systemd-resolved: use a drop-in for kubespray dns (#10732)

This avoid needlessly overriding things and make cleanup easier.
Also simplifies the template a bit.

roles/kubernetes/preinstall/tasks/0061-systemd-resolved.yml

@@ -1,8 +1,14 @@
 ---
-- name: Write resolved.conf
+- name: Create systemd-resolved drop-in directory
+  file:
+    state: directory
+    name: /etc/systemd/resolved.conf.d/
+    mode: 0755
+
+- name: Write Kubespray DNS settings to systemd-resolved
   template:
     src: resolved.conf.j2
-    dest: /etc/systemd/resolved.conf
+    dest: /etc/systemd/resolved.conf.d/kubespray.conf
     owner: root
     group: root
     mode: 0644

roles/kubernetes/preinstall/templates/resolved.conf.j2

@@ -1,21 +1,15 @@
 [Resolve]
-{% if dns_early is sameas true and dns_late is sameas false %}
-#DNS=
-{% else %}
+{% if not dns_early and dns_late %}
 DNS={{ ([nodelocaldns_ip] if enable_nodelocaldns else coredns_server )| list | join(' ') }}
 {% endif %}
 FallbackDNS={{ ( upstream_dns_servers|d([]) + nameservers|d([]) + cloud_resolver|d([])) | unique | join(' ') }}
-{% if remove_default_searchdomains is sameas true and searchdomains|default([])|length != 0 %}
+{% if remove_default_searchdomains and searchdomains|default([])|length != 0 %}
 Domains={{ searchdomains|default([]) | join(' ') }}
 {% else %}
 Domains={{ ([ 'default.svc.' + dns_domain, 'svc.' + dns_domain ] + searchdomains|default([])) | join(' ') }}
 {% endif %}
-#LLMNR=no
-#MulticastDNS=no
 DNSSEC=no
 Cache=no-negative
 {% if systemd_resolved_disable_stub_listener | bool %}
 DNSStubListener=no
-{% else %}
-#DNSStubListener=yes
 {% endif %}

roles/reset/tasks/main.yml

@@ -314,6 +314,7 @@
     - /etc/dnsmasq.d
     - /etc/dnsmasq.conf
     - /etc/dnsmasq.d-available
+    - /etc/systemd/resolved.conf.d/kubespray.conf
     - /etc/etcd.env
     - /etc/calico
     - /etc/NetworkManager/conf.d/calico.conf