coredns
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for coredns.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
image:
6
repository: cgr.dev/chainguard-private/coredns
7
# Overrides the image tag whose default is the chart appVersion.
8
tag: latest@sha256:1ce1295f4087b12ab2ef4bb6d6c34db54c6e194f028a31304170f3f49e3fc536
9
pullPolicy: IfNotPresent
10
## Optionally specify an array of imagePullSecrets.
11
## Secrets must be manually created in the namespace.
12
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
13
##
14
pullSecrets: []
15
# pullSecrets:
16
# - name: myRegistryKeySecretName
17
replicaCount: 1
18
resources:
19
limits:
20
cpu: 100m
21
memory: 128Mi
22
requests:
23
cpu: 100m
24
memory: 128Mi
25
rollingUpdate:
26
maxUnavailable: 1
27
maxSurge: 25%
28
terminationGracePeriodSeconds: 30
29
podAnnotations: {}
30
# cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
31
32
podLabels: {}
33
serviceType: "ClusterIP"
34
prometheus:
35
service:
36
enabled: false
37
annotations:
38
prometheus.io/scrape: "true"
39
prometheus.io/port: "9153"
40
selector: {}
41
monitor:
42
enabled: false
43
additionalLabels: {}
44
namespace: ""
45
interval: ""
46
selector: {}
47
service:
48
# clusterIP: ""
49
# clusterIPs: []
50
# loadBalancerIP: ""
51
# loadBalancerClass: ""
52
# externalIPs: []
53
# externalTrafficPolicy: ""
54
# ipFamilyPolicy: ""
55
# trafficDistribution: PreferClose
56
# The name of the Service
57
# If not set, a name is generated using the fullname template
58
name: "kube-dns"
59
annotations: {}
60
# Pod selector
61
selector: {}
62
serviceAccount:
63
create: false
64
# The name of the ServiceAccount to use
65
# If not set and create is true, a name is generated using the fullname template
66
name: ""
67
annotations: {}
68
rbac:
69
# If true, create & use RBAC resources
70
create: true
71
clusterRole:
72
# By default a name is generated using the fullname template.
73
# Override here if desired:
74
nameOverride: ""
75
# isClusterService specifies whether chart should be deployed as cluster-service or normal k8s app.
76
isClusterService: true
77
# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
78
priorityClassName: ""
79
# Configure the pod level securityContext.
80
podSecurityContext: {}
81
# Configure SecurityContext for Pod.
82
# Ensure that required linux capability to bind port number below 1024 is assigned (`CAP_NET_BIND_SERVICE`).
83
securityContext:
84
allowPrivilegeEscalation: false
85
capabilities:
86
add:
87
- NET_BIND_SERVICE
88
drop:
89
- ALL
90
readOnlyRootFilesystem: true
91
# Default zone is what Kubernetes recommends:
92
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
93
servers:
94
- zones:
95
- zone: .
96
use_tcp: true
97
port: 53
98
# -- expose the service on a different port
99
# servicePort: 5353
100
# If serviceType is nodePort you can specify nodePort here
101
# nodePort: 30053
102
# hostPort: 53
103
plugins:
