diff --git a/charts/blocky/.helmignore b/charts/blocky/.helmignore new file mode 100644 index 00000000..e559de0a --- /dev/null +++ b/charts/blocky/.helmignore @@ -0,0 +1,24 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ +# OWNERS file for Kubernetes +OWNERS diff --git a/charts/blocky/Chart.yaml b/charts/blocky/Chart.yaml new file mode 100644 index 00000000..bbfd88ca --- /dev/null +++ b/charts/blocky/Chart.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +appVersion: "v0.5" +description: DNS proxy as ad-blocker for local network +name: blocky +version: 1.0.0 +keywords: + - blocky + - dbs +home: https://github.com/billimek/billimek-charts/tree/master/charts/blocky +icon: https://raw.githubusercontent.com/0xERR0R/blocky/master/docs/blocky.svg +sources: + - https://github.com/0xERR0R/blocky +maintainers: + - name: billimek + email: jeff@billimek.com diff --git a/charts/blocky/OWNERS b/charts/blocky/OWNERS new file mode 100644 index 00000000..51f88652 --- /dev/null +++ b/charts/blocky/OWNERS @@ -0,0 +1,4 @@ +approvers: +- billimek +reviewers: +- billimek \ No newline at end of file diff --git a/charts/blocky/README.md b/charts/blocky/README.md new file mode 100644 index 00000000..40f41f13 --- /dev/null +++ b/charts/blocky/README.md @@ -0,0 +1,48 @@ +# DNS proxy as ad-blocker for local network + +This is an opinionated helm chart for [blocky](https://github.com/0xERR0R/blocky) + +The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64) + +## TL;DR; + +```shell +$ helm repo add billimek https://billimek.com/billimek-charts/ +$ helm install billimek/blocky +``` + +## Installing the Chart + +To install the chart with the release name `my-release`: + +```console +helm install --name blocky billimek/blocky +``` + +## Uninstalling the Chart + +To uninstall/delete the `blocky` deployment: + +```console +helm delete blocky --purge +``` + +The command removes all the Kubernetes components associated with the chart and deletes the release. + +## Configuration + +Read through the [values.yaml](https://github.com/billimek/billimek-charts/blob/master/charts/blocky/values.yaml) file. It has several commented out suggested values. + +Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example, + +```console +helm install --name blocky \ + --set timeZone="America/New York" \ + billimek/blocky +``` + +Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, + +```console +helm install --name blocky -f values.yaml billimek/blocky +``` diff --git a/charts/blocky/templates/NOTES.txt b/charts/blocky/templates/NOTES.txt new file mode 100644 index 00000000..6c3337cb --- /dev/null +++ b/charts/blocky/templates/NOTES.txt @@ -0,0 +1,15 @@ +1. Get the application URL by running these commands: +{{- if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "blocky.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get svc -w {{ include "blocky.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "blocky.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}') + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "blocky.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl port-forward $POD_NAME 8080:80 +{{- end }} diff --git a/charts/blocky/templates/_helpers.tpl b/charts/blocky/templates/_helpers.tpl new file mode 100644 index 00000000..985ff9ea --- /dev/null +++ b/charts/blocky/templates/_helpers.tpl @@ -0,0 +1,41 @@ +{{/* vim: set filetype=mustache: */}} +{{/* +Expand the name of the chart. +*/}} +{{- define "blocky.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "blocky.fullname" -}} +{{- if .Values.fullnameOverride -}} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- $name := default .Chart.Name .Values.nameOverride -}} +{{- if contains $name .Release.Name -}} +{{- .Release.Name | trunc 63 | trimSuffix "-" -}} +{{- else -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} +{{- end -}} +{{- end -}} + +{{/* +Create a default fully qualified postgresql name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +*/}} +{{- define "blocky.postgresql.fullname" -}} +{{- $name := default "postgresql" .Values.postgresql.nameOverride -}} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} +{{- end -}} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "blocky.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}} +{{- end -}} diff --git a/charts/blocky/templates/configmap.yaml b/charts/blocky/templates/configmap.yaml new file mode 100644 index 00000000..c4df7086 --- /dev/null +++ b/charts/blocky/templates/configmap.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "blocky.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + helm.sh/chart: {{ include "blocky.