fix: add endpoints for "virtual" host-dns service

Without endpoints `kube-proxy` adds an automatic reject rule for the service if it has no endpoints which breaks host network namespace DNS resolving with `forwardKubeDNSToHost: true`. Signed-off-by: Andrey Smirnov <[email protected]> (cherry picked from commit 2bf613a)
siderolabs · May 1, 2024 · bd41fee · bd41fee
1 parent 2db54c7
commit bd41fee
Showing 1 changed file with 16 additions and 0 deletions.
diff --git a/internal/app/machined/pkg/controllers/k8s/templates.go b/internal/app/machined/pkg/controllers/k8s/templates.go
@@ -589,4 +589,20 @@ spec:
     protocol: TCP
     targetPort: 53
   type: ClusterIP
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: host-dns
+  namespace: kube-system
+subsets:
+  - addresses:
+    - ip: {{ .ServiceHostDNSAddress }}
+    ports:
+    - name: dns
+      port: 53
+      protocol: UDP
+    - name: dns-tcp
+      port: 53
+      protocol: TCP
 `)