From 256c337db4df506618022ddb87dd238824a24936 Mon Sep 17 00:00:00 2001 From: Valentin Haudiquet Date: Sat, 2 May 2026 18:59:49 +0200 Subject: [PATCH] blocky, coredns: set replicaCount to 2, and enable blue/green 'RollingUpdate' --- kubernetes/system/blocky/values.yaml | 74 ++++++++++++++++++++------- kubernetes/system/coredns/values.yaml | 57 ++++++++++++++------- 2 files changed, 95 insertions(+), 36 deletions(-) diff --git a/kubernetes/system/blocky/values.yaml b/kubernetes/system/blocky/values.yaml index 4639ad2..d6db750 100644 --- a/kubernetes/system/blocky/values.yaml +++ b/kubernetes/system/blocky/values.yaml @@ -4,8 +4,12 @@ image: tag: v0.24 pullPolicy: IfNotPresent controller: - replicas: 1 + replicas: 2 dnsPolicy: ClusterFirst + strategy: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 env: TZ: Europe/Paris service: @@ -21,6 +25,40 @@ service: dns: port: 53 protocol: UDP +probes: + liveness: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: 4000 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 + readiness: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: 4000 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 + startup: + enabled: true + custom: true + spec: + httpGet: + path: /health + port: 4000 + initialDelaySeconds: 5 + periodSeconds: 2 + timeoutSeconds: 3 + failureThreshold: 30 resources: limits: cpu: 200m @@ -31,27 +69,27 @@ resources: # Full list of options https://github.com/0xERR0R/blocky/blob/main/docs/config.yml config: "upstreams:\n groups:\n default:\n - 1.1.1.1\n - 1.0.0.1\n lan:\n - 10.101.207.1\n\nconditional:\n mapping:\n lan: 10.101.207.1\n cluster.local: 10.96.0.10\n in-addr.arpa: 10.96.0.10\n\nblocking:\n allowlists:\n ads:\n - |\n dealabs.digidip.net\n s.click.aliexpress.com\n fonts.googleapis.com\n fonts.gstatic.com\n wl.spotify.com\n www.googleadservices.com\n \n denylists:\n ads:\n - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts\n - https://adaway.org/hosts.txt\n \n clientGroupsBlock:\n default:\n - ads\n \n blockType: zeroIp\n blockTTL: 1m\n loading:\n refreshPeriod: 4h\n downloads:\n timeout: 60s\n\ncaching:\n minTime: 5m\n maxTime: 30m\n # Disable negative caching (NXDOMAIN responses) for