From 259b68a7558a885bd42b5b7e622c31063ec28ec6 Mon Sep 17 00:00:00 2001 From: Stefan Reimer Date: Fri, 8 Apr 2022 22:11:36 +0200 Subject: [PATCH] feat: Integrate external-dns for kubeapi --- .../resources/80-apiserver-dns-service.yaml | 16 +++++++ charts/kubeadm/values.yaml | 3 ++ charts/kubezero-addons/Chart.yaml | 8 +++- .../templates/cluster-backup/cronjob.yaml | 2 +- charts/kubezero-addons/values.yaml | 42 ++++++++++++++++++- 5 files changed, 68 insertions(+), 3 deletions(-) create mode 100644 charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml diff --git a/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml b/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml new file mode 100644 index 0000000..ff1409e --- /dev/null +++ b/charts/kubeadm/templates/resources/80-apiserver-dns-service.yaml @@ -0,0 +1,16 @@ +{{- if index .Values "addons" "external-dns" "enabled" }} +apiVersion: v1 +kind: Service +metadata: + annotations: + external-dns.alpha.kubernetes.io/hostname: {{ regexSplit ":" .Values.api.endpoint -1 | first }} + external-dns.alpha.kubernetes.io/ttl: "60" + name: kubezero-api + namespace: kube-system +spec: + type: ClusterIP + clusterIP: None + selector: + component: kube-apiserver + tier: control-plane +{{- end }} diff --git a/charts/kubeadm/values.yaml b/charts/kubeadm/values.yaml index 6950ee9..0a8bb99 100644 --- a/charts/kubeadm/values.yaml +++ b/charts/kubeadm/values.yaml @@ -35,6 +35,9 @@ addons: # -- /etc/cloudbender/clusterBackup.passphrase passwordFile: "" + external-dns: + enabled: false + network: multus: enabled: false diff --git a/charts/kubezero-addons/Chart.yaml b/charts/kubezero-addons/Chart.yaml index d1a8189..bfa9e10 100644 --- a/charts/kubezero-addons/Chart.yaml +++ b/charts/kubezero-addons/Chart.yaml @@ -2,7 +2,8 @@ apiVersion: v2 name: kubezero-addons description: KubeZero umbrella chart for various optional cluster addons type: application -version: 0.4.4 +version: 0.5.0 +appVersion: v1.22.8 home: https://kubezero.com icon: https://cdn.zero-downtime.net/assets/kubezero/logo-small-64.png keywords: @@ -10,6 +11,7 @@ keywords: - fuse-device-plugin - k8s-ecr-login-renew - aws-node-termination-handler + - external-dns maintainers: - name: Stefan Reimer email: stefan@zero-downtime.net @@ -18,4 +20,8 @@ dependencies: version: 0.18.0 # repository: https://aws.github.io/eks-charts condition: aws-node-termination-handler.enabled + - name: external-dns + version: 1.7.1 + repository: https://kubernetes-sigs.github.io/external-dns/ + condition: external-dns.enabled kubeVersion: ">= 1.20.0" diff --git a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml index 3868c38..3d3d5ce 100644 --- a/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml +++ b/charts/kubezero-addons/templates/cluster-backup/cronjob.yaml @@ -15,7 +15,7 @@ spec: spec: containers: - name: kubezero-admin - image: "{{ .Values.clusterBackup.image.name }}:{{ .Values.clusterBackup.image.tag }}" + image: "{{ .Values.clusterBackup.image.name }}:{{ default .Chart.AppVersion .Values.clusterBackup.image.tag }}" imagePullPolicy: Always command: ["kubezero.sh"] args: diff --git a/charts/kubezero-addons/values.yaml b/charts/kubezero-addons/values.yaml index 0a9a74b..0f5cb1e 100644 --- a/charts/kubezero-addons/values.yaml +++ b/charts/kubezero-addons/values.yaml @@ -3,7 +3,7 @@ clusterBackup: image: name: public.ecr.aws/zero-downtime/kubezero-admin - tag: v1.21.9 + # tag: v1.22.8 repository: "" password: "" @@ -72,3 +72,43 @@ fuseDevicePlugin: k8sEcrLoginRenew: enabled: false + +external-dns: + enabled: false + + interval: 3m + triggerLoopOnEvent: true + + tolerations: + - key: node-role.kubernetes.io/master + effect: NoSchedule + nodeSelector: + node-role.kubernetes.io/control-plane: "" + + logLevel: debug + sources: + - service + #- istio-gateway + + provider: inmemory + + extraVolumes: + - name: aws-token + projected: + sources: + - serviceAccountToken: + path: token + expirationSeconds: 86400 + audience: "sts.amazonaws.com" + extraVolumeMounts: + - name: aws-token + mountPath: "/var/run/secrets/sts.amazonaws.com/serviceaccount/" + readOnly: true + env: + # -- "arn:aws:iam::${AWS::AccountId}:role/${AWS::Region}.${ClusterName}.externalDNS" + - name: AWS_ROLE_ARN + value: "" + - name: AWS_WEB_IDENTITY_TOKEN_FILE + value: "/var/run/secrets/sts.amazonaws.com/serviceaccount/token" + - name: AWS_STS_REGIONAL_ENDPOINTS + value: "regional"