rbac.authorization.k8s.io
+ kind: ClusterRole
+ name: {{ template "coredns.fullname" . }}
+subjects:
+- kind: ServiceAccount
+ name: {{ template "coredns.serviceAccountName" . }}
+ namespace: {{ .Release.Namespace }}
+{{- end }}
diff --git a/charts/coredns/templates/configmap-autoscaler.yaml b/charts/coredns/templates/configmap-autoscaler.yaml
new file mode 100644
index 0000000..c690e7a
--- /dev/null
+++ b/charts/coredns/templates/configmap-autoscaler.yaml
@@ -0,0 +1,42 @@
+{{- if .Values.autoscaler.enabled }}
+---
+kind: ConfigMap
+apiVersion: v1
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ {{- if .Values.customLabels }}
+ {{- toYaml .Values.customLabels | nindent 4 }}
+ {{- end }}
+ {{- if or .Values.autoscaler.configmap.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.autoscaler.configmap.annotations -}}
+ {{ toYaml .Values.autoscaler.configmap.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+data:
+ # When cluster is using large nodes(with more cores), "coresPerReplica" should dominate.
+ # If using small nodes, "nodesPerReplica" should dominate.
+ linear: |-
+ {
+ "coresPerReplica": {{ .Values.autoscaler.coresPerReplica | float64 }},
+ "nodesPerReplica": {{ .Values.autoscaler.nodesPerReplica | float64 }},
+ "preventSinglePointFailure": {{ .Values.autoscaler.preventSinglePointFailure }},
+ "min": {{ .Values.autoscaler.min | int }},
+ "max": {{ .Values.autoscaler.max | int }},
+ "includeUnschedulableNodes": {{ .Values.autoscaler.includeUnschedulableNodes }}
+ }
+{{- end }}
diff --git a/charts/coredns/templates/configmap.yaml b/charts/coredns/templates/configmap.yaml
new file mode 100644
index 0000000..a1d8668
--- /dev/null
+++ b/charts/coredns/templates/configmap.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+data:
+ Corefile: |-
+ {{- range $name, $conf := .Values.extraConfig }}
+ {{ $name }}{{ if $conf.parameters }} {{ $conf.parameters }}{{ end }}
+ {{- end }}
+ {{ range .Values.servers }}
+ {{- range $idx, $zone := .zones }}{{ if $idx }} {{ else }}{{ end }}{{ default "" $zone.scheme }}{{ default "." $zone.zone }}{{ else }}.{{ end -}}
+ {{- if .port }}:{{ .port }} {{ end -}}
+ {
+ {{- range .plugins }}
+ {{ .name }}{{ if .parameters }} {{ .parameters }}{{ end }}{{ if .configBlock }} {
+{{ .configBlock | indent 12 }}
+ }{{ end }}
+ {{- end }}
+ }
+ {{ end }}
+ {{- range .Values.zoneFiles }}
+ {{ .filename }}: {{ toYaml .contents | indent 4 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/deployment-autoscaler.yaml b/charts/coredns/templates/deployment-autoscaler.yaml
new file mode 100644
index 0000000..31bcc96
--- /dev/null
+++ b/charts/coredns/templates/deployment-autoscaler.yaml
@@ -0,0 +1,96 @@
+{{- if and (.Values.autoscaler.enabled) (not .Values.hpa.enabled) }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ template:
+ metadata:
+ labels:
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.customLabels }}
+ {{ toYaml .Values.customLabels | nindent 8 }}
+ {{- end }}
+ annotations:
+ checksum/configmap: {{ include (print $.Template.BasePath "/configmap-autoscaler.yaml") . | sha256sum }}
+ {{- if .Values.isClusterService }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ {{- end }}
+ spec:
+ serviceAccountName: {{ template "coredns.fullname" . }}-autoscaler
+ {{- $priorityClassName := default .Values.priorityClassName .Values.autoscaler.priorityClassName }}
+ {{- if $priorityClassName }}
+ priorityClassName: {{ $priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.autoscaler.affinity }}
+ affinity:
+{{ toYaml .Values.autoscaler.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.autoscaler.tolerations }}
+ tolerations:
