From 96e875cd508a1850a6895c083850e6fd95411d1e Mon Sep 17 00:00:00 2001
From: Andrei Costescu <andrei@costescu.no>
Date: Thu, 25 May 2023 19:04:51 +0200
Subject: [PATCH] Add systemd_resolved_disable_stub_listener (#9875)

---
 docs/dns-stack.md                                      | 5 +++++
 roles/kubernetes/preinstall/defaults/main.yml          | 3 +++
 roles/kubernetes/preinstall/templates/resolved.conf.j2 | 2 +-
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index 09d608227..6e51504ab 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -143,6 +143,11 @@ coredns_default_zone_cache_block: |
   }
 ```
 
+### systemd_resolved_disable_stub_listener
+
+Whether or not to set `DNSStubListener=no` when using systemd-resolved. Defaults to `true` on Flatcar.
+You might need to set it to `true` if CoreDNS fails to start with `address already in use` errors.
+
 ## DNS modes supported by Kubespray
 
 You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.
diff --git a/roles/kubernetes/preinstall/defaults/main.yml b/roles/kubernetes/preinstall/defaults/main.yml
index 147039b08..8839ec466 100644
--- a/roles/kubernetes/preinstall/defaults/main.yml
+++ b/roles/kubernetes/preinstall/defaults/main.yml
@@ -140,3 +140,6 @@ redhat_os_family_extensions:
 # Extending some distributions into the debian os family
 debian_os_family_extensions:
   - "UnionTech OS Server 20"
+
+# Sets DNSStubListener=no, useful if you get "0.0.0.0:53: bind: address already in use"
+systemd_resolved_disable_stub_listener: "{{ ansible_os_family in ['Flatcar', 'Flatcar Container Linux by Kinvolk'] }}"
diff --git a/roles/kubernetes/preinstall/templates/resolved.conf.j2 b/roles/kubernetes/preinstall/templates/resolved.conf.j2
index 901fd2473..0a3b40d84 100644
--- a/roles/kubernetes/preinstall/templates/resolved.conf.j2
+++ b/roles/kubernetes/preinstall/templates/resolved.conf.j2
@@ -14,7 +14,7 @@ Domains={{ searchdomains|default([]) | join(' ') }}
 #MulticastDNS=no
 DNSSEC=no
 Cache=no-negative
-{% if ansible_os_family in ["Flatcar", "Flatcar Container Linux by Kinvolk"] %}
+{% if systemd_resolved_disable_stub_listener | bool %}
 DNSStubListener=no
 {% else %}
 #DNSStubListener=yes