---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: coredns-nodecache-primary
  namespace: kube-system
  labels:
    k8s-app: coredns-nodecache
    kubernetes.io/cluster-service: "true"
spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
  selector:
    matchLabels:
      k8s-app: coredns-nodecache
  template:
    metadata:
      labels:
        k8s-app: coredns-nodecache
    spec:
      priorityClassName: system-node-critical
      serviceAccountName: coredns-nodecache
      hostNetwork: true
      dnsPolicy: Default
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          effect: NoSchedule
          operator: Exists
      containers:
        - name: coredns-nodecache
          image: contentful/coredns-nodecache:latest
          resources:
            limits:
              memory: 50Mi
            requests:
              cpu: 25m
              memory: 5Mi
          args:
            - -conf
            - /etc/coredns/Corefile
          securityContext:
            privileged: true
          ports:
            - containerPort: 53
              name: dns
              protocol: UDP
            - containerPort: 53
              name: dns-tcp
              protocol: TCP
            - containerPort: 9253
              name: metrics
              protocol: TCP
          livenessProbe:
            httpGet:
              host: 169.254.20.10
              path: /health
              port: 8080
            initialDelaySeconds: 60
            timeoutSeconds: 5
          volumeMounts:
            - mountPath: /run/xtables.lock
              name: xtables-lock
              readOnly: false
            - name: config-volume
              mountPath: /etc/coredns
      volumes:
        - name: xtables-lock
          hostPath:
            path: /run/xtables.lock
            type: FileOrCreate
        - name: config-volume
          configMap:
            name: coredns-nodecache-primary
            items:
              - key: Corefile
                path: Corefile
---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: coredns-nodecache-secondary
  namespace: kube-system
  labels:
    k8s-app: coredns-nodecache
    kubernetes.io/cluster-service: "true"
spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
  selector:
    matchLabels:
      k8s-app: coredns-nodecache
  template:
    metadata:
      labels:
        k8s-app: coredns-nodecache
    spec:
      priorityClassName: system-node-critical
      serviceAccountName: coredns-nodecache
      hostNetwork: true
      dnsPolicy: Default
      tolerations:
        - key: node-role.kubernetes.io/control-plane
          effect: NoSchedule
      containers:
        - name: coredns-nodecache
          image: contentful/coredns-nodecache:latest
          resources:
            limits:
              memory: 50Mi
            requests:
              cpu: 25m
              memory: 5Mi
          args:
            - -conf
            - /etc/coredns/Corefile
          securityContext:
            privileged: true
          ports:
            - containerPort: 9254
              name: metrics
              protocol: TCP
          livenessProbe:
            httpGet:
              host: 169.254.20.10
              path: /health
              port: 8082
            initialDelaySeconds: 60
            timeoutSeconds: 5
          volumeMounts:
            - mountPath: /run/xtables.lock
              name: xtables-lock
              readOnly: false
            - name: config-volume
              mountPath: /etc/coredns
      volumes:
        - name: xtables-lock
          hostPath:
            path: /run/xtables.lock
            type: FileOrCreate
        - name: config-volume
          configMap:
            name: coredns-nodecache-secondary
            items:
              - key: Corefile
                path: Corefile