diff --git a/apps/k8s01/dns/dns.yaml b/apps/k8s01/dns/dns.yaml
index 653e5e1dfac9247946464bfa4601951a81805bf0..d3d8d00f541fee618f364d42a58e2b38ad45eb56 100644
--- a/apps/k8s01/dns/dns.yaml
+++ b/apps/k8s01/dns/dns.yaml
@@ -1,4 +1,36 @@
---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: blocky-config
+ namespace: dns
+data:
+ config.yaml: |
+ ports:
+ dns: 53
+ tls: 853
+ https: 443
+ http: 4000
+ upstreams:
+ groups:
+ default:
+ - https://dns.quad9.net/dns-query
+ bootstrapDns:
+ - https://1.1.1.1/dns-query
+ - tcp+udp:9.9.9.9
+ startVerifyUpstream: true
+ caching:
+ minTime: 5m
+ maxItemsCount: 262144
+ prefetching: true
+ prefetchMaxItemsCount: 131072
+ prometheus:
+ enable: true
+ fqdnOnly:
+ enable: true
+ certFile: /etc/pki/dnsproxy/tls.crt
+ keyFile: /etc/pki/dnsproxy/tls.key
+---
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -17,20 +49,10 @@ spec:
spec:
containers:
- name: dnsproxy
- image: quay.io/sheogorath/dnsproxy:0.54.0
+ image: ghcr.io/0xerr0r/blocky:v0.22
args:
- - /dnsproxy
- - --upstream=https://dns.quad9.net/dns-query
- - --bootstrap=9.9.9.9
- - --cache
- # 96Mi
- - --cache-size=100663296
- - --cache-min-ttl=300
- - --cache-optimistic
- # Enable DoT
- - --tls-port=853
- - --tls-crt=/etc/pki/dnsproxy/tls.crt
- - --tls-key=/etc/pki/dnsproxy/tls.key
+ - --config
+ - /etc/blocky/config.yaml
env:
- name: GOMEMLIMIT
valueFrom:
@@ -58,6 +80,8 @@ spec:
- name: tls-secret
mountPath: "/etc/pki/dnsproxy"
readOnly: true
+ - name: config
+ mountPath: "/etc/blocky/"
securityContext:
allowPrivilegeEscalation: false
capabilities:
@@ -69,6 +93,10 @@ spec:
secret:
secretName: ingress-dns-tls
optional: false
+ - name: config
+ configMap:
+ name: blocky-config
+ optional: false
securityContext:
runAsNonRoot: true
runAsUser: 1000