diff --git a/charts/coredns/Chart.yaml b/charts/coredns/Chart.yaml index 2f67a48d..836ae41d 100644 --- a/charts/coredns/Chart.yaml +++ b/charts/coredns/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: coredns -version: 1.32.0 +version: 1.33.0 appVersion: 1.11.3 home: https://coredns.io icon: https://coredns.io/images/CoreDNS_Colour_Horizontal.png @@ -21,3 +21,5 @@ annotations: artifacthub.io/changes: | - kind: changed description: Upgrade CoreDNS to 1.11.3 + - kind: added + description: Daemonset deploy mode is supported now, make it possible to use coredns as local dns to boost performance. diff --git a/charts/coredns/templates/cilium-localredirectypolicy.yaml b/charts/coredns/templates/cilium-localredirectypolicy.yaml new file mode 100644 index 00000000..fbada38c --- /dev/null +++ b/charts/coredns/templates/cilium-localredirectypolicy.yaml @@ -0,0 +1,38 @@ +{{- if .Values.cilium.localRedirectPolicy.enabled }} +apiVersion: "cilium.io/v2" +kind: CiliumLocalRedirectPolicy +metadata: + name: {{ default (include "coredns.fullname" .) .Values.cilium.localRedirectPolicy.name }} + namespace: {{ .Release.Namespace }} + labels: {{- include "coredns.labels" . | nindent 4 }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + {{- if or .Values.deployment.annotations .Values.customAnnotations }} + annotations: + {{- if .Values.customAnnotations }} + {{- toYaml .Values.customAnnotations | nindent 4 }} + {{- end }} + {{- end }} +spec: + redirectFrontend: + addressMatcher: + ip: {{ .Values.cilium.localRedirectPolicy.frontend.ip }} + toPorts: + {{- toYaml .Values.cilium.localRedirectPolicy.frontend.toPorts | nindent 8 }} + redirectBackend: + localEndpointSelector: + matchLabels: + {{- if .Values.service.selector }} + {{- toYaml .Values.service.selector | nindent 10 }} + {{- else }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- if .Values.isClusterService }} + k8s-app: {{ template "coredns.k8sapplabel" . }} + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }} + {{- end }} + toPorts: + {{- toYaml .Values.cilium.localRedirectPolicy.backend.toPorts | nindent 4 }} +{{- end }} diff --git a/charts/coredns/templates/clusterrole.yaml b/charts/coredns/templates/clusterrole.yaml index ecdeafae..2f7a82a6 100644 --- a/charts/coredns/templates/clusterrole.yaml +++ b/charts/coredns/templates/clusterrole.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.rbac.create }} +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: diff --git a/charts/coredns/templates/clusterrolebinding.yaml b/charts/coredns/templates/clusterrolebinding.yaml index ebeaf143..0a4d08dd 100644 --- a/charts/coredns/templates/clusterrolebinding.yaml +++ b/charts/coredns/templates/clusterrolebinding.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.rbac.create }} +{{- if .Values.rbac.create }} apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: diff --git a/charts/coredns/templates/configmap.yaml b/charts/coredns/templates/configmap.yaml index e37858c1..9f89a39d 100644 --- a/charts/coredns/templates/configmap.yaml +++ b/charts/coredns/templates/configmap.yaml @@ -1,4 +1,3 @@ -{{- if .Values.deployment.enabled }} {{- if not .Values.deployment.skipConfig }} --- apiVersion: v1 @@ -34,4 +33,3 @@ data: {{ .filename }}: {{ toYaml .contents | indent 4 }} {{- end }} {{- end }} -{{- end }} diff --git a/charts/coredns/templates/daemonset.yaml b/charts/coredns/templates/daemonset.yaml new file mode 100644 index 00000000..f70645b4 --- /dev/null +++ b/charts/coredns/templates/daemonset.yaml @@ -0,0 +1,162 @@ +{{- if .Values.daemonset.enabled }} +--- +apiVersion: apps/v1 +kind: DaemonSet +metadata: + name: {{ default (include "coredns.fullname" .) .Values.daemonset.name }} + namespace: {{ .Release.Namespace }} + labels: {{- include "coredns.labels" . | nindent 4 }} + app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 4 }} +{{- end }} + {{- if or .Values.daemonset.annotations .Values.customAnnotations }} + annotations: + {{- if .Values.customAnnotations }} + {{- toYaml .Values.customAnnotations | nindent 4 }} + {{- end }} + {{- if .Values.daemonset.annotations }} + {{- toYaml .Values.daemonset.annotations | nindent 4 }} + {{- end }} + {{- end }} +spec: + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: {{ .Values.rollingUpdate.maxUnavailable }} + maxSurge: {{ .Values.rollingUpdate.maxSurge }} + selector: + {{- if .Values.daemonset.selector }} + {{- toYaml .Values.daemonset.selector | nindent 4 }} + {{- else }} + matchLabels: + app.kubernetes.io/instance: {{ .Release.Name | quote }} + {{- if .Values.isClusterService }} + k8s-app: {{ template "coredns.k8sapplabel" . }} + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }} + {{- end }} + template: + metadata: + labels: + {{- if .Values.isClusterService }} + k8s-app: {{ template "coredns.k8sapplabel" . }} + {{- end }} + app.kubernetes.io/name: {{ template "coredns.name" . }} + app.kubernetes.io/instance: {{ .Release.Name | quote }} +{{- if .Values.customLabels }} +{{ toYaml .Values.customLabels | indent 8 }} +{{- end }} + annotations: + {{- if .Values.isClusterService }} + scheduler.alpha.kubernetes.io/tolerations: '[{"key":"CriticalAddonsOnly", "operator":"Exists"}]' + {{- end }} +{{- if .Values.podAnnotations }} +{{ toYaml .Values.podAnnotations | indent 8 }} +{{- end }} + spec: + {{- if .Values.podSecurityContext }} + securityContext: {{ toYaml .Values.podSecurityContext | nindent 8 }} + {{- end }} + {{- if .Values.terminationGracePeriodSeconds }} + terminationGracePeriodSeconds: {{ .Values.terminationGracePeriodSeconds }} + {{- end }} + serviceAccountName: {{ template "coredns.serviceAccountName" . }} + {{- if .Values.priorityClassName }} + priorityClassName: {{ .Values.priorityClassName | quote }} + {{- end }} + {{- if .Values.isClusterService }} + dnsPolicy: Default + {{- end }} + {{- if .Values.affinity }} + affinity: +{{ toYaml .Values.affinity | indent 8 }} + {{- end }} + {{- if .Values.topologySpreadConstraints }} + topologySpreadConstraints: +{{ tpl (toYaml .Values.topologySpreadConstraints) $ | indent 8 }} + {{- end }} + {{- if .Values.tolerations }} + tolerations: +{{ toYaml .Values.tolerations | indent 8 }} + {{- end }} + {{- if .Values.nodeSelector }} + nodeSelector: +{{ toYaml .Values.nodeSelector | indent 8 }} + {{- end }} + {{- if not (empty .Values.image.pullSecrets) }} + imagePullSecrets: +{{ toYaml .Values.image.pullSecrets | indent 8 }} + {{- end }} + containers: + - name: "coredns" + image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + args: [ "-conf", "/etc/coredns/Corefile" ] + volumeMounts: + - name: config-volume + mountPath: /etc/coredns +{{- range .Values.extraSecrets }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + readOnly: true +{{- end }} +{{- if .Values.extraVolumeMounts }} +{{- toYaml .Values.extraVolumeMounts | nindent 8}} +{{- end }} + resources: +{{ toYaml .Values.resources | indent 10 }} + ports: +{{ include "coredns.containerPorts" . | indent 8 }} + {{- if .Values.livenessProbe.enabled }} + livenessProbe: + httpGet: + path: /health + port: 8080 + scheme: HTTP + initialDelaySeconds: {{ .Values.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /ready + port: 8181 + scheme: HTTP + initialDelaySeconds: {{ .Values.