From 667951e6e6a3e305f7f44c32b7ae82725a10f6c4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E1=97=AA=D1=94=CE=BD=CE=B9=CE=B7=20=E1=97=B7=CF=85=D0=BD?= =?UTF-8?q?=CA=9F?= Date: Thu, 21 Jan 2021 12:23:55 -0500 Subject: [PATCH] [blocky] refactor config and bump version (#500) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <6213398+bjw-s@users.noreply.github.com> --- charts/blocky/Chart.yaml | 7 +- charts/blocky/README.md | 5 + charts/blocky/templates/configmap.yaml | 9 +- charts/blocky/templates/deployment.yaml | 7 +- charts/blocky/values.yaml | 149 +++++++++++++----------- 5 files changed, 98 insertions(+), 79 deletions(-) diff --git a/charts/blocky/Chart.yaml b/charts/blocky/Chart.yaml index 54219953..b5a32773 100644 --- a/charts/blocky/Chart.yaml +++ b/charts/blocky/Chart.yaml @@ -1,11 +1,12 @@ apiVersion: v2 -appVersion: v0.11 +appVersion: v0.12 description: DNS proxy as ad-blocker for local network name: blocky -version: 4.1.1 +version: 5.0.0 keywords: - blocky - - dbs + - adblock + - dns home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true sources: diff --git a/charts/blocky/README.md b/charts/blocky/README.md index 578e24c0..03a83223 100644 --- a/charts/blocky/README.md +++ b/charts/blocky/README.md @@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca helm install --name blocky -f values.yaml k8s-at-home/blocky ``` +--- + ## Upgrading an existing Release to a new major version A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an @@ -72,3 +74,6 @@ kubectl delete svc/blocky This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS +### Upgrading from 4.x.x to 5.x.x + +Configuration inside `config` is no longer a yaml object, it is now a multiline string \ No newline at end of file diff --git a/charts/blocky/templates/configmap.yaml b/charts/blocky/templates/configmap.yaml index 2886458e..c4df7086 100644 --- a/charts/blocky/templates/configmap.yaml +++ b/charts/blocky/templates/configmap.yaml @@ -9,12 +9,5 @@ metadata: app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} data: -{{- if .Values.config }} -{{ $root := . }} config.yml: | -{{ tpl (toYaml .Values.config | indent 4) $root }} -{{- end }} -{{- range $name, $value := .Values.extraLists }} - {{ $name }}: |- -{{ $value | indent 4}} -{{- end }} +{{ .Values.config | indent 4 }} diff --git a/charts/blocky/templates/deployment.yaml b/charts/blocky/templates/deployment.yaml index 63c9fb11..a5789d48 100644 --- a/charts/blocky/templates/deployment.yaml +++ b/charts/blocky/templates/deployment.yaml @@ -1,3 +1,4 @@ +{{- $blockyConfig := .Values.config | fromYaml }} apiVersion: apps/v1 kind: Deployment metadata: @@ -45,9 +46,9 @@ spec: subPath: {{ $name }} readOnly: true {{- end }} - {{- if .Values.config.queryLog }} + {{- if hasKey $blockyConfig "queryLog" }} - name: data - mountPath: {{ .Values.config.queryLog.dir }} + mountPath: {{ $blockyConfig.queryLog.dir }} {{- if .Values.persistence.subPath }} subPath: {{ .Values.persistence.subPath }} {{- end }} @@ -96,7 +97,7 @@ spec: - key: {{ $name }} path: {{ $name }} {{- end }} - {{- if .Values.config.queryLog }} + {{- if hasKey $blockyConfig "queryLog" }} - name: data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/charts/blocky/values.yaml b/charts/blocky/values.yaml index 8a2cb49f..67a32a36 100644 --- a/charts/blocky/values.yaml +++ b/charts/blocky/values.yaml @@ -1,6 +1,6 @@ image: repository: spx01/blocky - tag: v0.11 + tag: v0.12 pullPolicy: IfNotPresent nameOverride: "" @@ -10,29 +10,30 @@ replicas: 1 timeZone: "UTC" -# blocky configuration - will translate to config.yml file inside the pod -config: +# Blocky configuration, for a full list of options see +# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml +config: | upstream: # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query - # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh)) + # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh)) externalResolvers: - - udp:8.8.8.8 - - udp:8.8.4.4 - - udp:1.1.1.1 - - tcp-tls:1.0.0.1:853 - - https://cloudflare-dns.com/dns-query + - 46.182.19.48 + - 80.241.218.68 + - tcp-tls:fdns1.dismail.de:853 + - https://dns.digitale-gesellschaft.ch/dns-query # optional: custom IP address for domain name (with all sub-domains) # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3 - # customDNS: - # mapping: - # printer.lan: 192.168.178.3 + customDNS: + mapping: + printer.lan: 192.168.178.3 - # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains). + # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name - # conditional: - # mapping: - # fritz.box: udp:192.168.178.1 + conditional: + mapping: + fritz.box: udp:192.168.178.1 + lan.net: udp:192.168.178.1,udp:192.168.178.2 # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.) blocking: @@ -46,77 +47,95 @@ config: - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt special: - - https://hosts-file.net/ad_servers.txt - # definition of whitelist groups. Attention: