feat(blocky): add blocky (#3735)
* feat(blocky): add blocky * Chore(Blocky): Ornias's refactor * Chore(Blocky): stavros' refactor * add basic run tests and remaining config options in values.yaml * bump common again * correct minor services whoopsy * whoops again * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Update charts/incubator/blocky/questions.yaml Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> * Actually add values.yaml settings to blockyconfig file * hmm * Update charts/incubator/blocky/templates/common.yaml Co-authored-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> * dont load k8s-gateway without domains added * remove loop detection from k8s-gateway * response with nxdomain if no forwarding is added to k8s-gateway and fix k8s-gateway domains in blocky config * hmmm * fix some mistakes * fix config mistake * always add a forward to prevent errors, even though forwarding would never be used. Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Signed-off-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl> Co-authored-by: Kjeld Schouten-Lebbing <kjeld@schouten-lebbing.nl>
This commit is contained in:
30
charts/incubator/blocky/.helmignore
Normal file
30
charts/incubator/blocky/.helmignore
Normal file
@@ -0,0 +1,30 @@
|
||||
# Patterns to ignore when building packages.
|
||||
# This supports shell glob matching, relative path matching, and
|
||||
# negation (prefixed with !). Only one pattern per line.
|
||||
.DS_Store
|
||||
# Common VCS dirs
|
||||
.git/
|
||||
.gitignore
|
||||
.bzr/
|
||||
.bzrignore
|
||||
.hg/
|
||||
.hgignore
|
||||
.svn/
|
||||
# Common backup files
|
||||
*.swp
|
||||
*.bak
|
||||
*.tmp
|
||||
*~
|
||||
# Various IDEs
|
||||
.project
|
||||
.idea/
|
||||
*.tmproj
|
||||
.vscode/
|
||||
# OWNERS file for Kubernetes
|
||||
OWNERS
|
||||
# helm-docs templates
|
||||
*.gotmpl
|
||||
# docs folder
|
||||
/docs
|
||||
# icon
|
||||
icon.png
|
||||
33
charts/incubator/blocky/Chart.yaml
Normal file
33
charts/incubator/blocky/Chart.yaml
Normal file
@@ -0,0 +1,33 @@
|
||||
apiVersion: v2
|
||||
appVersion: "10.6.2"
|
||||
dependencies:
|
||||
- name: common
|
||||
repository: https://library-charts.truecharts.org
|
||||
version: 10.5.7
|
||||
- condition: redis.enabled
|
||||
name: redis
|
||||
repository: https://charts.truecharts.org
|
||||
version: 3.0.67
|
||||
description: Blocky is a DNS proxy and ad-blocker for the local network written in Go
|
||||
home: https://truecharts.org/docs/charts/stable/airsonic
|
||||
icon: https://truecharts.org/img/hotlink-ok/chart-icons/airsonic.png
|
||||
keywords:
|
||||
- dns
|
||||
- blocky
|
||||
kubeVersion: ">=1.16.0-0"
|
||||
maintainers:
|
||||
- email: info@truecharts.org
|
||||
name: TrueCharts
|
||||
url: https://truecharts.org
|
||||
name: blocky
|
||||
sources:
|
||||
- https://0xerr0r.github.io/blocky/
|
||||
- https://github.com/0xERR0R/blocky
|
||||
- https://github.com/Mozart409/blocky-frontend
|
||||
- https://hub.docker.com/r/spx01/blocky
|
||||
version: 0.0.1
|
||||
annotations:
|
||||
truecharts.org/catagories: |
|
||||
- network
|
||||
truecharts.org/SCALE-support: "true"
|
||||
truecharts.org/grade: U
|
||||
0
charts/incubator/blocky/README.md
Normal file
0
charts/incubator/blocky/README.md
Normal file
7
charts/incubator/blocky/ci/k8sgateway-values.yaml
Normal file
7
charts/incubator/blocky/ci/k8sgateway-values.yaml
Normal file
@@ -0,0 +1,7 @@
|
||||
k8sgateway:
|
||||
enabled: true
|
||||
# -- list of processed domains
|
||||
domains:
|
||||
- domain: something.com
|
||||
dnsChallenge:
|
||||
enabled: false
|
||||
0
charts/incubator/blocky/ci/standalone-values.yaml
Normal file
0
charts/incubator/blocky/ci/standalone-values.yaml
Normal file
87
charts/incubator/blocky/docs/installation-notes.md
Normal file
87
charts/incubator/blocky/docs/installation-notes.md
Normal file
@@ -0,0 +1,87 @@
|
||||
# Installation notes
|
||||
|
||||
## Default Configuration
|
||||
|
||||
The following config will be pre-configured and merged with any config you manually add to `blockyConfig` option in `values.yaml`:
|
||||
|
||||
Redis (always present):
|
||||
|
||||
```yaml
|
||||
redis:
|
||||
address: $redis_host:6379
|
||||
password: $redis_pass
|
||||
database: 0
|
||||
required: true
|
||||
connectionAttempts: 10
|
||||
connectionCooldown: 3s
|
||||
```
|
||||
|
||||
Prometheus (Only present if enabled):
|
||||
|
||||
```yaml
|
||||
prometheus:
|
||||
enable: true
|
||||
path: /metrics
|
||||
```
|
||||
|
||||
Upstreams (from values.yaml):
|
||||
|
||||
```yaml
|
||||
upstream:
|
||||
default:
|
||||
- # Content from `.Values.defaultUpstreams`
|
||||
# Additional upstream groups from `.Values.upstreams`
|
||||
```
|
||||
|
||||
Whitelist/Blacklist (from values.yaml) :
|
||||
|
||||
```yaml
|
||||
blocking:
|
||||
blockType: nxDomain
|
||||
blockTTL: 6h
|
||||
refreshPeriod: 4h
|
||||
downloadTimeout: 60s
|
||||
downloadAttempts: 3
|
||||
downloadCooldown: 2s
|
||||
failStartOnListError: false
|
||||
processingConcurrency: 4
|
||||
whiteLists:
|
||||
# Groupname:
|
||||
- # Content from .Values.blocking.whiteList
|
||||
blackLists:
|
||||
# Groupname:
|
||||
- # Content from .Values.blocking.blackList
|
||||
clientGroupsBlock:
|
||||
# Groupname:
|
||||
- # Content from .Values.blocking.clientGroupsBlock
|
||||
```
|
||||
|
||||
## Configuration Instructions
|
||||
|
||||
### TrueNAS SCALE
|
||||
|
||||
For TrueNAS SCALE, we offer only a limited subset of configuration options:
|
||||
|
||||
- Upstream DNS servers
|
||||
- Whitelists
|
||||
- Blacklists
|
||||
|
||||
Those have special variables in `values.yaml`, so we can show them nicely in the TrueNAS SCALE GUI
|
||||
|
||||
### Native Helm
|
||||
|
||||
For anything but TrueNAS SCALE, we would advice to instead use `blockyConfig` in `Values.yaml` and NOT mount any configuration file manually.