+{{ toYaml .Values.autoscaler.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.autoscaler.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.autoscaler.nodeSelector | indent 8 }}
+ {{- end }}
+ containers:
+ - name: autoscaler
+ image: "{{ .Values.autoscaler.image.repository }}:{{ .Values.autoscaler.image.tag }}"
+ imagePullPolicy: {{ .Values.autoscaler.image.pullPolicy }}
+ resources:
+{{ toYaml .Values.autoscaler.resources | indent 10 }}
+ {{- if .Values.autoscaler.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /healthz
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.autoscaler.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.autoscaler.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.autoscaler.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.autoscaler.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.autoscaler.livenessProbe.failureThreshold }}
+ {{- end }}
+ command:
+ - /cluster-proportional-autoscaler
+ - --namespace={{ .Release.Namespace }}
+ - --configmap={{ template "coredns.fullname" . }}-autoscaler
+ - --target=Deployment/{{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ - --logtostderr=true
+ - --v=2
+ {{- if .Values.autoscaler.customFlags }}
+{{ toYaml .Values.autoscaler.customFlags | indent 10 }}
+ {{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/deployment.yaml b/charts/coredns/templates/deployment.yaml
new file mode 100644
index 0000000..5d05c22
--- /dev/null
+++ b/charts/coredns/templates/deployment.yaml
@@ -0,0 +1,163 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.deployment.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.deployment.annotations }}
+ {{- toYaml .Values.deployment.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ {{- if not .Values.autoscaler.enabled }}
+ replicas: {{ .Values.replicaCount }}
+ {{- end }}
+ strategy:
+ type: RollingUpdate
+ rollingUpdate:
+ maxUnavailable: {{ .Values.rollingUpdate.maxUnavailable }}
+ maxSurge: {{ .Values.rollingUpdate.maxSurge }}
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ template:
+ metadata:
+ labels:
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 8 }}
+{{- end }}
+ annotations:
+ checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+ {{- if .Values.isClusterService }}
+ scheduler.alpha.kubernetes.io/critical-pod: ''
+ scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
+ {{- end }}
+{{- if .Values.podAnnotations }}
+{{ toYaml .Values.podAnnotations | indent 8 }}
+{{- end }}
+ spec:
+ {{- if .Values.terminationGracePeriodSeconds }}
+ terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }}
+ {{- end }}
+ serviceAccountName: {{ template "coredns.serviceAccountName" . }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: {{ .Values.priorityClassName | quote }}
+ {{- end }}
+ {{- if .Values.isClusterService }}
+ dnsPolicy: Default
+ {{- end }}
+ {{- if .Values.affinity }}
+ affinity:
+{{ toYaml .Values.affinity | indent 8 }}
+ {{- end }}
+ {{- if .Values.tolerations }}
+ tolerations:
+{{ toYaml .Values.tolerations | indent 8 }}
+ {{- end }}
+ {{- if .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml .Values.nodeSelector | indent 8 }}
+ {{- end }}
+ containers:
+ - name: "coredns"
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ args: [ "-conf", "/etc/coredns/Corefile" ]
+ volumeMounts:
+ - name: config-volume
+ mountPath: /etc/coredns
+{{- range .Values.extraSecrets }}
+ - name: {{ .name }}
+ mountPath: {{ .mountPath }}
+ readOnly: true
+{{- end }}
+{{- if .Values.extraVolumeMounts }}
+{{- toYaml .Values.extraVolumeMounts | nindent 8}}
+{{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 10 }}
+ ports:
+{{ include "coredns.containerPorts" . | indent 8 }}
+ {{- if .Values.livenessProbe.enabled }}
+ livenessProbe:
+ httpGet:
+ path: /health
+ port: 8080
