feat: Integrate external-dns for kubeapi

charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml

@@ -0,0 +1,16 @@
+{{- if index .Values "addons" "external-dns" "enabled" }}
+apiVersion: v1
+kind: Service
+metadata:
+  annotations:
+    external-dns.alpha.kubernetes.io/hostname: {{ regexSplit ":" .Values.api.endpoint -1 | first }}
+    external-dns.alpha.kubernetes.io/ttl: "60"
+  name: kubezero-api
+  namespace: kube-system
+spec:
+  type: ClusterIP
+  clusterIP: None
+  selector:
+    component: kube-apiserver
+    tier: control-plane
+{{- end }}

charts/kubeadm/values.yaml

@@ -35,6 +35,9 @@ addons:
     # -- /etc/cloudbender/clusterBackup.passphrase
     passwordFile: ""
 
+  external-dns:
+    enabled: false
+
 network:
   multus:
     enabled: false

charts/kubezero-addons/Chart.yaml

@@ -2,7 +2,8 @@ apiVersion: v2
 name: kubezero-addons
 description: KubeZero umbrella chart for various optional cluster addons
 type: application
-version: 0.4.4
+version: 0.5.0
+appVersion: v1.22.8
 home: https://kubezero.com
 icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png
 keywords:
@@ -10,6 +11,7 @@ keywords:
   - fuse-device-plugin
   - k8s-ecr-login-renew
   - aws-node-termination-handler
+  - external-dns
 maintainers:
   - name: Stefan Reimer
     email: stefan@zero-downtime.net
@@ -18,4 +20,8 @@ dependencies:
     version: 0.18.0
     # repository: https://aws.github.io/eks-charts
     condition: aws-node-termination-handler.enabled
+  - name: external-dns
+    version: 1.7.1
+    repository: https://kubernetes-sigs.github.io/external-dns/
+    condition: external-dns.enabled
 kubeVersion: ">= 1.20.0"

charts/kubezero-addons/templates/cluster-backup/cronjob.yaml

@@ -15,7 +15,7 @@ spec:
         spec:
           containers:
           - name: kubezero-admin
-            image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}"
+            image: "{{ .Values.clusterBackup.image.name }}:{{ default .Chart.AppVersion .Values.clusterBackup.image.tag }}"
             imagePullPolicy: Always
             command: ["kubezero.sh"]
             args:

charts/kubezero-addons/values.yaml

@@ -3,7 +3,7 @@ clusterBackup:
 
   image:
     name: public.ecr.aws/zero-downtime/kubezero-admin
-    tag: v1.21.9
+    # tag: v1.22.8
 
   repository: ""
   password: ""
@@ -72,3 +72,43 @@ fuseDevicePlugin:
 
 k8sEcrLoginRenew:
   enabled: false
+
+external-dns:
+  enabled: false
+
+  interval: 3m
+  triggerLoopOnEvent: true
+
+  tolerations:
+  - key: node-role.kubernetes.io/master
+    effect: NoSchedule
+  nodeSelector:
+    node-role.kubernetes.io/control-plane: ""
+
+  logLevel: debug
+  sources:
+  - service
+  #- istio-gateway
+
+  provider: inmemory
+
+  extraVolumes:
+  - name: aws-token
+    projected:
+      sources:
+      - serviceAccountToken:
+          path: token
+          expirationSeconds: 86400
+          audience: "sts.amazonaws.com"
+  extraVolumeMounts:
+  - name: aws-token
+    mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/"
+    readOnly: true
+  env:
+  # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS"
+  - name: AWS_ROLE_ARN
+    value: ""
+  - name: AWS_WEB_IDENTITY_TOKEN_FILE
+    value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token"
+  - name: AWS_STS_REGIONAL_ENDPOINTS
+    value: "regional"