Skip to content

Deployment

bindcar can be deployed in various environments, from local development to production Kubernetes clusters.

Deployment Options

Docker

Simplest deployment method using Docker containers.

  • Suitable for: Development, testing, small deployments
  • Requires: Docker, shared volume with BIND9
  • See: Docker Deployment

Kubernetes

Recommended for production deployments using the sidecar pattern.

  • Suitable for: Production, high availability, scale
  • Requires: Kubernetes cluster, BIND9 pod
  • See: Kubernetes Deployment

Architecture Patterns

bindcar runs as a sidecar container alongside BIND9 in the same pod:

┌─────────────────────────────┐
│          Pod                │
│  ┌──────────┐  ┌─────────┐ │
│  │  BIND9   │  │ bindcar │ │
│  │  :53     │  │  :8080  │ │
│  └──────────┘  └─────────┘ │
│       │            │        │
│       └────────────┘        │
│     Shared Volume           │
│   /var/cache/bind           │
└─────────────────────────────┘

Benefits: - Shared filesystem for zone files - Local rndc communication - Atomic deployment updates - Resource sharing

Standalone Pattern

bindcar and BIND9 run separately:

┌──────────┐      ┌─────────┐
│  BIND9   │      │ bindcar │
│  :53     │◄─────┤  :8080  │
└──────────┘      └─────────┘
     │                 │
     └────Network──────┘
       Zone Files

Use when: - BIND9 already deployed - Cannot modify existing BIND9 deployment - Testing or development

Quick Start

Docker Compose

version: '3.8'
services:
  bind9:
    image: ubuntu/bind9:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
    volumes:
      - zones:/var/cache/bind

  bindcar:
    image: ghcr.io/firestoned/bindcar:latest
    ports:
      - "8080:8080"
    environment:
      - BIND_ZONE_DIR=/var/cache/bind
      - RUST_LOG=info
    volumes:
      - zones:/var/cache/bind

volumes:
  zones:

Kubernetes

apiVersion: v1
kind: Pod
metadata:
  name: dns-server
spec:
  containers:
  - name: bind9
    image: ubuntu/bind9:latest
    volumeMounts:
    - name: zones
      mountPath: /var/cache/bind

  - name: bindcar
    image: ghcr.io/firestoned/bindcar:latest
    ports:
    - containerPort: 8080
    volumeMounts:
    - name: zones
      mountPath: /var/cache/bind

  volumes:
  - name: zones
    emptyDir: {}

Configuration

See Configuration for environment variables and settings.

Security Considerations

  • Enable authentication in production
  • Use HTTPS with TLS termination
  • Implement network policies in Kubernetes
  • Use least-privilege service accounts
  • Rotate tokens regularly

Next Steps