8487: Allow override of default CoreDNS zone cache

Using the coredns_cluster_zone_cache_block variable

docs/dns-stack.md

@@ -86,6 +86,28 @@ dns_etchosts: |
 
 Whether reverse DNS lookups are enabled in the coredns config. Defaults to `true`.
 
+### CoreDNS default zone cache plugin
+
+If you wish to configure the caching behaviour of CoreDNS on the default zone, you can do so using the `coredns_default_zone_cache_block` string block.
+
+An example value (more information on the [plugin's documentation](https://coredns.io/plugins/cache/)) to:
+
+* raise the max cache TTL to 3600 seconds
+* raise the max amount of success responses to cache to 3000
+* disable caching of denial responses altogether
+* enable pre-fetching of lookups with at least 10 lookups per minute before they expire
+
+Would be as follows:
+
+```yaml
+coredns_default_zone_cache_block: |
+  cache 3600 {
+    success 3000
+    denial 0
+    prefetch 10 1m
+  }
+```
+
 ## DNS modes supported by Kubespray
 
 You can modify how Kubespray sets up DNS for your cluster with the variables ``dns_mode`` and ``resolvconf_mode``.

roles/kubernetes-apps/ansible/defaults/main.yml

@@ -11,6 +11,8 @@ enable_coredns_reverse_dns_lookups: true
 coredns_ordinal_suffix: ""
 # dns_extra_tolerations: [{effect: NoSchedule, operator: "Exists"}]
 coredns_deployment_nodeselector: "kubernetes.io/os: linux"
+coredns_default_zone_cache_block: |
+  cache 30
 
 # nodelocaldns
 nodelocaldns_cpu_requests: 100m

roles/kubernetes-apps/ansible/templates/coredns-config.yml.j2

@@ -53,7 +53,7 @@ data:
 {% if enable_coredns_k8s_external %}
         k8s_external {{ coredns_k8s_external_zone }}
 {% endif %}
-        cache 30
+        {{ coredns_default_zone_cache_block | indent(width=8, first=False) }}
         loop
         reload
         loadbalance