knot resolver in docker in production
Hello all,
I'm looking to run the resolver in prod docker. The authoritative knot works well in docker - unfortunately I saw you deprecated forking for the resolver.
Your docker image is just for testing purposes as you say and does not include garbage collection or a watchdog replacement.
Would you please let us know the best practices for accomplishing this?
I suppose we need:
- multiple processes for prod(as far as I can tell, in dockerland they're meant to be spawned and handled by the parent, but kresd is separate)
- therefore supervisord (Which is not all that nice, as the auth. knotd is relatively lightweight and handles itself without any additional bloat. I strive to keep things as light as possible, and wouldn't want to start creating frankensteins for the resolver either, if at all avoidable.)
- a way to run kres-cache-gc automatically from inside the container (not externally pushed as that'd be a bit of a 'hackjob')
A standard, 'official' solution would benefit many. We'd appreciate your input!
I tried to research other people's solutions, but it looks as though nobody has published about it yet. Everyone just keeps using unbound, especially in docker. I'd really like to give kresd a try as knotd is great! It even seems to be smaller than unbound.
Have a great evening!