From d69db3469e1f8a880b5c8d2c8c24ae0d4d882a00 Mon Sep 17 00:00:00 2001
From: bozzo <bozzo@users.noreply.github.com>
Date: Sat, 14 Mar 2020 14:26:34 +0100
Subject: [PATCH] Add external zones in nodelocaldns configuration (#5591)

Allows to configure additionnal zone for domains not resolved by `upstream_dns_servers`.
---
 docs/dns-stack.md                             | 19 +++++++++++++++++++
 .../group_vars/k8s-cluster/k8s-cluster.yml    | 13 +++++++++++++
 .../templates/nodelocaldns-config.yml.j2      | 14 ++++++++++++++
 3 files changed, 46 insertions(+)

diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index ac40f68b4..4d32c73d4 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -133,6 +133,25 @@ More information on the rationale behind this implementation can be found [here]
 
 **As per the 2.10 release, Nodelocal DNS cache is enabled by default.**
 
+### External zones
+
+It's possible to extent the `nodelocaldns`' configuration by adding an array of external zones. For example:
+
+```yaml
+nodelocaldns_external_zones:
+- zones:
+  - example.com
+  - example.io:1053
+  nameservers:
+  - 1.1.1.1
+  - 2.2.2.2
+  cache: 5
+- zones:
+  - https://mycompany.local:4453
+  nameservers:
+  - 192.168.0.53
+```
+
 ## Limitations
 
 * Kubespray has yet ways to configure Kubedns addon to forward requests SkyDns can
diff --git a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
index 0d3792ab2..c43cd83c8 100644
--- a/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
+++ b/inventory/sample/group_vars/k8s-cluster/k8s-cluster.yml
@@ -139,6 +139,19 @@ dns_mode: coredns
 enable_nodelocaldns: true
 nodelocaldns_ip: 169.254.25.10
 nodelocaldns_health_port: 9254
+# nodelocaldns_external_zones:
+# - zones:
+#   - example.com
+#   - example.io:1053
+#   nameservers:
+#   - 1.1.1.1
+#   - 2.2.2.2
+#   cache: 5
+# - zones:
+#   - https://mycompany.local:4453
+#   nameservers:
+#   - 192.168.0.53
+#   cache: 0
 # Enable k8s_external plugin for CoreDNS
 enable_coredns_k8s_external: false
 coredns_k8s_external_zone: k8s_external.local
diff --git a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2 b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
index e56cc534a..dd5732f89 100644
--- a/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
+++ b/roles/kubernetes-apps/ansible/templates/nodelocaldns-config.yml.j2
@@ -8,6 +8,20 @@ metadata:
 
 data:
   Corefile: |
+{% if nodelocaldns_external_zones is defined and nodelocaldns_external_zones|length > 0 %}
+{% for block in nodelocaldns_external_zones %}
+    {{ block['zones'] | join(' ') }} {
+        errors
+        cache {{ block['cache'] | default(30) }}
+        reload
+        loop
+        bind {{ nodelocaldns_ip }}
+        forward . {{ block['nameservers'] | join(' ') }}
+        prometheus :9253
+        log
+    }
+{% endfor %}
+{% endif %}
     {{ dns_domain }}:53 {
         errors
         cache {
-- 
GitLab