From 0a1d53b6dd0f26c5cfc88786e0027c4fa3c614cd Mon Sep 17 00:00:00 2001 From: Viktor Barzin Date: Mon, 23 Feb 2026 22:43:05 +0000 Subject: [PATCH] [ci skip] platform: add ndots=2 dns_config to all deployment pod specs Prevents Terraform from reverting the Kyverno inject-ndots mutation on every apply. 23 pod specs across 19 platform module files. --- .../platform/modules/authentik/pgbouncer.tf | 6 +++++ stacks/platform/modules/cloudflared/main.tf | 6 +++++ stacks/platform/modules/crowdsec/main.tf | 6 +++++ stacks/platform/modules/dbaas/main.tf | 24 +++++++++++++++++++ stacks/platform/modules/headscale/main.tf | 6 +++++ stacks/platform/modules/k8s-portal/main.tf | 6 +++++ stacks/platform/modules/mailserver/main.tf | 6 +++++ .../modules/mailserver/roundcubemail.tf | 6 +++++ stacks/platform/modules/monitoring/idrac.tf | 6 +++++ stacks/platform/modules/monitoring/loki.tf | 6 +++++ .../modules/monitoring/pve_exporter.tf | 6 +++++ .../modules/monitoring/snmp_exporter.tf | 6 +++++ stacks/platform/modules/nvidia/main.tf | 12 ++++++++++ stacks/platform/modules/redis/main.tf | 6 +++++ stacks/platform/modules/technitium/main.tf | 6 +++++ stacks/platform/modules/uptime-kuma/main.tf | 6 +++++ stacks/platform/modules/vaultwarden/main.tf | 6 +++++ stacks/platform/modules/wireguard/main.tf | 6 +++++ stacks/platform/modules/xray/main.tf | 6 +++++ 19 files changed, 138 insertions(+) diff --git a/stacks/platform/modules/authentik/pgbouncer.tf b/stacks/platform/modules/authentik/pgbouncer.tf index ac027e76..16126a16 100644 --- a/stacks/platform/modules/authentik/pgbouncer.tf +++ b/stacks/platform/modules/authentik/pgbouncer.tf @@ -105,6 +105,12 @@ resource "kubernetes_deployment" "pgbouncer" { secret_name = kubernetes_secret.pgbouncer_auth.metadata[0].name } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/cloudflared/main.tf b/stacks/platform/modules/cloudflared/main.tf index 018a7a41..1231d8a1 100644 --- a/stacks/platform/modules/cloudflared/main.tf +++ b/stacks/platform/modules/cloudflared/main.tf @@ -61,6 +61,12 @@ resource "kubernetes_deployment" "cloudflared" { container_port = 14333 } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/crowdsec/main.tf b/stacks/platform/modules/crowdsec/main.tf index 0f640614..529cc883 100644 --- a/stacks/platform/modules/crowdsec/main.tf +++ b/stacks/platform/modules/crowdsec/main.tf @@ -160,6 +160,12 @@ resource "kubernetes_deployment" "crowdsec-web" { protocol = "TCP" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/dbaas/main.tf b/stacks/platform/modules/dbaas/main.tf index 1c42b64a..0b9ddb31 100644 --- a/stacks/platform/modules/dbaas/main.tf +++ b/stacks/platform/modules/dbaas/main.tf @@ -178,6 +178,12 @@ resource "kubernetes_deployment" "mysql" { } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } @@ -427,6 +433,12 @@ resource "kubernetes_deployment" "phpmyadmin" { value = "300M" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } @@ -779,6 +791,12 @@ resource "kubernetes_deployment" "postgres" { # name = "mycnf" # } # } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } @@ -858,6 +876,12 @@ resource "kubernetes_deployment" "pgadmin" { server = var.nfs_server } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/headscale/main.tf b/stacks/platform/modules/headscale/main.tf index 60bf2e4d..0284a824 100644 --- a/stacks/platform/modules/headscale/main.tf +++ b/stacks/platform/modules/headscale/main.tf @@ -164,6 +164,12 @@ resource "kubernetes_deployment" "headscale" { value = "kekekekeke" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/k8s-portal/main.tf b/stacks/platform/modules/k8s-portal/main.tf index 2011700e..aa671245 100644 --- a/stacks/platform/modules/k8s-portal/main.tf +++ b/stacks/platform/modules/k8s-portal/main.tf @@ -74,6 +74,12 @@ resource "kubernetes_deployment" "k8s_portal" { name = kubernetes_config_map.k8s_portal_config.metadata[0].name } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/mailserver/main.tf b/stacks/platform/modules/mailserver/main.tf index 7d95672d..801600bf 100644 --- a/stacks/platform/modules/mailserver/main.tf +++ b/stacks/platform/modules/mailserver/main.tf @@ -413,6 +413,12 @@ resource "kubernetes_deployment" "mailserver" { name = "var-run-dovecot" empty_dir {} } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/mailserver/roundcubemail.tf