|
||||
|
||||
In short:
|
||||
|
||||
- Add your config in `values.yaml` under `blockyConfig:`
|
||||
- Add your whitelists in `values.yaml` under `blockyWhitelist` or manually using blockyConfig
|
||||
- Add your blacklists in `values.yaml` under `blockyBlacklist` or manually using blockyConfig
|
||||
|
||||
### Adding config by mounting files
|
||||
|
||||
You can mount custom config files, using `persistence` or, in SCALE GUI, `Additional Storage` to the following path:
|
||||
`/app/config/`
|
||||
_However it cannot reference any of the pre-defined variables listed above, so it's use is severely limited._
|
||||
|
||||
You can also mount custom Whitelist/Blacklist files, using `persistence` or, in SCALE GUI, `Additional Storage` and enter the path in your whitelist or blacklist settings manually
|
||||
BIN
charts/incubator/blocky/icon.png
Normal file
BIN
charts/incubator/blocky/icon.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 39 KiB |
597
charts/incubator/blocky/questions.yaml
Normal file
597
charts/incubator/blocky/questions.yaml
Normal file
@@ -0,0 +1,597 @@
|
||||
# Include{groups}
|
||||
portals:
|
||||
open:
|
||||
# Include{portalLink}
|
||||
questions:
|
||||
# Include{global}
|
||||
# Include{controller}
|
||||
# Include{controllerDeployment}
|
||||
# Include{replicas}
|
||||
# Include{replica1}
|
||||
# Include{strategy}
|
||||
# Include{recreate}
|
||||
# Include{controllerExpert}
|
||||
# Include{controllerExpertExtraArgs}
|
||||
- variable: blocky
|
||||
group: Container Configuration
|
||||
label: Blocky Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enableWebUI
|
||||
label: Enable Web UI
|
||||
description: Enables Web UI
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: enablePrometheus
|
||||
label: Enable Prometheus Endpoint
|
||||
description: Enables Prometheus Endpoint
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: overrideDefaults
|
||||
group: Container Configuration
|
||||
label: Override Default Upstreams
|
||||
description: Overrides the predefined DNS server upstream list
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: defaultUpstreams
|
||||
label: Default Upstreams
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: upstreamEntry
|
||||
label: Upstream Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: upstreams
|
||||
group: Container Configuration
|
||||
label: Upstreams Groups
|
||||
description:
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: upstreamsGroupEntry
|
||||
label: Upstreams Group Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Group Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: upstreams
|
||||
label: Upstreams
|
||||
schema:
|
||||
type: list
|
||||
required: true
|
||||
default: []
|
||||
items:
|
||||
- variable: upstreamEntry
|
||||
label: upstream Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: conditional
|
||||
group: Container Configuration
|
||||
label: Conditional
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: rewrite
|
||||
label: Rewrite
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: rewriteEntry
|
||||
label: Rewrite Entry
|
||||
schema:
|
||||
type: dict
|
||||
additional_attrs: true
|
||||
attrs:
|
||||
- variable: in
|
||||
label: In
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: out
|
||||
label: Out
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: mapping
|
||||
label: Mapping
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: mappingEntry
|
||||
label: Mapping Entry
|
||||
schema:
|
||||
type: dict
|
||||
additional_attrs: true
|
||||
attrs:
|
||||
- variable: domain
|
||||
label: Domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: dnsserver
|
||||
label: DNS Server
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: blocking
|
||||
group: Container Configuration
|
||||
label: Blocking
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: blockType
|
||||
label: Block Type
|
||||
description: Set the response should be sent to the client, if a requested query is blocked
|
||||
schema:
|
||||
type: string
|
||||
default: nxDomain
|
||||
- variable: blockTTL
|
||||
label: Block TTL
|
||||
description: Set the TTL for answers to blocked domains
|
||||
schema:
|
||||
type: string
|
||||
default: 6h
|
||||
- variable: refreshPeriod
|
||||
label: Refresh Period
|
||||
description: Set how often blocky should refresh list cache
|
||||
schema:
|
||||
type: string
|
||||
default: 4h
|
||||
- variable: downloadTimeout
|
||||
label: Download Timeout
|
||||
description: Download attempt timeout
|
||||
schema:
|
||||
type: string
|
||||
default: 60s
|
||||
- variable: downloadAttempts
|
||||
label: Download Attempts
|
||||
description: How many download attempts should be performed
|
||||
schema:
|
||||
type: int
|
||||
default: 3
|
||||
- variable: downloadCooldown
|
||||
label: Download Cooldown
|
||||
description: Time between the download attempts
|
||||
schema:
|
||||
type: string
|
||||
default: 2s
|
||||
- variable: failStartOnListError
|
||||
label: Fail Start on List Error
|
||||
description: Fail to start if at least one list can't be downloaded or opened
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: processingConcurrency
|
||||
label: Processing Concurrency
|
||||
description: Sets how many list-groups can be processed at the same time
|
||||
schema:
|
||||
type: int
|
||||
default: 4
|
||||
- variable: whitelist
|
||||
label: Whitelist
|
||||
description: Define whitelists, either URL or file
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: whitelistEntry
|
||||
label: Whitelist Group Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Group Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: lists
|
||||
label: Lists
|
||||
schema:
|
||||
type: list
|
||||
required: true
|
||||
default: []
|
||||
items:
|
||||
- variable: listEntry
|
||||
label: List Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: blacklist
|
||||
label: Blacklist
|
||||
description: Define blacklists, either URL or file
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: blacklistEntry
|
||||
label: Blacklist Group Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Group Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: lists
|
||||
label: Lists
|
||||
schema:
|
||||
type: list
|
||||
required: true
|
||||
default: []
|
||||
items:
|
||||
- variable: listEntry
|
||||
label: List Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: clientGroupsBlock
|
||||
label: Client Groups Block
|
||||
description: Define, which blocking group(s) should be used for which client in your network.
