Cilium

In this article we’ll take a look at how to proxy external services through the Kubernetes Gateway API. There are of course more lightweight methods to proxy services, but once you already have the proverbial hammer, why not treat everything like a nail?

In my previous article we took a look at how to bootstrap K3s with Cilium starting from a fresh Debian 12 network installation. Having recently started to play around with Proxmox Virtual Environment, I feel the natural progression is to get to know OpenTofu/ Terraform and Cloud-init to automatically provision virtual machines for a Kubernetes cluster.

Getting started with Kubernetes might seem like a daunting task at first, but getting a basic ephemeral cluster up and running with tools like minikube, kind, or k3d is quite straightforward if you follow their documentation. In this article we’ll explore how to bootstrap a more permanent, or production grade, Kubernetes cluster using k3s.

The Gateway API SIG (Special Interest Group) recently released v1.0 which spurred my interest in the project. In their own words, If you’re familiar with the older Ingress API, you can think of the Gateway API as analogous to a more-expressive next-generation version of that API.

For my homelab I’m running an over-engineered one-node Kubernetes “cluster” using Cilium as the Container Network Interface (CNI). Up until recently I used MetalLB for LoadBalancer IP Address Management (LB-IPAM) and L2 announcements for Address Resolution Protocol (ARP) requests over the local network, but Cilium has now replaced this functionality.