[blocky] - initial cut of blocky helm chart (#157)

* initial cut of blocky helm chart * fix linting * fix more linting
2025-01-24 16:09:08 +00:00 · 2020-03-08 11:12:37 -04:00 · 2020-03-08 11:12:37 -04:00 · 3090695046
commit 3090695046
parent 932dfd1a65
12 changed files with 503 additions and 0 deletions
--- a/charts/blocky/.helmignore
+++ b/charts/blocky/.helmignore
@ -0,0 +1,24 @@
 # Patterns to ignore when building packages.
 # This supports shell glob matching, relative path matching, and
 # negation (prefixed with !). Only one pattern per line.
 .DS_Store
 # Common VCS dirs
 .git/
 .gitignore
 .bzr/
 .bzrignore
 .hg/
 .hgignore
 .svn/
 # Common backup files
 *.swp
 *.bak
 *.tmp
 *~
 # Various IDEs
 .project
 .idea/
 *.tmproj
 .vscode/
 # OWNERS file for Kubernetes
 OWNERS
--- a/charts/blocky/Chart.yaml
+++ b/charts/blocky/Chart.yaml
@ -0,0 +1,15 @@
 apiVersion: v1
 appVersion: "v0.5"
 description: DNS proxy as ad-blocker for local network
 name: blocky
 version: 1.0.0
 keywords:
  - blocky
  - dbs
 home: https://github.com/billimek/billimek-charts/tree/master/charts/blocky
 icon: https://raw.githubusercontent.com/0xERR0R/blocky/master/docs/blocky.svg
 sources:
  - https://github.com/0xERR0R/blocky
 maintainers:
  - name: billimek
    email: jeff@billimek.com
--- a/charts/blocky/OWNERS
+++ b/charts/blocky/OWNERS
@ -0,0 +1,4 @@
 approvers:
 - billimek
 reviewers:
 - billimek
--- a/charts/blocky/README.md
+++ b/charts/blocky/README.md
@ -0,0 +1,48 @@
 # DNS proxy as ad-blocker for local network
 This is an opinionated helm chart for [blocky](https://github.com/0xERR0R/blocky) 
 The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
 ## TL;DR;
 ```shell
 $ helm repo add billimek https://billimek.com/billimek-charts/
 $ helm install billimek/blocky
 ```
 ## Installing the Chart
 To install the chart with the release name `my-release`:
 ```console
 helm install --name blocky billimek/blocky
 ```
 ## Uninstalling the Chart
 To uninstall/delete the `blocky` deployment:
 ```console
 helm delete blocky --purge
 ```
 The command removes all the Kubernetes components associated with the chart and deletes the release.
 ## Configuration
 Read through the [values.yaml](https://github.com/billimek/billimek-charts/blob/master/charts/blocky/values.yaml) file. It has several commented out suggested values.
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
 ```console
 helm install --name blocky \
  --set timeZone="America/New York" \
    billimek/blocky
 ```
 Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
 ```console
 helm install --name blocky -f values.yaml billimek/blocky
 ```
--- a/charts/blocky/templates/NOTES.txt
+++ b/charts/blocky/templates/NOTES.txt
@ -0,0 +1,15 @@
 1. Get the application URL by running these commands:
 {{- if contains "NodePort" .Values.service.type }}
  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "blocky.fullname" . }})
  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
  echo http://$NODE_IP:$NODE_PORT
 {{- else if contains "LoadBalancer" .Values.service.type }}
     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
           You can watch the status of by running 'kubectl get svc -w {{ include "blocky.fullname" . }}'
  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "blocky.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
  echo http://$SERVICE_IP:{{ .Values.service.port }}
 {{- else if contains "ClusterIP" .Values.service.type }}
  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "blocky.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
  echo "Visit http://127.0.0.1:8080 to use your application"
  kubectl port-forward $POD_NAME 8080:80
 {{- end }}
--- a/charts/blocky/templates/_helpers.tpl
+++ b/charts/blocky/templates/_helpers.tpl
@ -0,0 +1,41 @@
 {{/* vim: set filetype=mustache: */}}
 {{/*
 Expand the name of the chart.
 */}}
 {{- define "blocky.name" -}}
 {{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create a default fully qualified app name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 If release name contains chart name it will be used as a full name.
 */}}
 {{- define "blocky.fullname" -}}
 {{- if .Values.fullnameOverride -}}
 {{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- $name := default .Chart.Name .Values.nameOverride -}}
 {{- if contains $name .Release.Name -}}
 {{- .Release.Name | trunc 63 | trimSuffix "-" -}}
 {{- else -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{- end -}}
 {{- end -}}
 {{/*
 Create a default fully qualified postgresql name.