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: clientGroupBlockEntry
|
||||
label: Client Group Block Entry
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: name
|
||||
label: Client Group Name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: groups
|
||||
label: Groups
|
||||
schema:
|
||||
type: list
|
||||
required: true
|
||||
default: []
|
||||
items:
|
||||
- variable: groupEntry
|
||||
label: Group Entry
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: ""
|
||||
- variable: k8sgateway
|
||||
group: Container Configuration
|
||||
label: k8s-Gateway Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable k8s-Gateway
|
||||
description: Enables k8s-Gateway
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: domains
|
||||
label: Domains
|
||||
description: Please refer to CoreDNS docs for options
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: domainEntry
|
||||
label: ""
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: domain
|
||||
label: Domain name
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: example.com
|
||||
- variable: dnsChallenge
|
||||
label: Forward dnsChallenge
|
||||
description: Optional configuration option for DNS01 challenge that will redirect all acme
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: enabled
|
||||
label: Enable
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: domain
|
||||
label: Forward to Domain
|
||||
schema:
|
||||
type: string
|
||||
required: true
|
||||
default: dns01.clouddns.com
|
||||
|
||||
- variable: advancedOptions
|
||||
label: Advanced Options
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
show_if: [["enabled", "=", "true"]]
|
||||
show_subquestions_if: true
|
||||
subquestions:
|
||||
- variable: ttl
|
||||
label: ttl
|
||||
description: TTL for non-apex responses (in seconds)
|
||||
schema:
|
||||
type: int
|
||||
default: 300
|
||||
- variable: watchedResources
|
||||
label: Watched Resources
|
||||
description: imit what kind of resources to watch, e.g. Ingress
|
||||
schema:
|
||||
type: list
|
||||
default: []
|
||||
items:
|
||||
- variable: watchedResource
|
||||
label: Watched Resource
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: secondary
|
||||
label: Secondary DNS Server Service
|
||||
description: Service name of a secondary DNS server (should be serviceName.namespace)
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
- variable: apex
|
||||
label: Apex
|
||||
description: Override the default `serviceName.namespace` domain apex
|
||||
schema:
|
||||
type: string
|
||||
default: ""
|
||||
# Include{containerConfig}
|
||||
# Include{serviceRoot}
|
||||
- variable: main
|
||||
label: Main Service
|
||||
description: The Primary service on which the healthcheck runs, often the webUI
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: main
|
||||
label: Main Service Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 10315
|
||||
required: true
|
||||
# Include{advancedPortHTTP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 80
|
||||
- variable: dns-tcp
|
||||
label: DNS TCP Service
|
||||
description: The DNS TCP service
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: dns-tcp
|
||||
label: DNS TCP Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 53
|
||||
required: true
|
||||
# Include{advancedPortTCP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 53
|
||||
- variable: dns-udp
|
||||
label: DNS UDP Service
|
||||
description: The DNS UDP service
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorLoadBalancer}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: dns-udp
|
||||
label: DNS UDP Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 53
|
||||
required: true
|
||||
# Include{advancedPortUDP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 53
|
||||
- variable: dot
|
||||
label: DoT Service
|
||||
description: "DNS-over-TLS service"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorClusterIP}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: dot
|
||||
label: DoT Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 853
|
||||
required: true
|
||||
# Include{advancedPortUDP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 853
|
||||
- variable: http
|
||||
label: HTTP and Metrics Service
|
||||
description: "service for things like metrics, pprof, API, DoH etc"
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{serviceSelectorClusterIP}
|
||||
# Include{serviceSelectorExtras}
|
||||
- variable: http
|
||||
label: HTTP and Metrics Port Configuration
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
- variable: port
|
||||
label: Port
|
||||
description: This port exposes the container port on the service
|
||||
schema:
|
||||
type: int
|
||||
default: 4000
|
||||
required: true
|
||||
# Include{advancedPortUDP}
|
||||
- variable: targetPort
|
||||
label: Target Port
|
||||
description: The internal(!) port on the container the Application runs on
|
||||
schema:
|
||||
type: int
|
||||
default: 4000
|
||||
# Include{serviceExpertRoot}
|
||||
default: false
|
||||
# Include{serviceExpert}
|
||||
# Include{serviceList}
|
||||
# Include{persistenceList}
|
||||
# Include{ingressRoot}
|
||||
- variable: main
|
||||
label: Main Ingress
|
||||
schema:
|
||||
additional_attrs: true
|
||||
type: dict
|
||||
attrs:
|
||||
# Include{ingressDefault}
|
||||
# Include{ingressTLS}
|
||||
# Include{ingressTraefik}
|
||||
# Include{ingressExpert}
|
||||
# Include{ingressList}
|
||||
# Include{security}
|
||||
# Include{securityContextAdvancedRoot}
|
||||
- variable: privileged
|
||||
label: Privileged mode
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: readOnlyRootFilesystem
|
||||
label: ReadOnly Root Filesystem
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
- variable: allowPrivilegeEscalation
|
||||
label: Allow Privilege Escalation
|
||||
schema:
|
||||
type: boolean
|
||||
default: false
|
||||
- variable: runAsNonRoot
|
||||
label: runAsNonRoot
|
||||
schema:
|
||||
type: boolean
|
||||
default: true
|
||||
# Include{securityContextAdvanced}
|
||||
# Include{podSecurityContextRoot}
|
||||
- variable: runAsUser
|
||||
label: runAsUser
|
||||
description: The UserID of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: runAsGroup
|
||||
label: runAsGroup
|
||||
description: The groupID this App of the user running the application
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
- variable: fsGroup
|
||||
label: fsGroup
|
||||
description: The group that should own ALL storage.
