Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 1 | # Default values for coredns. |
| 2 | # This is a YAML-formatted file. |
| 3 | # Declare variables to be passed into your templates. |
| 4 | |
| 5 | image: |
| 6 | repository: coredns/coredns |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 7 | # Overrides the image tag whose default is the chart appVersion. |
| 8 | tag: "" |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 9 | pullPolicy: IfNotPresent |
| 10 | ## Optionally specify an array of imagePullSecrets. |
| 11 | ## Secrets must be manually created in the namespace. |
| 12 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 13 | ## |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 14 | pullSecrets: [] |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 15 | # pullSecrets: |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 16 | # - name: myRegistryKeySecretName |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 17 | |
| 18 | replicaCount: 1 |
| 19 | |
| 20 | resources: |
| 21 | limits: |
| 22 | cpu: 100m |
| 23 | memory: 128Mi |
| 24 | requests: |
| 25 | cpu: 100m |
| 26 | memory: 128Mi |
| 27 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 28 | rollingUpdate: |
| 29 | maxUnavailable: 1 |
| 30 | maxSurge: 25% |
| 31 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 32 | terminationGracePeriodSeconds: 30 |
| 33 | |
| 34 | podAnnotations: {} |
| 35 | # cluster-autoscaler.kubernetes.io/safe-to-evict: "false" |
| 36 | |
| 37 | serviceType: "ClusterIP" |
| 38 | |
| 39 | prometheus: |
| 40 | service: |
| 41 | enabled: false |
| 42 | annotations: |
| 43 | prometheus.io/scrape: "true" |
| 44 | prometheus.io/port: "9153" |
Mohammed Naser | 7d1623e | 2024-06-17 09:12:39 -0400 | [diff] [blame] | 45 | selector: {} |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 46 | monitor: |
| 47 | enabled: false |
| 48 | additionalLabels: {} |
| 49 | namespace: "" |
| 50 | interval: "" |
Mohammed Naser | 7d1623e | 2024-06-17 09:12:39 -0400 | [diff] [blame] | 51 | selector: {} |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 52 | |
| 53 | service: |
| 54 | # clusterIP: "" |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 55 | # clusterIPs: [] |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 56 | # loadBalancerIP: "" |
| 57 | # externalIPs: [] |
| 58 | # externalTrafficPolicy: "" |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 59 | # ipFamilyPolicy: "" |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 60 | # The name of the Service |
| 61 | # If not set, a name is generated using the fullname template |
| 62 | name: "" |
| 63 | annotations: {} |
Mohammed Naser | 7d1623e | 2024-06-17 09:12:39 -0400 | [diff] [blame] | 64 | # Pod selector |
| 65 | selector: {} |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 66 | |
| 67 | serviceAccount: |
| 68 | create: false |
| 69 | # The name of the ServiceAccount to use |
| 70 | # If not set and create is true, a name is generated using the fullname template |
| 71 | name: "" |
| 72 | annotations: {} |
| 73 | |
| 74 | rbac: |
| 75 | # If true, create & use RBAC resources |
| 76 | create: true |
| 77 | # If true, create and use PodSecurityPolicy |
| 78 | pspEnable: false |
| 79 | # The name of the ServiceAccount to use. |
| 80 | # If not set and create is true, a name is generated using the fullname template |
| 81 | # name: |
| 82 | |
| 83 | # isClusterService specifies whether chart should be deployed as cluster-service or normal k8s app. |
| 84 | isClusterService: true |
| 85 | |
| 86 | # Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set. |
| 87 | priorityClassName: "" |
| 88 | |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 89 | # Configure the pod level securityContext. |
| 90 | podSecurityContext: {} |
| 91 | |
| 92 | # Configure SecurityContext for Pod. |
| 93 | # Ensure that required linux capability to bind port number below 1024 is assigned (`CAP_NET_BIND_SERVICE`). |
| 94 | securityContext: |
| 95 | capabilities: |
| 96 | add: |
| 97 | - NET_BIND_SERVICE |
| 98 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 99 | # Default zone is what Kubernetes recommends: |
