migrate(technitium) migrate technitium to new common. **BREAKING CHANGES** (#10112)

**Description**
migrate app to new common, bump app version and housekeeping.

⚒️ Fixes  # <!--(issue)-->

**⚙️ Type of change**

- [ ] ⚙️ Feature/App addition
- [ ] 🪛 Bugfix
- [X] ⚠️ Breaking change (fix or feature that would cause existing
functionality to not work as expected)
- [X] 🔃 Refactor of current code

**🧪 How Has This Been Tested?**
<!--
Please describe the tests that you ran to verify your changes. Provide
instructions so we can reproduce. Please also list any relevant details
for your test configuration
-->

**📃 Notes:**
<!-- Please enter any other relevant information here -->

**✔️ Checklist:**

- [X] ⚖️ My code follows the style guidelines of this project
- [X] 👀 I have performed a self-review of my own code
- [ ] #️⃣ I have commented my code, particularly in hard-to-understand
areas
- [ ] 📄 I have made corresponding changes to the documentation
- [ ] ⚠️ My changes generate no new warnings
- [ ] 🧪 I have added tests to this description that prove my fix is
effective or that my feature works
- [X] ⬆️ I increased versions for any altered app according to semantic
versioning

** App addition**

If this PR is an app addition please make sure you have done the
following.

- [ ] 🪞 I have opened a PR on
[truecharts/containers](https://github.com/truecharts/containers) adding
the container to TrueCharts mirror repo.
- [ ] 🖼️ I have added an icon in the Chart's root directory called
`icon.png`

---

_Please don't blindly check all the boxes. Read them and only check
those that apply.
Those checkboxes are there for the reviewer to see what is this all
about and
the status of this PR with a quick glance._
This commit is contained in:
Xstar97TheNoob
2023-07-03 16:07:25 -04:00
committed by GitHub
parent e2e43c6312
commit ccbe14a92d
5 changed files with 204 additions and 191 deletions

View File

@@ -1,9 +1,9 @@
apiVersion: v2
appVersion: "8.1"
appVersion: "11.3.0"
dependencies:
- name: common
repository: https://library-charts.truecharts.org
version: 11.1.2
version: 12.14.6
deprecated: false
description: Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security.
home: https://truecharts.org/charts/incubator/technitium
@@ -21,7 +21,7 @@ sources:
- https://github.com/TechnitiumSoftware/DnsServer
- https://technitium.com/
type: application
version: 3.0.11
version: 4.0.0
annotations:
truecharts.org/catagories: |
- networking

