From ccbe14a92d8918bee29bdd9eeb152b9cff8dcbb4 Mon Sep 17 00:00:00 2001 From: Xstar97TheNoob <9399967+xstar97@users.noreply.github.com> Date: Mon, 3 Jul 2023 16:07:25 -0400 Subject: [PATCH] migrate(technitium) migrate technitium to new common. **BREAKING CHANGES** (#10112) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit **Description** migrate app to new common, bump app version and housekeeping. ⚒️ Fixes # **⚙️ Type of change** - [ ] ⚙️ Feature/App addition - [ ] 🪛 Bugfix - [X] ⚠️ Breaking change (fix or feature that would cause existing functionality to not work as expected) - [X] 🔃 Refactor of current code **🧪 How Has This Been Tested?** **📃 Notes:** **✔️ Checklist:** - [X] ⚖️ My code follows the style guidelines of this project - [X] 👀 I have performed a self-review of my own code - [ ] #️⃣ I have commented my code, particularly in hard-to-understand areas - [ ] 📄 I have made corresponding changes to the documentation - [ ] ⚠️ My changes generate no new warnings - [ ] 🧪 I have added tests to this description that prove my fix is effective or that my feature works - [X] ⬆️ I increased versions for any altered app according to semantic versioning **➕ App addition** If this PR is an app addition please make sure you have done the following. - [ ] 🪞 I have opened a PR on [truecharts/containers](https://github.com/truecharts/containers) adding the container to TrueCharts mirror repo. - [ ] 🖼️ I have added an icon in the Chart's root directory called `icon.png` --- _Please don't blindly check all the boxes. Read them and only check those that apply. Those checkboxes are there for the reviewer to see what is this all about and the status of this PR with a quick glance._ --- charts/incubator/technitium/Chart.yaml | 6 +- charts/incubator/technitium/questions.yaml | 225 +++++++++--------- .../incubator/technitium/templates/NOTES.txt | 1 + .../technitium/templates/common.yaml | 2 +- charts/incubator/technitium/values.yaml | 161 +++++++------ 5 files changed, 204 insertions(+), 191 deletions(-) create mode 100644 charts/incubator/technitium/templates/NOTES.txt diff --git a/charts/incubator/technitium/Chart.yaml b/charts/incubator/technitium/Chart.yaml index a8df55fc855..7c7bb642647 100644 --- a/charts/incubator/technitium/Chart.yaml +++ b/charts/incubator/technitium/Chart.yaml @@ -1,9 +1,9 @@ apiVersion: v2 -appVersion: "8.1" +appVersion: "11.3.0" dependencies: - name: common repository: https://library-charts.truecharts.org - version: 11.1.2 + version: 12.14.6 deprecated: false description: Technitium DNS Server is an open source authoritative as well as recursive DNS server that can be used for self hosting a DNS server for privacy & security. home: https://truecharts.org/charts/incubator/technitium @@ -21,7 +21,7 @@ sources: - https://github.com/TechnitiumSoftware/DnsServer - https://technitium.com/ type: application -version: 3.0.11 +version: 4.0.0 annotations: truecharts.org/catagories: | - networking diff --git a/charts/incubator/technitium/questions.yaml b/charts/incubator/technitium/questions.yaml index 916cb391aeb..f0ebc966390 100644 --- a/charts/incubator/technitium/questions.yaml +++ b/charts/incubator/technitium/questions.yaml @@ -14,115 +14,109 @@ questions: # Include{replicas1} # Include{podSpec} # Include{containerMain} + + - variable: env + label: Image Environment + schema: + additional_attrs: true + type: dict + attrs: + - variable: DNS_SERVER_ADMIN_PASSWORD + label: "DNS Server Admin Password" + description: "DNS web console admin user password." + schema: + type: string + private: true + default: "" + - variable: DNS_SERVER_DOMAIN + label: "DNS Server Domain" + description: "The primary domain name used by this DNS Server to identify itself." + schema: + type: string + required: true + default: "dns-server" + - variable: DNS_SERVER_PREFER_IPV6 + label: "DNS Server Prefer IpV6" + description: "DNS Server will use IPv6 for querying whenever possible with this option enabled." + schema: + type: boolean + default: false + - variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP + label: "DNS Server Optional Protocol DNS Over HTTP" + description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx." + schema: + type: boolean + default: false + - variable: DNS_SERVER_RECURSION + label: "DNS Server Recursion" + schema: + type: string + required: true + default: "AllowOnlyForPrivateNetworks" + enum: + - value: "AllowOnlyForPrivateNetworks" + description: "AllowOnlyForPrivateNetworks" + - value: "UseSpecifiedNetworks" + description: "UseSpecifiedNetworks" + - value: "Allow" + description: "Allow" + - value: "Deny" + description: "Deny" + - variable: DNS_SERVER_RECURSION_DENIED_NETWORKS + label: "DNS Server Recursion Denied Networks" + description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option." + schema: + show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] + type: string + required: true + default: "1.1.1.0/24" + - variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS + label: "DNS Server Recursion Allowed Networks" + description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for UseSpecifiedNetworks recursion option." + schema: + show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] + type: string + required: true + default: "1.1.1.0/24" + - variable: DNS_SERVER_ENABLE_BLOCKING + label: "DNS Server Enable BLocking" + description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone." + schema: + type: boolean + default: false + - variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT + label: "DNS Server Allow TXT Blocking Report" + description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests." + schema: + type: boolean + default: false + - variable: DNS_SERVER_FORWARDERS + label: "DNS Server Forwarders" + description: "Comma separated list of forwarder addresses." + schema: + type: string + default: "1.1.1.1,8.8.8.8" + - variable: DNS_SERVER_FORWARDER_PROTOCOL + label: "DNS Server Forwarder Protocol" + schema: + type: string + required: true + default: "Tcp" + enum: + - value: "Udp" + description: "Udp" + - value: "Tcp" + description: "Tcp" + - value: "Tls" + description: "Tls" + - value: "Https" + description: "Https" + - value: "HttpsJson" + description: "HttpsJson" + # Include{containerBasic} # Include{containerAdvanced} - - variable: secretEnv - group: "App Configuration" - label: "Image Secrets" - schema: - additional_attrs: true - type: dict - attrs: - - variable: DNS_SERVER_ADMIN_PASSWORD - label: "DNS_SERVER_ADMIN_PASSWORD" - description: "DNS web console admin user password." - schema: - type: string - default: "" - private: true - required: true - - variable: env - group: "App Configuration" - label: "Image Environment" - schema: - additional_attrs: true - type: dict - attrs: - - variable: DNS_SERVER_DOMAIN - label: "DNS_SERVER_DOMAIN" - description: "The primary domain name used by this DNS Server to identify itself." - schema: - type: string - default: "dns-server" - required: true - - variable: DNS_SERVER_PREFER_IPV6 - label: "DNS_SERVER_PREFER_IPV6" - description: "DNS Server will use IPv6 for querying whenever possible with this option enabled." - schema: - type: boolean - default: false - - variable: DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP - label: "DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP" - description: "Enables DNS server optional protocol DNS-over-HTTP on TCP port 8053 to be used with a TLS terminating reverse proxy like nginx." - schema: - type: boolean - default: false - - variable: DNS_SERVER_RECURSION - label: "DNS_SERVER_RECURSION" - schema: - type: string - default: "AllowOnlyForPrivateNetworks" - enum: - - value: "AllowOnlyForPrivateNetworks" - description: "AllowOnlyForPrivateNetworks" - - value: "UseSpecifiedNetworks" - description: "UseSpecifiedNetworks" - - value: "Allow" - description: "Allow" - - value: "Deny" - description: "Deny" - - variable: DNS_SERVER_RECURSION_DENIED_NETWORKS - label: "DNS_SERVER_RECURSION_DENIED_NETWORKS" - description: "Comma separated list of IP addresses or network addresses to deny recursion. Valid only for UseSpecifiedNetworks recursion option." - schema: - show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] - type: string - default: "1.1.1.0/24" - - variable: DNS_SERVER_RECURSION_ALLOWED_NETWORKS - label: "DNS_SERVER_RECURSION_ALLOWED_NETWORKS" - description: "Comma separated list of IP addresses or network addresses to allow recursion. Valid only for `UseSpecifiedNetworks` recursion option." - schema: - show_if: [["DNS_SERVER_RECURSION", "=", "UseSpecifiedNetworks"]] - type: string - default: "127.0.0.1, 192.168.1.0/24" - - variable: DNS_SERVER_ENABLE_BLOCKING - label: "DNS_SERVER_ENABLE_BLOCKING" - description: "Sets the DNS server to block domain names using Blocked Zone and Block List Zone." - schema: - type: boolean - default: false - - variable: DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT - label: "DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT" - description: "Specifies if the DNS Server should respond with TXT records containing a blocked domain report for TXT type requests." - schema: - type: boolean - default: false - - variable: DNS_SERVER_FORWARDERS - label: "DNS_SERVER_FORWARDERS" - description: "Comma separated list of forwarder addresses." - schema: - type: string - default: "1.1.1.1, 8.8.8.8" - - variable: DNS_SERVER_FORWARDER_PROTOCOL - label: "DNS_SERVER_FORWARDER_PROTOCOL" - description: "Forwarder protocol options: Udp, Tcp, Tls, Https, HttpsJson." - schema: - type: string - default: "Tcp" - enum: - - value: "AllowOnlyForPrivateNetworks" - description: "AllowOnlyForPrivateNetworks" - - value: "Udp" - description: "Udp" - - value: "Tcp" - description: "Tcp" - - value: "Tls" - description: "Tls" - - value: "Https" - description: "Https" - - value: "HttpsJson" - description: "HttpsJson" # Include{containerConfig} # Include{serviceRoot} - variable: main @@ -169,9 +163,9 @@ questions: type: int default: 53 required: true - - variable: dns-tcp - label: "DNS-TCP Service" - description: "DNS-TCP Service" + - variable: dns + label: "DNS Service" + description: "DNS Service" schema: additional_attrs: true type: dict @@ -191,6 +185,19 @@ questions: type: int default: 53 required: true + - variable: dns-udp + label: "DNS-UDP Service Port Configuration" + schema: + additional_attrs: true + type: dict + attrs: + - variable: port + label: "Port" + description: "This port exposes the container port on the service" + schema: + type: int + default: 53 + required: true - variable: dns-tls label: "DNS-TLS Service" description: "DNS-TLS Service" diff --git a/charts/incubator/technitium/templates/NOTES.txt b/charts/incubator/technitium/templates/NOTES.txt new file mode 100644 index 00000000000..efcb74cb772 --- /dev/null +++ b/charts/incubator/technitium/templates/NOTES.txt @@ -0,0 +1 @@ +{{- include "tc.v1.common.lib.chart.notes" $ -}} diff --git a/charts/incubator/technitium/templates/common.yaml b/charts/incubator/technitium/templates/common.yaml index ead65062525..b51394e00a4 100644 --- a/charts/incubator/technitium/templates/common.yaml +++ b/charts/incubator/technitium/templates/common.yaml @@ -1 +1 @@ -{{- include "tc.common.loader.all" . }} +{{ include "tc.v1.common.loader.all" . }} diff --git a/charts/incubator/technitium/values.yaml b/charts/incubator/technitium/values.yaml index 3a3394f6a59..8dd8cfa7150 100644 --- a/charts/incubator/technitium/values.yaml +++ b/charts/incubator/technitium/values.yaml @@ -1,85 +1,15 @@ image: repository: tccr.io/truecharts/technitium pullPolicy: IfNotPresent - tag: v8.1@sha256:bd2688162b50a76c0cd526ed6f70a1561f520041f726b9ea655e0d1796947e9e + tag: v11.3.0@sha256:e7a2cc08975130129dd6c31058af58b32c22336d752242d623acbbf045698046 securityContext: - readOnlyRootFilesystem: false - runAsNonRoot: false - allowPrivilegeEscalation: true - -podSecurityContext: - runAsUser: 0 - runAsGroup: 0 - -secretEnv: - DNS_SERVER_ADMIN_PASSWORD: "password" - -env: - DNS_SERVER_DOMAIN: "dns-server" - DNS_SERVER_PREFER_IPV6: false - DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false - DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" - DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" - DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" - DNS_SERVER_ENABLE_BLOCKING: false - DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false - DNS_SERVER_FORWARDERS: "1.1.1.1, 8.8.8.8" - DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" - -service: - main: - ports: - main: - port: 5380 - targetPort: 5380 - dns-tcp: - enabled: true - ports: - dns-tcp: - enabled: true - port: 53 - targetPort: 53 - dns-udp: - enabled: true - ports: - dns-udp: - enabled: true - protocol: UDP - port: 53 - targetPort: 53 - dns-tls: - enabled: true - ports: - dns-tls: - enabled: true - protocol: TCP - port: 853 - targetPort: 853 - dns-cert: - enabled: true - ports: - dns-cert: - enabled: true - protocol: TCP - port: 10202 - targetPort: 80 - dns-https: - enabled: true - ports: - dns-https: - enabled: true - protocol: TCP - port: 10203 - targetPort: 443 - dns-https-proxy: - enabled: true - ports: - dns-https-proxy: - enabled: true - protocol: TCP - port: 10204 - targetPort: 8053 + container: + runAsNonRoot: false + readOnlyRootFilesystem: false + allowPrivilegeEscalation: true + runAsUser: 0 + runAsGroup: 0 # Not sure if those will work on k8s # - "443:443/tcp" #DNS-over-HTTPS service @@ -87,10 +17,85 @@ service: # Note sure if this will work with traefik # - "8053:8053/tcp" #DNS-over-HTTPS using reverse proxy +service: + main: + ports: + main: + port: 5380 + dns: + enabled: true + ports: + dns-tcp: + enabled: true + port: 53 + targetPort: 53 + dns-udp: + enabled: true + protocol: udp + port: 53 + targetPort: 53 + dns-tls: + enabled: true + ports: + dns-tls: + enabled: true + protocol: tcp + port: 853 + targetPort: 853 + dns-cert: + enabled: true + ports: + dns-cert: + enabled: true + protocol: tcp + port: 10202 + targetPort: 80 + dns-https: + enabled: true + ports: + dns-https: + enabled: true + protocol: tcp + port: 10203 + targetPort: 443 + dns-https-proxy: + enabled: true + ports: + dns-https-proxy: + enabled: true + protocol: tcp + port: 10204 + targetPort: 8053 + +workload: + main: + podSpec: + containers: + main: + env: + DNS_SERVER_WEB_SERVICE_HTTP_PORT: "{{ .Values.service.main.ports.main.port }}" + DNS_SERVER_ADMIN_PASSWORD: "password" + DNS_SERVER_DOMAIN: "dns-server" + DNS_SERVER_PREFER_IPV6: false + DNS_SERVER_OPTIONAL_PROTOCOL_DNS_OVER_HTTP: false + DNS_SERVER_WEB_SERVICE_ENABLE_HTTPS: false + DNS_SERVER_WEB_SERVICE_USE_SELF_SIGNED_CERT: false + # Allow, Deny, AllowOnlyForPrivateNetworks, UseSpecifiedNetworks + DNS_SERVER_RECURSION: "AllowOnlyForPrivateNetworks" + DNS_SERVER_RECURSION_DENIED_NETWORKS: "1.1.1.0/24" + DNS_SERVER_RECURSION_ALLOWED_NETWORKS: "127.0.0.1, 192.168.1.0/24" + DNS_SERVER_ENABLE_BLOCKING: false + DNS_SERVER_ALLOW_TXT_BLOCKING_REPORT: false + DNS_SERVER_BLOCK_LIST_URLS: "" + DNS_SERVER_FORWARDERS: "1.1.1.1,8.8.8.8" + # Udp, Tcp, Tls, Https, HttpsJson + DNS_SERVER_FORWARDER_PROTOCOL: "Tcp" + persistence: config: enabled: true mountPath: "/etc/dns/config" portal: - enabled: true + open: + enabled: true