| 100 | # https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options |
| 101 | servers: |
| 102 | - zones: |
| 103 | - zone: . |
| 104 | port: 53 |
| 105 | # If serviceType is nodePort you can specify nodePort here |
| 106 | # nodePort: 30053 |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 107 | # hostPort: 53 |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 108 | plugins: |
| 109 | - name: errors |
| 110 | # Serves a /health endpoint on :8080, required for livenessProbe |
| 111 | - name: health |
| 112 | configBlock: |- |
| 113 | lameduck 5s |
| 114 | # Serves a /ready endpoint on :8181, required for readinessProbe |
| 115 | - name: ready |
| 116 | # Required to query kubernetes API for data |
| 117 | - name: kubernetes |
| 118 | parameters: cluster.local in-addr.arpa ip6.arpa |
| 119 | configBlock: |- |
| 120 | pods insecure |
| 121 | fallthrough in-addr.arpa ip6.arpa |
| 122 | ttl 30 |
| 123 | # Serves a /metrics endpoint on :9153, required for serviceMonitor |
| 124 | - name: prometheus |
| 125 | parameters: 0.0.0.0:9153 |
| 126 | - name: forward |
| 127 | parameters: . /etc/resolv.conf |
| 128 | - name: cache |
| 129 | parameters: 30 |
| 130 | - name: loop |
| 131 | - name: reload |
| 132 | - name: loadbalance |
| 133 | |
| 134 | # Complete example with all the options: |
| 135 | # - zones: # the `zones` block can be left out entirely, defaults to "." |
| 136 | # - zone: hello.world. # optional, defaults to "." |
| 137 | # scheme: tls:// # optional, defaults to "" (which equals "dns://" in CoreDNS) |
| 138 | # - zone: foo.bar. |
| 139 | # scheme: dns:// |
| 140 | # use_tcp: true # set this parameter to optionally expose the port on tcp as well as udp for the DNS protocol |
| 141 | # # Note that this will not work if you are also exposing tls or grpc on the same server |
| 142 | # port: 12345 # optional, defaults to "" (which equals 53 in CoreDNS) |
| 143 | # plugins: # the plugins to use for this server block |
| 144 | # - name: kubernetes # name of plugin, if used multiple times ensure that the plugin supports it! |
| 145 | # parameters: foo bar # list of parameters after the plugin |
| 146 | # configBlock: |- # if the plugin supports extra block style config, supply it here |
| 147 | # hello world |
| 148 | # foo bar |
| 149 | |
| 150 | # Extra configuration that is applied outside of the default zone block. |
| 151 | # Example to include additional config files, which may come from extraVolumes: |
| 152 | # extraConfig: |
| 153 | # import: |
| 154 | # parameters: /opt/coredns/*.conf |
| 155 | extraConfig: {} |
| 156 | |
| 157 | # To use the livenessProbe, the health plugin needs to be enabled in CoreDNS' server config |
| 158 | livenessProbe: |
| 159 | enabled: true |
| 160 | initialDelaySeconds: 60 |
| 161 | periodSeconds: 10 |
| 162 | timeoutSeconds: 5 |
| 163 | failureThreshold: 5 |
| 164 | successThreshold: 1 |
| 165 | # To use the readinessProbe, the ready plugin needs to be enabled in CoreDNS' server config |
| 166 | readinessProbe: |
| 167 | enabled: true |
| 168 | initialDelaySeconds: 30 |
| 169 | periodSeconds: 10 |
| 170 | timeoutSeconds: 5 |
| 171 | failureThreshold: 5 |
| 172 | successThreshold: 1 |
| 173 | |
| 174 | # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core |
| 175 | # for example: |
| 176 | # affinity: |
| 177 | # nodeAffinity: |
| 178 | # requiredDuringSchedulingIgnoredDuringExecution: |
| 179 | # nodeSelectorTerms: |
| 180 | # - matchExpressions: |
| 181 | # - key: foo.bar.com/role |
| 182 | # operator: In |
| 183 | # values: |
| 184 | # - master |
| 185 | affinity: {} |
| 186 | |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 187 | # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core |
| 188 | # and supports Helm templating. |
| 189 | # For example: |
| 190 | # topologySpreadConstraints: |
| 191 | # - labelSelector: |
| 192 | # matchLabels: |
| 193 | # app.kubernetes.io/name: '{{ template "coredns.name" . }}' |
| 194 | # app.kubernetes.io/instance: '{{ .Release.Name }}' |
| 195 | # topologyKey: topology.kubernetes.io/zone |
