forked from billimek/k8s-gitops
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathblocky.yaml
138 lines (138 loc) · 3.63 KB
/
blocky.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
---
apiVersion: helm.toolkit.fluxcd.io/v2beta1
kind: HelmRelease
metadata:
name: blocky
namespace: default
spec:
interval: 5m
chart:
spec:
# renovate: registryUrl=https://k8s-at-home.com/charts/
chart: blocky
version: 10.5.2
sourceRef:
kind: HelmRepository
name: k8s-at-home-charts
namespace: flux-system
interval: 5m
values:
image:
repository: ghcr.io/0xerr0r/blocky
tag: v0.19
controller:
replicas: 4
strategy: RollingUpdate
env:
TZ: "America/New_York"
service:
main:
enabled: true
ports:
http:
port: 4000
dns-tcp:
enabled: true
type: LoadBalancer
loadBalancerIP: 10.0.6.100
ports:
dns-tcp:
enabled: true
port: 53
protocol: TCP
targetPort: 53
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: blocky
dns-udp:
enabled: true
type: LoadBalancer
loadBalancerIP: 10.0.6.100
ports:
dns-udp:
enabled: true
port: 53
protocol: UDP
targetPort: 53
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: blocky
metrics:
enabled: true
serviceMonitor:
interval: 30s
scrapeTimeout: 10s
prometheusRule:
enabled: true
podAnnotations:
configmap.reloader.stakater.com/reload: "blocky-config"
tolerations:
- key: "arm"
operator: "Exists"
affinity:
podAntiAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
- labelSelector:
matchExpressions:
- key: app.kubernetes.io/name
operator: In
values:
- blocky
topologyKey: "kubernetes.io/hostname"
resources:
requests:
memory: 280Mi
cpu: 50m
limits:
memory: 1000Mi
config: |
upstream:
default:
- tcp+udp:10.0.7.1
# - tcp+udp:8.8.8.8
# - tcp+udp:8.8.4.4
# - tcp+udp:1.1.1.1
# - tcp-tls:1.0.0.1:853
# - https://cloudflare-dns.com/dns-query
conditional:
mapping:
# local: tcp+udp:10.0.7.1
# home: tcp+udp:10.0.7.1
status.eviljungle.com: tcp+udp:1.1.1.1
cloud.eviljungle.com: tcp+udp:8.8.8.8
# eviljungle.com: tcp+udp:10.0.6.99
blocking:
blackLists:
ads:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- http://sysctl.org/cameleon/hosts
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
- https://raw.githubusercontent.com/kboghdady/youTube_ads_4_pi-hole/master/youtubelist.txt
kids:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-gambling-porn/hosts
none:
whiteLists:
ads:
- https://raw.githubusercontent.com/billimek/k8s-gitops/master/default/blocky/whitelist.txt
clientGroupsBlock:
default:
- ads
10.0.2.1/24:
- ads
"*nsley*":
- ads
- kids
"*rinley*":
- ads
- kids
"*Jens-Air*":
- none
blockType: zeroIp
clientLookup:
upstream: tcp+udp:10.0.7.1
prometheus:
enable: true
path: /metrics
httpPort: 4000
logLevel: info