---
# Source: coredns/charts/coredns/templates/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
  name: coredns
  namespace: kube-system
  labels:
    app.kubernetes.io/managed-by: "Helm"
    app.kubernetes.io/instance: "coredns"
    helm.sh/chart: "coredns-1.45.0"
    k8s-app: coredns
    kubernetes.io/cluster-service: "true"
    kubernetes.io/name: "CoreDNS"
    app.kubernetes.io/name: coredns
    app.kubernetes.io/version: "v1.13.1"
spec:
  replicas: 3
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 25%
  selector:
    matchLabels:
      app.kubernetes.io/instance: "coredns"
      k8s-app: coredns
      app.kubernetes.io/name: coredns
  template:
    metadata:
      labels:
        k8s-app: coredns
        app.kubernetes.io/name: coredns
        app.kubernetes.io/instance: "coredns"
      annotations:
        checksum/config: 6f07144a3d5dc8ad880e010546e8deee6bb3a150eb089529d925c21f2a78a7d0
        scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]'
    spec:
      terminationGracePeriodSeconds: 30
      serviceAccountName: coredns
      priorityClassName: "system-cluster-critical"
      dnsPolicy: Default
      tolerations:
        - effect: NoSchedule
          key: node-role.kubernetes.io/control-plane
          operator: Exists
        - effect: NoSchedule
          key: node.cloudprovider.kubernetes.io/uninitialized
          operator: Exists
      nodeSelector:
        kubernetes.io/os: linux
      containers:
        - name: "coredns"
          image: "registry.k8s.io/coredns/coredns:v1.13.1"
          imagePullPolicy: IfNotPresent
          args: ["-conf", "/etc/coredns/Corefile"]
          volumeMounts:
            - name: config-volume
              mountPath: /etc/coredns
          resources:
            limits:
              cpu: 100m
              memory: 128Mi
            requests:
              cpu: 50m
              memory: 128Mi
          ports:
            - {"containerPort": 53, "name": "udp-53", "protocol": "UDP"}
            - {"containerPort": 53, "name": "tcp-53", "protocol": "TCP"}
            - {"containerPort": 9153, "name": "tcp-9153", "protocol": "TCP"}
          livenessProbe:
            httpGet:
              path: /health
              port: 8080
              scheme: HTTP
            initialDelaySeconds: 60
            periodSeconds: 10
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 5
          readinessProbe:
            httpGet:
              path: /ready
              port: 8181
              scheme: HTTP
            initialDelaySeconds: 30
            periodSeconds: 5
            timeoutSeconds: 5
            successThreshold: 1
            failureThreshold: 1
          securityContext:
            allowPrivilegeEscalation: false
            capabilities:
              add:
                - NET_BIND_SERVICE
              drop:
                - ALL
            readOnlyRootFilesystem: true
      volumes:
        - name: config-volume
          configMap:
            name: coredns
            items:
              - key: Corefile
                path: Corefile