b/stacks/platform/modules/mailserver/roundcubemail.tf index 2f26c9d7..c38bc650 100644 --- a/stacks/platform/modules/mailserver/roundcubemail.tf +++ b/stacks/platform/modules/mailserver/roundcubemail.tf @@ -159,6 +159,12 @@ resource "kubernetes_deployment" "roundcubemail" { server = var.nfs_server } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/monitoring/idrac.tf b/stacks/platform/modules/monitoring/idrac.tf index 957918de..e43aee0b 100644 --- a/stacks/platform/modules/monitoring/idrac.tf +++ b/stacks/platform/modules/monitoring/idrac.tf @@ -80,6 +80,12 @@ resource "kubernetes_deployment" "idrac-redfish" { name = "redfish-exporter-config" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/monitoring/loki.tf b/stacks/platform/modules/monitoring/loki.tf index 9bcef976..7cef0ace 100644 --- a/stacks/platform/modules/monitoring/loki.tf +++ b/stacks/platform/modules/monitoring/loki.tf @@ -99,6 +99,12 @@ resource "kubernetes_daemon_set_v1" "sysctl-inotify" { toleration { operator = "Exists" } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/monitoring/pve_exporter.tf b/stacks/platform/modules/monitoring/pve_exporter.tf index 74937a05..ed3504bc 100644 --- a/stacks/platform/modules/monitoring/pve_exporter.tf +++ b/stacks/platform/modules/monitoring/pve_exporter.tf @@ -67,6 +67,12 @@ resource "kubernetes_deployment" "pve_exporter" { } } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/monitoring/snmp_exporter.tf b/stacks/platform/modules/monitoring/snmp_exporter.tf index c59f3567..530e6bda 100644 --- a/stacks/platform/modules/monitoring/snmp_exporter.tf +++ b/stacks/platform/modules/monitoring/snmp_exporter.tf @@ -70,6 +70,12 @@ resource "kubernetes_deployment" "snmp-exporter" { name = "snmp-exporter-yaml" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/nvidia/main.tf b/stacks/platform/modules/nvidia/main.tf index 097c7dfd..c45b19d8 100644 --- a/stacks/platform/modules/nvidia/main.tf +++ b/stacks/platform/modules/nvidia/main.tf @@ -122,6 +122,12 @@ resource "kubernetes_deployment" "nvidia-exporter" { } } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } @@ -628,6 +634,12 @@ resource "kubernetes_daemonset" "gpu_pod_exporter" { type = "Directory" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/redis/main.tf b/stacks/platform/modules/redis/main.tf index d3183ba6..257dd7fe 100644 --- a/stacks/platform/modules/redis/main.tf +++ b/stacks/platform/modules/redis/main.tf @@ -79,6 +79,12 @@ resource "kubernetes_deployment" "redis" { server = var.nfs_server } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/technitium/main.tf b/stacks/platform/modules/technitium/main.tf index a5a459ab..a03bd691 100644 --- a/stacks/platform/modules/technitium/main.tf +++ b/stacks/platform/modules/technitium/main.tf @@ -173,6 +173,12 @@ resource "kubernetes_deployment" "technitium" { secret_name = var.tls_secret_name } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/uptime-kuma/main.tf b/stacks/platform/modules/uptime-kuma/main.tf index d93232c0..6fdb4ac0 100644 --- a/stacks/platform/modules/uptime-kuma/main.tf +++ b/stacks/platform/modules/uptime-kuma/main.tf @@ -83,6 +83,12 @@ resource "kubernetes_deployment" "uptime-kuma" { path = "/mnt/main/uptime-kuma" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/vaultwarden/main.tf b/stacks/platform/modules/vaultwarden/main.tf index c97cff8f..53b349a3 100644 --- a/stacks/platform/modules/vaultwarden/main.tf +++ b/stacks/platform/modules/vaultwarden/main.tf @@ -113,6 +113,12 @@ resource "kubernetes_deployment" "vaultwarden" { server = var.nfs_server } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/wireguard/main.tf b/stacks/platform/modules/wireguard/main.tf index c95b009d..162b230e 100644 --- a/stacks/platform/modules/wireguard/main.tf +++ b/stacks/platform/modules/wireguard/main.tf @@ -175,6 +175,12 @@ resource "kubernetes_deployment" "wireguard" { name = "wg0-conf" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } } diff --git a/stacks/platform/modules/xray/main.tf b/stacks/platform/modules/xray/main.tf index c5069e1a..71d25839 100644 --- a/stacks/platform/modules/xray/main.tf +++ b/stacks/platform/modules/xray/main.tf @@ -128,6 +128,12 @@ resource "kubernetes_deployment" "xray" { name = "xray-config" } } + dns_config { + option { + name = "ndots" + value = "2" + } + } } } }