dynamic DNS\n cacheTimeNegative: 0\n prefetching: true\n prefetchExpires: 2h\n prefetchThreshold: 5\n\nprometheus:\n enable: true\n path: /metrics\n\nports:\n dns: 53\n http: 4000\n\nbootstrapDns: tcp+udp:1.1.1.1\n\nlog:\n level: info\n format: text\n timestamp: true\n" sops: - lastmodified: "2026-05-02T14:36:10Z" - mac: ENC[AES256_GCM,data:1SV8u2ozDlB/m8uo7I7AIa/1njmu1bJ5vKilcirfNByz8wp/LRTtRgWwpUOrxzd1+qg+ZC1/mSLQY/kdwWcTU9uP6uBNSLemWJgIRBobFmExDvtfidkJXRhTMUm9zdSNGS/EbQQOz+DV8AAuByTwbP6i5fTiVNVes8kBlYbPvjc=,iv:Ox25bYW8ch63eJgCkOTZxUP/6+w43lKjC2lzYdBzUjw=,tag:LgXken02vzuXDuxg4Iovrw==,type:str] + lastmodified: "2026-05-02T16:59:43Z" + mac: ENC[AES256_GCM,data:TgRB4qVd9r0byPpcDetF2oI4D4jtzAmU21Qfkdnq+C7lf7qVLXdDOT+mqvO8LzDeD8K+bnchtZtr2Q1eJRY4mVZ25x9xba66VSuHcDLNiPBhjpCLUDMPu1QhYW3UovijSgouJ8clkluFL7dyPKCFO4+aahq2IxicaxtUaTXqyLg=,iv:rDOOyquNBqG+KI6vo1IVJUbyPFzYe5g2ml2yLhF4pi4=,tag:CiVQNmCCXjzFEFQEdtwIeg==,type:str] pgp: - - created_at: "2026-05-02T14:36:09Z" + - created_at: "2026-05-02T16:59:42Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA7uy4qQr71wiARAAtdzdOgPBhpRSSnw5ZNXHpb6//E5SpCTDDOUbgpvw4FQj - ndqJwONMEm7RlZELlxpXq4Gr621j5hcdcc2vUl4ak8wC+1Ml2AAEYf0rrL2SQVVC - DAiRdHXilzOKJBx+qA+afZT4SNXnN8kv8LRq354mEpxMZ21ot0nZ+sjJiHrVGbSO - B2l39o3POLoTmzB/0+iTn953txjijVn/Hm7JoQ7yqQXBwnzjK1F7IkOdv0hyvpW1 - /Sba+yqZQTqdpH/EwRfQxf6OJpxMBIAj6/COzcp143O3tjVQAEHTaqHbY4rbrt07 - yxvOZKy2tNP/xY62E35rTzGvMrRqUzFNtaYeycx5F0jHgYNITtlCPh1txf5PBq5H - kmR9NFCOHncX5BFTAXbWaGVQiWxa71mn3vy49BZCwwz21D3u5/PI0Vqe5JBccyVu - 4yqqIdwIrj5i0BdlIFHig1WbYzDjRriR4H1z/Y2Vvv1wtRao99rf8DhCxcWwEgNo - vAOM1wSBHacr9uZrgAOvObkMWZ4m1UekIJXkA5803cb8J+ceneJ+EOWyYiFVPV8h - MshaL9M1zuEydZqHwDHfMgR/BgVvSVFwPQSkfXnKYJHNS8QGTfZKFudBiP0Ij7DB - pjRf5f2b4FhDgCIg5BopWBxES0LscpFmHgrV0QDKiXOXJNMkVUF5+ITz6HwwwlnS - XAEwKWrC58GzNBKFCvSMeD83xy7icfdTkXvO30EW9CbEUAMYN4twgsHG+J5NDrUR - yaET3e2kmOWStkQsPmMtYEVRfRHOWr8XKQXMJfrA87ZC0P19UwUM0eRXJVCN - =0h7d + hQIMA7uy4qQr71wiAQ/9GiQpDmGna3XUC5wzJKuIV6WWbCl8L2o6uzNM4dhUgGuD + 1xKQxfAfmoKN5rMeyIIFxoyRccKeALxO8z5WoVZvxK0FY60eYljP7qxnXzfPQinW + r9RvvgUpXKRQo6lwDJ2jLYxgFv3Rmmm8bQxc9oFh2n9NfMSvDJ+Kxkm9ApOEq5Bd + ksVKbdHMF7oTNL1h9mWA4yoM3+8VnChfDwRvK1ooSa4U2eRw30MtFFuny4SBaH+L + KhhalW28XRIM0P/puFPRA6/Db3pwaPcH70tZ4CotstDbLxXs6ssATQ5+Yt8E3i1f + obMTwg0a4etwvwskp52YaA3mx3wBP4FmklmBmkht9SZc52XeMS6f/t3JLfCV6HwG + FudtiyJXJrq+VJT896wocvMbVZNxQYIa1O8j+L3Up//6DLUaDnzIytP8ufQpkNRG + tryvKfVNR/2DsRa1ZMXpDPH3KZvXIjHqKCr2adtS1mzTkQwRxzX+XJwAPG4hwIr0 + r+I86Qq+6pJUxo8Z/88/5Krugmqz+KQPN/yQOGV9xsNRMvWgAGXNsNPFE5khItOs + E32dicbyC7tRmtmo0NsfhDMUUv1guP3h1yMegvDFxCVq9ndigrazU1eMEpIuBVEY + YHgh6RDAboEiakN3dF+9/kG2HgEf+ktKsUDHHoytPkGVTDIwI/BSY0uPqfZdcjvS + XgFYJqI59KZIuVFcRFmKQ0IF3GTIw1DDcScS5f877ikiTbxvGbWuCsyZmB2K/ZmL + X9T6gFrPTuc/JvM41m7naizeXpEGlw8fppX1+Lnb7d9qqqO80VgXeO2hBLkoKfM= + =colG -----END PGP MESSAGE----- fp: DC6910268E657FF70BA7EC289974494E76938DDC encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$ diff --git a/kubernetes/system/coredns/values.yaml b/kubernetes/system/coredns/values.yaml index ee61214..a828b6e 100644 --- a/kubernetes/system/coredns/values.yaml +++ b/kubernetes/system/coredns/values.yaml @@ -1,10 +1,31 @@ -replicaCount: 1 +replicaCount: 2 image: repository: coredns/coredns tag: 1.14.3 pullPolicy: IfNotPresent deployment: dnsPolicy: ClusterFirst + strategy: + type: RollingUpdate + rollingUpdate: + maxUnavailable: 0 + maxSurge: 1 +livenessProbe: + httpGet: + path: /health + port: 8080 + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 5 + failureThreshold: 3 +readinessProbe: + httpGet: + path: /ready + port: 8181 + initialDelaySeconds: 5 + periodSeconds: 5 + timeoutSeconds: 3 + failureThreshold: 3 resources: limits: cpu: 100m @@ -60,27 +81,27 @@ extraVolumes: configMap: name: coredns-lan-zone sops: - lastmodified: "2026-05-02T16:45:17Z" - mac: ENC[AES256_GCM,data:u+4i3fNGvHcMAZvFOZdY4ESndt+eRVO0QNvMwHNVCZjLqVkLx4e39OEzRjmok2WNqIyC/56c0LL/Aug7s2Auj0d6V0vBYnwmRPbjxOuwE+oJIQGAN9M8lP2cYK8kwHT5buBWSO8AAauWzjaRgcvpzZhWpAxsCXg32Z3Qyl97oaE=,iv:csbbOXIIWv8XyS93ZUZ/FdOjPuvbn6BLS7lb1M8NSrA=,tag:v2+ToKO2t9tq+6cn4RND9A==,type:str] + lastmodified: "2026-05-02T16:59:44Z" + mac: ENC[AES256_GCM,data:H4uRid1Fqx4JzsF43TSGa7QcGjpXLAHiM0N3Kf4z7ab4eMlTy1+RXMV7xVT9BinjZzH6P+ENxo0yVOsdt0Yu467KJhGznNWlb2MC2TElPxZ9/yItJ+hdVGHGWbVGFWUL5NOUQ9fY2NPGw0CGr8qyftLr5Qkx0LO/VUgKWkq6RWM=,iv:9+V/sCBhfWAsIvr4DsWQgkeqQZQyT4Ti3Y+qCEZqU5c=,tag:JCRONb54BpXQzYhhPs7VGA==,type:str] pgp: - - created_at: "2026-05-02T16:45:15Z" + - created_at: "2026-05-02T16:59:43Z" enc: |- -----BEGIN PGP MESSAGE----- - hQIMA7uy4qQr71wiAQ/+LW+h95JiCt4FJAO4o96ZdfxrNUYxN90Mrokh30PzyiPT - HOtbsoFYp+K5rO/af1G8R00MDzR1WCfuohjWcu/+B3Cs48hZj+bO0jmkCnfR727I - zCSecYACa+BNFAbkR0qmbUmQgrBuwBCWAquAlNfBLH0rZ4iAp3aGgnIWgWaw68fT - B9QXkvMazZay9kY9ukwY06Z74IqOQbm6Axf+SWfzmGO5rzzIJt4W0ClG9w+4Ngfa - NSRw1VFssJoa63wKK+gqMHJyOhyNqfQ8B1u7tkoHZdx85bNkWAD20BavHeRT6MLf - 9hXQyL6bbY8hMKM7nu9IU+R7R2WeSkosEyl3xP6sEME4SKjrzToLrI7X7XwmdL/C - ngmiZ1mmKXPaakYFCfqcR7CwIlJGG55CP56Zk9UKlU6CjbsfU0klybIwXiy7bpAE - DUkXKOEO4KD7MQwPFz56TjCHi642cJQ6TLw31WVoU0IZ8MgKv/Wx04jXQzbuVL3R - ZE0Wp/xpjbO2thPer9mJX84aNEFPqLUEkQ4b0xlD3+T+0Pqz0hwUjbn/D1Psdlrc - sOzqPsiP7Z/VZE7SXo3nAOfhvHqlN1D5uiLRIuKwjozdjBuPwJRNxOQ73I9WkRNr - sifRhVAadwkaONacg3KXDrEUTjCN1kLBnVQSzRNBWJG9TH0bw1udneYGRb24K2rS - XgEX8FBE05tMrCNvJ3Q3rF7L+TZ+xgqd7uPGNte8GeI3NwkaZHUA625dCLqR7Gnh - rJ0ttEVMfkuM54dSTPLjZbMUPMlZBP0WzzDJuMxDLR8yreUA4EItPt9qigb3yw8= - =nVJE + hQIMA7uy4qQr71wiAQ/9HzeTVqelbvPtluYa5xGvoYNeEEXg43CwrwZ1/z5yFWvx + DoOCeyro5wFsNC6td7n2HVhtK0ULkfrMHH8OC+7L3bXbnlEnQzITmDggAUvfegCv + b/7ohPkOdLvi6qXbr8bgqCZYFnPq+gUs3UOPh5Tl6wgzRSFXw2Hsb4YmQkvZJUNb + PhPpLIUe/ECE4hmEjO5v9o3X0o7qZ3bahf9mZZlnJnvXT7R/DM8eeWTis/q0WSHE + XnclhOX4GlMwXxa65sRrShuPcsV3qqX3VWOSWJFBhGx/FDtZTkhlHGQ9YhF2TzbB + xxCrn87mH2W13NH6jQOQYPh1JTTJbgZZMZXgyPNmPDSYZE1kxTdrz4l4mcmCDND0 + hY3T8iR8ap2b3HhSNCqC1C0QN/bK217hTs8cJHWRRfa6jfh12imwk2XhJkB3zZxV + O1oSb6eiP0ba0CgXu31shmfXuTAeVbTm6E50heYorjQKR5djjnOVwQUdmis1Awae + AQTiWtBBbOgfX5WA5b6wInFr0WEsshG+YuqfB7FhJpo2SHyeFhgk47ssHWSeBpPv + wa4OAGaMkdGoePQhApZFrBCZHslEhPE+XQlDdyOtXCmxBOcLwe59ikWLV75j0DzS + NRUNOBYQ8Q1Y6Su/sJWW7TykQkmDirU+oIYxAngZyIyJSWvARPd6fJJvkqqg013S + XgH1+LQJWNEJzIaLKCWbkZXnMstsOYrs4ynV4f/QZKU+Md5CgVbjy9KIC/trfNhj + 1t9kkyVVOEO7UmRhMyl8pK2gQDiOBrkhUJ5tSNFEfxM1llZ4GZRV+SUuMC3UzVA= + =l7Wo -----END PGP MESSAGE----- fp: DC6910268E657FF70BA7EC289974494E76938DDC encrypted_regex: ^(password|value|ssh-key|api-key|user|username|privateKey|clientSecret|clientId|apiKey|extraArgs.*|.*Secret.*|extraEnvVars|.*SECRET.*|.*secret.*|key|.*Password|.*\.ya?ml)$