feat: Integrate external-dns for kubeapi

2022-04-08 22:11:36 +02:00 · 2022-04-08 22:11:36 +02:00 · 72197a3030
commit 72197a3030
parent f24a5c81c0
5 changed files with 68 additions and 3 deletions
--- a/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml
+++ b/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml
@ -0,0 +1,16 @@
+{{- if index .Values "addons" "external-dns" "enabled" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: {{ regexSplit ":" .Values.api.endpoint -1 | first }}
+    external-dns.alpha.kubernetes.io/ttl: "60"
+  name: kubezero-api
+  namespace: kube-system
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    component: kube-apiserver
+    tier: control-plane
+{{- end }}
--- a/charts/kubeadm/values.yaml
+++ b/charts/kubeadm/values.yaml
@ -35,6 +35,9 @@ addons:
    # -- /etc/cloudbender/clusterBackup.passphrase
    passwordFile: ""

+  external-dns:
+    enabled: false
+
 network:
  multus:
    enabled: false
--- a/charts/kubezero-addons/Chart.yaml
+++ b/charts/kubezero-addons/Chart.yaml
@ -2,7 +2,8 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.4.4
+version: 0.5.0
+appVersion: v1.22.8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@ -10,6 +11,7 @@ keywords:
  - fuse-device-plugin
  - k8s-ecr-login-renew
  - aws-node-termination-handler
+  - external-dns
 maintainers:
  - name: Stefan Reimer
    email: stefan@zero-downtime.net
@ -18,4 +20,8 @@ dependencies:
    version: 0.18.0
    # repository: https://aws.github.io/eks-charts
    condition: aws-node-termination-handler.enabled
+  - name: external-dns
+    version: 1.7.1
+    repository: https://kubernetes-sigs.github.io/external-dns/
+    condition: external-dns.enabled
 kubeVersion: ">= 1.20.0"
--- a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml
+++ b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml
@ -15,7 +15,7 @@ spec:
        spec:
          containers:
          - name: kubezero-admin
-            image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}"
+            image: "{{ .Values.clusterBackup.image.name }}:{{ default .Chart.AppVersion .Values.clusterBackup.image.tag }}"
            imagePullPolicy: Always
            command: ["kubezero.sh"]
            args:
--- a/charts/kubezero-addons/values.yaml
+++ b/charts/kubezero-addons/values.yaml
@ -3,7 +3,7 @@ clusterBackup:

  image:
    name: public.ecr.aws/zero-downtime/kubezero-admin
-    tag: v1.21.9
+    # tag: v1.22.8

  repository: ""
  password: ""
@ -72,3 +72,43 @@ fuseDevicePlugin:

 k8sEcrLoginRenew:
  enabled: false
+
+external-dns:
+  enabled: false
+
+  interval: 3m
+  triggerLoopOnEvent: true
+
+  tolerations:
+  - key: node-role.kubernetes.io/master
+    effect: NoSchedule
+  nodeSelector:
+    node-role.kubernetes.io/control-plane: ""
+
+  logLevel: debug
+  sources:
+  - service
+  #- istio-gateway
+
+  provider: inmemory
+
+  extraVolumes:
+  - name: aws-token
+    projected:
+      sources:
+      - serviceAccountToken:
+          path: token
+          expirationSeconds: 86400
+          audience: "sts.amazonaws.com"
+  extraVolumeMounts:
+  - name: aws-token
+    mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
+    readOnly: true
+  env:
+  # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS"
+  - name: AWS_ROLE_ARN
+    value: ""
+  - name: AWS_WEB_IDENTITY_TOKEN_FILE
+    value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
+  - name: AWS_STS_REGIONAL_ENDPOINTS
+    value: "regional"