DirectorySecurity AdvisoriesPricing
Sign in
Directory
coredns logoHELM

coredns

Helm chart
Last changed
Request a free trial

Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.

Overview
Chart versions
Default values
Chart metadata
Images

Tag:
1
# Default values for coredns.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
image:
6
repository: cgr.dev/chainguard-private/coredns-fips
7
# Overrides the image tag whose default is the chart appVersion.
8
tag: latest@sha256:84f3c195197c71d5c5fe5320ff502dd27fa6f27200244112002de5e90f967322
9
pullPolicy: IfNotPresent
10
## Optionally specify an array of imagePullSecrets.
11
## Secrets must be manually created in the namespace.
12
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
13
##
14
pullSecrets: []
15
# pullSecrets:
16
# - name: myRegistryKeySecretName
17
replicaCount: 1
18
resources:
19
limits:
20
cpu: 100m
21
memory: 128Mi
22
requests:
23
cpu: 100m
24
memory: 128Mi
25
rollingUpdate:
26
maxUnavailable: 1
27
maxSurge: 25%
28
terminationGracePeriodSeconds: 30
29
podAnnotations: {}
30
# cluster-autoscaler.kubernetes.io/safe-to-evict: "false"
31
32
podLabels: {}
33
serviceType: "ClusterIP"
34
prometheus:
35
service:
36
enabled: false
37
annotations:
38
prometheus.io/scrape: "true"
39
prometheus.io/port: "9153"
40
selector: {}
41
monitor:
42
enabled: false
43
additionalLabels: {}
44
namespace: ""
45
interval: ""
46
scrapeTimeout: ""
47
scheme: ""
48
honorLabels: false
49
tlsConfig: {}
50
relabelings: []
51
metricRelabelings: []
52
selector: {}
53
service:
54
# clusterIP: ""
55
# clusterIPs: []
56
# loadBalancerIP: ""
57
# loadBalancerClass: ""
58
# externalIPs: []
59
# externalTrafficPolicy: ""
60
# ipFamilyPolicy: ""
61
# trafficDistribution: PreferClose
62
# The name of the Service
63
# If not set, a name is generated using the fullname template
64
name: "kube-dns"
65
annotations: {}
66
# Pod selector
67
selector: {}
68
serviceAccount:
69
create: false
70
# The name of the ServiceAccount to use
71
# If not set and create is true, a name is generated using the fullname template
72
name: ""
73
annotations: {}
74
rbac:
75
# If true, create & use RBAC resources
76
create: true
77
clusterRole:
78
# By default a name is generated using the fullname template.
79
# Override here if desired:
80
nameOverride: ""
81
# isClusterService specifies whether chart should be deployed as cluster-service or normal k8s app.
82
isClusterService: true
83
# Optional priority class to be used for the coredns pods. Used for autoscaler if autoscaler.priorityClassName not set.
84
priorityClassName: ""
85
# Configure the pod level securityContext.
86
podSecurityContext: {}
87
# Configure SecurityContext for Pod.
88
# Ensure that required linux capability to bind port number below 1024 is assigned (`CAP_NET_BIND_SERVICE`).
89
securityContext:
90
allowPrivilegeEscalation: false
91
capabilities:
92
add:
93
- NET_BIND_SERVICE
94
drop:
95
- ALL
96
readOnlyRootFilesystem: true
97
# Default zone is what Kubernetes recommends:
98
# https://kubernetes.io/docs/tasks/administer-cluster/dns-custom-nameservers/#coredns-configmap-options
99
servers:
100
- zones:
101
- zone: .
102
use_tcp: true
103
port: 53
104
# -- expose the service on a different port
105
# servicePort: 5353
106
# If serviceType is nodePort you can specify nodePort here
107
# nodePort: 30053
108
# hostPort: 53
109
plugins:
110
- name: errors
111
# Serves a /health endpoint on :8080, required for livenessProbe
112
- name: health
113
configBlock: |-
114
lameduck 10s
115
# Serves a /ready endpoint on :8181, required for readinessProbe
116
- name: ready
117
# Required to query kubernetes API for data
118
- name: kubernetes
119
parameters: cluster.local in-addr.arpa ip6.arpa
120
configBlock: |-
121
pods insecure
122
fallthrough in-addr.arpa ip6.arpa
123
ttl 30
124
# Serves a /metrics endpoint on :9153, required for serviceMonitor
125
- name: prometheus
126
parameters: 0.0.0.0:9153
127
- name: forward
128
parameters: . /etc/resolv.conf
129
- name: cache
130
parameters: 30
131
- name: loop
132
- name: reload
133
- name: loadbalance
134
# Complete example with all the options:
135
# - zones: # the `zones` block can be left out entirely, defaults to "."
136
# - zone: hello.world. # optional, defaults to "."
137
# scheme: tls:// # optional, defaults to "" (which equals "dns://" in CoreDNS)
138
# - zone: foo.bar.
139
# scheme: dns://
140
# use_tcp: true # set this parameter to optionally expose the port on tcp as well as udp for the DNS protocol
141
# # Note that this will not work if you are also exposing tls or grpc on the same server
142
# port: 12345 # optional, defaults to "" (which equals 53 in CoreDNS)
143
# plugins: # the plugins to use for this server block
144
