kubespray/roles/dnsmasq/templates/dnsmasq-deploy.yml.j2

---
apiVersion: extensions/v1beta1
kind: Deployment
metadata:
  name: dnsmasq
  namespace: "kube-system"
  labels:
    k8s-app: dnsmasq
    kubernetes.io/cluster-service: "true"
spec:
  replicas: {{ dnsmasq_min_replicas }}
  selector:
    matchLabels:
      k8s-app: dnsmasq
  strategy:
    type: "Recreate"
  template:
    metadata:
      labels:
        k8s-app: dnsmasq
        kubernetes.io/cluster-service: "true"
        kubespray/dnsmasq-checksum: "{{ dnsmasq_stat.stat.checksum }}"
    spec:
      tolerations:
        - effect: NoSchedule
          operator: Exists
      containers:
        - name: dnsmasq
          image: "{{ dnsmasq_image_repo }}:{{ dnsmasq_image_tag }}"
          imagePullPolicy: {{ k8s_image_pull_policy }}
          command:
            - dnsmasq
          args:
            - -k
            - -C
            - /etc/dnsmasq.d/01-kube-dns.conf
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
          resources:
            limits:
              cpu: {{ dns_cpu_limit }}
              memory: {{ dns_memory_limit }}
            requests:
              cpu: {{ dns_cpu_requests }}
              memory: {{ dns_memory_requests }}
          ports:
            - name: dns
              containerPort: 53
              protocol: UDP
            - name: dns-tcp
              containerPort: 53
              protocol: TCP
          volumeMounts:
            - name: etcdnsmasqd
              mountPath: /etc/dnsmasq.d
            - name: etcdnsmasqdavailable
              mountPath: /etc/dnsmasq.d-available
      volumes:
        - name: etcdnsmasqd
          hostPath:
            path: /etc/dnsmasq.d
        - name: etcdnsmasqdavailable
          hostPath:
            path: /etc/dnsmasq.d-available
      dnsPolicy: Default  # Don't use cluster DNS.