forked from billimek/k8s-gitops
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblocky.yaml
124 lines (124 loc) · 3.31 KB
/
blocky.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: blocky
namespace: default
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://k8s-at-home.com/charts/
chart: blocky
version: 6.4.0
sourceRef:
kind: HelmRepository
name: k8s-at-home-charts
namespace: flux-system
interval: 5m
values:
image:
repository: ghcr.io/0xerr0r/blocky
tag: v0.14
replicas: 3
strategy:
type: RollingUpdate
env:
TZ: "America/New_York"
service:
port:
port: 4000
additionalServices:
- enabled: true
nameSuffix: dns-tcp
type: LoadBalancer
loadBalancerIP: 10.0.6.100
port:
port: 53
name: dns-tcp
protocol: TCP
targetPort: 53
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: blocky
- enabled: true
nameSuffix: dns-udp
type: LoadBalancer
loadBalancerIP: 10.0.6.100
port:
port: 53
name: dns-udp
protocol: UDP
targetPort: 53
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: blocky
prometheus:
serviceMonitor:
enabled: true
podAnnotations:
configmap.reloader.stakater.com/reload: "blocky-config"
tolerations:
- key: "arm"
operator: "Exists"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- blocky
topologyKey: "kubernetes.io/hostname"
resources:
requests:
memory: 280Mi
cpu: 50m
limits:
memory: 1000Mi
config: |
upstream:
externalResolvers:
- tcp+udp:8.8.8.8
- tcp+udp:8.8.4.4
- tcp+udp:1.1.1.1
- tcp-tls:1.0.0.1:853
- https://cloudflare-dns.com/dns-query
conditional:
mapping:
local: tcp+udp:10.0.7.1
status.eviljungle.com: tcp+udp:1.1.1.1
cloud.eviljungle.com: tcp+udp:8.8.8.8
eviljungle.com: tcp+udp:10.0.6.99
blocking:
blackLists:
ads:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- http://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
kids:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
whiteLists:
ads:
- https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
- https://raw.githubusercontent.com/billimek/k8s-gitops/master/default/blocky/whitelist.txt
clientGroupsBlock:
default:
- ads
10.0.2.1/24:
- ads
"*nsley*":
- ads
- kids
"*rinley*":
- ads
- kids
clientLookup:
upstream: tcp+udp:10.0.7.1
prometheus:
enable: true
path: /metrics
httpPort: 4000
logLevel: info