# - name: kubernetes # name of plugin, if used multiple times ensure that the plugin supports it!
145
# parameters: foo bar # list of parameters after the plugin
146
# configBlock: |- # if the plugin supports extra block style config, supply it here
147
# hello world
148
# foo bar
149
150
# Extra configuration that is applied outside of the default zone block.
151
# Example to include additional config files, which may come from extraVolumes:
152
# extraConfig:
153
# import:
154
# parameters: /opt/coredns/*.conf
155
extraConfig: {}
156
# To use the livenessProbe, the health plugin needs to be enabled in CoreDNS' server config
157
livenessProbe:
158
enabled: true
159
initialDelaySeconds: 60
160
periodSeconds: 10
161
timeoutSeconds: 5
162
failureThreshold: 5
163
successThreshold: 1
164
# To use the readinessProbe, the ready plugin needs to be enabled in CoreDNS' server config
165
readinessProbe:
166
enabled: true
167
initialDelaySeconds: 30
168
periodSeconds: 5
169
timeoutSeconds: 5
170
failureThreshold: 1
171
successThreshold: 1
172
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
173
# for example:
174
# affinity:
175
# nodeAffinity:
176
# requiredDuringSchedulingIgnoredDuringExecution:
177
# nodeSelectorTerms:
178
# - matchExpressions:
179
# - key: foo.bar.com/role
180
# operator: In
181
# values:
182
# - master
183
affinity: {}
184
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.21/#topologyspreadconstraint-v1-core
185
# and supports Helm templating.
186
# For example:
187
# topologySpreadConstraints:
188
# - labelSelector:
189
# matchLabels:
190
# app.kubernetes.io/name: '{{ template "coredns.name" . }}'
191
# app.kubernetes.io/instance: '{{ .Release.Name }}'
192
# topologyKey: topology.kubernetes.io/zone
193
# maxSkew: 1
194
# whenUnsatisfiable: ScheduleAnyway
195
# - labelSelector:
196
# matchLabels:
197
# app.kubernetes.io/name: '{{ template "coredns.name" . }}'
198
# app.kubernetes.io/instance: '{{ .Release.Name }}'
199
# topologyKey: kubernetes.io/hostname
200
# maxSkew: 1
201
# whenUnsatisfiable: ScheduleAnyway
202
topologySpreadConstraints: []
203
# Node labels for pod assignment
204
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
205
nodeSelector: {}
206
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
207
# for example:
208
# tolerations:
209
# - key: foo.bar.com/role
210
# operator: Equal
211
# value: master
212
# effect: NoSchedule
213
tolerations: []
214
# https://kubernetes.io/docs/tasks/run-application/configure-pdb/#specifying-a-poddisruptionbudget
215
podDisruptionBudget: {}
216
# configure custom zone files as per https://coredns.io/2017/05/08/custom-dns-entries-for-kubernetes/
217
zoneFiles: []
218
# - filename: example.db
219
# domain: example.com
220
# contents: |
221
# example.com. IN SOA sns.dns.icann.com. noc.dns.icann.com. 2015082541 7200 3600 1209600 3600
222
# example.com. IN NS b.iana-servers.net.
223
# example.com. IN NS a.iana-servers.net.
224
# example.com. IN A 192.168.99.102
225
# *.example.com. IN A 192.168.99.102
226
227
# optional array of sidecar containers
228
extraContainers: []
229
# - name: some-container-name
230
# image: some-image:latest
231
# imagePullPolicy: Always
232
# optional array of extra volumes to create
233
extraVolumes: []
234
# - name: some-volume-name
235
# emptyDir: {}
236
# optional array of mount points for extraVolumes
237
extraVolumeMounts: []
238
# - name: some-volume-name
239
# mountPath: /etc/wherever
240
241
# optional array of secrets to mount inside coredns container
242
# possible usecase: need for secure connection with etcd backend
243
extraSecrets: []
244
# - name: etcd-client-certs
245
# mountPath: /etc/coredns/tls/etcd
246
# defaultMode: 420
247
# - name: some-fancy-secret
248
# mountPath: /etc/wherever
249
# defaultMode: 440
250
251
# optional array of environment variables for coredns container
252
# possible usecase: provides username and password for etcd user authentications
253
env: []
254
# - name: WHATEVER_ENV
255
# value: whatever
256
# - name: SOME_SECRET_ENV
257
# valueFrom:
258
# secretKeyRef:
259
# name: some-secret-name
260
# key: secret-key
261
262
# To support legacy deployments using CoreDNS with the "k8s-app: kube-dns" label selectors.
263
# See https://github.com/coredns/helm/blob/master/charts/coredns/README.md#adopting-existing-coredns-resources
264
# k8sAppLabelOverride: "kube-dns"
265
266
# Custom labels to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
267
customLabels: {}
268
# Custom annotations to apply to Deployment, Pod, Configmap, Service, ServiceMonitor. Including autoscaler if enabled.
269
customAnnotations: {}
270
## Alternative configuration for HPA deployment if wanted
271
## Create HorizontalPodAutoscaler object.
272
