Azure · SriHarsha001 · Dec 10, 2025 · Dec 10, 2025 · Dec 10, 2025 · cameronmeissner
diff --git a/parts/common/components.json b/parts/common/components.json
@@ -1696,6 +1696,40 @@
           }
         }
       }
+    },
+    {
+      "name": "aks-localdns",
+      "downloadLocation": "/opt/aks-localdns/downloads",
+      "downloadURIs": {
+        "azurelinux": {
+          "v3.0": {
+            "versionsV2": [
+              {
+                "renovateTag": "OCI_registry=upstream.azurecr.io, name=oss/v2/packages/localdns/aks-localdns",
+                "latestVersion": "1.13.1-1"
+              }
+            ]
+          }
+        },
+        "ubuntu": {
+          "r2204": {
+            "versionsV2": [
+              {
+                "renovateTag": "OCI_registry=upstream.azurecr.io, name=oss/v2/packages/localdns/aks-localdns",
+                "latestVersion": "1.13.1-1"
+              }
+            ]
+          },
+          "r2404": {
+            "versionsV2": [
+              {
+                "renovateTag": "OCI_registry=upstream.azurecr.io, name=oss/v2/packages/localdns/aks-localdns",
+                "latestVersion": "1.13.1-1"
+              }
+            ]
+          }
+        }
+      }
     }
   ],
   "OCIArtifacts": [

@@ -44,8 +44,10 @@ LOCALDNS_SHUTDOWN_DELAY=5
 # Localdns pid file.
 LOCALDNS_PID_FILE="/run/localdns.pid"
 
+COREDNS_BINARY_VERSION="1.13.1-1"
+
 # Path of coredns binary used by localdns.
-COREDNS_BINARY_PATH="${LOCALDNS_SCRIPT_PATH}/binary/coredns"
+COREDNS_BINARY_PATH="${LOCALDNS_SCRIPT_PATH}/binary/${COREDNS_BINARY_VERSION}/coredns"
 
 # Path to systemd resolv.
 RESOLV_CONF="/run/systemd/resolve/resolv.conf"
@@ -96,6 +98,7 @@ verify_localdns_slicefile() {
 }
 
 # Verify that the localdns binary exists and is executable.
+# If the binary doesn't exist, attempt to download and install it.
 verify_localdns_binary() {
     if [ -z "${COREDNS_BINARY_PATH:-}" ]; then
         echo "COREDNS_BINARY_PATH is not set or is empty."
@@ -104,7 +107,19 @@ verify_localdns_binary() {
 
     if [ ! -f "${COREDNS_BINARY_PATH}" ] || [ ! -x "${COREDNS_BINARY_PATH}" ]; then
         echo "Coredns binary either doesn't exist or isn't executable at ${COREDNS_BINARY_PATH}."
-        return 1
+        echo "Attempting to download and install aks-localdns package..."
+
+        # Attempt to download and install the localdns binary
+        if ! download_and_install_localdns_binary "upstream.azurecr.io" "oss/v2/packages/localdns/aks-localdns" "${COREDNS_BINARY_VERSION}"; then
+            echo "Failed to download and install aks-localdns package."
+            return 1
+        fi
+
+        # Verify again after installation
+        if [ ! -f "${COREDNS_BINARY_PATH}" ] || [ ! -x "${COREDNS_BINARY_PATH}" ]; then
+            echo "Coredns binary still doesn't exist or isn't executable after installation at ${COREDNS_BINARY_PATH}."
+            return 1
+        fi
     fi
 
     if ! "${COREDNS_BINARY_PATH}" --version >/dev/null 2>&1; then
@@ -114,6 +129,167 @@ verify_localdns_binary() {
     return 0
 }
 