104
- name: errors
105
# Serves a /health endpoint on :8080, required for livenessProbe
106
- name: health
107
configBlock: |-
108
lameduck 10s
109
# Serves a /ready endpoint on :8181, required for readinessProbe
110
- name: ready
111
# Required to query kubernetes API for data
112
- name: kubernetes
113
parameters: cluster.local in-addr.arpa ip6.arpa
114
configBlock: |-
115
pods insecure
116
fallthrough in-addr.arpa ip6.arpa
117
ttl 30
118
# Serves a /metrics endpoint on :9153, required for serviceMonitor
119
- name: prometheus
120
parameters: 0.0.0.0:9153
121
- name: forward
122
parameters: . /etc/resolv.conf
123
- name: cache
124
parameters: 30
125
- name: loop
126
- name: reload
127
- name: loadbalance
128
# Complete example with all the options:
129
# - zones: # the `zones` block can be left out entirely, defaults to "."
130
# - zone: hello.world. # optional, defaults to "."
131
# scheme: tls:// # optional, defaults to "" (which equals "dns://" in CoreDNS)
132
# - zone: foo.bar.
133
# scheme: dns://
134
# use_tcp: true # set this parameter to optionally expose the port on tcp as well as udp for the DNS protocol
135
# # Note that this will not work if you are also exposing tls or grpc on the same server
136
# port: 12345 # optional, defaults to "" (which equals 53 in CoreDNS)
137
# plugins: # the plugins to use for this server block
138
# - name: kubernetes # name of plugin, if used multiple times ensure that the plugin supports it!
139
# parameters: foo bar # list of parameters after the plugin
140
# configBlock: |- # if the plugin supports extra block style config, supply it here
141
# hello world
142
# foo bar
143
144
# Extra configuration that is applied outside of the default zone block.
145
# Example to include additional config files, which may come from extraVolumes:
146
# extraConfig:
147
# import:
148
# parameters: /opt/coredns/*.conf
149
extraConfig: {}
150
# To use the livenessProbe, the health plugin needs to be enabled in CoreDNS' server config
151
livenessProbe:
152
enabled: true
153
initialDelaySeconds: 60
154
periodSeconds: 10
155
timeoutSeconds: 5
156
failureThreshold: 5
157
successThreshold: 1
158
# To use the readinessProbe, the ready plugin needs to be enabled in CoreDNS' server config
159
readinessProbe:
160
enabled: true
161
initialDelaySeconds: 30
162
periodSeconds: 5
163
timeoutSeconds: 5
164
failureThreshold: 1
165
successThreshold: 1
166
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
167
# for example:
168
# affinity:
169
# nodeAffinity:
170
# requiredDuringSchedulingIgnoredDuringExecution:
171
# nodeSelectorTerms:
172
# - matchExpressions:
173
# - key: foo.bar.com/role
174
# operator: In
175
# values:
176
# - master
177
affinity: {}
178
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core
179
# and supports Helm templating.
180
# For example:
181
# topologySpreadConstraints:
182
# - labelSelector:
183
# matchLabels:
184
# app.kubernetes.io/name: '{{ template "coredns.name" . }}'
185
# app.kubernetes.io/instance: '{{ .Release.Name }}'
186
# topologyKey: topology.kubernetes.io/zone
187
# maxSkew: 1
188
# whenUnsatisfiable: ScheduleAnyway
189
# - labelSelector:
190
# matchLabels:
191
# app.kubernetes.io/name: '{{ template "coredns.name" . }}'
192
# app.kubernetes.io/instance: '{{ .Release.Name }}'
193
# topologyKey: kubernetes.io/hostname
194
# maxSkew: 1
195
# whenUnsatisfiable: ScheduleAnyway
196
topologySpreadConstraints: []
197
# Node labels for pod assignment
198
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
199
nodeSelector: {}
200
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
201
# for example:
202
# tolerations:
203
# - key: foo.bar.com/role
204
# operator: Equal
205
# value: master
206
# effect: NoSchedule
207
tolerations: []
208
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
209
podDisruptionBudget: {}
210
# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
211
zoneFiles: []
212
# - filename: example.db
213
# domain: example.com
214
# contents: |
215
# example.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
216
# example.com. IN NS b.iana-servers.net.
217
# example.com. IN NS a.iana-servers.net.
218
# example.com. IN A 192.168.99.102
219
# *.example.com. IN A 192.168.99.102
220
221
# optional array of sidecar containers
222
extraContainers: []
223
# - name: some-container-name
224
# image: some-image:latest
225
# imagePullPolicy: Always
226
# optional array of extra volumes to create
227
extraVolumes: []
228
# - name: some-volume-name
229
# emptyDir: {}
230
# optional array of mount points for extraVolumes
231
extraVolumeMounts: []
232
# - name: some-volume-name
233
# mountPath: /etc/wherever
234
235
# optional array of secrets to mount inside coredns container
236
# possible usecase: need for secure connection with etcd backend
237
extraSecrets: []
238
# - name: etcd-client-certs
239
# mountPath: /etc/coredns/tls/etcd
240
# defaultMode: 420
241
# - name: some-fancy-secret
242
# mountPath: /etc/wherever
243
# defaultMode: 440
244
245
# optional array of environment variables for coredns container
246
# possible usecase: provides username and password for etcd user authentications
247
env: []
