feat: Integrate external-dns for kubeapi

This commit is contained in:
Stefan Reimer 2022-04-08 22:11:36 +02:00
parent f24a5c81c0
commit 72197a3030
5 changed files with 68 additions and 3 deletions

View File

@ -0,0 +1,16 @@
{{- if index .Values "addons" "external-dns" "enabled" }}
apiVersion: v1
kind: Service
metadata:
annotations:
external-dns.alpha.kubernetes.io/hostname: {{ regexSplit ":" .Values.api.endpoint -1 | first }}
external-dns.alpha.kubernetes.io/ttl: "60"
name: kubezero-api
namespace: kube-system
spec:
type: ClusterIP
clusterIP: None
selector:
component: kube-apiserver
tier: control-plane
{{- end }}

View File

@ -35,6 +35,9 @@ addons:
# -- /etc/cloudbender/clusterBackup.passphrase
passwordFile: ""
external-dns:
enabled: false
network:
multus:
enabled: false

View File

@ -2,7 +2,8 @@ apiVersion: v2
name: kubezero-addons
description: KubeZero umbrella chart for various optional cluster addons
type: application
version: 0.4.4
version: 0.5.0
appVersion: v1.22.8
home: https://kubezero.com
icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
keywords:
@ -10,6 +11,7 @@ keywords:
- fuse-device-plugin
- k8s-ecr-login-renew
- aws-node-termination-handler
- external-dns
maintainers:
- name: Stefan Reimer
email: stefan@zero-downtime.net
@ -18,4 +20,8 @@ dependencies:
version: 0.18.0
# repository: https://aws.github.io/eks-charts
condition: aws-node-termination-handler.enabled
- name: external-dns
version: 1.7.1
repository: https://kubernetes-sigs.github.io/external-dns/
condition: external-dns.enabled
kubeVersion: ">= 1.20.0"

View File

@ -15,7 +15,7 @@ spec:
spec:
containers:
- name: kubezero-admin
image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}"
image: "{{ .Values.clusterBackup.image.name }}:{{ default .Chart.AppVersion .Values.clusterBackup.image.tag }}"
imagePullPolicy: Always
command: ["kubezero.sh"]
args:

View File

@ -3,7 +3,7 @@ clusterBackup:
image:
name: public.ecr.aws/zero-downtime/kubezero-admin
tag: v1.21.9
# tag: v1.22.8
repository: ""
password: ""
@ -72,3 +72,43 @@ fuseDevicePlugin:
k8sEcrLoginRenew:
enabled: false
external-dns:
enabled: false
interval: 3m
triggerLoopOnEvent: true
tolerations:
- key: node-role.kubernetes.io/master
effect: NoSchedule
nodeSelector:
node-role.kubernetes.io/control-plane: ""
logLevel: debug
sources:
- service
#- istio-gateway
provider: inmemory
extraVolumes:
- name: aws-token
projected:
sources:
- serviceAccountToken:
path: token
expirationSeconds: 86400
audience: "sts.amazonaws.com"
extraVolumeMounts:
- name: aws-token
mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
readOnly: true
env:
# -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS"
- name: AWS_ROLE_ARN
value: ""
- name: AWS_WEB_IDENTITY_TOKEN_FILE
value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
- name: AWS_STS_REGIONAL_ENDPOINTS
value: "regional"