--- charts-original/values.yaml +++ charts/values.yaml @@ -3,8 +3,8 @@ # Declare variables to be passed into your templates. image: - repository: coredns/coredns - tag: "1.9.3" + repository: rancher/hardened-coredns + tag: "v1.9.3-build20220613" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -76,10 +76,10 @@ annotations: {} serviceAccount: - create: false + create: true # The name of the ServiceAccount to use # If not set and create is true, a name is generated using the fullname template - name: "" + name: "coredns" annotations: {} rbac: @@ -95,7 +95,7 @@ isClusterService: true # Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set. -priorityClassName: "" +priorityClassName: "system-cluster-critical" # Default zone is what Kubernetes recommends: # https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options @@ -172,21 +172,21 @@ successThreshold: 1 # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core -# for example: -# affinity: -# nodeAffinity: -# requiredDuringSchedulingIgnoredDuringExecution: -# nodeSelectorTerms: -# - matchExpressions: -# - key: foo.bar.com/role -# operator: In -# values: -# - master -affinity: {} +affinity: + podAntiAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + - topologyKey: "kubernetes.io/hostname" + labelSelector: + matchExpressions: + - key: k8s-app + operator: In + values: + - kube-dns # Node labels for pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ -nodeSelector: {} +nodeSelector: + kubernetes.io/os: linux # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core # for example: @@ -195,7 +195,13 @@ # operator: Equal # value: master # effect: NoSchedule -tolerations: [] +tolerations: +- key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" +- key: "node-role.kubernetes.io/etcd" + operator: "Exists" + effect: "NoExecute" # https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget podDisruptionBudget: {} @@ -246,7 +252,7 @@ # See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler autoscaler: # Enabled the cluster-proportional-autoscaler - enabled: false + enabled: true # Number of cores in the cluster per coredns replica coresPerReplica: 256 @@ -267,8 +273,8 @@ # - --nodelabels=topology.kubernetes.io/zone=us-east-1a image: - repository: k8s.gcr.io/cpa/cluster-proportional-autoscaler - tag: "1.8.5" + repository: rancher/hardened-cluster-autoscaler + tag: "v1.8.5-build20211119" pullPolicy: IfNotPresent ## Optionally specify an array of imagePullSecrets. ## Secrets must be manually created in the namespace. @@ -285,19 +291,26 @@ # Node labels for pod assignment # Ref: https://kubernetes.io/docs/user-guide/node-selection/ - nodeSelector: {} + nodeSelector: + kubernetes.io/os: linux # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core - tolerations: [] + tolerations: + - key: "node-role.kubernetes.io/control-plane" + operator: "Exists" + effect: "NoSchedule" + - key: "node-role.kubernetes.io/etcd" + operator: "Exists" + effect: "NoExecute" # resources for autoscaler pod resources: requests: - cpu: "20m" - memory: "10Mi" + cpu: "25m" + memory: "16Mi" limits: - cpu: "20m" - memory: "10Mi" + cpu: "100m" + memory: "64Mi" # Options for autoscaler configmap configmap: @@ -309,8 +322,8 @@ livenessProbe: enabled: true initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 5 + periodSeconds: 30 + timeoutSeconds: 10 failureThreshold: 3 successThreshold: 1 @@ -319,3 +332,21 @@ name: "" ## Annotations for the coredns deployment annotations: {} + +k8sApp : "kube-dns" + +nodelocal: + enabled: false + ip_address: "169.254.20.10" + ipvs: false + image: + repository: rancher/hardened-dns-node-cache + tag: "1.21.2-build20211119" + initimage: + repository: rancher/hardened-dns-node-cache + tag: "1.21.2-build20211119" + nodeSelector: + kubernetes.io/os: linux + +global: + systemDefaultRegistry: ""