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +data: + config.yml: | +{{ .Values.config | indent 4 }} diff --git a/charts/blocky/templates/deployment.yaml b/charts/blocky/templates/deployment.yaml new file mode 100644 index 00000000..2a1b3a0c --- /dev/null +++ b/charts/blocky/templates/deployment.yaml @@ -0,0 +1,87 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: {{ include "blocky.fullname" . }} + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + helm.sh/chart: {{ include "blocky.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + replicas: {{ .Values.replicas }} + revisionHistoryLimit: 3 + selector: + matchLabels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + template: + metadata: + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + spec: + containers: + - name: {{ .Chart.Name }} + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} + env: + {{- if .Values.timeZone }} + - name: TZ + value: {{ .Values.timeZone | quote }} + {{- end }} + volumeMounts: + - name: config + mountPath: /app/config.yml + subPath: config.yml + - name: logs + mountPath: /logs + ports: + - name: prometheus + containerPort: 4000 + protocol: TCP + - containerPort: 53 + name: dns + protocol: TCP + - containerPort: 53 + name: dns-udp + protocol: UDP + # livenessProbe: + # httpGet: + # path: / + # port: http + # failureThreshold: {{ .Values.probes.liveness.failureThreshold }} + # periodSeconds: {{ .Values.probes.liveness.periodSeconds }} + # readinessProbe: + # httpGet: + # path: / + # port: http + # failureThreshold: {{ .Values.probes.readiness.failureThreshold }} + # periodSeconds: {{ .Values.probes.readiness.periodSeconds }} + # startupProbe: + # httpGet: + # path: / + # port: http + # initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }} + # failureThreshold: {{ .Values.probes.startup.failureThreshold }} + # periodSeconds: {{ .Values.probes.startup.periodSeconds }} + resources: + {{- toYaml .Values.resources | nindent 12 }} + volumes: + - name: config + configMap: + name: {{ template "blocky.fullname" . }} + - name: logs + emptyDir: + medium: Memory + {{- with .Values.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} diff --git a/charts/blocky/templates/service-prometheus.yaml b/charts/blocky/templates/service-prometheus.yaml new file mode 100644 index 00000000..169c71ec --- /dev/null +++ b/charts/blocky/templates/service-prometheus.yaml @@ -0,0 +1,21 @@ +{{- if .Values.servicePrometheus.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "blocky.fullname" . }}-prometheus + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + helm.sh/chart: {{ include "blocky.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.service.type }} + ports: + - port: {{ .Values.service.port }} + targetPort: http + protocol: TCP + name: prometheus + selector: + app.kubernetes.io/name: {{ include "blocky.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/blocky/templates/service-tcp.yaml b/charts/blocky/templates/service-tcp.yaml new file mode 100644 index 00000000..b2d7ebd6 --- /dev/null +++ b/charts/blocky/templates/service-tcp.yaml @@ -0,0 +1,26 @@ +{{- if .Values.serviceTCP.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "blocky.fullname" . }}-tcp + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + helm.sh/chart: {{ include "blocky.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.serviceTCP.type }} + {{- if .Values.serviceTCP.loadBalancerIP }} + loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }} + {{- end }} + externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }} + ports: + - port: 53 + targetPort: dns + protocol: TCP + name: dns + selector: + app.kubernetes.io/name: {{ include "blocky.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + diff --git a/charts/blocky/templates/service-udp.yaml b/charts/blocky/templates/service-udp.yaml new file mode 100644 index 00000000..1f0eacd6 --- /dev/null +++ b/charts/blocky/templates/service-udp.yaml @@ -0,0 +1,25 @@ +{{- if .Values.serviceUDP.enabled }} +apiVersion: v1 +kind: Service +metadata: + name: {{ include "blocky.fullname" . }}-udp + labels: + app.kubernetes.io/name: {{ include "blocky.name" . }} + helm.sh/chart: {{ include "blocky.chart" . }} + app.kubernetes.io/instance: {{ .Release.Name }} + app.kubernetes.io/managed-by: {{ .Release.Service }} +spec: + type: {{ .Values.serviceUDP.type }} + {{- if .Values.serviceUDP.loadBalancerIP }} + loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }} + {{- end }} + externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }} + ports: + - port: 53 + targetPort: dns-udp + protocol: UDP + name: dns-udp + selector: + app.kubernetes.io/name: {{ include "blocky.name" . }} + app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} diff --git a/charts/blocky/values.yaml b/charts/blocky/values.yaml new file mode 100644 index 00000000..d8dc4fc1 --- /dev/null +++ b/charts/blocky/values.yaml @@ -0,0 +1,184 @@ +replicaCount: 1 + +image: + repository: spx01/blocky + tag: v0.5 + pullPolicy: IfNotPresent + +nameOverride: "" +fullnameOverride: "" + +replicas: 1 + +timeZone: "UTC" + +# blocky configuration +config: | + upstream: + # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query + # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh)) + externalResolvers: + - udp:8.8.8.8 + - udp:8.8.4.4 + - udp:1.1.1.1 + - tcp-tls:1.0.0.1:853 + - https://cloudflare-dns.com/dns-query + + # optional: custom IP address for domain name (with all sub-domains) + # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3 + customDNS: + mapping: + printer.lan: 192.168.178.3 + + # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains). + # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name + conditional: + mapping: + fritz.box: udp:192.168.178.1 + + # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.) + blocking: + # definition of blacklist groups. Can be external link (http/https) or local file + blackLists: + ads: + - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt + - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts + - https://mirror1.malwaredomains.com/files/justdomains + - http://sysctl.org/cameleon/hosts + - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist + - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt + special: + - https://hosts-file.net/ad_servers.txt + # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked + whiteLists: + ads: + - whitelist.txt + # definition: which groups should be applied for which client + clientGroupsBlock: + # default will be used, if no special definition for a client name exists + default: + - ads + - special + # use client name or ip address + laptop.fritz.box: + - ads + # which response will be sent, if query is blocked: + # zeroIp: 0.0.0.0 will be returned (default) + # nxDomain: return NXDOMAIN as return code + blockType: zeroIp + # optional: automatically list refresh period in minutes. Default: 4h. + # Negative value -> deactivate automatically refresh. + # 0 value -> use default + refreshPeriod: 1 + + # optional: configuration for caching of DNS responses + caching: + # amount in minutes, how long a response must be cached (min value). + # If <=0, use response's TTL, if >0 use this value, if TTL is smaller + # Default: 0 + minTime: 40 + # amount in minutes, how long a response must be cached (max value). + # If <0, do not cache responses + # If 0, use TTL + # If > 0, use this value, if TTL is greater + # Default: 0 + maxTime: -1 + + # optional: configuration of client name resolution + clientLookup: + # this DNS resolver will be used to perform reverse DNS lookup (typically local router) + upstream: udp:192.168.178.1 + # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used. + # Example: take second name if present, if not take first name + singleNameOrder: + - 2 + - 1 + # optional: configuration for prometheus metrics endpoint + prometheus: + # enabled if true + enable: true + # port, optional (default 4000) + # port: 4000 + # url path, optional (default '/metrics') + path: /metrics + + # optional: write query information (question, answer, client, duration etc) to daily csv file + queryLog: + # directory (should be mounted as volume in docker) + dir: /logs + # if true, write one file per client. Writes all queries to single file otherwise + perClient: true + # if > 0, deletes log files which are older than ... days + logRetentionDays: 7 + + # optional: DNS listener port, default 53 (UDP and TCP) + port: 53 + # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ... + httpPort: 4000 + # optional: Log level (one from debug, info, warn, error). Default: info + logLevel: info + + +# Probes configuration +probes: + liveness: + failureThreshold: 5 + periodSeconds: 10 + readiness: + failureThreshold: 5 + periodSeconds: 10 + startup: + initialDelaySeconds: 5 + failureThreshold: 30 + periodSeconds: 10 + +service: + type: ClusterIP + port: 53 + +serviceTCP: + enabled: false + type: NodePort + externalTrafficPolicy: Local + loadBalancerIP: "" + # a fixed LoadBalancer IP + annotations: {} + # metallb.universe.tf/address-pool: network-services + # metallb.universe.tf/allow-shared-ip: blocky-svc + +serviceUDP: + enabled: true + type: NodePort + externalTrafficPolicy: Local + loadBalancerIP: "" + # a fixed LoadBalancer IP + annotations: {} + # metallb.universe.tf/address-pool: network-services + # metallb.universe.tf/allow-shared-ip: blocky-svc + +servicePrometheus: + enabled: false + port: 4000 + type: ClusterIP + externalTrafficPolicy: Local + loadBalancerIP: "" + # a fixed LoadBalancer IP + annotations: {} + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +nodeSelector: {} + +tolerations: [] + +affinity: {}