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.readinessProbe.failureThreshold }} + {{- end }} +{{- if .Values.securityContext }} + securityContext: +{{- toYaml .Values.securityContext | nindent 10 }} +{{- end }} +{{- if .Values.extraContainers }} +{{ toYaml .Values.extraContainers | indent 6 }} +{{- end }} + volumes: + - name: config-volume + configMap: + name: {{ template "coredns.fullname" . }} + items: + - key: Corefile + path: Corefile + {{ range .Values.zoneFiles }} + - key: {{ .filename }} + path: {{ .filename }} + {{ end }} +{{- range .Values.extraSecrets }} + - name: {{ .name }} + secret: + secretName: {{ .name }} + defaultMode: {{ default 400 .defaultMode }} +{{- end }} +{{- if .Values.extraVolumes }} +{{ toYaml .Values.extraVolumes | indent 8 }} +{{- end }} +{{- end }} diff --git a/charts/coredns/templates/poddisruptionbudget.yaml b/charts/coredns/templates/poddisruptionbudget.yaml index 136d8049..a01ad5dd 100644 --- a/charts/coredns/templates/poddisruptionbudget.yaml +++ b/charts/coredns/templates/poddisruptionbudget.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.podDisruptionBudget -}} +{{- if .Values.podDisruptionBudget -}} apiVersion: policy/v1 kind: PodDisruptionBudget metadata: diff --git a/charts/coredns/templates/podsecuritypolicy.yaml b/charts/coredns/templates/podsecuritypolicy.yaml index 6e02e00d..6f1a050f 100644 --- a/charts/coredns/templates/podsecuritypolicy.yaml +++ b/charts/coredns/templates/podsecuritypolicy.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.rbac.pspEnable }} +{{- if .Values.rbac.pspEnable }} {{ if .Capabilities.APIVersions.Has "policy/v1beta1" }} apiVersion: policy/v1beta1 {{ else }} diff --git a/charts/coredns/templates/service-metrics.yaml b/charts/coredns/templates/service-metrics.yaml index 0ae9a157..b1c49c78 100644 --- a/charts/coredns/templates/service-metrics.yaml +++ b/charts/coredns/templates/service-metrics.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.prometheus.service.enabled }} +{{- if .Values.prometheus.service.enabled }} apiVersion: v1 kind: Service metadata: diff --git a/charts/coredns/templates/service.yaml b/charts/coredns/templates/service.yaml index 95babce2..42a70986 100644 --- a/charts/coredns/templates/service.yaml +++ b/charts/coredns/templates/service.yaml @@ -1,4 +1,3 @@ -{{- if .Values.deployment.enabled }} --- apiVersion: v1 kind: Service @@ -52,4 +51,3 @@ spec: {{- if .Values.service.ipFamilyPolicy }} ipFamilyPolicy: {{ .Values.service.ipFamilyPolicy }} {{- end }} -{{- end }} diff --git a/charts/coredns/templates/serviceaccount.yaml b/charts/coredns/templates/serviceaccount.yaml index e4ee52c8..efa6ce24 100644 --- a/charts/coredns/templates/serviceaccount.yaml +++ b/charts/coredns/templates/serviceaccount.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.serviceAccount.create }} +{{- if .Values.serviceAccount.create }} apiVersion: v1 kind: ServiceAccount metadata: diff --git a/charts/coredns/templates/servicemonitor.yaml b/charts/coredns/templates/servicemonitor.yaml index 53f8bdb5..18a6833b 100644 --- a/charts/coredns/templates/servicemonitor.yaml +++ b/charts/coredns/templates/servicemonitor.yaml @@ -1,4 +1,4 @@ -{{- if and .Values.deployment.enabled .Values.prometheus.monitor.enabled }} +{{- if .Values.prometheus.monitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: ServiceMonitor metadata: diff --git a/charts/coredns/values.yaml b/charts/coredns/values.yaml index 2c472c6c..7596879e 100644 --- a/charts/coredns/values.yaml +++ b/charts/coredns/values.yaml @@ -383,3 +383,32 @@ deployment: annotations: {} ## Pod selector selector: {} + +daemonset: + skipConfig: false + enabled: false + name: "" + ## Annotations for the coredns daemonset + annotations: {} + ## Pod selector + selector: {} + +cilium: + localRedirectPolicy: + # You need to enable localRedirectPolicy in Cilium to use this feature. + # Read more: https://docs.cilium.io/en/stable/network/kubernetes/local-redirect-policy/ + enabled: false + name: "" + frontend: + ip: "169.254.169.254" + toPorts: + - port: "53" + protocol: "UDP" + - port: "53" + protocol: "TCP" + backend: + toPorts: + - port: "53" + protocol: "UDP" + - port: "53" + protocol: "TCP"