Installing NodeLocal DNS

NodeLocal DNS reduces the load from DNS queries by running a caching agent on every node in a Managed Service for Kubernetes cluster. This improves the Managed Service for Kubernetes cluster performance and fault tolerance.

Getting startedGetting started

Make sure the security groups for the Managed Service for Kubernetes cluster and its node groups are configured correctly. If a rule is missing, add it.

Installation from Yandex Cloud MarketplaceInstallation from Yandex Cloud Marketplace

1. Navigate to the folder dashboard and select Managed Service for Kubernetes.
2. Click the name of the Managed Service for Kubernetes cluster you need and select the Marketplace tab.
3. Under Application available for installation, select NodeLocal DNS and click Go to install.
4. Configure the application:

   • Namespace: Select the kube-system namespace.

     Warning

     The application works correctly only with the kube-system namespace.

   • Application name: Specify the name for the application to deploy in the Managed Service for Kubernetes cluster.

   • Internal IP address of the kube-dns service: Address for accessing NodeLocal DNSCache. Queries from application pods to the address in the field are translated to local DNS via iptables rules.

     The field contains the ClusterIP address of kube-dns in the kube-system namespace. You can get the value of the field using this command:

     kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}
     

     Since Yandex Cloud adds kube-dns when creating a cluster, its IP address is pre-defined. Therefore, you cannot change it in the kube-dns internal IP address field.

   • Work with Cilium: Select this option if a cluster uses the Cilium network policy controller.

5. Click Install.
6. Wait for the application to change its status to Deployed.

Once installed, NodeLocal DNS uses the following values:

• Managed Service for Kubernetes cluster zone: cluster.local
• NodeLocal DNS cache address: 169.254.20.10
• Application port for external queries: 53
• Port for collecting metrics in Prometheus format: 9253

Installation using a Helm chartInstallation using a Helm chart

1. Install Helm v3.8.0 or higher.

2. Install kubect and configure it to work with the new cluster.

3. Get an address to access NodeLocal DNS Cache. You will need this address to install the Helm chart:

   kubectl get svc kube-dns -n kube-system -o jsonpath={.spec.clusterIP}
   

   The command contains the ClusterIP address of kube-dns in the kube-system namespace. kube-dns is installed automatically when creating a cluster, so its IP address is pre-defined.

   Queries from application pods to this address are translated to local DNS via iptables rules.

4. To install a Helm chart with NodeLocal DNS, run this command:

   helm pull oci://cr.yandex/yc-marketplace/yandex-cloud/node-local-dns \
     --version 1.5.1 \
     --untar && \
   helm install \
     --set config.cilium=false \
     --set config.clusterIp="<kube-dns_IP_address>" \
     --namespace kube-system \
     node-local-dns ./node-local-dns/
   

   Warning

   The application works correctly only with the kube-system namespace.

   Note

   If you are using a Helm version below 3.8.0, add the export HELM_EXPERIMENTAL_OCI=1 && \ string at the beginning of the command to enable Open Container Initiative (OCI) support in the Helm client.

Learn more about setting up local DNS caching in Setting up NodeLocal DNS Cache.