##
273
# hpa:
274
# enabled: false
275
# minReplicas: 1
276
# maxReplicas: 10
277
# metrics:
278
# metrics:
279
# - type: Resource
280
# resource:
281
# name: memory
282
# target:
283
# type: Utilization
284
# averageUtilization: 60
285
# - type: Resource
286
# resource:
287
# name: cpu
288
# target:
289
# type: Utilization
290
# averageUtilization: 60
291
hpa:
292
enabled: false
293
minReplicas: 1
294
maxReplicas: 2
295
metrics: []
296
## Configue a cluster-proportional-autoscaler for coredns
297
# See https://github.com/kubernetes-incubator/cluster-proportional-autoscaler
298
autoscaler:
299
# Enabled the cluster-proportional-autoscaler
300
enabled: false
301
# Number of cores in the cluster per coredns replica
302
coresPerReplica: 256
303
# Number of nodes in the cluster per coredns replica
304
nodesPerReplica: 16
305
# Min size of replicaCount
306
min: 0
307
# Max size of replicaCount (default of 0 is no max)
308
max: 0
309
# Whether to include unschedulable nodes in the nodes/cores calculations - this requires version 1.8.0+ of the autoscaler
310
includeUnschedulableNodes: false
311
# If true does not allow single points of failure to form
312
preventSinglePointFailure: true
313
# Annotations for the coredns proportional autoscaler pods
314
podAnnotations: {}
315
## Optionally specify some extra flags to pass to cluster-proprtional-autoscaler.
316
## Useful for e.g. the nodelabels flag.
317
# customFlags:
318
# - --nodelabels=topology.kubernetes.io/zone=us-east-1a
319
image:
320
repository: cgr.dev/chainguard-private/cluster-proportional-autoscaler-fips
321
tag: latest@sha256:3ba6f905e38a05aae055fc61c20f806d145d2d64a0975931d0945c9c31ce2519
322
pullPolicy: IfNotPresent
323
## Optionally specify an array of imagePullSecrets.
324
## Secrets must be manually created in the namespace.
325
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
326
##
327
pullSecrets: []
328
# pullSecrets:
329
# - name: myRegistryKeySecretName
330
# Optional priority class to be used for the autoscaler pods. priorityClassName used if not set.
331
priorityClassName: ""
332
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#affinity-v1-core
333
affinity: {}
334
# Node labels for pod assignment
335
# Ref: https://kubernetes.io/docs/user-guide/node-selection/
336
nodeSelector: {}
337
# expects input structure as per specification https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.11/#toleration-v1-core
338
tolerations: []
339
# resources for autoscaler pod
340
resources:
341
requests:
342
cpu: "20m"
343
memory: "10Mi"
344
limits:
345
cpu: "20m"
346
memory: "10Mi"
347
# Options for autoscaler configmap
348
configmap:
349
## Annotations for the coredns-autoscaler configmap
350
# i.e. strategy.spinnaker.io/versioned: "false" to ensure configmap isn't renamed
351
annotations: {}
352
# Enables the livenessProbe for cluster-proportional-autoscaler - this requires version 1.8.0+ of the autoscaler
353
livenessProbe:
354
enabled: true
355
initialDelaySeconds: 10
356
periodSeconds: 5
357
timeoutSeconds: 5
358
failureThreshold: 3
359
successThreshold: 1
360
# optional array of sidecar containers
361
extraContainers: []
362
# - name: some-container-name
363
# image: some-image:latest
364
# imagePullPolicy: Always
365
deployment:
366
skipConfig: false
367
enabled: true
368
name: ""
369
## Annotations for the coredns deployment
370
annotations: {}
371
## Pod selector
372
selector: {}
373
# dnsPolicy determines how DNS resolution is handled for the pod.
374
# When isClusterService is true, this defaults to "Default" to avoid circular DNS resolution.
375
# Options: Default, ClusterFirst, ClusterFirstWithHostNet, None
376
# If set to "None", you must provide dnsConfig.
377
dnsPolicy: "Default"
378
# dnsConfig allows fine-grained DNS configuration for the pod.
379
# Only used when dnsPolicy is set to "None" or when custom DNS settings are needed.
380
# Example:
381
# dnsConfig:
382
# nameservers:
383
# - 8.8.8.8
384
# searches:
385
# - my.dns.search.suffix
386
# options:
387
# - name: ndots
388
# value: "2"
389
dnsConfig: {}
390
# Configures initcontainers for the coredns deployment.
391
initContainers: []
392

The trusted source for open source

Talk to an expert
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsChainguard OS PackagesChainguard ActionsChainguard Agent SkillsIntegrationsPricing

Solutions

FedRAMPPCI DSSCMMC 2.0SOC 2Golden ImagesCVE RemediationPublic SectorStartups

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsSupply Chain Security 101Chainguard CoursesDocumentationTrust CenterChainguard Slack Community

Company

About UsBlogOpen Source LeadershipPartnersNewsroomCareersLegal
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.