kubespray/roles/docker/tasks/set_facts_dns.yml

---

- name: set dns server for docker
  set_fact:
    docker_dns_servers: |-
      {%- if dns_mode == 'kubedns' -%}
        {{ [ skydns_server ] }}
      {%- elif dns_mode == 'dnsmasq_kubedns' -%}
        {{ [ dnsmasq_dns_server ] }}
      {%- endif -%}

- name: set base docker dns facts
  set_fact:
    docker_dns_search_domains:
      - 'default.svc.{{ dns_domain }}'
      - 'svc.{{ dns_domain }}'
    docker_dns_options:
      - ndots:{{ ndots }}
      - timeout:2
      - attempts:2

- name: add upstream dns servers (only when dnsmasq is not used)
  set_fact:
    docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers|default([]) }}"
  when: dns_mode == 'kubedns'

- name: add global searchdomains
  set_fact:
    docker_dns_search_domains: "{{ docker_dns_search_domains + searchdomains|default([]) }}"

- name: check system nameservers
  shell: grep "^nameserver" /etc/resolv.conf | sed 's/^nameserver\s*//'
  changed_when: False
  register: system_nameservers
  check_mode: no

- name: check system search domains
  shell: grep "^search" /etc/resolv.conf | sed 's/^search\s*//'
  changed_when: False
  register: system_search_domains
  check_mode: no

- name: add system nameservers to docker options
  set_fact:
    docker_dns_servers: "{{ docker_dns_servers | union(system_nameservers.stdout_lines) | unique }}"
  when: system_nameservers.stdout != ""

- name: add system search domains to docker options
  set_fact:
    docker_dns_search_domains: "{{ docker_dns_search_domains | union(system_search_domains.stdout.split(' ')|default([])) | unique }}"
  when: system_search_domains.stdout != ""

- name: check number of nameservers
  fail:
    msg: "Too many nameservers. You can relax this check by set docker_dns_servers_strict=no and we will only use the first 3."
  when: docker_dns_servers|length > 3 and docker_dns_servers_strict|bool

- name: rtrim number of nameservers to 3
  set_fact:
    docker_dns_servers: "{{ docker_dns_servers[0:3] }}"
  when: docker_dns_servers|length > 3 and not docker_dns_servers_strict|bool

- name: check number of search domains
  fail:
    msg: "Too many search domains"
  when: docker_dns_search_domains|length > 6

- name: check length of search domains
  fail:
    msg: "Search domains exceeded limit of 256 characters"
  when: docker_dns_search_domains|join(' ')|length > 256