 We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
 */}}
 {{- define "blocky.postgresql.fullname" -}}
 {{- $name := default "postgresql" .Values.postgresql.nameOverride -}}
 {{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
 {{/*
 Create chart name and version as used by the chart label.
 */}}
 {{- define "blocky.chart" -}}
 {{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/charts/blocky/templates/configmap.yaml
+++ b/charts/blocky/templates/configmap.yaml
@ -0,0 +1,13 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
  name: {{ template "blocky.fullname" . }}
  namespace: {{ .Release.Namespace }}
  labels:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    helm.sh/chart: {{ include "blocky.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
  config.yml: |
 {{ .Values.config | indent 4 }}
--- a/charts/blocky/templates/deployment.yaml
+++ b/charts/blocky/templates/deployment.yaml
@ -0,0 +1,87 @@
 apiVersion: apps/v1
 kind: Deployment
 metadata:
  name: {{ include "blocky.fullname" . }}
  labels:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    helm.sh/chart: {{ include "blocky.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  replicas: {{ .Values.replicas }}
  revisionHistoryLimit: 3
  selector:
    matchLabels:
      app.kubernetes.io/name: {{ include "blocky.name" . }}
      app.kubernetes.io/instance: {{ .Release.Name }}
  template:
    metadata:
      labels:
        app.kubernetes.io/name: {{ include "blocky.name" . }}
        app.kubernetes.io/instance: {{ .Release.Name }}
    spec:
      containers:
        - name: {{ .Chart.Name }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          env:
            {{- if .Values.timeZone }}
            - name: TZ
              value: {{ .Values.timeZone | quote }}
            {{- end }}
          volumeMounts:
            - name: config
              mountPath: /app/config.yml
              subPath: config.yml
            - name: logs
              mountPath: /logs
          ports:
            - name: prometheus
              containerPort: 4000
              protocol: TCP
            - containerPort: 53
              name: dns
              protocol: TCP
            - containerPort: 53
              name: dns-udp
              protocol: UDP
          # livenessProbe:
          #   httpGet:
          #     path: /
          #     port: http
          #   failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
          #   periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
          # readinessProbe:
          #   httpGet:
          #     path: /
          #     port: http
          #   failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
          #   periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
          # startupProbe:
          #   httpGet:
          #     path: /
          #     port: http
          #   initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
          #   failureThreshold: {{ .Values.probes.startup.failureThreshold }}
          #   periodSeconds: {{ .Values.probes.startup.periodSeconds }}
          resources:
            {{- toYaml .Values.resources | nindent 12 }}
      volumes:
        - name: config
          configMap:
            name: {{ template "blocky.fullname" . }}
        - name: logs
          emptyDir:
            medium: Memory
      {{- with .Values.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
      {{- end }}
    {{- with .Values.affinity }}
      affinity:
        {{- toYaml . | nindent 8 }}
    {{- end }}
    {{- with .Values.tolerations }}
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
--- a/charts/blocky/templates/service-prometheus.yaml
+++ b/charts/blocky/templates/service-prometheus.yaml
@ -0,0 +1,21 @@
 {{- if .Values.servicePrometheus.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "blocky.fullname" . }}-prometheus
  labels:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    helm.sh/chart: {{ include "blocky.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  type: {{ .Values.service.type }}
  ports:
    - port: {{ .Values.service.port }}
      targetPort: http
      protocol: TCP
      name: prometheus
  selector:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/blocky/templates/service-tcp.yaml
+++ b/charts/blocky/templates/service-tcp.yaml
@ -0,0 +1,26 @@
 {{- if .Values.serviceTCP.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "blocky.fullname" . }}-tcp
  labels:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    helm.sh/chart: {{ include "blocky.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  type: {{ .Values.serviceTCP.type }}
  {{- if .Values.serviceTCP.loadBalancerIP }}
  loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }}
  {{- end }}
  externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }}
  ports:
    - port: 53
      targetPort: dns
      protocol: TCP
      name: dns
  selector:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/blocky/templates/service-udp.yaml
+++ b/charts/blocky/templates/service-udp.yaml
@ -0,0 +1,25 @@
 {{- if .Values.serviceUDP.enabled }}
 apiVersion: v1
 kind: Service
 metadata:
  name: {{ include "blocky.fullname" . }}-udp
  labels:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    helm.sh/chart: {{ include "blocky.chart" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 spec:
  type: {{ .Values.serviceUDP.type }}
  {{- if .Values.serviceUDP.loadBalancerIP }}
  loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }}
  {{- end }}
  externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }}
  ports:
    - port: 53
      targetPort: dns-udp
      protocol: UDP
      name: dns-udp
  selector:
    app.kubernetes.io/name: {{ include "blocky.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
 {{- end }}
--- a/charts/blocky/values.yaml
+++ b/charts/blocky/values.yaml
@ -0,0 +1,184 @@
 replicaCount: 1
 image:
  repository: spx01/blocky
  tag: v0.5
  pullPolicy: IfNotPresent
 nameOverride: ""
 fullnameOverride: ""
 replicas: 1
 timeZone: "UTC"
 # blocky configuration
 config: |
  upstream:
      # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
      # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
      externalResolvers:
        - udp:8.8.8.8
        - udp:8.8.4.4
        - udp:1.1.1.1
        - tcp-tls:1.0.0.1:853
        - https://cloudflare-dns.com/dns-query
  # optional: custom IP address for domain name (with all sub-domains)
  # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
  customDNS:
      mapping:
        printer.lan: 192.168.178.3
  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
  # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
  conditional:
      mapping:
        fritz.box: udp:192.168.178.1
  # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
  blocking:
      # definition of blacklist groups. Can be external link (http/https) or local file
      blackLists:
        ads:
          - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
          - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
          - https://mirror1.malwaredomains.com/files/justdomains
          - http://sysctl.org/cameleon/hosts
          - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
          - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
        special:
          - https://hosts-file.net/ad_servers.txt
      # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
      whiteLists:
        ads:
          - whitelist.txt
      # definition: which groups should be applied for which client
      clientGroupsBlock:
        # default will be used, if no special definition for a client name exists
        default:
          - ads
          - special
        # use client name or ip address
        laptop.fritz.box:
          - ads
      # which response will be sent, if query is blocked:
      # zeroIp: 0.0.0.0 will be returned (default)
      # nxDomain: return NXDOMAIN as return code
      blockType: zeroIp
      # optional: automatically list refresh period in minutes. Default: 4h.
      # Negative value -> deactivate automatically refresh.
      # 0 value -> use default
      refreshPeriod: 1
  # optional: configuration for caching of DNS responses
  caching:
    # amount in minutes, how long a response must be cached (min value).
    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
    # Default: 0
    minTime: 40
    # amount in minutes, how long a response must be cached (max value).
    # If <0, do not cache responses
    # If 0, use TTL
    # If > 0, use this value, if TTL is greater
    # Default: 0
    maxTime: -1
  # optional: configuration of client name resolution
  clientLookup:
      # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
      upstream: udp:192.168.178.1
      # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
      # Example: take second name if present, if not take first name
      singleNameOrder:
        - 2
        - 1
  # optional: configuration for prometheus metrics endpoint
  prometheus:
    # enabled if true
    enable: true
    # port, optional (default 4000)
    # port: 4000
    # url path, optional (default '/metrics')
    path: /metrics
  # optional: write query information (question, answer, client, duration etc) to daily csv file
  queryLog:
      # directory (should be mounted as volume in docker)
      dir: /logs
      # if true, write one file per client. Writes all queries to single file otherwise
      perClient: true
      # if > 0, deletes log files which are older than ... days
      logRetentionDays: 7
  # optional: DNS listener port, default 53 (UDP and TCP)
  port: 53
  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
  httpPort: 4000
  # optional: Log level (one from debug, info, warn, error). Default: info
  logLevel: info
 # Probes configuration
 probes:
  liveness:
    failureThreshold: 5
    periodSeconds: 10
  readiness:
    failureThreshold: 5
    periodSeconds: 10
  startup:
    initialDelaySeconds: 5
    failureThreshold: 30
    periodSeconds: 10
 service:
  type: ClusterIP
  port: 53
 serviceTCP:
  enabled: false
  type: NodePort
  externalTrafficPolicy: Local
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: blocky-svc
 serviceUDP:
  enabled: true
  type: NodePort
  externalTrafficPolicy: Local
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  annotations: {}
    # metallb.universe.tf/address-pool: network-services
    # metallb.universe.tf/allow-shared-ip: blocky-svc
 servicePrometheus:
  enabled: false
  port: 4000
  type: ClusterIP
  externalTrafficPolicy: Local
  loadBalancerIP: ""
    # a fixed LoadBalancer IP
  annotations: {}
 resources: {}
  # We usually recommend not to specify default resources and to leave this as a conscious
  # choice for the user. This also increases chances charts run on environments with little
  # resources, such as Minikube. If you do want to specify resources, uncomment the following
  # lines, adjust them as necessary, and remove the curly braces after 'resources:'.
  # limits:
  #  cpu: 100m
  #  memory: 128Mi
  # requests:
  #  cpu: 100m
  #  memory: 128Mi
 nodeSelector: {}
 tolerations: []
 affinity: {}