|
||||
schema:
|
||||
type: int
|
||||
default: 568
|
||||
# Include{podSecurityContextAdvanced}
|
||||
# Include{resources}
|
||||
# Include{advanced}
|
||||
# Include{addons}
|
||||
# Include{documentation}
|
||||
200
charts/incubator/blocky/templates/_blockyConfig.tpl
Normal file
200
charts/incubator/blocky/templates/_blockyConfig.tpl
Normal file
@@ -0,0 +1,200 @@
|
||||
{{/* Define the config */}}
|
||||
{{- define "blocky.configmap" -}}
|
||||
{{- $configName := printf "%s-config" (include "tc.common.names.fullname" .) }}
|
||||
{{- $config := merge ( include "blocky.config" . | fromYaml ) ( .Values.blockyConfig ) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ $configName }}
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
data:
|
||||
tc-config.yaml: |
|
||||
{{ $config | toYaml | indent 6 }}
|
||||
{{- end -}}
|
||||
|
||||
{{- define "blocky.config" -}}
|
||||
redis:
|
||||
address: {{ printf "%v-%v" .Release.Name "redis" }}:6379
|
||||
password: {{ .Values.redis.redisPassword | trimAll "\"" }}
|
||||
database: 0
|
||||
required: true
|
||||
connectionAttempts: 10
|
||||
connectionCooldown: 3s
|
||||
{{- if .Values.blocky.enablePrometheus }}
|
||||
prometheus:
|
||||
enable: true
|
||||
path: /metrics
|
||||
{{- end }}
|
||||
upstream:
|
||||
default:
|
||||
{{- .Values.defaultUpstreams | toYaml | nindent 8 }}
|
||||
|
||||
{{- if .Values.certFile }}
|
||||
certFile: {{ .Values.certFile }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.keyFile }}
|
||||
keyFile: {{ .Values.keyFile }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.logLevel }}
|
||||
logLevel: {{ .Values.logLevel }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.logTimestamp }}
|
||||
logTimestamp: {{ .Values.logTimestamp }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.logPrivacy }}
|
||||
logPrivacy: {{ .Values.logPrivacy }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.dohUserAgent }}
|
||||
dohUserAgent: {{ .Values.dohUserAgent }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.minTlsServeVersion }}
|
||||
minTlsServeVersion: {{ .Values.minTlsServeVersion }}
|
||||
{{- end }}
|
||||
|
||||
caching:
|
||||
{{ toYaml .Values.caching | indent 2 }}
|
||||
|
||||
|
||||
{{- if .Values.hostsFile.enabled }}
|
||||
{{ $hostsfile := omit .Values.hostsFile "enabled" }}
|
||||
hostsFile:
|
||||
{{ toYaml $hostsfile | indent 2 }}
|
||||
{{- end }}
|
||||
|
||||
{{- range $id, $value := .Values.upstreams }}
|
||||
{{ $value.name }}:
|
||||
{{- $value.dnsservers | toYaml | nindent 8 }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.bootstrapDns.upstream .Values.bootstrapDns.ips }}
|
||||
bootstrapDns:
|
||||
{{- if .Values.bootstrapDns.upstream }}
|
||||
upstream: {{ .Values.bootstrapDns.upstream }}
|
||||
{{- end }}
|
||||
{{- if .Values.bootstrapDns.ips }}
|
||||
ips:
|
||||
{{- range $id, $value := .Values.bootstrapDns.ips }}
|
||||
- {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.filtering.filtering }}
|
||||
filtering:
|
||||
{{- if .Values.filtering.ips }}
|
||||
queryTypes:
|
||||
{{- range $id, $value := .Values.filtering.ips }}
|
||||
- {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.customDNS.filterUnmappedTypes .Values.customDNS.customTTL .Values.customDNS.rewrite .Values.customDNS.mapping }}
|
||||
customDNS:
|
||||
{{- if .Values.customDNS.upstream }}
|
||||
upstream: {{ .Values.customDNS.upstream }}
|
||||
{{- end }}
|
||||
{{- if .Values.customDNS.customTTL }}
|
||||
customTTL: {{ .Values.customDNS.customTTL }}
|
||||
{{- end }}
|
||||
{{- if .Values.customDNS.rewrite }}
|
||||
rewrite:
|
||||
{{- range $id, $value := .Values.customDNS.rewrite }}
|
||||
{{ $value.in }}: {{ $value.out }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.customDNS.mapping }}
|
||||
mapping:
|
||||
{{- range $id, $value := .Values.customDNS.mapping }}
|
||||
{{ $value.domain }}: {{ $value.dnsserver }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.clientLookup.upstream .Values.clientLookup.ips }}
|
||||
clientLookup:
|
||||
{{- if .Values.clientLookup.upstream }}
|
||||
upstream: {{ .Values.clientLookup.upstream }}
|
||||
{{- end }}
|
||||
{{- if .Values.clientLookup.ips }}
|
||||
singleNameOrder:
|
||||
{{- range $id, $value := .Values.clientLookup.ips }}
|
||||
- {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- if .Values.clientLookup.clients }}
|
||||
clients:
|
||||
{{- range $id, $value := .Values.clientLookup.clients }}
|
||||
{{ $value.domain }}:
|
||||
{{- range $id, $value := .ips }}
|
||||
- {{ $value }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.conditional.rewrite .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }}
|
||||
conditional:
|
||||
{{- if .Values.conditional.rewrite }}
|
||||
rewrite:
|
||||
{{- range $id, $value := .Values.conditional.rewrite }}
|
||||
