Fixes #6740: Allow disabling reverse DNS lookups in coredns (#6741)

* created variable to enable/disable reverse dns lookups in coredns * fixed linting-error in dns-stack.md
4 years ago · 77149e5d89
3 changed files with 8 additions and 1 deletions
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@ -82,6 +82,10 @@ dns_etchosts: |
  192.168.0.200 ingress.example.com
 ```

+### enable_coredns_reverse_dns_lookups
+
+Whether reverse DNS lookups are enabled in the coredns config. Defaults to `true`.
+
 ## DNS modes supported by Kubespray

 You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.
--- a/roles/kubernetes-apps/ansible/defaults/main.yml
+++ b/roles/kubernetes-apps/ansible/defaults/main.yml
@ -7,6 +7,7 @@ dns_min_replicas: 2
 dns_nodes_per_replica: 16
 dns_cores_per_replica: 256
 dns_prevent_single_point_failure: "{{ 'true' if dns_min_replicas|int > 1 else 'false' }}"
+enable_coredns_reverse_dns_lookups: true
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]

--- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2
@ -31,12 +31,14 @@ data:
            lameduck 5s
        }
        ready
-        kubernetes {{ dns_domain }} in-addr.arpa ip6.arpa {
+        kubernetes {{ dns_domain }} {% if enable_coredns_reverse_dns_lookups %}in-addr.arpa ip6.arpa {% endif %}{
          pods insecure
 {% if enable_coredns_k8s_endpoint_pod_names %}
          endpoint_pod_names
 {% endif %}
+{% if enable_coredns_reverse_dns_lookups %}
          fallthrough in-addr.arpa ip6.arpa
+{% endif %}
        }
        prometheus :9153
 {% if resolvconf_mode == 'host_resolvconf' and upstream_dns_servers is defined and upstream_dns_servers|length > 0 %}