From 94df580674b8b5f8a496567d0fbf8f13ee592c09 Mon Sep 17 00:00:00 2001
From: Cristian Chiru <cristian.chiru@dcsi.eu>
Date: Sat, 1 Aug 2020 10:29:41 +0300
Subject: [PATCH] Moved docker_dns_options to defaults so it can be overridden
 (#6394)

* Moved docker_dns_options to defaults so it can be overridden

* Fixed yaml indentation and markdown

* Moved docker_dns_search_domains to defaults
---
 docs/dns-stack.md                                    | 10 ++++++++++
 .../container-engine/docker/tasks/set_facts_dns.yml  | 11 -----------
 roles/kubespray-defaults/defaults/main.yaml          | 12 ++++++++++--
 3 files changed, 20 insertions(+), 13 deletions(-)

diff --git a/docs/dns-stack.md b/docs/dns-stack.md
index bd9e00d74..7f30c3641 100644
--- a/docs/dns-stack.md
+++ b/docs/dns-stack.md
@@ -137,6 +137,16 @@ The following dns options are added to the docker daemon
 * timeout:2
 * attempts:2
 
+These dns options can be overridden by setting a different list:
+
+```yaml
+docker_dns_options:
+- ndots:{{ ndots }}
+- timeout:2
+- attempts:2
+- rotate
+```
+
 For normal PODs, k8s will ignore these options and setup its own DNS settings for the PODs, taking
 the --cluster_dns (either coredns or coredns_dual, depending on dns_mode) kubelet option into account.
 For ``hostNetwork: true`` PODs however, k8s will let docker setup DNS settings. Docker containers which
diff --git a/roles/container-engine/docker/tasks/set_facts_dns.yml b/roles/container-engine/docker/tasks/set_facts_dns.yml
index b884c7cf0..5af3d64d5 100644
--- a/roles/container-engine/docker/tasks/set_facts_dns.yml
+++ b/roles/container-engine/docker/tasks/set_facts_dns.yml
@@ -8,17 +8,6 @@
   debug:
     msg: "{{ docker_dns_servers }}"
 
-- name: set base docker dns facts
-  set_fact:
-    docker_dns_search_domains:
-      - 'default.svc.{{ dns_domain }}'
-      - 'svc.{{ dns_domain }}'
-    docker_dns_options:
-      - ndots:{{ ndots }}
-      - timeout:2
-      - attempts:2
-
-
 - name: add upstream dns servers
   set_fact:
     docker_dns_servers: "{{ docker_dns_servers + upstream_dns_servers|default([]) }}"
diff --git a/roles/kubespray-defaults/defaults/main.yaml b/roles/kubespray-defaults/defaults/main.yaml
index 2e41e9d8b..5b7e5cd12 100644
--- a/roles/kubespray-defaults/defaults/main.yaml
+++ b/roles/kubespray-defaults/defaults/main.yaml
@@ -75,6 +75,11 @@ epel_enabled: false
 cluster_name: cluster.local
 # Subdomains of DNS domain to be resolved via /etc/resolv.conf for hostnet pods
 ndots: 2
+# Default resolv.conf options
+docker_dns_options:
+- ndots:{{ ndots }}
+- timeout:2
+- attempts:2
 # Can be coredns, coredns_dual, manual, or none
 dns_mode: coredns
 
@@ -94,6 +99,9 @@ deploy_netchecker: false
 skydns_server: "{{ kube_service_addresses|ipaddr('net')|ipaddr(3)|ipaddr('address') }}"
 skydns_server_secondary: "{{ kube_service_addresses|ipaddr('net')|ipaddr(4)|ipaddr('address') }}"
 dns_domain: "{{ cluster_name }}"
+docker_dns_search_domains:
+- 'default.svc.{{ dns_domain }}'
+- 'svc.{{ dns_domain }}'
 
 kube_dns_servers:
   coredns: ["{{skydns_server}}"]
@@ -367,9 +375,9 @@ external_openstack_lbaas_monitor_timeout: "30s"
 external_openstack_lbaas_monitor_max_retries: "3"
 external_openstack_network_ipv6_disabled: false
 external_openstack_network_internal_networks:
-  - ""
+- ""
 external_openstack_network_public_networks:
-  - ""
+- ""
 
 ## List of authorization modes that must be configured for
 ## the k8s cluster. Only 'AlwaysAllow', 'AlwaysDeny', 'Node' and