{{ $value.in }}: {{ $value.out }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if or .Values.conditional.mapping ( and .Values.k8sgateway.enabled .Values.k8sgateway.domains ) }}
|
||||
mapping:
|
||||
{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains }}
|
||||
{{- range $id, $value := .Values.k8sgateway.domains }}
|
||||
{{ .domain }}: 127.0.0.1:{{ $.Values.service.k8sgateway.ports.k8sgateway.targetPort }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- range $id, $value := .Values.conditional.mapping }}
|
||||
{{ $value.domain }}: {{ $value.dnsserver }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
blocking:
|
||||
blockType: {{ .Values.blocking.blockType }}
|
||||
blockTTL: {{ .Values.blocking.blockTTL }}
|
||||
refreshPeriod: {{ .Values.blocking.refreshPeriod }}
|
||||
downloadTimeout: {{ .Values.blocking.downloadTimeout }}
|
||||
downloadAttempts: {{ .Values.blocking.downloadAttempts }}
|
||||
downloadCooldown: {{ .Values.blocking.downloadCooldown }}
|
||||
failStartOnListError: {{ .Values.blocking.failStartOnListError }}
|
||||
processingConcurrency: {{ .Values.blocking.processingConcurrency }}
|
||||
{{- if .Values.blocking.whitelist }}
|
||||
whiteLists:
|
||||
{{- range $id, $value := .Values.blocking.whitelist }}
|
||||
{{ $value.name }}:
|
||||
{{- $value.lists | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.blocking.blacklist }}
|
||||
blackLists:
|
||||
{{- range $id, $value := .Values.blocking.blacklist }}
|
||||
{{ $value.name }}:
|
||||
{{- $value.lists | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- if .Values.blocking.clientGroupsBlock }}
|
||||
clientGroupsBlock:
|
||||
{{- range $id, $value := .Values.blocking.clientGroupsBlock }}
|
||||
{{ $value.name }}:
|
||||
{{- $value.groups | toYaml | nindent 10 }}
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
|
||||
{{- end -}}
|
||||
107
charts/incubator/blocky/templates/_k8sgateway.tpl
Normal file
107
charts/incubator/blocky/templates/_k8sgateway.tpl
Normal file
@@ -0,0 +1,107 @@
|
||||
{{- define "k8sgateway.container" -}}
|
||||
image: {{ .Values.k8sgatewayImage.repository }}:{{ .Values.k8sgatewayImage.tag }}
|
||||
imagePullPolicy: {{ .Values.k8sgatewayImage.pullPolicy }}
|
||||
securityContext:
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
args: ["-conf", "/etc/coredns/Corefile"]
|
||||
ports:
|
||||
- containerPort: {{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }}
|
||||
name: main
|
||||
volumeMounts:
|
||||
- name: config-volume
|
||||
mountPath: /etc/coredns
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8181
|
||||
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /health
|
||||
port: 8080
|
||||
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /ready
|
||||
port: 8181
|
||||
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
|
||||
{{- end -}}
|
||||
|
||||
{{/*
|
||||
Create the matchable regex from domain
|
||||
*/}}
|
||||
{{- define "k8sgateway.configmap.regex" -}}
|
||||
{{- if .Values.k8sgateway.domain }}
|
||||
{{- .Values.k8sgateway.domain | replace "." "[.]" -}}
|
||||
{{- else -}}
|
||||
{{ "unset" }}
|
||||
{{- end }}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Define the configmap */}}
|
||||
{{- define "k8sgateway.configmap" -}}
|
||||
{{- $values := .Values.k8sgateway }}
|
||||
{{- $fqdn := ( include "tc.common.names.fqdn" . ) }}
|
||||
---
|
||||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: {{ include "tc.common.names.fullname" . }}-corefile
|
||||
labels:
|
||||
{{- include "tc.common.labels" . | nindent 4 }}
|
||||
data:
|
||||
Corefile: |-
|
||||
.:{{ .Values.service.k8sgateway.ports.k8sgateway.targetPort }} {
|
||||
errors
|
||||
log
|
||||
health {
|
||||
lameduck 5s
|
||||
}
|
||||
ready
|
||||
{{- range .Values.k8sgateway.domains }}
|
||||
{{- if .dnsChallenge.enabled }}
|
||||
template IN ANY {{ required "Delegated domain ('domain') is mandatory " .domain }} {
|
||||
match "_acme-challenge[.](.*)[.]{{ include "k8sgateway.configmap.regex" . }}"
|
||||
answer "{{ "{{" }} .Name {{ "}}" }} 5 IN CNAME {{ "{{" }} index .Match 1 {{ "}}" }}.{{ required "DNS01 challenge domain is mandatory " $values.dnsChallenge.domain }}"
|
||||
fallthrough
|
||||
}
|
||||
{{- end }}
|
||||
k8s_gateway "{{ required "Delegated domain ('domain') is mandatory " .domain }}" {
|
||||
apex {{ $values.apex | default $fqdn }}
|
||||
ttl {{ $values.ttl }}
|
||||
{{- if $values.secondary }}
|
||||
secondary {{ $values.secondary }}
|
||||
{{- end }}
|
||||
{{- if $values.watchedResources }}
|
||||
resources {{ join " " $values.watchedResources }}
|
||||
{{- end }}
|
||||
fallthrough
|
||||
}
|
||||
{{- end }}
|
||||
prometheus 0.0.0.0:9153
|
||||
{{- if .Values.k8sgateway.forward.enabled }}
|
||||
forward . {{ .Values.k8sgateway.forward.primary }} {{ .Values.k8sgateway.forward.secondary }} {
