github
/
k3s
mirror of https://github.com/k3s-io/k3s
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
77,674 Commits
32 Branches
881 Tags
633 MiB
Commit Graph

281 Commits (0d77f62c02cbf2e88547cd3d114e948a1fdb3371)

Author SHA1 Message Date
Kubernetes Prow Robot 888b81b638
Merge pull request #76238 from Dieken/30s-ttl-for-coredns 
change default 5s ttl to 30s for coredns to be same with kube-dns/dnsmasq
 2019-04-23 06:20:09 -07:00
George Angel f40f767d94 update k8s.gcr.io/k8s-dns-node-cache image version 
v1.15.0 is affected by https://github.com/kubernetes/dns/issues/282
 2019-04-16 09:43:53 +01:00
Yubao Liu f7f51fab2a change default 5s ttl to 30s for coredns to be same with kube-dns/dnsmasq 2019-04-07 20:41:25 +08:00
Xiang Dai 36065c6dd7 delete all duplicate empty blanks 
Signed-off-by: Xiang Dai <764524258@qq.com>
 2019-02-23 10:28:04 +08:00
Kubernetes Prow Robot 042f9ed3af
Merge pull request #74093 from blakebarnett/lower-neg-cache-ttl 
Lowers the default nodelocaldns denial cache TTL
 2019-02-21 17:47:16 -08:00
Blake 46c299c1b1 Match default cache size of 10000 
https://github.com/coredns/coredns/blob/master/plugin/cache/cache.go#L236
This gets rounded down to the nearest multiple of 256: 9984
 2019-02-21 15:03:30 -08:00
Kubernetes Prow Robot 7b203c6809
Merge pull request #74137 from rajansandeep/readinessprobe 
Add readinessProbe to CoreDNS
 2019-02-19 16:24:04 -08:00
Sandeep Rajan 37c3d68a91 Add readinessProbe 2019-02-19 10:14:12 -05:00
Ben Moss 34ac4d9ee9 Update deprecated links 2019-02-15 09:13:07 -05:00
Blake e51c9025ac Lowers the default nodelocaldns denial cache TTL 
Similar to `--no-negcache` on dnsmasq, this prevents issues which poll DNS for orchestration such as operators with StatefulSets. It can also be very confusing for users when negative caching results in a change they just made seeming to be broken until the cache expires. This assumes that 5 seconds is reasonable and will still catch repeated AAAA negative responses. We could also set the denial cache size to zero which should effectively fully disable it like dnsmasq in kube-dns but testing shows this approach seems to work well in our (albeit small) test clusters.
 2019-02-13 13:23:53 -08:00
Kubernetes Prow Robot aa00afe231
Merge pull request #73649 from ojmhetar/coredns-priorityclass 
Add priority class to CoreDNS pods
 2019-02-11 22:55:45 -08:00
Roy Lenferink b43c04452f Updated OWNERS files to include link to docs 2019-02-04 22:33:12 +01:00
Ojas M bb9c865d47 Add priority class to CoreDNS pods 2019-02-01 12:56:48 -08:00
Sandeep Rajan aa11f6c298 Bump CoreDNS version to 1.3.1 2019-01-31 16:55:02 -05:00
Kubernetes Prow Robot c501d464af
Merge pull request #73267 from rajansandeep/proxytoforward 
Use forward plugin instead of proxy plugin in the default configuration of CoreDNS
 2019-01-29 11:32:28 -08:00
Kubernetes Prow Robot d54716338a
Merge pull request #73302 from rajansandeep/prometheusport 
Add metrics port to CoreDNS service
 2019-01-25 12:04:37 -08:00
Sandeep Rajan e9220dd408 add prometheus port 2019-01-25 11:29:03 +05:30
Kubernetes Prow Robot 7d91e1223d
Merge pull request #73293 from prameshj/nodelocal-update 
Modify nodelocaldns yaml to include updateStrategy and xtables.lock
 2019-01-24 20:07:57 -08:00
Pavithra Ramesh 9611b112eb Add xtables.lock file to mounts 
nodelocaldns needs to use the same iptables lock file to avoid
contention with other entities modifying iptables rules.
 2019-01-24 13:21:06 -08:00
Sandeep Rajan c346ae1e49 Use forward plugin instead of proxy in the default configuration 2019-01-24 17:28:55 +05:30
Kubernetes Prow Robot baaaa15fdf
Merge pull request #69940 from MarcPow/master 
Bind coredns containers to  linux nodes to avoid Windows scheduling
 2019-01-23 12:19:53 -08:00
Pavithra Ramesh 960705ac98 Add updateStrategy section for nodelocaldns 2019-01-18 16:40:01 -08:00
Jordan Liggitt cc680273e8 Change add-on manifests to apps/v1 2018-12-19 17:30:59 -05:00
prameshj 501eba8745
Update README.md 2018-12-11 17:20:57 -08:00
Pavithra Ramesh 567e79a3ac Fix labelname in nodelocaldns yaml 2018-12-05 23:06:03 -08:00
k8s-ci-robot ca696fef26
Merge pull request #69848 from mikedanese/projadmission 
migrate service account volume to a projected volume when BoundServiceAccountTokenVolumes are enabled
 2018-11-16 22:46:23 -08:00
Mike Danese 8bcb178da3 explicitly set run as user/group in addons that set this config in their dockerfile 2018-11-16 19:32:44 +00:00
k8s-ci-robot ab261f1571
Merge pull request #70965 from prameshj/nodecache-readme 
README for nodelocal dns cache
 2018-11-15 23:52:45 -08:00
k8s-ci-robot 29eb75b2c5
Merge pull request #70868 from justinsb/coredns_like_kubedns_respect_taints 
CoreDNS should not tolerate master taints
 2018-11-15 23:52:27 -08:00
k8s-ci-robot 7f74b3ac57
Merge pull request #70799 from rajansandeep/coredns126 
Update version of CoreDNS to 1.2.6
 2018-11-15 23:52:17 -08:00
Pavithra Ramesh d73466fe55 Add README for nodelocaldns 2018-11-14 15:45:14 -08:00
Pavithra Ramesh 6d7c5e90ed Removed .salt template , using .sed template 
Removed default config options from yaml.
Removed unused yaml files
 2018-11-13 18:33:34 -08:00
Pavithra Ramesh 73b548db06 Support running a nodelocal dns cache 
This change includes the yaml files and gce startup script changes
to run this addon. It is disabled by default, can be enabled by setting
KUBE_ENABLE_NODELOCAL_DNS=true
An ip address is required for the cache instance to listen for
requests on, default is a link local ip address of value 169.254.25.10