View File

@@ -14,115 +14,109 @@ questions:
# Include{replicas1}
# Include{podSpec}
# Include{containerMain}
- variable: env
label: Image Environment
schema:
additional_attrs: true
type: dict
attrs:
- variable: DNS_SERVER_ADMIN_PASSWORD
label: "DNS Server Admin Password"
description: "DNS web console admin user password."
schema:
type: string
private: true
default: ""
- variable: DNS_SERVER_DOMAIN
label: "DNS Server Domain"
description: "The primary domain name used by this DNS Server to identify itself."
schema:
type: string
required: true
default: "dns-server"
- variable: DNS_SERVER_PREFER_IPV6
label: "DNS Server Prefer IpV6"
description: "DNS Server will use IPv6 for querying whenever possible with this option enabled."
schema:
type: boolean
default: false
- variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP
label: "DNS Server Optional Protocol DNS Over HTTP"
description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx."
schema:
type: boolean
default: false
- variable: DNS_SERVER_RECURSION
label: "DNS Server Recursion"
schema:
type: string
required: true
default: "AllowOnlyForPrivateNetworks"
enum:
- value: "AllowOnlyForPrivateNetworks"
description: "AllowOnlyForPrivateNetworks"
- value: "UseSpecifiedNetworks"
description: "UseSpecifiedNetworks"
- value: "Allow"
description: "Allow"
- value: "Deny"
description: "Deny"
- variable: DNS_SERVER_RECURSION_DENIED_NETWORKS
label: "DNS Server Recursion Denied Networks"
description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option."
schema:
show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]]
type: string
required: true
default: "1.1.1.0/24"
- variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS
label: "DNS Server Recursion Allowed Networks"
description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for UseSpecifiedNetworks recursion option."
schema:
show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]]
type: string
required: true
default: "1.1.1.0/24"
- variable: DNS_SERVER_ENABLE_BLOCKING
label: "DNS Server Enable BLocking"
description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone."
schema:
type: boolean
default: false
- variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT
label: "DNS Server Allow TXT Blocking Report"
description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests."
schema:
type: boolean
default: false
- variable: DNS_SERVER_FORWARDERS
label: "DNS Server Forwarders"
description: "Comma separated list of forwarder addresses."
schema:
type: string
default: "1.1.1.1,8.8.8.8"
- variable: DNS_SERVER_FORWARDER_PROTOCOL
label: "DNS Server Forwarder Protocol"
schema:
type: string
required: true
default: "Tcp"
enum:
- value: "Udp"
description: "Udp"
- value: "Tcp"
description: "Tcp"
- value: "Tls"
description: "Tls"
- value: "Https"
description: "Https"
- value: "HttpsJson"
description: "HttpsJson"
# Include{containerBasic}
# Include{containerAdvanced}
- variable: secretEnv
group: "App Configuration"
label: "Image Secrets"
schema:
additional_attrs: true
type: dict
attrs:
- variable: DNS_SERVER_ADMIN_PASSWORD
label: "DNS_SERVER_ADMIN_PASSWORD"
description: "DNS web console admin user password."
schema:
type: string
default: ""
private: true
required: true
- variable: env
group: "App Configuration"
label: "Image Environment"
schema:
additional_attrs: true
type: dict
attrs:
- variable: DNS_SERVER_DOMAIN
label: "DNS_SERVER_DOMAIN"
description: "The primary domain name used by this DNS Server to identify itself."
schema:
type: string
default: "dns-server"
required: true
- variable: DNS_SERVER_PREFER_IPV6
label: "DNS_SERVER_PREFER_IPV6"
description: "DNS Server will use IPv6 for querying whenever possible with this option enabled."
schema:
type: boolean
default: false
- variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP
label: "DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP"
description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx."
schema:
type: boolean
default: false
- variable: DNS_SERVER_RECURSION
label: "DNS_SERVER_RECURSION"
schema:
type: string
default: "AllowOnlyForPrivateNetworks"
enum:
- value: "AllowOnlyForPrivateNetworks"
description: "AllowOnlyForPrivateNetworks"
- value: "UseSpecifiedNetworks"
description: "UseSpecifiedNetworks"
- value: "Allow"
description: "Allow"
- value: "Deny"
description: "Deny"
- variable: DNS_SERVER_RECURSION_DENIED_NETWORKS
label: "DNS_SERVER_RECURSION_DENIED_NETWORKS"
description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option."
schema:
show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]]
type: string
default: "1.1.1.0/24"
- variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS
label: "DNS_SERVER_RECURSION_ALLOWED_NETWORKS"
description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option."
schema:
show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]]
type: string
default: "127.0.0.1, 192.168.1.0/24"
- variable: DNS_SERVER_ENABLE_BLOCKING
label: "DNS_SERVER_ENABLE_BLOCKING"
description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone."
schema:
type: boolean
default: false
- variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT
label: "DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT"
description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests."
schema:
type: boolean
default: false
- variable: DNS_SERVER_FORWARDERS
label: "DNS_SERVER_FORWARDERS"
description: "Comma separated list of forwarder addresses."
schema:
type: string
default: "1.1.1.1, 8.8.8.8"
- variable: DNS_SERVER_FORWARDER_PROTOCOL
label: "DNS_SERVER_FORWARDER_PROTOCOL"
description: "Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson."
schema:
type: string
default: "Tcp"
enum:
- value: "AllowOnlyForPrivateNetworks"
description: "AllowOnlyForPrivateNetworks"
- value: "Udp"
description: "Udp"
- value: "Tcp"
description: "Tcp"
- value: "Tls"
description: "Tls"
- value: "Https"
description: "Https"
- value: "HttpsJson"
description: "HttpsJson"
# Include{containerConfig}
# Include{serviceRoot}
- variable: main
@@ -169,9 +163,9 @@ questions:
type: int
default: 53
required: true
- variable: dns-tcp
label: "DNS-TCP Service"
description: "DNS-TCP Service"
- variable: dns
label: "DNS Service"
description: "DNS Service"
schema:
additional_attrs: true
type: dict
@@ -191,6 +185,19 @@ questions:
type: int
default: 53
required: true
- variable: dns-udp
label: "DNS-UDP Service Port Configuration"
schema:
additional_attrs: true
type: dict
attrs:
- variable: port
label: "Port"
description: "This port exposes the container port on the service"
schema:
type: int
default: 53
required: true
- variable: dns-tls
label: "DNS-TLS Service"
description: "DNS-TLS Service"