|
||||
{{- range .Values.k8sgateway.forward.options }}
|
||||
{{ .name }} {{ .value }}
|
||||
{{- end }}
|
||||
}
|
||||
{{- else }}
|
||||
forward . 1.1.1.1
|
||||
{{- end }}
|
||||
loop
|
||||
reload
|
||||
loadbalance
|
||||
}
|
||||
{{- end -}}
|
||||
36
charts/incubator/blocky/templates/_webui.tpl
Normal file
36
charts/incubator/blocky/templates/_webui.tpl
Normal file
@@ -0,0 +1,36 @@
|
||||
{{- define "blocky.frontend" -}}
|
||||
image: {{ .Values.WebUIImage.repository }}:{{ .Values.WebUIImage.tag }}
|
||||
imagePullPolicy: {{ .Values.WebUIImage.pullPolicy }}
|
||||
securityContext:
|
||||
runAsUser: 568
|
||||
runAsGroup: 568
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
ports:
|
||||
- containerPort: {{ .Values.service.main.ports.main.targetPort }}
|
||||
name: main
|
||||
readinessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.main.ports.main.targetPort }}
|
||||
initialDelaySeconds: {{ .Values.probes.readiness.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.readiness.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.readiness.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.readiness.spec.failureThreshold }}
|
||||
livenessProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.main.ports.main.targetPort }}
|
||||
initialDelaySeconds: {{ .Values.probes.liveness.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.liveness.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.liveness.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.liveness.spec.failureThreshold }}
|
||||
startupProbe:
|
||||
httpGet:
|
||||
path: /
|
||||
port: {{ .Values.service.main.ports.main.targetPort }}
|
||||
initialDelaySeconds: {{ .Values.probes.startup.spec.initialDelaySeconds }}
|
||||
timeoutSeconds: {{ .Values.probes.startup.spec.timeoutSeconds }}
|
||||
periodSeconds: {{ .Values.probes.startup.spec.periodSeconds }}
|
||||
failureThreshold: {{ .Values.probes.startup.spec.failureThreshold }}
|
||||
{{- end -}}
|
||||
50
charts/incubator/blocky/templates/common.yaml
Normal file
50
charts/incubator/blocky/templates/common.yaml
Normal file
@@ -0,0 +1,50 @@
|
||||
{{/* Make sure all variables are set properly */}}
|
||||
{{- include "tc.common.loader.init" . }}
|
||||
|
||||
{{ include "blocky.configmap" . }}
|
||||
|
||||
{{/* Always mount the configmap, with the basic config, plus the 'blockyConfig' */}}
|
||||
{{- define "blocky.configmap.mount" -}}
|
||||
enabled: true
|
||||
type: custom
|
||||
mountPath: /app/config/tc-config.yaml
|
||||
subPath: tc-config.yaml
|
||||
readOnly: true
|
||||
volumeSpec:
|
||||
configMap:
|
||||
name: '{{ printf "%s-config" (include "tc.common.names.fullname" .) }}'
|
||||
{{- end -}}
|
||||
|
||||
{{/* Append the general configMap volume to the volumes */}}
|
||||
{{- define "k8sgateway.configvolume" -}}
|
||||
enabled: "true"
|
||||
mountPath: "/etc/coredns"
|
||||
readOnly: true
|
||||
type: "custom"
|
||||
volumeSpec:
|
||||
configMap:
|
||||
name: {{ include "tc.common.names.fullname" . }}-corefile
|
||||
items:
|
||||
- key: Corefile
|
||||
path: Corefile
|
||||
{{- end -}}
|
||||
|
||||
|
||||
{{- $_ := set .Values.persistence "tc-config" (include "blocky.configmap.mount" . | fromYaml) -}}
|
||||
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
||||
{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | quote) -}}
|
||||
|
||||
{{- if .Values.blocky.enableWebUI -}}
|
||||
{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{- if and .Values.k8sgateway.enabled .Values.k8sgateway.domains -}}
|
||||
{{- include "k8sgateway.configmap" . }}
|
||||
{{- $_ := set .Values.persistence "config-volume" (include "k8sgateway.configvolume" . | fromYaml) -}}
|
||||
{{- $_ := set .Values.additionalContainers "k8sgateway" (include "k8sgateway.container" . | fromYaml) -}}
|
||||
{{- end -}}
|
||||
|
||||
{{/* Render the templates */}}
|
||||
{{ include "tc.common.loader.apply" . }}
|
||||
338
charts/incubator/blocky/values.yaml
Normal file
338
charts/incubator/blocky/values.yaml
Normal file
@@ -0,0 +1,338 @@
|
||||
image:
|
||||
repository: spx01/blocky
|
||||
tag: development@sha256:c55e676e89cee31edeee687d70f7ed957b727d61b5611e213809f7a0399fe4ef
|
||||
# repository: tccr.io/truecharts/blocky
|
||||
# tag: v0.19@sha256:77a474542f12f480deca33ff0a6375846918b86988c13f858620839d8818ca84
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
WebUIImage:
|
||||
repository: tccr.io/truecharts/blocky-frontend
|
||||
tag: v0.0.3@sha256:81058f20520dcdb80c9883b6f21b338446fefc333e3ca8bd7d17336a24a5d842
|
||||
pullPolicy: IfNotPresent
|
||||
|
||||
k8sgatewayImage:
|
||||
repository: tccr.io/truecharts/k8s_gateway
|
||||
pullPolicy: IfNotPresent
|
||||
tag: 0.3.2@sha256:594fd6990eb2e0af1df7df8ba76cb3ca66232f46c5df5ebf786a45dd19777ae5
|
||||
|
||||
controller:
