Update coredns manifests (#143)

* https://docs.aws.amazon.com/eks/latest/userguide/coredns.html
* https://amazon-eks.s3.us-west-2.amazonaws.com/cloudformation/2020-08-12/dns.yaml

Reverse lookups were not working with the previous configuration.

modules/cluster/addons/coredns.yaml

@@ -7,7 +7,7 @@ metadata:
     eks.amazonaws.com/component: coredns
     k8s-app: kube-dns
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   labels:
@@ -33,7 +33,7 @@ rules:
   verbs:
   - get
 ---
-apiVersion: rbac.authorization.k8s.io/v1beta1
+apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRoleBinding
 metadata:
   annotations:
@@ -65,14 +65,17 @@ data:
     .:53 {
         errors
         health
-        kubernetes cluster.local {
+        kubernetes cluster.local in-addr.arpa ip6.arpa {
           pods insecure
           upstream
           fallthrough in-addr.arpa ip6.arpa
         }
         prometheus :9153
         forward . /etc/resolv.conf
         cache 30
+        loop
+        reload
+        loadbalance
     }
 ---
 apiVersion: apps/v1
@@ -99,9 +102,11 @@ spec:
       labels:
         k8s-app: kube-dns
         eks.amazonaws.com/component: coredns
+      annotations:
+        eks.amazonaws.com/compute-type: ec2
     spec:
       serviceAccountName: coredns
-      priorityClassName: system-node-critical
+      priorityClassName: system-cluster-critical
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
@@ -115,12 +120,26 @@ spec:
                 operator: In
                 values:
                 - amd64
+                - arm64
+        podAntiAffinity:
+          preferredDuringSchedulingIgnoredDuringExecution:
+          - podAffinityTerm:
+              labelSelector:
+                matchExpressions:
+                - key: k8s-app
+                  operator: In
+                  values:
+                  - kube-dns
+              topologyKey: kubernetes.io/hostname
+            weight: 100
       tolerations:
+      - key: node-role.kubernetes.io/master
+        effect: NoSchedule
       - key: "CriticalAddonsOnly"
         operator: "Exists"
       containers:
       - name: coredns
-        image: 602401143452.dkr.ecr.${aws_region}.amazonaws.com/eks/coredns:v1.6.6
+        image: 602401143452.dkr.ecr.${aws_region}.amazonaws.com/eks/coredns:v1.6.6-eksbuild.1
         imagePullPolicy: IfNotPresent
         resources:
           limits:
@@ -133,6 +152,8 @@ spec:
         - name: config-volume
           mountPath: /etc/coredns
           readOnly: true
+        - name: tmp
+          mountPath: /tmp
         ports:
         - containerPort: 53
           name: dns
@@ -143,14 +164,6 @@ spec:
         - containerPort: 9153
           name: metrics
           protocol: TCP
-        securityContext:
-          allowPrivilegeEscalation: false
-          capabilities:
-            add:
-            - NET_BIND_SERVICE
-            drop:
-            - all
-          readOnlyRootFilesystem: true
         livenessProbe:
           httpGet:
             path: /health
@@ -160,8 +173,23 @@ spec:
           timeoutSeconds: 5
           successThreshold: 1
           failureThreshold: 5
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 8080
+            scheme: HTTP
+        securityContext:
+          allowPrivilegeEscalation: false
+          capabilities:
+            add:
+            - NET_BIND_SERVICE
+            drop:
+            - all
+          readOnlyRootFilesystem: true
       dnsPolicy: Default
       volumes:
+        - name: tmp
+          emptyDir: {}
         - name: config-volume
           configMap:
             name: coredns