Integrate Hetzner DNS for automatic DNS provisioning

[captnCC]

Since we are already running on Hetzner infrastructure, using their DNS service is a reasonable choice.
My idea is to use the Hetzner DNS to at least provision the base domain for the cluster with the proper records (A/AAAA) and add support for DNS01 challenges against the Hetzner DNS for cert-manager out of the box.

With this it would be a one-step setup to get a cluster up and running including working DNS and certificates.

To get this up and running a few components are needed:
For Terraform:

• Include the timohirt/hetznerdns provider
• Configuration for the used DNS zone, final cluster domain etc
• Implementing the records with the appropriate IPs (for usage with and without a LB)

In k3s:

• Decide on the web hook service:
  • mecodia/cert-manager-webhook-hetzner
  • vadimkim/cert-manager-webhook-hetzner
• Configure and deploy one of them

vadimkim/cert-manager-webhook-hetzner seems to be there "more" active/popular one and has the advantage that the token for the Hetzner DNS is set via a secret instead of the ClusterIssuer like mecodia/cert-manager-webhook-hetzner does it. (But I haven't tested it yet)

Are there anymore features I have forgotten?

[mysticaltech]

The only thing that crosses my mind now @captnCC, is that it's a very particular use case. In which case do you need to communicate with the base domain? And what would it point to, the ingress-controller LB or the control-plane LB (when use_control_plane_lb is true)?

Just would like to understand in which case you would use it as an example.

[mysticaltech]

Got it, I understand. My personal feeling at the moment is that the Hetzner DNS use case is too specific. Providing samples in the example folder for instance would definitely help!

[codeagencybe]

Something like this I would also appreciate a lot, but problem I'm using ClouDNS (https://cloudns.net) which is "yet another" DNS provider.
I think it will be hard to keep up and also maintain something like this in the "core" of the project itself.
Maybe if there could be something "generic" as a solution that can work or hook into any possible DNS provider, then at least people can still use it and match it with their DNS vendor of choice?

[captnCC]

A generic solution would be great to keep this project unopinionated beside the basic hetzner components.
Terraform doesn't allow such a generic component, so the next step would be to do in k3s itself.
A combination of cert-manager and external-dns looks promising but the provider support wildly differs between them. This would boil down to support for only the major cloud providers and to be honest people that use this package are likely avoiding them for one or another reason

[mysticaltech]

Exactly @captnCC, that's why best to leave people do their particular cert-manager and external-dns install/config in our new Kustomization flow that you added!

[mysticaltech]

Maybe give examples in the examples folder, of such Kustomizations, that would be great for Hetzner DNS, or ClouDNS @codeagencybe.

[mysticaltech]

That's something that can be added outside the cluster.