+# Download and install localdns binary using oras and native package managers.
+# This function downloads the aks-localdns package from the OCI registry and installs it using
+# the appropriate package manager (apt for Ubuntu/Debian, dnf for Mariner/Azure Linux).
+# The installed package places the coredns binary at COREDNS_BINARY_PATH for use by the localdns service.
+download_and_install_localdns_binary() {
+    local localdns_oci_registry="${1:-upstream.azurecr.io}"
+    local localdns_package_name="${2:-oss/v2/packages/localdns/aks-localdns}"
+    local localdns_version="${3:-}"
+
+    if [ -z "${localdns_version}" ]; then
+        echo "Error: localdns version is required but not provided."
+        return 1
+    fi
+
+    # Construct the OCI artifact URL
+    local localdns_oci_url="${localdns_oci_registry}/${localdns_package_name}:${localdns_version}"
+    echo "Downloading aks-localdns package from ${localdns_oci_url}"
+
+    # Create temporary directory for download
+    local download_dir="${LOCALDNS_SCRIPT_PATH}/downloads"
+    mkdir -p "${download_dir}"
+
+    # Download the package using oras
+    # Note: This requires ORAS_REGISTRY_CONFIG_FILE to be set and ORAS_OUTPUT for error logging
+    # These are typically set by the CSE environment
+    local oras_retries=3
+    local oras_wait_sleep=5
+
+    # Source cse_helpers.sh to get access to retrycmd_pull_from_registry_with_oras and other helper functions
+    # The CSE_HELPERS_FILEPATH is typically set to /opt/azure/containers/provision_source.sh
+    local cse_helpers_path="${CSE_HELPERS_FILEPATH:-/opt/azure/containers/provision_source.sh}"
+    if [ -f "${cse_helpers_path}" ]; then
+        source "${cse_helpers_path}"
+    else
+        echo "Error: cse_helpers file not found at ${cse_helpers_path}"
+        rm -rf "${download_dir}"
+        return 1
+    fi
+
+    # Download the package
+    if ! retrycmd_pull_from_registry_with_oras "${oras_retries}" "${oras_wait_sleep}" "${download_dir}" "${localdns_oci_url}"; then
+        echo "Failed to download aks-localdns package from ${localdns_oci_url}"
+        rm -rf "${download_dir}"
+        return 1
+    fi
+
+    # Detect OS and install using appropriate package manager
+    # Use the same OS detection pattern as install-dependencies.sh
+    local detected_os=$(sort -r /etc/*-release | gawk 'match($0, /^(ID=(.*))$/, a) { print toupper(a[2]); exit }')
+    local package_file=""
+
+    if [ -z "${detected_os}" ]; then
+        echo "Cannot detect OS from /etc/*-release files"
+        rm -rf "${download_dir}"
+        return 1
+    fi
+    echo "Detected OS: ${detected_os}"
+
+    # Check OS type to determine package format and installation method
+    case "${detected_os}" in
+        UBUNTU|DEBIAN)
+            # Ubuntu/Debian - use .deb package
+            package_file=$(find "${download_dir}" -maxdepth 1 -name "*.deb" -type f 2>/dev/null | head -n 1)
+            if [ -z "${package_file}" ]; then
+                echo "No .deb package found in download directory"
+                rm -rf "${download_dir}"
+                return 1
+            fi
+            echo "Installing aks-localdns from ${package_file} on ${detected_os}"
+            apt_get_install 20 30 120 "${package_file}" || {
+                echo "Failed to install aks-localdns package"
+                rm -rf "${download_dir}"
+                return 1
+            }
+            ;;
+        MARINER|AZURELINUX)
+            # Mariner/Azure Linux - use .rpm package
+            package_file=$(find "${download_dir}" -maxdepth 1 -name "*.rpm" -type f 2>/dev/null | head -n 1)
+            if [ -z "${package_file}" ]; then
+                echo "No .rpm package found in download directory"
+                rm -rf "${download_dir}"
+                return 1
+            fi
+            echo "Installing aks-localdns from ${package_file} on ${detected_os}"
+            dnf_install 30 1 600 "${package_file}" || {
+                echo "Failed to install aks-localdns package"
+                rm -rf "${download_dir}"
+                return 1
+            }
+            ;;
+        *)
+            echo "Unsupported OS: ${detected_os}"
+            rm -rf "${download_dir}"
+            return 1
+            ;;
+    esac
+    echo "Successfully installed aks-localdns package"
+
+    # Find the installed coredns binary
+    # The package installs the binary to /usr/bin/coredns (standard location for system binaries)
+    local source_binary=""
+
+    # Common installation paths to check (in priority order)
+    local search_paths=(
+        "/usr/bin/coredns"
+        "/usr/local/bin/coredns"
+        "/opt/bin/coredns"
+    )
+
+    for path in "${search_paths[@]}"; do
+        if [ -f "${path}" ]; then
+            source_binary="${path}"
+            break
+        fi
+    done
+
+    # If not found in common paths, search the entire system
+    if [ -z "${source_binary}" ]; then
+        source_binary=$(find /usr /opt -name "coredns" -type f 2>/dev/null | head -n 1)
+    fi
+
+    if [ -z "${source_binary}" ] || [ ! -f "${source_binary}" ]; then
+        echo "Failed to find installed coredns binary"
+        rm -rf "${download_dir}"
+        return 1
+    fi
+
+    echo "Found installed coredns binary at ${source_binary}"
+
+    # Create the destination directory if it doesn't exist
+    local dest_dir=$(dirname "${COREDNS_BINARY_PATH}")
+    mkdir -p "${dest_dir}"
+
+    # Copy the binary to the expected path
+    echo "Copying coredns binary to ${COREDNS_BINARY_PATH}"
+    cp -f "${source_binary}" "${COREDNS_BINARY_PATH}"
+    if [ $? -ne 0 ]; then
+        echo "Failed to copy coredns binary to ${COREDNS_BINARY_PATH}"
+        rm -rf "${download_dir}"
+        return 1
+    fi
+
+    # Clean up the download directory
+    rm -rf "${download_dir}"
+
+    echo "Successfully installed coredns binary"
+
+    # Make sure the binary is executable
+    chmod +x "${COREDNS_BINARY_PATH}"
+
+    # Verify the installed binary works
+    if ! "${COREDNS_BINARY_PATH}" --version >/dev/null 2>&1; then
+        echo "Warning: Installed coredns binary failed version check"
+        return 1
+    fi
+
+    echo "Successfully verified coredns binary at ${COREDNS_BINARY_PATH}"
+
+    return 0
+}
+
 # Replace AzureDNSIP in corefile with VNET DNS ServerIPs if necessary.
 replace_azurednsip_in_corefile() {
     if [ -z "${RESOLV_CONF:-}" ]; then

