get node-local-dns pod ip

mmcgarr · mmcgarr · commit a25ccfccea19 · 2026-04-21T10:15:26.000+01:00
diff --git a/config/local-dns-resolver-config.json b/config/local-dns-resolver-config.json
@@ -19,10 +19,7 @@
       "type": "permanent",
       "condition": "NodeLocalDnsResolutionFailure",
       "reason": "NodeLocalDnsResolutionFailing",
-      "path": "./config/plugin/local_dns_resolver.sh",
-      "args": [
-        "169.254.20.10"
-      ]
+      "path": "./config/plugin/local_dns_resolver.sh"
     }
   ]
 }
diff --git a/config/plugin/local_dns_resolver.sh b/config/plugin/local_dns_resolver.sh
@@ -4,7 +4,21 @@ OK=0
 NONOK=1
 UNKNOWN=2
 
-readonly local_dns_resolver_ip="$1"
+if [ -z "${NODE_NAME}" ]; then
+    exit $UNKNOWN
+fi
+
+# Get the node-local-dns pod IP running on this node directly,
+# bypassing 169.254.20.10 which requires Cilium's eBPF path
+local_dns_resolver_ip="$(curl -s \
+    -H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
+    --cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
+    "https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/namespaces/kube-system/pods?labelSelector=k8s-app%3Dnode-local-dns&fieldSelector=spec.nodeName%3D${NODE_NAME}" \
+    2>/dev/null | jq -r '.items[0].status.podIP')"
+
+if [ -z "${local_dns_resolver_ip}" ] || [ "${local_dns_resolver_ip}" = "null" ]; then
+    exit $UNKNOWN
+fi
 
 dig_cmd_out="$(dig -t TXT @"${local_dns_resolver_ip}" +tries=1 +retry=0 +time=33 +noqr +noall +comments kubernetes.default.svc. 2>&1)"
 dig_cmd_return_code="$?"

Original file line number	Diff line number	Diff line change
`@@ -19,10 +19,7 @@`
`19`	`19`	`"type": "permanent",`
`20`	`20`	`"condition": "NodeLocalDnsResolutionFailure",`
`21`	`21`	`"reason": "NodeLocalDnsResolutionFailing",`
`22`		`- "path": "./config/plugin/local_dns_resolver.sh",`
`23`		`- "args": [`
`24`		`- "169.254.20.10"`
`25`		`- ]`
	`22`	`+ "path": "./config/plugin/local_dns_resolver.sh"`
`26`	`23`	`}`
`27`	`24`	`]`
`28`	`25`	`}`