Nodelocal DNS chart listens for metrics on all interfaces

[Fizzadar]

Environmental Info: RKE2 Version: 1.26.13

Node(s) CPU architecture, OS, and Version:

Linux/AMD64

Cluster Configuration:

3 control, ~100 worker

Describe the bug:

The RKE2 coredns chart configures node local DNS instances to listen to metrics on all interfaces, meaning those metrics are retrievable without authentication via all IPs public or not.

Steps To Reproduce:

Install RKE2, configure coredns helm chart:

rke2-coredns:
  nodelocal:
    enabled: false

Expected behavior:

Corefile should be configured to listen on internal IPs only. The config already does this, example: https://github.com/rancher/rke2-charts/blob/99020db92318716e5508ef3c4f770be1b6ecf5de/packages/rke2-coredns/generated-changes/overlay/templates/configmap-nodelocal.yaml#L24-L25

Actual behavior:

CoreDNS binds to all ports.

[brandond]

ref - the various prometheus :9253 entries in the configmap: https://github.com/rancher/rke2-charts/blob/main-source/packages/rke2-coredns/generated-changes/overlay/templates/configmap-nodelocal.yaml

As this would be a breaking change and not desired by most or all users, we probably just need to template the prometheus bind address, and have it default to :9253.

[brandond]

If this is important to you, a PR would be welcome.

[Fizzadar]

Sure, happy to pull that together 👍