In my previous post we deployed the Envoy Gateway API to provide an interface to the internet. With that setup, any workload can be exposed to the public web through two IP addresses (the VPS).
In this post, we take the next step: deploying bind9 to serve an authoritative DNS zone over both UDP and TCP on port 53 via UDPRoute and TCPRoute.
Note: UDPRoute is still in the experimental channel of Gateway API.
Tags: bind9, DNS, Authoritative DNS, Kubernetes, Envoy Gateway API, UDPRoute, TCPRoute
Read more...For years, exposing applications in Kubernetes meant reaching for an Ingress controller (often NGINX Ingress). That worked fine for HTTP(S) workloads, but it left gaps when you needed more protocol support. The Kubernetes Gateway API was introduced to bridge those gaps — it’s the spiritual successor to Ingress and supports a much wider range of traffic: HTTP, HTTPS, gRPC, TCP, and even UDP. This makes Gateway API far more versatile than Ingress.
Tags: k3s, Kubernetes Gateway API, Envoy, netcup, VPS
Read more...At netcup I still had two idle VMs of the type VPS 1000 ARM G11 NUE. Their only purpose so far was to serve an authoritative DNS zone with bind9 running in Docker. Both machines come with 4 vCPUs and 8 GB of RAM, so they are a good fit for some experiments. The idea is to set up k3s on them and use bind9 to serve the authoritative DNS zone.
Tags: k3s, wireguard, vps, netcup, iptables
Read more...