rke2-charts/packages/rke2-coredns/generated-changes/patch/values.yaml.patch

--- charts-original/values.yaml
+++ charts/values.yaml
@@ -3,9 +3,9 @@
 # Declare variables to be passed into your templates.
 
 image:
-  repository: coredns/coredns
+  repository: rancher/hardened-coredns
   # Overrides the image tag whose default is the chart appVersion.
-  tag: ""
+  tag: "v1.12.0-build20241126"
   pullPolicy: IfNotPresent
   ## Optionally specify an array of imagePullSecrets.
   ## Secrets must be manually created in the namespace.
@@ -52,12 +52,11 @@
 
 service:
 # clusterIP: ""
-# clusterIPs: []
 # loadBalancerIP: ""
 # loadBalancerClass: ""
 # externalIPs: []
 # externalTrafficPolicy: ""
-# ipFamilyPolicy: ""
+  ipFamilyPolicy: ""
 # trafficDistribution: PreferClose
   # The name of the Service
   # If not set, a name is generated using the fullname template
@@ -67,10 +66,10 @@
   selector: {}
 
 serviceAccount:
-  create: false
+  create: true
   # The name of the ServiceAccount to use
   # If not set and create is true, a name is generated using the fullname template
-  name: ""
+  name: "coredns"
   annotations: {}
 
 rbac:
@@ -91,7 +90,7 @@
 isClusterService: true
 
 # Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
-priorityClassName: ""
+priorityClassName: "system-cluster-critical"
 
 # Configure the pod level securityContext.
 podSecurityContext: {}
@@ -191,7 +190,16 @@
 #            operator: In
 #            values:
 #            - master
-affinity: {}
+affinity:
+  podAntiAffinity:
+    requiredDuringSchedulingIgnoredDuringExecution:
+    - topologyKey: "kubernetes.io/hostname"
+      labelSelector:
+        matchExpressions:
+        - key: k8s-app
+          operator: In
+          values:
+          - kube-dns
 
 # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core
 # and supports Helm templating.
@@ -215,7 +223,8 @@
 
 # Node labels for pod assignment
 # Ref: https://kubernetes.io/docs/user-guide/node-selection/
-nodeSelector: {}
+nodeSelector:
+  kubernetes.io/os: linux
 
 # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
 # for example:
@@ -224,7 +233,13 @@
 #     operator: Equal
 #     value: master
 #     effect: NoSchedule
-tolerations: []
+tolerations:
+- key: "node-role.kubernetes.io/control-plane"
+  operator: "Exists"
+  effect: "NoSchedule"
+- key: "node-role.kubernetes.io/etcd"
+  operator: "Exists"
+  effect: "NoExecute"
 
 # https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
 podDisruptionBudget: {}
@@ -317,7 +332,7 @@
 # See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
 autoscaler:
   # Enabled the cluster-proportional-autoscaler
-  enabled: false
+  enabled: true
 
   # Number of cores in the cluster per coredns replica
   coresPerReplica: 256
@@ -341,8 +356,8 @@
   #   - --nodelabels=topology.kubernetes.io/zone=us-east-1a
 
   image:
-    repository: registry.k8s.io/cpa/cluster-proportional-autoscaler
-    tag: "1.8.5"
+    repository: rancher/hardened-cluster-autoscaler
+    tag: "v1.9.0-build20241126"
     pullPolicy: IfNotPresent
     ## Optionally specify an array of imagePullSecrets.
     ## Secrets must be manually created in the namespace.
@@ -360,19 +375,26 @@
 
   # Node labels for pod assignment
   # Ref: https://kubernetes.io/docs/user-guide/node-selection/
-  nodeSelector: {}
+  nodeSelector:
+    kubernetes.io/os: linux
 
   # expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
-  tolerations: []
+  tolerations:
+  - key: "node-role.kubernetes.io/control-plane"
+    operator: "Exists"
+    effect: "NoSchedule"
+  - key: "node-role.kubernetes.io/etcd"
+    operator: "Exists"
+    effect: "NoExecute"
 
   # resources for autoscaler pod
   resources:
     requests:
-      cpu: "20m"
-      memory: "10Mi"
+      cpu: "25m"
+      memory: "16Mi"
     limits:
-      cpu: "20m"
-      memory: "10Mi"
+      cpu: "100m"
+      memory: "64Mi"
 
   # Options for autoscaler configmap
   configmap:
@@ -384,8 +406,8 @@
   livenessProbe:
     enabled: true
     initialDelaySeconds: 10
-    periodSeconds: 5
-    timeoutSeconds: 5
+    periodSeconds: 30
+    timeoutSeconds: 10
     failureThreshold: 3
     successThreshold: 1
 
@@ -403,3 +425,25 @@
   annotations: {}
   ## Pod selector
   selector: {}
+
+k8sApp: "kube-dns"
+
+nodelocal:
+  enabled: false
+  ip_address: "169.254.20.10"
+  ipvs: false
+  # set to true, if you wish to use nodelocal with cilium in kube-proxy replacement mode.
+  # This sets up a Cilium Local Redirect Policy (LRP) to steer DNS traffic to the nodelocal dns cache.
+  # See https://docs.cilium.io/en/v1.15/network/kubernetes/local-redirect-policy/#node-local-dns-cache for reference
+  use_cilium_lrp: false
+  image:
+    repository: rancher/hardened-dns-node-cache
+    tag: "1.23.1-build20241008"
+  initimage:
+    repository: rancher/hardened-dns-node-cache
+    tag: "1.23.1-build20241008"
+  nodeSelector:
+    kubernetes.io/os: linux
+
+global:
+  systemDefaultRegistry: ""