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.livenessProbe.successThreshold }}
+ failureThreshold: {{ .Values.livenessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.readinessProbe.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /ready
+ port: 8181
+ scheme: HTTP
+ initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }}
+ successThreshold: {{ .Values.readinessProbe.successThreshold }}
+ failureThreshold: {{ .Values.readinessProbe.failureThreshold }}
+ {{- end }}
+ {{- if .Values.preStopSleep }}
+ lifecycle:
+ preStop:
+ exec:
+ command: ["/usr/bin/sleep", "{{ .Values.preStopSleep }}"]
+ {{- end }}
+{{- if .Values.securityContext }}
+ securityContext:
+{{- toYaml .Values.securityContext | nindent 10 }}
+{{- end }}
+ volumes:
+ - name: config-volume
+ configMap:
+ name: {{ template "coredns.fullname" . }}
+ items:
+ - key: Corefile
+ path: Corefile
+ {{ range .Values.zoneFiles }}
+ - key: {{ .filename }}
+ path: {{ .filename }}
+ {{ end }}
+{{- range .Values.extraSecrets }}
+ - name: {{ .name }}
+ secret:
+ secretName: {{ .name }}
+ defaultMode: 400
+{{- end }}
+{{- if .Values.extraVolumes }}
+{{ toYaml .Values.extraVolumes | indent 8 }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/hpa.yaml b/charts/coredns/templates/hpa.yaml
new file mode 100644
index 0000000..79fc4cc
--- /dev/null
+++ b/charts/coredns/templates/hpa.yaml
@@ -0,0 +1,37 @@
+{{- if and (.Values.hpa.enabled) (not .Values.autoscaler.enabled) }}
+---
+apiVersion: autoscaling/v2beta2
+kind: HorizontalPodAutoscaler
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ scaleTargetRef:
+ apiVersion: apps/v1
+ kind: Deployment
+ name: {{ default (include "coredns.fullname" .) .Values.deployment.name }}
+ minReplicas: {{ .Values.hpa.minReplicas }}
+ maxReplicas: {{ .Values.hpa.maxReplicas }}
+ metrics:
+{{ toYaml .Values.hpa.metrics | indent 4 }}
+{{- if .Values.hpa.behavior }}
+ behavior:
+{{ toYaml .Values.hpa.behavior | indent 4 }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/poddisruptionbudget.yaml b/charts/coredns/templates/poddisruptionbudget.yaml
new file mode 100644
index 0000000..9d0c96f
--- /dev/null
+++ b/charts/coredns/templates/poddisruptionbudget.yaml
@@ -0,0 +1,32 @@
+{{- if and .Values.deployment.enabled .Values.podDisruptionBudget -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{ toYaml .Values.podDisruptionBudget | indent 2 }}
+{{- end }}
diff --git a/charts/coredns/templates/podsecuritypolicy.yaml b/charts/coredns/templates/podsecuritypolicy.yaml
new file mode 100644
index 0000000..8a5d727
--- /dev/null
+++ b/charts/coredns/templates/podsecuritypolicy.yaml
@@ -0,0 +1,57 @@
+{{- if and .Values.deployment.enabled .Values.rbac.pspEnable }}
+{{ if .Capabilities.APIVersions.Has "policy/v1beta1" }}
+apiVersion: policy/v1beta1
+{{ else }}
+apiVersion: extensions/v1beta1
+{{ end -}}
+kind: PodSecurityPolicy
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- else }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- end }}
+spec:
+ privileged: false
+ # Required to prevent escalations to root.
+ allowPrivilegeEscalation: false
+ # Add back CAP_NET_BIND_SERVICE so that coredns can run on port 53
+ allowedCapabilities:
+ - CAP_NET_BIND_SERVICE
+ # Allow core volume types.
+ volumes:
+ - 'configMap'
+ - 'emptyDir'
+ - 'projected'
+ - 'secret'
+ - 'downwardAPI'
+ hostNetwork: false
+ hostIPC: false
+ hostPID: false
+ runAsUser:
+ # Require the container to run without root privileges.
+ rule: 'RunAsAny'
+ seLinux:
+ # This policy assumes the nodes are using AppArmor rather than SELinux.
+ rule: 'RunAsAny'
+ supplementalGroups:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ fsGroup:
+ rule: 'MustRunAs'
+ ranges:
+ # Forbid adding the root group.
