diff options
| author | Paul Buetow <paul@buetow.org> | 2026-05-16 15:22:06 +0300 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-05-16 15:22:06 +0300 |
| commit | 0d80181a2666d9cdd8001eca69bbefbb3b16e4dc (patch) | |
| tree | 9cd9cff5f8bf23fbefbe47c689b3175c523fec9d /f3s | |
| parent | 91d5fec541ecc9147d89a2c25f3ba76ce1895bb7 (diff) | |
f3s/registry: add coredns-custom ConfigMap for in-cluster registry DNS
Trivy scan jobs do their own DNS lookups for image names and need
registry.lan.buetow.org to resolve from inside the cluster. Adds a
coredns-custom server block pointing the hostname at r0's WireGuard IP
(which matches the k3s registries.yaml mirror target).
Diffstat (limited to 'f3s')
| -rw-r--r-- | f3s/registry/helm-chart/templates/coredns-custom.yaml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/f3s/registry/helm-chart/templates/coredns-custom.yaml b/f3s/registry/helm-chart/templates/coredns-custom.yaml new file mode 100644 index 0000000..4747272 --- /dev/null +++ b/f3s/registry/helm-chart/templates/coredns-custom.yaml @@ -0,0 +1,23 @@ +--- +# Make `registry.lan.buetow.org` resolvable from inside the cluster so that +# pods (notably trivy-operator scan jobs) can pull/inspect images from the +# in-cluster Docker Registry NodePort. +# +# The k3s registries.yaml on each node mirrors `registry.lan.buetow.org:30001` +# to `r0.lan.buetow.org:30001`, so containerd image pulls work without DNS. +# Pods that issue their own image-name DNS lookups (trivy) still need an +# A record. We point them at r0's WireGuard IP, which is what NodeHosts +# uses for r0.lan.buetow.org and what the registries.yaml mirror targets. +apiVersion: v1 +kind: ConfigMap +metadata: + name: coredns-custom + namespace: kube-system +data: + registry.server: | + registry.lan.buetow.org:53 { + hosts { + 192.168.2.120 registry.lan.buetow.org + fallthrough + } + } |