@@ -86,6 +86,83 @@ installCriCtlPackage() {
   dnf_install 30 1 600 ${packageName} || exit 1
 }
 
+installLocalDNSPackage() {
+  version="${1:-}"
+  if [ -z "$version" ]; then
+    echo "Error: No version specified for aks-localdns package but it is required. Exiting with error."
+    exit 1
+  fi
+
+  # Find the downloaded package file
+  local package_file=""
+  if [ -d "${ORAS_DOWNLOADS_DIR}" ]; then
+    package_file=$(find "${ORAS_DOWNLOADS_DIR}" -name "aks-localdns-${version}.*.rpm" -type f 2>/dev/null | head -n 1)
+  fi
+
+  if [ -z "${package_file}" ] || [ ! -f "${package_file}" ]; then
+    echo "Error: aks-localdns package file not found for version ${version}. Exiting with error."
+    exit 1
+  fi
+
+  echo "Installing aks-localdns from ${package_file}"
+  dnf_install 30 1 600 "${package_file}" || exit 1
+
+  # Copy the installed binary to the expected path for localdns service
+  COREDNS_BINARY_PATH="/opt/azure/containers/localdns/binary/${version}/coredns"
+
+  # Find the installed coredns binary
+  source_binary=""
+
+  # Common installation paths to check (in priority order)
+  search_paths=(
+    "/usr/bin/coredns"
+    "/usr/local/bin/coredns"
+    "/opt/bin/coredns"
+  )
+
+  for path in "${search_paths[@]}"; do
+    if [ -f "${path}" ]; then
+      source_binary="${path}"
+      break
+    fi
+  done
+
+  # If not found in common paths, search the entire system
+  if [ -z "${source_binary}" ]; then
+    source_binary=$(find /usr /opt -name "coredns" -type f 2>/dev/null | head -n 1)
+  fi
+
+  if [ -z "${source_binary}" ] || [ ! -f "${source_binary}" ]; then
+    echo "Error: Failed to find installed coredns binary. Exiting with error."
+    exit 1
+  fi
+
+  echo "Found installed coredns binary at ${source_binary}"
+
+  # Create the destination directory if it doesn't exist
+  dest_dir=$(dirname "${COREDNS_BINARY_PATH}")
+  mkdir -p "${dest_dir}"
+
+  # Copy the binary to the expected path
+  echo "Copying coredns binary to ${COREDNS_BINARY_PATH}"
+  cp -f "${source_binary}" "${COREDNS_BINARY_PATH}"
+  if [ $? -ne 0 ]; then
+    echo "Error: Failed to copy coredns binary to ${COREDNS_BINARY_PATH}. Exiting with error."
+    exit 1
+  fi
+
+  # Make sure the binary is executable
+  chmod +x "${COREDNS_BINARY_PATH}"
+
+  # Verify the installed binary works
+  if ! "${COREDNS_BINARY_PATH}" --version >/dev/null 2>&1; then
+    echo "Error: Installed coredns binary failed version check. Exiting with error."
+    exit 1
+  fi
+
+  echo "Successfully verified coredns binary at ${COREDNS_BINARY_PATH}"
+}
+
 downloadGPUDrivers() {
     # Mariner CUDA rpm name comes in the following format:
     #