|
||||
# -- Set additional annotations on the deployment/statefulset/daemonset
|
||||
# -- Number of desired pods
|
||||
replicas: 2
|
||||
# -- Set the controller upgrade strategy
|
||||
# For Deployments, valid values are Recreate (default) and RollingUpdate.
|
||||
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
|
||||
# DaemonSets ignore this.
|
||||
strategy: RollingUpdate
|
||||
|
||||
# -- Blocky Config File content
|
||||
blockyConfig: {}
|
||||
# upstream:
|
||||
# default:
|
||||
# - 1.1.1.1
|
||||
|
||||
env:
|
||||
BLOCKY_CONFIG_FILE: "/app/config/"
|
||||
|
||||
blocky:
|
||||
enableWebUI: true
|
||||
enablePrometheus: true
|
||||
|
||||
probes:
|
||||
liveness:
|
||||
enabled:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /app/blocky
|
||||
- healthcheck
|
||||
readiness:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /app/blocky
|
||||
- healthcheck
|
||||
startup:
|
||||
custom: true
|
||||
spec:
|
||||
exec:
|
||||
command:
|
||||
- /app/blocky
|
||||
- healthcheck
|
||||
|
||||
service:
|
||||
main:
|
||||
ports:
|
||||
main:
|
||||
port: 10315
|
||||
protocol: HTTP
|
||||
targetPort: 80
|
||||
dns-tcp:
|
||||
enabled: true
|
||||
ports:
|
||||
dns-tcp:
|
||||
enabled: true
|
||||
port: 53
|
||||
targetPort: 53
|
||||
dns-udp:
|
||||
enabled: true
|
||||
ports:
|
||||
dns-udp:
|
||||
enabled: true
|
||||
port: 53
|
||||
protocol: UDP
|
||||
targetPort: 53
|
||||
dot:
|
||||
enabled: true
|
||||
ports:
|
||||
dot:
|
||||
enabled: true
|
||||
port: 853
|
||||
protocol: TCP
|
||||
targetPort: 853
|
||||
http:
|
||||
enabled: true
|
||||
ports:
|
||||
http:
|
||||
enabled: true
|
||||
port: 4000
|
||||
protocol: HTTP
|
||||
targetPort: 4000
|
||||
https:
|
||||
enabled: true
|
||||
ports:
|
||||
https:
|
||||
enabled: true
|
||||
port: 4443
|
||||
protocol: HTTPS
|
||||
targetPort: 4443
|
||||
k8sgateway:
|
||||
enabled: true
|
||||
ports:
|
||||
k8sgateway:
|
||||
enabled: true
|
||||
port: 5353
|
||||
protocol: UDP
|
||||
targetPort: 5353
|
||||
|
||||
## TODO Add support for SCALE certificates and certificates secrets here
|
||||
certFile: ""
|
||||
keyFile: ""
|
||||
logLevel: info
|
||||
logFormat: text
|
||||
logTimestamp: true
|
||||
logPrivacy: false
|
||||
dohUserAgent: ""
|
||||
minTlsServeVersion: 1.2
|
||||
|
||||
# -- set the default DNS upstream servers
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
defaultUpstreams:
|
||||
- 1.1.1.1
|
||||
- 1.0.0.1
|
||||
- 8.8.8.8
|
||||
- 8.8.4.4
|
||||
- 9.9.9.9
|
||||
- 149.112.112.112
|
||||
- 208.67.222.222
|
||||
- 208.67.220.220
|
||||
- 8.26.56.26
|
||||
- 8.20.247.20
|
||||
- 185.228.168.9
|
||||
- 185.228.169.9
|
||||
- 76.76.19.19
|
||||
- 76.223.122.150
|
||||
- 76.76.2.0
|
||||
- 76.76.10.0
|
||||
|
||||
# -- set additional upstreams
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
upstreams:
|
||||
# - name: group2
|
||||
# dnsservers:
|
||||
# - 1.1.1.1
|
||||
|
||||
# -- set bootstrap dns (not needed)
|
||||
# Ensures bootstrap encryption and ensure it doesn't use k8s dns
|
||||
bootstrapDns:
|
||||
# -- Upstream
|
||||
upstream: ""
|
||||
# -- IP's linked to upstream DoT/DoH DNS name
|
||||
ips: []
|
||||
|
||||
# -- Return empty answer for these queries
|
||||
filtering:
|
||||
# -- Ensures filtering by query type
|
||||
queryTypes: []
|
||||
|
||||
# -- Set manual custom DNS resolution
|
||||
customDNS:
|
||||
customTTL: 1h
|
||||
filterUnmappedTypes: true
|
||||
rewrite: []
|
||||
# - in: something.com
|
||||
# out: somethingelse.com
|
||||
mapping: []
|
||||
# - domain: something.com
|
||||
# dnsserver: 192.168.178.1
|
||||
|
||||
# -- Setup client-name lookup
|
||||
clientLookup:
|
||||
# -- upstream used for client-name lookup
|
||||
upstream: ""
|
||||
singleNameOrder: []
|
||||
clients:
|
||||
# - domain: laptop
|
||||
# ips: []
|
||||
|
||||
# -- Setup caching
|
||||
caching:
|
||||
minTime: 5m
|
||||
maxTime: 30m
|
||||
maxItemsCount: 0
|
||||
prefetching: false
|
||||
prefetchExpires: 2h
|
||||
prefetchThreshold: 5
|
||||
prefetchMaxItemsCount: 0
|
||||
cacheTimeNegative: 30m
|
||||
|
||||
# -- set conditional settings
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
conditional:
|
||||
rewrite: []
|
||||
# - in: something.com
|
||||
# out: somethingelse.com
|
||||
mapping: []
|
||||
# - domain: something.com
|
||||
# dnsserver: 192.168.178.1
|
||||
|
||||
# -- set blocking settings using Lists
|
||||
# Primarily designed for inclusion in the TrueNAS SCALE GUI
|
||||
blocking:
|
||||
# -- Sets the blocktype
|
||||
blockType: nxDomain
|
||||
# -- Sets the block ttl
|
||||
blockTTL: 6h
|
||||
