From 2bf613ad3bd1582b520b2f661b7e0bfab4207eed Mon Sep 17 00:00:00 2001
From: Andrey Smirnov <andrey.smirnov@siderolabs.com>
Date: Mon, 22 Apr 2024 18:40:22 +0400
Subject: [PATCH] fix: add endpoints for "virtual" `host-dns` service

Without endpoints `kube-proxy` adds an automatic reject rule for the
service if it has no endpoints which breaks host network namespace DNS
resolving with `forwardKubeDNSToHost: true`.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
---
 .../templates/talos-host-dns-svc-template.yaml   | 16 ++++++++++++++++
 1 file changed, 16 insertions(+)

diff --git a/internal/app/machined/pkg/controllers/k8s/templates/talos-host-dns-svc-template.yaml b/internal/app/machined/pkg/controllers/k8s/templates/talos-host-dns-svc-template.yaml
index dd393a6b7f..260a3b350e 100644
--- a/internal/app/machined/pkg/controllers/k8s/templates/talos-host-dns-svc-template.yaml
+++ b/internal/app/machined/pkg/controllers/k8s/templates/talos-host-dns-svc-template.yaml
@@ -15,3 +15,19 @@ spec:
     protocol: TCP
     targetPort: 53
   type: ClusterIP
+---
+apiVersion: v1
+kind: Endpoints
+metadata:
+  name: host-dns
+  namespace: kube-system
+subsets:
+  - addresses:
+    - ip: {{ .ServiceHostDNSAddress }}
+    ports:
+    - name: dns
+      port: 53
+      protocol: UDP
+    - name: dns-tcp
+      port: 53
+      protocol: TCP