| 196 | # maxSkew: 1 |
| 197 | # whenUnsatisfiable: ScheduleAnyway |
| 198 | # - labelSelector: |
| 199 | # matchLabels: |
| 200 | # app.kubernetes.io/name: '{{ template "coredns.name" . }}' |
| 201 | # app.kubernetes.io/instance: '{{ .Release.Name }}' |
| 202 | # topologyKey: kubernetes.io/hostname |
| 203 | # maxSkew: 1 |
| 204 | # whenUnsatisfiable: ScheduleAnyway |
| 205 | topologySpreadConstraints: [] |
| 206 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 207 | # Node labels for pod assignment |
| 208 | # Ref: https://kubernetes.io/docs/user-guide/node-selection/ |
| 209 | nodeSelector: {} |
| 210 | |
| 211 | # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core |
| 212 | # for example: |
| 213 | # tolerations: |
| 214 | # - key: foo.bar.com/role |
| 215 | # operator: Equal |
| 216 | # value: master |
| 217 | # effect: NoSchedule |
| 218 | tolerations: [] |
| 219 | |
| 220 | # https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget |
| 221 | podDisruptionBudget: {} |
| 222 | |
| 223 | # configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/ |
| 224 | zoneFiles: [] |
| 225 | # - filename: example.db |
| 226 | # domain: example.com |
| 227 | # contents: | |
| 228 | # example.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600 |
| 229 | # example.com. IN NS b.iana-servers.net. |
| 230 | # example.com. IN NS a.iana-servers.net. |
| 231 | # example.com. IN A 192.168.99.102 |
| 232 | # *.example.com. IN A 192.168.99.102 |
| 233 | |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 234 | # optional array of sidecar containers |
| 235 | extraContainers: [] |
| 236 | # - name: some-container-name |
| 237 | # image: some-image:latest |
| 238 | # imagePullPolicy: Always |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 239 | # optional array of extra volumes to create |
| 240 | extraVolumes: [] |
| 241 | # - name: some-volume-name |
| 242 | # emptyDir: {} |
| 243 | # optional array of mount points for extraVolumes |
| 244 | extraVolumeMounts: [] |
| 245 | # - name: some-volume-name |
| 246 | # mountPath: /etc/wherever |
| 247 | |
| 248 | # optional array of secrets to mount inside coredns container |
| 249 | # possible usecase: need for secure connection with etcd backend |
| 250 | extraSecrets: [] |
| 251 | # - name: etcd-client-certs |
| 252 | # mountPath: /etc/coredns/tls/etcd |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 253 | # defaultMode: 420 |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 254 | # - name: some-fancy-secret |
| 255 | # mountPath: /etc/wherever |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 256 | # defaultMode: 440 |
| 257 | |
| 258 | # To support legacy deployments using CoreDNS with the "k8s-app: kube-dns" label selectors. |
| 259 | # See https://github.com/coredns/helm/blob/master/charts/coredns/README.md#adopting-existing-coredns-resources |
| 260 | # k8sAppLabelOverride: "kube-dns" |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 261 | |
| 262 | # Custom labels to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled. |
| 263 | customLabels: {} |
| 264 | |
| 265 | # Custom annotations to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled. |
| 266 | customAnnotations: {} |
| 267 | |
| 268 | ## Alternative configuration for HPA deployment if wanted |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 269 | ## Create HorizontalPodAutoscaler object. |
| 270 | ## |
| 271 | # hpa: |
| 272 | # enabled: false |
| 273 | # minReplicas: 1 |
| 274 | # maxReplicas: 10 |
| 275 | # metrics: |
| 276 | # metrics: |
| 277 | # - type: Resource |
| 278 | # resource: |
| 279 | # name: memory |
| 280 | # target: |
| 281 | # type: Utilization |
| 282 | # averageUtilization: 60 |
| 283 | # - type: Resource |
| 284 | # resource: |
| 285 | # name: cpu |
| 286 | # target: |
| 287 | # type: Utilization |
| 288 | # averageUtilization: 60 |
| 289 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 290 | hpa: |
| 291 | enabled: false |
| 292 | minReplicas: 1 |
| 293 | maxReplicas: 2 |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 294 | metrics: [] |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 295 | |
