diff --git a/charts/incubator/technitium/Chart.yaml b/charts/incubator/technitium/Chart.yaml index a8df55fc855..7c7bb642647 100644 --- a/charts/incubator/technitium/Chart.yaml +++ b/charts/incubator/technitium/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "8.1" +appVersion: "11.3.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 11.1.2 + version: 12.14.6 deprecated: false description: Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. home: https://truecharts.org/charts/incubator/technitium @@ -21,7 +21,7 @@ sources: - https://github.com/TechnitiumSoftware/DnsServer - https://technitium.com/ type: application -version: 3.0.11 +version: 4.0.0 annotations: truecharts.org/catagories: | - networking diff --git a/charts/incubator/technitium/questions.yaml b/charts/incubator/technitium/questions.yaml index 916cb391aeb..f0ebc966390 100644 --- a/charts/incubator/technitium/questions.yaml +++ b/charts/incubator/technitium/questions.yaml @@ -14,115 +14,109 @@ questions: # Include{replicas1} # Include{podSpec} # Include{containerMain} + + - variable: env + label: Image Environment + schema: + additional_attrs: true + type: dict + attrs: + - variable: DNS_SERVER_ADMIN_PASSWORD + label: "DNS Server Admin Password" + description: "DNS web console admin user password." + schema: + type: string + private: true + default: "" + - variable: DNS_SERVER_DOMAIN + label: "DNS Server Domain" + description: "The primary domain name used by this DNS Server to identify itself." + schema: + type: string + required: true + default: "dns-server" + - variable: DNS_SERVER_PREFER_IPV6 + label: "DNS Server Prefer IpV6" + description: "DNS Server will use IPv6 for querying whenever possible with this option enabled." + schema: + type: boolean + default: false + - variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP + label: "DNS Server Optional Protocol DNS Over HTTP" + description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx." + schema: + type: boolean + default: false + - variable: DNS_SERVER_RECURSION + label: "DNS Server Recursion" + schema: + type: string + required: true + default: "AllowOnlyForPrivateNetworks" + enum: + - value: "AllowOnlyForPrivateNetworks" + description: "AllowOnlyForPrivateNetworks" + - value: "UseSpecifiedNetworks" + description: "UseSpecifiedNetworks" + - value: "Allow" + description: "Allow" + - value: "Deny" + description: "Deny" + - variable: DNS_SERVER_RECURSION_DENIED_NETWORKS + label: "DNS Server Recursion Denied Networks" + description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option." + schema: + show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] + type: string + required: true + default: "1.1.1.0/24" + - variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS + label: "DNS Server Recursion Allowed Networks" + description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for UseSpecifiedNetworks recursion option." + schema: + show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] + type: string + required: true + default: "1.1.1.0/24" + - variable: DNS_SERVER_ENABLE_BLOCKING + label: "DNS Server Enable BLocking" + description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone." + schema: + type: boolean + default: false + - variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT + label: "DNS Server Allow TXT Blocking Report" + description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests." + schema: + type: boolean + default: false + - variable: DNS_SERVER_FORWARDERS + label: "DNS Server Forwarders" + description: "Comma separated list of forwarder addresses." + schema: + type: string + default: "1.1.1.1,8.8.8.8" + - variable: DNS_SERVER_FORWARDER_PROTOCOL + label: "DNS Server Forwarder Protocol" + schema: + type: string + required: true + default: "Tcp" + enum: + - value: "Udp" + description: "Udp" + - value: "Tcp" + description: "Tcp" + - value: "Tls" + description: "Tls" + - value: "Https" + description: "Https" + - value: "HttpsJson" + description: "HttpsJson" + # Include{containerBasic} # Include{containerAdvanced} - - variable: secretEnv - group: "App Configuration" - label: "Image Secrets" - schema: - additional_attrs: true - type: dict - attrs: - - variable: DNS_SERVER_ADMIN_PASSWORD - label: "DNS_SERVER_ADMIN_PASSWORD" - description: "DNS web console admin user password." - schema: - type: string - default: "" - private: true - required: true - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: DNS_SERVER_DOMAIN - label: "DNS_SERVER_DOMAIN" - description: "The primary domain name used by this DNS Server to identify itself." - schema: - type: string - default: "dns-server" - required: true - - variable: DNS_SERVER_PREFER_IPV6 - label: "DNS_SERVER_PREFER_IPV6" - description: "DNS Server will use IPv6 for querying whenever possible with this option enabled." - schema: - type: boolean - default: false - - variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP - label: "DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP" - description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx." - schema: - type: boolean - default: false - - variable: DNS_SERVER_RECURSION - label: "DNS_SERVER_RECURSION" - schema: - type: string - default: "AllowOnlyForPrivateNetworks" - enum: - - value: "AllowOnlyForPrivateNetworks" - description: "AllowOnlyForPrivateNetworks" - - value: "UseSpecifiedNetworks" - description: "UseSpecifiedNetworks" - - value: "Allow" - description: "Allow" - - value: "Deny" - description: "Deny" - - variable: DNS_SERVER_RECURSION_DENIED_NETWORKS - label: "DNS_SERVER_RECURSION_DENIED_NETWORKS" - description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option." - schema: - show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] - type: string - default: "1.1.1.0/24" - - variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS - label: "DNS_SERVER_RECURSION_ALLOWED_NETWORKS" - description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option." - schema: - show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] - type: string - default: "127.0.0.1, 192.168.1.0/24" - - variable: DNS_SERVER_ENABLE_BLOCKING - label: "DNS_SERVER_ENABLE_BLOCKING" - description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone." - schema: - type: boolean - default: false - - variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT - label: "DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT" - description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests." - schema: - type: boolean - default: false - - variable: DNS_SERVER_FORWARDERS - label: "DNS_SERVER_FORWARDERS" - description: "Comma separated list of forwarder addresses." - schema: - type: string - default: "1.1.1.1, 8.8.8.8" - - variable: DNS_SERVER_FORWARDER_PROTOCOL - label: "DNS_SERVER_FORWARDER_PROTOCOL" - description: "Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson." - schema: - type: string - default: "Tcp" - enum: - - value: "AllowOnlyForPrivateNetworks" - description: "AllowOnlyForPrivateNetworks" - - value: "Udp" - description: "Udp" - - value: "Tcp" - description: "Tcp" - - value: "Tls" - description: "Tls" - - value: "Https" - description: "Https" - - value: "HttpsJson" - description: "HttpsJson" # Include{containerConfig} # Include{serviceRoot} - variable: main @@ -169,9 +163,9 @@ questions: type: int default: 53 required: true - - variable: dns-tcp - label: "DNS-TCP Service" - description: "DNS-TCP Service" + - variable: dns + label: "DNS Service" + description: "DNS Service" schema: additional_attrs: true type: dict @@ -191,6 +185,19 @@ questions: type: int default: 53 required: true + - variable: dns-udp + label: "DNS-UDP Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 53 + required: true - variable: dns-tls label: "DNS-TLS Service" description: "DNS-TLS Service" diff --git a/charts/incubator/technitium/templates/NOTES.txt b/charts/incubator/technitium/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/technitium/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/technitium/templates/common.yaml b/charts/incubator/technitium/templates/common.yaml index ead65062525..b51394e00a4 100644 --- a/charts/incubator/technitium/templates/common.yaml +++ b/charts/incubator/technitium/templates/common.yaml @@ -1 +1 @@ -{{- include "tc.common.loader.all" . }} +{{ include "tc.v1.common.loader.all" . }} diff --git a/charts/incubator/technitium/values.yaml b/charts/incubator/technitium/values.yaml index 3a3394f6a59..8dd8cfa7150 100644 --- a/charts/incubator/technitium/values.yaml +++ b/charts/incubator/technitium/values.yaml @@ -1,85 +1,15 @@ image: repository: tccr.io/truecharts/technitium pullPolicy: IfNotPresent - tag: v8.1@sha256:bd2688162b50a76c0cd526ed6f70a1561f520041f726b9ea655e0d1796947e9e + tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046 securityContext: - readOnlyRootFilesystem: false - runAsNonRoot: false - allowPrivilegeEscalation: true - -podSecurityContext: - runAsUser: 0 - runAsGroup: 0 - -secretEnv: - DNS_SERVER_ADMIN_PASSWORD: "password" - -env: - DNS_SERVER_DOMAIN: "dns-server" - DNS_SERVER_PREFER_IPV6: false - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false - DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" - DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" - DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" - DNS_SERVER_ENABLE_BLOCKING: false - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false - DNS_SERVER_FORWARDERS: "1.1.1.1, 8.8.8.8" - DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" - -service: - main: - ports: - main: - port: 5380 - targetPort: 5380 - dns-tcp: - enabled: true - ports: - dns-tcp: - enabled: true - port: 53 - targetPort: 53 - dns-udp: - enabled: true - ports: - dns-udp: - enabled: true - protocol: UDP - port: 53 - targetPort: 53 - dns-tls: - enabled: true - ports: - dns-tls: - enabled: true - protocol: TCP - port: 853 - targetPort: 853 - dns-cert: - enabled: true - ports: - dns-cert: - enabled: true - protocol: TCP - port: 10202 - targetPort: 80 - dns-https: - enabled: true - ports: - dns-https: - enabled: true - protocol: TCP - port: 10203 - targetPort: 443 - dns-https-proxy: - enabled: true - ports: - dns-https-proxy: - enabled: true - protocol: TCP - port: 10204 - targetPort: 8053 + container: + runAsNonRoot: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + runAsUser: 0 + runAsGroup: 0 # Not sure if those will work on k8s # - "443:443/tcp" #DNS-over-HTTPS service @@ -87,10 +17,85 @@ service: # Note sure if this will work with traefik # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy +service: + main: + ports: + main: + port: 5380 + dns: + enabled: true + ports: + dns-tcp: + enabled: true + port: 53 + targetPort: 53 + dns-udp: + enabled: true + protocol: udp + port: 53 + targetPort: 53 + dns-tls: + enabled: true + ports: + dns-tls: + enabled: true + protocol: tcp + port: 853 + targetPort: 853 + dns-cert: + enabled: true + ports: + dns-cert: + enabled: true + protocol: tcp + port: 10202 + targetPort: 80 + dns-https: + enabled: true + ports: + dns-https: + enabled: true + protocol: tcp + port: 10203 + targetPort: 443 + dns-https-proxy: + enabled: true + ports: + dns-https-proxy: + enabled: true + protocol: tcp + port: 10204 + targetPort: 8053 + +workload: + main: + podSpec: + containers: + main: + env: + DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}" + DNS_SERVER_ADMIN_PASSWORD: "password" + DNS_SERVER_DOMAIN: "dns-server" + DNS_SERVER_PREFER_IPV6: false + DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false + DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false + DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false + # Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks + DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" + DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" + DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" + DNS_SERVER_ENABLE_BLOCKING: false + DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false + DNS_SERVER_BLOCK_LIST_URLS: "" + DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8" + # Udp, Tcp, Tls, Https, HttpsJson + DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" + persistence: config: enabled: true mountPath: "/etc/dns/config" portal: - enabled: true + open: + enabled: true