mirror of https://git.rancher.io/rke2-charts
171 lines
4.7 KiB
Diff
171 lines
4.7 KiB
Diff
--- charts-original/values.yaml
|
|
+++ charts/values.yaml
|
|
@@ -3,8 +3,8 @@
|
|
# Declare variables to be passed into your templates.
|
|
|
|
image:
|
|
- repository: coredns/coredns
|
|
- tag: "1.9.3"
|
|
+ repository: rancher/hardened-coredns
|
|
+ tag: "v1.9.3-build20220613"
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
@@ -76,10 +76,10 @@
|
|
annotations: {}
|
|
|
|
serviceAccount:
|
|
- create: false
|
|
+ create: true
|
|
# The name of the ServiceAccount to use
|
|
# If not set and create is true, a name is generated using the fullname template
|
|
- name: ""
|
|
+ name: "coredns"
|
|
annotations: {}
|
|
|
|
rbac:
|
|
@@ -95,7 +95,7 @@
|
|
isClusterService: true
|
|
|
|
# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
|
|
-priorityClassName: ""
|
|
+priorityClassName: "system-cluster-critical"
|
|
|
|
# Default zone is what Kubernetes recommends:
|
|
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
|
|
@@ -172,21 +172,21 @@
|
|
successThreshold: 1
|
|
|
|
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
|
|
-# for example:
|
|
-# affinity:
|
|
-# nodeAffinity:
|
|
-# requiredDuringSchedulingIgnoredDuringExecution:
|
|
-# nodeSelectorTerms:
|
|
-# - matchExpressions:
|
|
-# - key: foo.bar.com/role
|
|
-# operator: In
|
|
-# values:
|
|
-# - master
|
|
-affinity: {}
|
|
+affinity:
|
|
+ podAntiAffinity:
|
|
+ requiredDuringSchedulingIgnoredDuringExecution:
|
|
+ - topologyKey: "kubernetes.io/hostname"
|
|
+ labelSelector:
|
|
+ matchExpressions:
|
|
+ - key: k8s-app
|
|
+ operator: In
|
|
+ values:
|
|
+ - kube-dns
|
|
|
|
# Node labels for pod assignment
|
|
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
-nodeSelector: {}
|
|
+nodeSelector:
|
|
+ kubernetes.io/os: linux
|
|
|
|
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
|
|
# for example:
|
|
@@ -195,7 +195,13 @@
|
|
# operator: Equal
|
|
# value: master
|
|
# effect: NoSchedule
|
|
-tolerations: []
|
|
+tolerations:
|
|
+- key: "node-role.kubernetes.io/control-plane"
|
|
+ operator: "Exists"
|
|
+ effect: "NoSchedule"
|
|
+- key: "node-role.kubernetes.io/etcd"
|
|
+ operator: "Exists"
|
|
+ effect: "NoExecute"
|
|
|
|
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
|
|
podDisruptionBudget: {}
|
|
@@ -246,7 +252,7 @@
|
|
# See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
|
|
autoscaler:
|
|
# Enabled the cluster-proportional-autoscaler
|
|
- enabled: false
|
|
+ enabled: true
|
|
|
|
# Number of cores in the cluster per coredns replica
|
|
coresPerReplica: 256
|
|
@@ -267,8 +273,8 @@
|
|
# - --nodelabels=topology.kubernetes.io/zone=us-east-1a
|
|
|
|
image:
|
|
- repository: k8s.gcr.io/cpa/cluster-proportional-autoscaler
|
|
- tag: "1.8.5"
|
|
+ repository: rancher/hardened-cluster-autoscaler
|
|
+ tag: "v1.8.5-build20211119"
|
|
pullPolicy: IfNotPresent
|
|
## Optionally specify an array of imagePullSecrets.
|
|
## Secrets must be manually created in the namespace.
|
|
@@ -285,19 +291,26 @@
|
|
|
|
# Node labels for pod assignment
|
|
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
|
|
- nodeSelector: {}
|
|
+ nodeSelector:
|
|
+ kubernetes.io/os: linux
|
|
|
|
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
|
|
- tolerations: []
|
|
+ tolerations:
|
|
+ - key: "node-role.kubernetes.io/control-plane"
|
|
+ operator: "Exists"
|
|
+ effect: "NoSchedule"
|
|
+ - key: "node-role.kubernetes.io/etcd"
|
|
+ operator: "Exists"
|
|
+ effect: "NoExecute"
|
|
|
|
# resources for autoscaler pod
|
|
resources:
|
|
requests:
|
|
- cpu: "20m"
|
|
- memory: "10Mi"
|
|
+ cpu: "25m"
|
|
+ memory: "16Mi"
|
|
limits:
|
|
- cpu: "20m"
|
|
- memory: "10Mi"
|
|
+ cpu: "100m"
|
|
+ memory: "64Mi"
|
|
|
|
# Options for autoscaler configmap
|
|
configmap:
|
|
@@ -309,8 +322,8 @@
|
|
livenessProbe:
|
|
enabled: true
|
|
initialDelaySeconds: 10
|
|
- periodSeconds: 5
|
|
- timeoutSeconds: 5
|
|
+ periodSeconds: 30
|
|
+ timeoutSeconds: 10
|
|
failureThreshold: 3
|
|
successThreshold: 1
|
|
|
|
@@ -319,3 +332,21 @@
|
|
name: ""
|
|
## Annotations for the coredns deployment
|
|
annotations: {}
|
|
+
|
|
+k8sApp : "kube-dns"
|
|
+
|
|
+nodelocal:
|
|
+ enabled: false
|
|
+ ip_address: "169.254.20.10"
|
|
+ ipvs: false
|
|
+ image:
|
|
+ repository: rancher/hardened-dns-node-cache
|
|
+ tag: "1.21.2-build20211119"
|
|
+ initimage:
|
|
+ repository: rancher/hardened-dns-node-cache
|
|
+ tag: "1.21.2-build20211119"
|
|
+ nodeSelector:
|
|
+ kubernetes.io/os: linux
|
|
+
|
|
+global:
|
|
+ systemDefaultRegistry: ""
|