From 4abc2fa95d8468f13f477236597d9b2649499fa2 Mon Sep 17 00:00:00 2001
From: Andrew Stoltz <andrew@flowercore.io>
Date: Sat, 25 Apr 2026 11:12:21 -0500
Subject: [PATCH] fc-speech-align: add dnsPolicy: None to bypass CoreDNS
 *.iamworkin.lan template hijack on huggingface.co

---
 apps/fc-ttsreader/fc-ttsreader.yaml | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/apps/fc-ttsreader/fc-ttsreader.yaml b/apps/fc-ttsreader/fc-ttsreader.yaml
index 509e883..d91aa58 100644
--- a/apps/fc-ttsreader/fc-ttsreader.yaml
+++ b/apps/fc-ttsreader/fc-ttsreader.yaml
@@ -149,6 +149,20 @@ spec:
         app.kubernetes.io/name: ttsreader-align
         app.kubernetes.io/part-of: flowercore
     spec:
+      # Bypass CoreDNS's *.iamworkin.lan template hijack on public hosts
+      # (huggingface.co model download at first boot would otherwise resolve
+      # to Traefik VIP via search expansion). Drops the iamworkin.lan suffix.
+      dnsPolicy: None
+      dnsConfig:
+        nameservers:
+          - 10.43.0.10
+        searches:
+          - fc-ttsreader.svc.cluster.local
+          - svc.cluster.local
+          - cluster.local
+        options:
+          - name: ndots
+            value: "2"
       securityContext:
         fsGroup: 1654
         runAsNonRoot: true