View File

@@ -0,0 +1 @@
{{- include "tc.v1.common.lib.chart.notes" $ -}}

View File

@@ -1 +1 @@
{{- include "tc.common.loader.all" . }}
{{ include "tc.v1.common.loader.all" . }}

View File

@@ -1,85 +1,15 @@
image:
repository: tccr.io/truecharts/technitium
pullPolicy: IfNotPresent
tag: v8.1@sha256:bd2688162b50a76c0cd526ed6f70a1561f520041f726b9ea655e0d1796947e9e
tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046
securityContext:
readOnlyRootFilesystem: false
runAsNonRoot: false
allowPrivilegeEscalation: true
podSecurityContext:
runAsUser: 0
runAsGroup: 0
secretEnv:
DNS_SERVER_ADMIN_PASSWORD: "password"
env:
DNS_SERVER_DOMAIN: "dns-server"
DNS_SERVER_PREFER_IPV6: false
DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false
DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks"
DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24"
DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24"
DNS_SERVER_ENABLE_BLOCKING: false
DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false
DNS_SERVER_FORWARDERS: "1.1.1.1, 8.8.8.8"
DNS_SERVER_FORWARDER_PROTOCOL: "Tcp"
service:
main:
ports:
main:
port: 5380
targetPort: 5380
dns-tcp:
enabled: true
ports:
dns-tcp:
enabled: true
port: 53
targetPort: 53
dns-udp:
enabled: true
ports:
dns-udp:
enabled: true
protocol: UDP
port: 53
targetPort: 53
dns-tls:
enabled: true
ports:
dns-tls:
enabled: true
protocol: TCP
port: 853
targetPort: 853
dns-cert:
enabled: true
ports:
dns-cert:
enabled: true
protocol: TCP
port: 10202
targetPort: 80
dns-https:
enabled: true
ports:
dns-https:
enabled: true
protocol: TCP
port: 10203
targetPort: 443
dns-https-proxy:
enabled: true
ports:
dns-https-proxy:
enabled: true
protocol: TCP
port: 10204
targetPort: 8053
container:
runAsNonRoot: false
readOnlyRootFilesystem: false
allowPrivilegeEscalation: true
runAsUser: 0
runAsGroup: 0
# Not sure if those will work on k8s
# - "443:443/tcp" #DNS-over-HTTPS service
@@ -87,10 +17,85 @@ service:
# Note sure if this will work with traefik
# - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy
service:
main:
ports:
main:
port: 5380
dns:
enabled: true
ports:
dns-tcp:
enabled: true
port: 53
targetPort: 53
dns-udp:
enabled: true
protocol: udp
port: 53
targetPort: 53
dns-tls:
enabled: true
ports:
dns-tls:
enabled: true
protocol: tcp
port: 853
targetPort: 853
dns-cert:
enabled: true
ports:
dns-cert:
enabled: true
protocol: tcp
port: 10202
targetPort: 80
dns-https:
enabled: true
ports:
dns-https:
enabled: true
protocol: tcp
port: 10203
targetPort: 443
dns-https-proxy:
enabled: true
ports:
dns-https-proxy:
enabled: true
protocol: tcp
port: 10204
targetPort: 8053
workload:
main:
podSpec:
containers:
main:
env:
DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}"
DNS_SERVER_ADMIN_PASSWORD: "password"
DNS_SERVER_DOMAIN: "dns-server"
DNS_SERVER_PREFER_IPV6: false
DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false
DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false
DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false
# Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks
DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks"
DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24"
DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24"
DNS_SERVER_ENABLE_BLOCKING: false
DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false
DNS_SERVER_BLOCK_LIST_URLS: ""
DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8"
# Udp, Tcp, Tls, Https, HttpsJson
DNS_SERVER_FORWARDER_PROTOCOL: "Tcp"
persistence:
config:
enabled: true
mountPath: "/etc/dns/config"
portal:
enabled: true
open:
enabled: true