From 77c40726ff1a910bb19d7882e697591565ccd465 Mon Sep 17 00:00:00 2001
From: Tom Alexander <tom@fizz.buzz>
Date: Mon, 29 Dec 2025 21:15:29 -0500
Subject: [PATCH] Use CoreDNS for in-cluster DNS requests and caching.

---
 .../package/bootstrap-script/files/manifests/coredns.yaml  | 5 ++++-
 nix/kubernetes/roles/kubelet/files/kubelet-config.yaml     | 7 ++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/nix/kubernetes/keys/package/bootstrap-script/files/manifests/coredns.yaml b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/coredns.yaml
index 1f12a63d..4b4bdf5e 100644
--- a/nix/kubernetes/keys/package/bootstrap-script/files/manifests/coredns.yaml
+++ b/nix/kubernetes/keys/package/bootstrap-script/files/manifests/coredns.yaml
@@ -201,8 +201,11 @@ metadata:
 spec:
   selector:
     k8s-app: kube-dns
-  # clusterIP: 10.197.0.10
+  ipFamilyPolicy: PreferDualStack
   clusterIP: "fd00:3e42:e349::10"
+  clusterIPs:
+    - "fd00:3e42:e349::10"
+    - "10.197.0.10"
   ports:
     - name: dns
       port: 53
diff --git a/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml b/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml
index c7901989..1f5302fc 100644
--- a/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml
+++ b/nix/kubernetes/roles/kubelet/files/kubelet-config.yaml
@@ -23,6 +23,7 @@ registerNode: true
 runtimeRequestTimeout: "15m"
 tlsCertFile: "/.persist/keys/kube/kubelet.crt"
 tlsPrivateKeyFile: "/.persist/keys/kube/kubelet.key"
-# clusterDomain: "cluster.local"
-# clusterDNS:
-#   - "10.197.0.10"
+clusterDomain: "cluster.local"
+clusterDNS:
+  - "10.197.0.10"
+  - "fd00:3e42:e349::10"