+ - min: 1
+ max: 65535
+ readOnlyRootFilesystem: false
+{{- end }}
diff --git a/charts/coredns/templates/service-metrics.yaml b/charts/coredns/templates/service-metrics.yaml
new file mode 100644
index 0000000..bd1eaae
--- /dev/null
+++ b/charts/coredns/templates/service-metrics.yaml
@@ -0,0 +1,43 @@
+{{- if and .Values.deployment.enabled .Values.prometheus.service.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "coredns.fullname" . }}-metrics
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/component: metrics
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.prometheus.service.annotations .Values.service.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.prometheus.service.annotations }}
+ {{- toYaml .Values.prometheus.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.service.annotations }}
+ {{- toYaml .Values.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ selector:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ ports:
+ - name: metrics
+ port: 9153
+ targetPort: 9153
+{{- end }}
diff --git a/charts/coredns/templates/service.yaml b/charts/coredns/templates/service.yaml
new file mode 100644
index 0000000..94d6055
--- /dev/null
+++ b/charts/coredns/templates/service.yaml
@@ -0,0 +1,52 @@
+{{- if .Values.deployment.enabled }}
+---
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ default (include "coredns.fullname" .) .Values.service.name }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+ {{- if or .Values.service.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.service.annotations }}
+ {{- toYaml .Values.service.annotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+spec:
+ selector:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if .Values.service.clusterIP }}
+ clusterIP: {{ .Values.service.clusterIP }}
+ {{- end }}
+ {{- if .Values.service.externalIPs }}
+ externalIPs:
+ {{ toYaml .Values.service.externalIPs | indent 4 }}
+ {{- end }}
+ {{- if .Values.service.externalTrafficPolicy }}
+ externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
+ {{- end }}
+ {{- if .Values.service.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.service.loadBalancerIP }}
+ {{- end }}
+ ports:
+{{ include "coredns.servicePorts" . | indent 2 -}}
+ type: {{ default "ClusterIP" .Values.serviceType }}
+{{- end }}
diff --git a/charts/coredns/templates/serviceaccount-autoscaler.yaml b/charts/coredns/templates/serviceaccount-autoscaler.yaml
new file mode 100644
index 0000000..b0479e9
--- /dev/null
+++ b/charts/coredns/templates/serviceaccount-autoscaler.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.autoscaler.enabled .Values.rbac.create }}
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "coredns.fullname" . }}-autoscaler
+ namespace: {{ .Release.Namespace }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name }}-autoscaler
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}-autoscaler
+{{- if .Values.customLabels }}
+{{ toYaml .Values.customLabels | indent 4 }}
+{{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+{{- if .Values.autoscaler.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.autoscaler.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/serviceaccount.yaml b/charts/coredns/templates/serviceaccount.yaml
new file mode 100644
index 0000000..abc9646
--- /dev/null
+++ b/charts/coredns/templates/serviceaccount.yaml
@@ -0,0 +1,31 @@
+{{- if and .Values.deployment.enabled .Values.serviceAccount.create }}
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+ name: {{ template "coredns.serviceAccountName" . }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if or .Values.serviceAccount.annotations .Values.customAnnotations }}
+ annotations:
+ {{- if .Values.customAnnotations }}
+ {{- toYaml .Values.customAnnotations | nindent 4 }}
+ {{- end }}
+ {{- if .Values.serviceAccount.annotations }}
+ {{- toYaml .Values.serviceAccount.annotations | nindent 4 }}
+ {{- end }}
+ {{- end }}
+{{- if .Values.image.pullSecrets }}
+imagePullSecrets:
+{{- range .Values.image.pullSecrets }}
+ - name: {{ . }}
+{{- end }}
+{{- end }}
+{{- end }}
diff --git a/charts/coredns/templates/servicemonitor.yaml b/charts/coredns/templates/servicemonitor.yaml
new file mode 100644
index 0000000..9e6f143
--- /dev/null
+++ b/charts/coredns/templates/servicemonitor.yaml
@@ -0,0 +1,40 @@
+{{- if and .Values.deployment.enabled .Values.prometheus.monitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+ name: {{ template "coredns.fullname" . }}
+ {{- if .Values.prometheus.monitor.namespace }}
+ namespace: {{ .Values.prometheus.monitor.namespace }}
+ {{- end }}
+ labels:
+ app.kubernetes.io/managed-by: {{ .Release.Service | quote }}
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ helm.sh/chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}"
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ kubernetes.io/cluster-service: "true"
+ kubernetes.io/name: "CoreDNS"
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ {{- if .Values.prometheus.monitor.additionalLabels }}
+{{ toYaml .Values.prometheus.monitor.additionalLabels | indent 4 }}
+ {{- end }}
+{{- with .Values.customAnnotations }}
+ annotations:
+{{- toYaml . | nindent 4 }}
+{{- end }}
+spec:
+ selector:
+ matchLabels:
+ app.kubernetes.io/instance: {{ .Release.Name | quote }}
+ {{- if .Values.isClusterService }}
+ k8s-app: {{ .Chart.Name | quote }}
+ {{- end }}
+ app.kubernetes.io/name: {{ template "coredns.name" . }}
+ app.kubernetes.io/component: metrics
+ endpoints:
+ - port: metrics
+ {{- if .Values.prometheus.monitor.interval }}
+ interval: {{ .Values.prometheus.monitor.interval }}
+ {{- end }}
+{{- end }}