QBIT: Attempt to add DNSdist for https DNS

Heavybullets8 · Sep 24, 2024 · 1a358fe · 1a358fe
1 parent 8802560
commit 1a358fe
Show file tree

Hide file tree

Showing 3 changed files with 50 additions and 0 deletions.
diff --git a/kubernetes/apps/media/qbittorrent/qbittorrent/config/dnsdist.conf b/kubernetes/apps/media/qbittorrent/qbittorrent/config/dnsdist.conf
@@ -0,0 +1,31 @@
+-- udp/tcp dns listening
+ setLocal("127.0.0.2:53", {})
+
+ -- K8S DNS
+ newServer({
+   address = "10.96.0.10",
+   pool = "k8s",
+   healthCheckMode = "lazy",
+   lazyHealthCheckMode = 'TimeoutOnly',
+ })
+
+ -- CloudFlare DNS over TLS
+ newServer({
+   address = "1.1.1.1:853",
+   tls = "openssl",
+   subjectName = "cloudflare-dns.com",
+   validateCertificates = true,
+   healthCheckMode = "lazy",
+   lazyHealthCheckMode = 'TimeoutOnly',
+ })
+ newServer({
+   address = "1.0.0.1:853",
+   tls = "openssl",
+   subjectName = "cloudflare-dns.com",
+   validateCertificates = true,
+   healthCheckMode = "lazy",
+   lazyHealthCheckMode = 'TimeoutOnly',
+ })
+
+ -- Routing rules
+ addAction('cluster.local', PoolAction('k8s'))
diff --git a/kubernetes/apps/media/qbittorrent/qbittorrent/helmrelease.yaml b/kubernetes/apps/media/qbittorrent/qbittorrent/helmrelease.yaml
@@ -89,6 +89,7 @@ spec:
               tag: v3.39.0
             env:
               DNS_KEEP_NAMESERVER: "on"
+              DNS_ADDRESS: "127.0.0.2"
               DOT: "off"
               FIREWALL_VPN_INPUT_PORTS: 52885
               FIREWALL_OUTBOUND_SUBNETS: 10.69.0.0/16,10.96.0.0/16
@@ -132,6 +133,11 @@ spec:
               limits:
                 kernel.org/tun: 1
 
+          dnsdist:
+            image:
+              repository: docker.io/powerdns/dnsdist-19
+              tag: 1.9.6
+
     service:
       app:
         controller: *app
@@ -184,3 +190,13 @@ spec:
         type: emptyDir
         globalMounts:
           - path: /addons
+
+      dnsdist:
+        type: configMap
+        name: qbittorrent-dnsdist
+        advancedMounts:
+          qbittorrent:
+            dnsdist:
+              - path: /etc/dnsdist/dnsdist.conf
+                subPath: dnsdist.conf
+                readOnly: true
diff --git a/kubernetes/apps/media/qbittorrent/qbittorrent/kustomization.yaml b/kubernetes/apps/media/qbittorrent/qbittorrent/kustomization.yaml
@@ -14,5 +14,8 @@ configMapGenerator:
     options:
       labels:
         loki_rule: "true"
+  - name: qbittorrent-dnsdist
+    files:
+      - ./config/dnsdist.conf
 generatorOptions:
   disableNameSuffixHash: true