0

We have an EKS cluster with Calico/BPF enabled (no Kube-proxy). Before BPF we used to run NodeLocal DNSCache in our clusters and it worked fine:

https://kubernetes.io/docs/tasks/administer-cluster/nodelocaldns/

However, we have issues running it in a cluster with Calico/BPF mode enabled. Traffic is not forwarded to node-local-dns at all in this case (in both Kube-proxy/IPVS config). The only way I managed it to work is to pass the clusterDNS address with node-local-dns IP to Kubelet config so it injects it to pod's resolv.conf. However, it kinda bites with our CICD for building worker AMIs so I would like to avoid it.

Has anyone managed to run those two together ? There is literally nothing in docs regarding such a case.

Wookash
  • 1
  • Did you check with Calico folks that this is actually expected to work with BPF in their case? In Cilium's case, we have introduced [Local Redirect Policies](https://docs.cilium.io/en/latest/gettingstarted/local-redirect-policy/#node-local-dns-cache) to handle that use case and I would expect Calico needs something similar if they are hooking their BPF programs at the same point in the stack. – pchaigno Jun 21 '21 at 08:41
  • No, I haven't done it yet but that's a good idea, I will try at the source. – Wookash Jun 21 '21 at 09:02

0 Answers0