fix(unbound): use project's healthcheck pattern

jeboehm · jeboehm · commit 01e7059a44ea · 2025-10-16T15:21:05.000+02:00
diff --git a/deploy/kustomize/unbound/deployment.yaml b/deploy/kustomize/unbound/deployment.yaml
@@ -46,8 +46,9 @@ spec:
               containerPort: 5353
               protocol: TCP
           livenessProbe:
-            tcpSocket:
-              port: dns-tcp
+            exec:
+              command:
+                - /usr/local/bin/healthcheck.sh
             initialDelaySeconds: 30
             periodSeconds: 30
             timeoutSeconds: 10
diff --git a/target/unbound/Dockerfile b/target/unbound/Dockerfile
@@ -10,4 +10,4 @@ COPY --chown=unbound:unbound rootfs/ /
 USER unbound
 
 EXPOSE 5353/tcp 5353/udp
-HEALTHCHECK CMD dig @127.0.0.1 -p 5353 github.com || exit 1
+HEALTHCHECK CMD /usr/local/bin/healthcheck.sh
diff --git a/target/unbound/rootfs/usr/local/bin/healthcheck.sh b/target/unbound/rootfs/usr/local/bin/healthcheck.sh
@@ -0,0 +1,18 @@
+#!/bin/sh
+set -e
+
+# Test DNS resolution using dig
+if ! dig @127.0.0.1 -p 5353 github.com >/dev/null 2>&1; then
+	echo "Healthcheck failed: DNS resolution test failed"
+	exit 1
+fi
+
+# Test UDP connectivity (unbound typically uses UDP for DNS)
+if ! dig @127.0.0.1 -p 5353 +tcp github.com >/dev/null 2>&1; then
+	echo "Healthcheck failed: TCP DNS resolution test failed"
+	exit 1
+fi
+
+echo "Healthcheck passed"
+
+exit 0