248
# - name: WHATEVER_ENV
249
# value: whatever
250
# - name: SOME_SECRET_ENV
251
# valueFrom:
252
# secretKeyRef:
253
# name: some-secret-name
254
# key: secret-key
255
256
# To support legacy deployments using CoreDNS with the "k8s-app: kube-dns" label selectors.
257
# See https://github.com/coredns/helm/blob/master/charts/coredns/README.md#adopting-existing-coredns-resources
258
# k8sAppLabelOverride: "kube-dns"
259
260
# Custom labels to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
261
customLabels: {}
262
# Custom annotations to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
263
customAnnotations: {}
264
## Alternative configuration for HPA deployment if wanted
265
## Create HorizontalPodAutoscaler object.
266
##
267
# hpa:
268
# enabled: false
269
# minReplicas: 1
270
# maxReplicas: 10
271
# metrics:
272
# metrics:
273
# - type: Resource
274
# resource:
275
# name: memory
276
# target:
277
# type: Utilization
278
# averageUtilization: 60
279
# - type: Resource
280
# resource:
281
# name: cpu
282
# target:
283
# type: Utilization
284
# averageUtilization: 60
285
hpa:
286
enabled: false
287
minReplicas: 1
288
maxReplicas: 2
289
metrics: []
290
## Configue a cluster-proportional-autoscaler for coredns
291
# See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
292
autoscaler:
293
# Enabled the cluster-proportional-autoscaler
294
enabled: false
295
# Number of cores in the cluster per coredns replica
296
coresPerReplica: 256
297
# Number of nodes in the cluster per coredns replica
298
nodesPerReplica: 16
299
# Min size of replicaCount
300
min: 0
301
# Max size of replicaCount (default of 0 is no max)
302
max: 0
303
# Whether to include unschedulable nodes in the nodes/cores calculations - this requires version 1.8.0+ of the autoscaler
304
includeUnschedulableNodes: false
305
# If true does not allow single points of failure to form
306
preventSinglePointFailure: true
307
# Annotations for the coredns proportional autoscaler pods
308
podAnnotations: {}
309
## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler.
310
## Useful for e.g. the nodelabels flag.
311
# customFlags:
312
# - --nodelabels=topology.kubernetes.io/zone=us-east-1a
313
image:
314
repository: cgr.dev/chainguard-private/cluster-proportional-autoscaler
315
tag: latest@sha256:99537f12dd2e7c8254bba5e3ed7d951a25d5f34f982ddd46bdf594b6858a075d
316
pullPolicy: IfNotPresent
317
## Optionally specify an array of imagePullSecrets.
318
## Secrets must be manually created in the namespace.
319
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
320
##
321
pullSecrets: []
322
# pullSecrets:
323
# - name: myRegistryKeySecretName
324
# Optional priority class to be used for the autoscaler pods. priorityClassName used if not set.
325
priorityClassName: ""
326
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
327
affinity: {}
328
# Node labels for pod assignment
329
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
330
nodeSelector: {}
331
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
332
tolerations: []
333
# resources for autoscaler pod
334
resources:
335
requests:
336
cpu: "20m"
337
memory: "10Mi"
338
limits:
339
cpu: "20m"
340
memory: "10Mi"
341
# Options for autoscaler configmap
342
configmap:
343
## Annotations for the coredns-autoscaler configmap
344
# i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
345
annotations: {}
346
# Enables the livenessProbe for cluster-proportional-autoscaler - this requires version 1.8.0+ of the autoscaler
347
livenessProbe:
348
enabled: true
349
initialDelaySeconds: 10
350
periodSeconds: 5
351
timeoutSeconds: 5
352
failureThreshold: 3
353
successThreshold: 1
354
# optional array of sidecar containers
355
extraContainers: []
356
# - name: some-container-name
357
# image: some-image:latest
358
# imagePullPolicy: Always
359
deployment:
360
skipConfig: false
361
enabled: true
362
name: ""
363
## Annotations for the coredns deployment
364
annotations: {}
365
## Pod selector
366
selector: {}
367
# dnsPolicy determines how DNS resolution is handled for the pod.
368
# When isClusterService is true, this defaults to "Default" to avoid circular DNS resolution.
369
# Options: Default, ClusterFirst, ClusterFirstWithHostNet, None
370
# If set to "None", you must provide dnsConfig.
371
dnsPolicy: "Default"
372
# dnsConfig allows fine-grained DNS configuration for the pod.
373
# Only used when dnsPolicy is set to "None" or when custom DNS settings are needed.
374
# Example:
375
# dnsConfig:
376
# nameservers:
377
# - 8.8.8.8
378
# searches:
379
# - my.dns.search.suffix
380
# options:
381
# - name: ndots
382
# value: "2"
383
dnsConfig: {}
384
# Configures initcontainers for the coredns deployment.
385
initContainers: []
386
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.