From 982f5738e72258af735aa1567119ae7b2d43d9dd Mon Sep 17 00:00:00 2001
From: cmoulliard <cmoulliard@redhat.com>
Date: Thu, 10 Oct 2024 10:00:25 +0200
Subject: [PATCH] Add the missing parameters: answer auto to let coreDNS to
 generate the answer response to avoid man in the middle attack. #398

Signed-off-by: cmoulliard <cmoulliard@redhat.com>
---
 pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl b/pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl
index 3b3f5a88..5c9f0f3f 100644
--- a/pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl
+++ b/pkg/build/templates/coredns/cm-coredns-default.yaml.tmpl
@@ -5,9 +5,12 @@ metadata:
   namespace: kube-system
 data:
   default.conf: |
-    # subdomain names resolves to ingress IP. e.g. gitea.cnoe.localtest.me becomes ingress-nginx-controller.ingress-nginx.svc.cluster.local
+    # Goal: Rewrite rules for in-cluster access to a service: gitea, argocd, etc using the same FQDN as for external access
+
+    # subdomain names e.g. gitea.cnoe.localtest.me resolves to the IP address of the kubernetes ingress service and then will become ingress-nginx-controller.ingress-nginx.svc.cluster.local
     rewrite stop {
-        name regex (.*).{{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local
+        name regex (.*).{{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local answer auto
     }
-    # host name resolves to ingress IP
+
+    # host name resolves to the IP address of the kubernetes ingress service
     rewrite name exact {{ .Host }} ingress-nginx-controller.ingress-nginx.svc.cluster.local