| .. | ||
| nodelocaldns.yaml | ||
| README.md | ||
Nodelocal DNS Cache
This addon runs a node-local-dns pod on all cluster nodes. The pod runs CoreDNS as the dns cache. It runs with hostNetwork:True and creates a dedicated dummy interface with a link local ip(169.254.20.10/32 by default) to listen for DNS queries. The cache instances connect to clusterDNS in case of cache misses.
Design details here
nodelocaldns addon template
This directory contains the addon config yaml - nodelocaldns.yaml
The variables will be substituted by the configure scripts when the yaml is copied into master.
Network policy and DNS connectivity
When running nodelocaldns addon on clusters using network policy, additional rules might be required to enable dns connectivity.
Using a namespace selector for dns egress traffic as shown here
might not be enough since the node-local-dns pods run with hostNetwork: True
One way to enable connectivity from node-local-dns pods to clusterDNS ip is to use an ipBlock rule instead:
spec:
egress:
- ports:
- port: 53
protocol: TCP
- port: 53
protocol: UDP
to:
- ipBlock:
cidr: <well-known clusterIP for DNS>/32
podSelector: {}
policyTypes:
- Ingress
- Egress