# -- Sets the block refreshPeriod
|
||||
refreshPeriod: 4h
|
||||
# -- Sets the block download timeout
|
||||
downloadTimeout: 60s
|
||||
# -- Sets the block download attempt count
|
||||
downloadAttempts: 3
|
||||
# -- Sets the block download cooldown
|
||||
downloadCooldown: 2s
|
||||
# -- Set to fail start of lists cannot be downloaded
|
||||
failStartOnListError: false
|
||||
# -- Sets how many list-groups can be processed at the same time
|
||||
processingConcurrency: 4
|
||||
# -- Add blocky whitelists
|
||||
whitelist: []
|
||||
# - name: ads
|
||||
# lists:
|
||||
# - https://someurl.com/list.txt
|
||||
# - /somefile.txt
|
||||
|
||||
# -- Blocky blacklists
|
||||
blacklist: []
|
||||
# - name: ads
|
||||
# lists:
|
||||
# - https://someurl.com/list.txt
|
||||
# - /somefile.txt
|
||||
|
||||
# -- Blocky clientGroupsBlock
|
||||
clientGroupsBlock: []
|
||||
# - name: default
|
||||
# groups:
|
||||
# - ads
|
||||
|
||||
# -- configure using hostsfile for lookups
|
||||
# Allows for using the hosts configured in kubernetes and such
|
||||
hostsFile:
|
||||
enabled: false
|
||||
filePath: /etc/hosts
|
||||
hostsTTL: 60m
|
||||
refreshPeriod: 30m
|
||||
|
||||
## TODO: add this with postgresql support as well
|
||||
# queryLog:
|
||||
# type: csv
|
||||
# target: /logs
|
||||
# logRetentionDays: 0
|
||||
# creationAttempts: 3
|
||||
# CreationCooldown: 2
|
||||
|
||||
portal:
|
||||
enabled: true
|
||||
|
||||
serviceAccount:
|
||||
main:
|
||||
# -- Specifies whether a service account should be created
|
||||
enabled: true
|
||||
|
||||
# -- Create a ClusterRole and ClusterRoleBinding
|
||||
# @default -- See below
|
||||
rbac:
|
||||
main:
|
||||
# -- Enables or disables the ClusterRole and ClusterRoleBinding
|
||||
enabled: true
|
||||
|
||||
# -- Set Rules on the ClusterRole
|
||||
rules:
|
||||
- apiGroups:
|
||||
- ""
|
||||
resources:
|
||||
- services
|
||||
- namespaces
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
- apiGroups:
|
||||
- extensions
|
||||
- networking.k8s.io
|
||||
resources:
|
||||
- ingresses
|
||||
verbs:
|
||||
- list
|
||||
- watch
|
||||
|
||||
k8sgateway:
|
||||
enabled: true
|
||||
# -- TTL for non-apex responses (in seconds)
|
||||
ttl: 300
|
||||
|
||||
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
|
||||
watchedResources: []
|
||||
|
||||
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
|
||||
secondary: ""
|
||||
|
||||
# -- Override the default `serviceName.namespace` domain apex
|
||||
apex: ""
|
||||
|
||||
# -- list of processed domains
|
||||
domains: []
|
||||
# -- Delegated domain
|
||||
# - domain: "example.com"
|
||||
# # -- Optional configuration option for DNS01 challenge that will redirect all acme
|
||||
# # challenge requests to external cloud domain (e.g. managed by cert-manager)
|
||||
# # See: https://cert-manager.io/docs/configuration/acme/dns01/
|
||||
# dnsChallenge:
|
||||
# enabled: false
|
||||
# domain: dns01.clouddns.com
|
||||
|
||||
forward:
|
||||
enabled: false
|
||||
primary: tls://1.1.1.1
|
||||
secondary: tls://1.0.0.1
|
||||
options:
|
||||
- name: tls_servername
|
||||
value: cloudflare-dns.com
|
||||
|
||||
unbound:
|
||||
enabled: false
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
existingSecret: "rediscreds"
|
||||
@@ -21,6 +21,8 @@ words:
|
||||
- basicauthexample
|
||||
- batnoter
|
||||
- bazarr
|
||||
- Blocklists
|
||||
- blocktype
|
||||
- bugfixer's
|
||||
- bungeecord
|
||||
- cacher
|
||||
@@ -28,12 +30,15 @@ words:
|
||||
- cheatsheet
|
||||
- chronos
|
||||
- cifs
|
||||
- clouddns
|
||||
- cloudflared
|
||||
- cloudflareddns
|
||||
- collabora
|
||||
- configfile
|
||||
- configfiles
|
||||
- configmap
|
||||
- containo
|
||||
- cooldown
|
||||
- crossplay
|
||||
- csgo
|
||||
- cuda
|
||||
@@ -46,6 +51,8 @@ words:
|
||||
- ddns
|
||||
- djava
|
||||
- dnat
|
||||
- dnsserver
|
||||
- dnsservers
|
||||
- dockerized
|
||||
- duplicati
|
||||
- dynmap
|
||||
@@ -65,6 +72,7 @@ words:
|
||||
- gibibyte
|
||||
- gluster
|
||||
- goauthentik
|
||||
- Groupname
|
||||
- gunicorn
|
||||
- healthcheck
|
||||
- healthchecks
|
||||
@@ -196,9 +204,13 @@ words:
|
||||
- Scipy
|
||||
- selfsigned
|
||||
- serverconfig
|
||||
- servername
|
||||
- serverstransports
|
||||
- serviceexpert
|
||||
- sgateway
|
||||
- smallblock
|
||||
- somefile
|
||||
- somethingelse
|
||||
- sonarr
|
||||
- sonarrsabnzbd
|
||||
- sonatype
|
||||
@@ -235,6 +247,7 @@ words:
|
||||
- umami
|
||||
- unet
|
||||
- unifi
|
||||
- Upstreams
|
||||
- userspace
|
||||
- vaapi
|
||||
- valheim
|
||||
|
||||
Reference in New Issue
Block a user