| 296 | ## Configue a cluster-proportional-autoscaler for coredns |
| 297 | # See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler |
| 298 | autoscaler: |
| 299 | # Enabled the cluster-proportional-autoscaler |
| 300 | enabled: false |
| 301 | |
| 302 | # Number of cores in the cluster per coredns replica |
| 303 | coresPerReplica: 256 |
| 304 | # Number of nodes in the cluster per coredns replica |
| 305 | nodesPerReplica: 16 |
| 306 | # Min size of replicaCount |
| 307 | min: 0 |
| 308 | # Max size of replicaCount (default of 0 is no max) |
| 309 | max: 0 |
| 310 | # Whether to include unschedulable nodes in the nodes/cores calculations - this requires version 1.8.0+ of the autoscaler |
| 311 | includeUnschedulableNodes: false |
| 312 | # If true does not allow single points of failure to form |
| 313 | preventSinglePointFailure: true |
| 314 | |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 315 | # Annotations for the coredns proportional autoscaler pods |
| 316 | podAnnotations: {} |
| 317 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 318 | ## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler. |
| 319 | ## Useful for e.g. the nodelabels flag. |
| 320 | # customFlags: |
| 321 | # - --nodelabels=topology.kubernetes.io/zone=us-east-1a |
| 322 | |
| 323 | image: |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 324 | repository: registry.k8s.io/cpa/cluster-proportional-autoscaler |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 325 | tag: "1.8.5" |
| 326 | pullPolicy: IfNotPresent |
| 327 | ## Optionally specify an array of imagePullSecrets. |
| 328 | ## Secrets must be manually created in the namespace. |
| 329 | ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/ |
| 330 | ## |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 331 | pullSecrets: [] |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 332 | # pullSecrets: |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 333 | # - name: myRegistryKeySecretName |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 334 | |
| 335 | # Optional priority class to be used for the autoscaler pods. priorityClassName used if not set. |
| 336 | priorityClassName: "" |
| 337 | |
| 338 | # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core |
| 339 | affinity: {} |
| 340 | |
| 341 | # Node labels for pod assignment |
| 342 | # Ref: https://kubernetes.io/docs/user-guide/node-selection/ |
| 343 | nodeSelector: {} |
| 344 | |
| 345 | # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core |
| 346 | tolerations: [] |
| 347 | |
| 348 | # resources for autoscaler pod |
| 349 | resources: |
| 350 | requests: |
| 351 | cpu: "20m" |
| 352 | memory: "10Mi" |
| 353 | limits: |
| 354 | cpu: "20m" |
| 355 | memory: "10Mi" |
| 356 | |
| 357 | # Options for autoscaler configmap |
| 358 | configmap: |
| 359 | ## Annotations for the coredns-autoscaler configmap |
| 360 | # i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed |
| 361 | annotations: {} |
| 362 | |
| 363 | # Enables the livenessProbe for cluster-proportional-autoscaler - this requires version 1.8.0+ of the autoscaler |
| 364 | livenessProbe: |
| 365 | enabled: true |
| 366 | initialDelaySeconds: 10 |
| 367 | periodSeconds: 5 |
| 368 | timeoutSeconds: 5 |
| 369 | failureThreshold: 3 |
| 370 | successThreshold: 1 |
| 371 | |
Mohammed Naser | 65cda13 | 2024-05-02 14:34:08 -0400 | [diff] [blame] | 372 | # optional array of sidecar containers |
| 373 | extraContainers: [] |
| 374 | # - name: some-container-name |
| 375 | # image: some-image:latest |
| 376 | # imagePullPolicy: Always |
| 377 | |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 378 | deployment: |
Mohammed Naser | 7d1623e | 2024-06-17 09:12:39 -0400 | [diff] [blame] | 379 | skipConfig: false |
Mohammed Naser | 9ad0d46 | 2023-01-15 20:36:37 -0500 | [diff] [blame] | 380 | enabled: true |
| 381 | name: "" |
| 382 | ## Annotations for the coredns deployment |
| 383 | annotations: {} |
Mohammed Naser | 7d1623e | 2024-06-17 09:12:39 -0400 | [diff] [blame] | 384 | ## Pod selector |
| 385 | selector: {} |