diff --git a/docs/dns-stack.md b/docs/dns-stack.md index 4d32c73d4..263145266 100644 --- a/docs/dns-stack.md +++ b/docs/dns-stack.md @@ -42,6 +42,36 @@ DNS servers in early cluster deployment when no cluster DNS is available yet. ## DNS modes supported by Kubespray +### coredns_external_zones + +Array of optional external zones to coredns forward queries to. It's injected into +`coredns`' config file before default kubernetes zone. Use it as an optimization for well-known zones and/or internal-only +domains, i.e. VPN for internal networks (default is unset) + +Example: + +```yaml +coredns_external_zones: +- zones: + - example.com + - example.io:1053 + nameservers: + - 1.1.1.1 + - 2.2.2.2 + cache: 5 +- zones: + - https://mycompany.local:4453 + nameservers: + - 192.168.0.53 + cache: 0 +``` + +or as INI + +```ini +coredns_external_zones=[{"cache": 30,"zones":["example.com","example.io:453"],"nameservers":["1.1.1.1","2.2.2.2"]}]' +``` + You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``. ### dns_mode diff --git a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 index a7d1378d1..60a364333 100644 --- a/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 +++ b/roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2 @@ -8,6 +8,18 @@ metadata: addonmanager.kubernetes.io/mode: EnsureExists data: Corefile: | +{% if coredns_external_zones is defined and coredns_external_zones|length > 0 %} +{% for block in coredns_external_zones %} + {{ block['zones'] | join(' ') }} { +        log +        errors +        forward . {{ block['nameservers'] | join(' ') }} +        loadbalance +        cache {{ block['cache'] | default(5) }} +        reload +    } +{% endfor %} +{% endif %} .:53 { errors health