Hey all! I've been trying to get a pihole pod up and running in my k3s install with Traefik as the ingress controller (installed using the official helm repo traefik/traefik). so far I've managed to get both the Traefik dashboard up and running, and can access the pihole admin dashboard as well. I can make DNS requests using dig to the port 53/udp in pihole:
$ dig +notcp @192.168.86.30 google.com
; <<>> DiG 9.16.1-Ubuntu <<>> +notcp @192.168.86.30 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54130
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 62 IN A 142.250.190.78
;; Query time: 29 msec
;; SERVER: 192.168.86.30#53(192.168.86.30)
;; WHEN: Tue Oct 12 21:56:39 EDT 2021
;; MSG SIZE rcvd: 55
However, I can't get the same over TCP:
$ dig +tcp @192.168.86.30 google.com
; <<>> DiG 9.16.1-Ubuntu <<>> +tcp @192.168.86.30 google.com
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
My k3s services are as such:
apiVersion: v1
kind: Service
metadata:
name: pihole-web
spec:
ports:
- name: http
port: 8008
protocol: TCP
targetPort: 80
selector:
app: pihole
---
apiVersion: v1
kind: Service
metadata:
name: pihole-dns-tcp
spec:
ports:
- name: tcp-dns
port: 5354
protocol: TCP
targetPort: 53
selector:
app: pihole
---
apiVersion: v1
kind: Service
metadata:
name: pihole-dns-udp
spec:
ports:
- name: udp-dns
port: 5353
protocol: UDP
targetPort: 53
selector:
app: pihole
my ingresses are as such:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: pihole-ingress
namespace: pihole
spec:
rules:
- http:
paths:
- path: /admin
pathType: Prefix
backend:
service:
name: pihole-web
port:
number: 8008
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
name: pihole-dns-tcp-ingress
spec:
entryPoints:
- tcp-dns
routes:
- match: HostSNI(`*`)
services:
- name: pihole-dns-tcp
port: 5354
weight: 10
proxyProtocol:
version: 1
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
name: pihole-dns-udp-ingress
spec:
entryPoints:
- udp-dns
routes:
- services:
- name: pihole-dns-udp
port: 5353
weight: 10
and my entry points are defined here:
udp-dns:
port: 5053
expose: true
exposedPort: 53
protocol: UDP
tcp-dns:
port: 5054
expose: true
exposedPort: 53
protocol: TCP
The port selections are for my own sanity so I can recognize them when I look at the. I've exec'd into the pods and verified that I can make both tcp and udp dns requests to localhost from the pihole pod itself, as well as to the k3s internal IP/port of both the tcp and udp services, but I can't validate that the TCP ingress works. Is there a configuration I'm missing, or some config problems that I'm running into? Thanks for your help!