addressed review comments, updated image location
Picked a different prometheus port so stats port is not same as the
coredns deployment

Removed the nodelocaldns-ready label.
Set memory limit to 30Mi
 2018-11-12 14:54:20 -08:00
Justin SB 0d57176f40
CoreDNS should respect user taints 
Otherwise users will be surprised when CoreDNS starts running on their
masters, where kube-dns did not.

Issue #70851
 2018-11-09 09:25:35 -05:00
Sandeep Rajan 4161277b9b update version of CoreDNS to 1.2.6 2018-11-08 08:53:33 -05:00
Marc Power eb818f95d1 Bind coredns containers to linux nodes to avoid Windows scheduling 2018-10-26 11:47:17 -07:00
Chris O'Haver 0cfb4bbe2c make coredns kubeup default, update manifest 2018-10-18 14:52:38 -04:00
Zihong Zheng 576d6e5c92 Bump kube-dns to 1.14.13 
- Update Alpine base image to 3.8.1.
- Build multi-arch images correctly.
 2018-09-20 12:36:02 -07:00
Francois Tur 5c20fff19d
Revert "Add DNS pod resource monitoring option" 2018-09-19 14:54:29 -04:00
k8s-ci-robot ab02fd6f8a
Merge pull request #68683 from chrisohaver/trackdns 
Add DNS pod resource monitoring option
 2018-09-19 09:47:29 -07:00
Pavithra Ramesh 216dc8ada8 Update kube-dns container images. 
This fixes an issue where SRV records were incorrectly being compressed.
Also updated kubedns version for kubeadm
Upgrade to 1.14.12 with manifest support. Runs dnsmasq version 2.78
 2018-09-18 17:44:42 -07:00
Chris O'Haver 7ea51a551c do not merge: test coredns with mem bump 2018-09-18 12:06:44 -04:00
Sandeep Rajan 989f6667d2 prep for 1.12 2018-08-30 11:43:36 -04:00
Di Xu 25f9909cba add --dns-loop-detect option to dnsmasq run by kube-dns 2018-08-11 22:30:25 +08:00
Sandeep Rajan 8798640f21 add scrape port to service 2018-06-28 13:26:11 -04:00
Daniel Qian 0ebcef241f fix dead links in kube-dns/README.md 2018-06-13 13:23:58 +08:00
Kubernetes Submit Queue 2f011d01fa
Merge pull request #64473 from nberlee/master 
Automatic merge from submit-queue. If you want to cherry-pick this change to another branch, please follow the instructions <a href="https://github.com/kubernetes/community/blob/master/contributors/devel/cherry-picks.md">here</a>.

Drop capabilities of CoreDNS container and run in read-only

**What this PR does / why we need it**: Make the CoreDNS container more secure by dropping (root) capabilities. Improve the integrity of the of the container by running the whole container in read-only.

**Which issue(s) this PR fixes** *(optional, in `fixes #<issue number>(, fixes #<issue_number>, ...)` format, will close the issue(s) when PR gets merged)*:
Fixes #

**Special notes for your reviewer**:
Same [changes](aba0245609) as in the CoreDNS deployment repository.
**Release note**:

```release-note
Kubeadm: Make CoreDNS run in read-only mode and drop all unneeded privileges 
```
 2018-06-05 10:23:19 -07:00
Nico Berlee 7ee5729eba
Run CoreDNS container only with CAP_NET_BIND_SERVICE, drop all other (root) privileges. 
Run filesystem of container and config in read-only mode.
 2018-06-05 08:22:47 +02:00
Sandeep Rajan ab0a421e8d coredns to gcr.io repo 2018-06-04 16:44:42 -04:00
Sandeep Rajan 753632d85b create coredns and kube-dns folders 2018-05-29 11:52:57 -04:00