apiVersion: apps/v1 kind: Deployment metadata: labels: k8s-addon: dns-controller.addons.k8s.io k8s-app: dns-controller version: v1.19.0-alpha.3 name: dns-controller namespace: kube-system spec: replicas: 1 selector: matchLabels: k8s-app: dns-controller strategy: type: Recreate template: metadata: annotations: scheduler.alpha.kubernetes.io/critical-pod: "" labels: k8s-addon: dns-controller.addons.k8s.io k8s-app: dns-controller version: v1.19.0-alpha.3 spec: containers: - command: - /dns-controller - --watch-ingress=false - --dns=aws-route53 - --zone=*/Z1AFAKE1ZON3YO - --zone=*/* - -v=2 env: - name: KUBERNETES_SERVICE_HOST value: 127.0.0.1 image: kope/dns-controller:1.19.0-alpha.3 name: dns-controller resources: requests: cpu: 50m memory: 50Mi securityContext: runAsNonRoot: true dnsPolicy: Default hostNetwork: true nodeSelector: node-role.kubernetes.io/master: "" priorityClassName: system-cluster-critical serviceAccount: dns-controller tolerations: - operator: Exists --- apiVersion: v1 kind: ServiceAccount metadata: labels: k8s-addon: dns-controller.addons.k8s.io name: dns-controller namespace: kube-system --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: labels: k8s-addon: dns-controller.addons.k8s.io name: kops:dns-controller rules: - apiGroups: - "" resources: - endpoints - services - pods - ingress - nodes verbs: - get - list - watch - apiGroups: - extensions resources: - ingresses verbs: - get - list - watch --- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRoleBinding metadata: labels: k8s-addon: dns-controller.addons.k8s.io name: kops:dns-controller roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole name: kops:dns-controller subjects: - apiGroup: rbac.authorization.k8s.io kind: User name: system:serviceaccount:kube-system:dns-controller