if the same group has black and whitelists, - # whitelists will be used to disable particular blacklist entries. If a group has only - # whitelist entries -> this means only domains from this list are allowed, - # all other domains will be blocked. - # Also see the extraLists section below to add your own in-line whitelists - # whiteLists: - # ads: - # - whitelist.txt + - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts + # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked + whiteLists: + ads: + - whitelist.txt # definition: which groups should be applied for which client clientGroupsBlock: # default will be used, if no special definition for a client name exists default: - ads - special - # use client name or ip address - # laptop.fritz.box: - # - ads - + # use client name (with wildcard support: * - sequence of any characters, [0-9] - range) + # or single ip address / client subnet as CIDR notation + laptop*: + - ads + 192.168.178.1/24: + - special # which response will be sent, if query is blocked: - # zeroIp: 0.0.0.0 will be returned (default) - # nxDomain: return NXDOMAIN as return code - # blockType: zeroIp - + # zeroIp: 0.0.0.0 will be returned (default) + # nxDomain: return NXDOMAIN as return code + # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page. + blockType: zeroIp # optional: automatically list refresh period in minutes. Default: 4h. # Negative value -> deactivate automatically refresh. # 0 value -> use default - # refreshPeriod: 1 + refreshPeriod: 0 # optional: configuration for caching of DNS responses - # caching: - # # amount in minutes, how long a response must be cached (min value). - # # If <=0, use response's TTL, if >0 use this value, if TTL is smaller - # # Default: 0 - # minTime: 40 - # # amount in minutes, how long a response must be cached (max value). - # # If <0, do not cache responses - # # If 0, use TTL - # # If > 0, use this value, if TTL is greater - # # Default: 0 - # maxTime: -1 + caching: + # amount in minutes, how long a response must be cached (min value). + # If <=0, use response's TTL, if >0 use this value, if TTL is smaller + # Default: 0 + minTime: 5 + # amount in minutes, how long a response must be cached (max value). + # If <0, do not cache responses + # If 0, use TTL + # If > 0, use this value, if TTL is greater + # Default: 0 + maxTime: -1 + # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window) + # this improves the response time for often used queries, but significantly increases external traffic + # default: false + prefetching: true # optional: configuration of client name resolution - # clientLookup: - # # this DNS resolver will be used to perform reverse DNS lookup (typically local router) - # upstream: udp:192.168.178.1 - # # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used. - # # Example: take second name if present, if not take first name - # singleNameOrder: - # - 2 - # - 1 + clientLookup: + # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router) + upstream: udp:192.168.178.1 + # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used. + # Example: take second name if present, if not take first name + singleNameOrder: + - 2 + - 1 + # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names. + clients: + laptop: + - 192.168.178.29 + # optional: configuration for prometheus metrics endpoint - prometheus: - # enabled if true - enable: true - # url path, optional (default '/metrics') - path: /metrics + # prometheus: + # # enabled if true + # enable: true + # # url path, optional (default '/metrics') + # path: /metrics # optional: write query information (question, answer, client, duration etc) to daily csv file # queryLog: - # # directory (will be mounted as volume in the pod) - # dir: /logs - # # if true, write one file per client. Writes all queries to single file otherwise - # perClient: true - # # if > 0, deletes log files which are older than ... days - # logRetentionDays: 7 + # # directory (should be mounted as volume in docker) + # dir: /logs + # # if true, write one file per client. Writes all queries to single file otherwise + # perClient: true + # # if > 0, deletes log files which are older than ... days + # logRetentionDays: 7 - # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ... + # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53 + port: 53 + # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ... httpPort: 4000 + # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH... + #httpsPort: 443 + # mandatory, if https port > 0: path to cert and key file for SSL encryption + #httpsCertFile: server.crt + #httpsKeyFile: server.key + # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp + bootstrapDns: tcp:1.1.1.1 # optional: Log level (one from debug, info, warn, error). Default: info logLevel: info + # optional: Log format (text or json). Default: text + logFormat: text ## Add persistence for query logs (if enabled) persistence: