Configure NodeLocal DNSCache for a hybrid cloud node pool - Container Service for Kubernetes

When nodes in a hybrid cloud node pool resolve domain names using the in-cluster CoreDNS service, the frequent queries can increase the load on your leased line connection. An unstable leased line can also cause DNS resolution failures. Configure NodeLocal DNSCache to mitigate these issues.

How it works

NodeLocal DNSCache runs a DNS caching agent as a DaemonSet on each node. DNS requests from pods on a node are first handled by the local cache. Only in the case of a cache miss is the request forwarded over the leased line connection to the upstream CoreDNS service running in the cloud. This architecture offers two main advantages:

Reduced traffic: Most DNS queries are completed locally. This reduces traffic loads on the leased line.
Improved resiliency: If the leased line connection experiences an outage, DNS resolution for already-cached domain names is unaffected.

Important

The very first time a domain is resolved, NodeLocal DNSCache must query the upstream CoreDNS server. If the leased line is unstable during this initial query, DNS resolution will fail.
During a leased line connection outage, cached data cannot be updated in real time.

Prerequisites

You have an ACK managed Pro cluster running Kubernetes 1.33 or later.
The virtual private cloud (VPC) where the cluster resides has established cross-cloud network connectivity.
You have Elastic Compute Service (ECS) nodes within the cluster to deploy ACK management add-ons for the hybrid cloud node pool. To ensure high availability (HA), use at least three ECS nodes.
The Terway Hybrid network plugin has been installed in the cluster.

Procedure

Log on to the ACK console. In the left navigation pane, click Clusters.
On the Clusters page, find the cluster you want and click its name. In the left-side pane, choose Operations > Add-ons.
On the Networking tab, find the ACK NodeLocal DNSCache card and click Install. In the dialog box that appears, click OK.
After the installation is complete, choose Configurations > ConfigMaps in the left navigation pane, and select the kube-system namespace from the drop-down list.
Find and edit the node-local-dns ConfigMap. Add the prefetch and serve_stale options to the cache section to enable cache prefetching and serving of stale entries.
If you update the NodeLocal DNSCache add-on in the future, this configuration will be overwritten and must be re-applied.
```
apiVersion: v1
data:
  Corefile: |
    .:53 {
        errors
        cache {
          ...
          prefetch 1 30s 10% # Prefetch
          serve_stale 1h immediate # Serve stale data
        }

        ...
    }
kind: ConfigMap
metadata:
...
```
- prefetch 1 30 s 10%: This configuration enables cache prefetching. If a cached entry is requested more than once within 30 seconds, the cache will automatically begin to refresh it in the background when it enters the last 10% of its Time to Live (TTL).
- serve_stale 1 h immediate: This configures the behavior for serving stale (expired) cache entries. For up to 1 hour after the cache expires, expired cache entries can still be used for domain name resolution. The refresh policy for expired cache is immediate. This means that when a request hits an expired cache entry, the expired entry is immediately returned to the client while a request for the updated record is sent to the upstream DNS server.