[blocky] refactor config and bump version (#500)

Co-authored-by: Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs <6213398+bjw-s@users.noreply.github.com>
2025-02-02 23:39:03 +00:00 · 2021-01-21 12:23:55 -05:00 · 2021-01-21 12:23:55 -05:00 · 667951e6e6
commit 667951e6e6
parent 4c9639d125
5 changed files with 98 additions and 79 deletions
--- a/charts/blocky/Chart.yaml
+++ b/charts/blocky/Chart.yaml
@ -1,11 +1,12 @@
 apiVersion: v2
-appVersion: v0.11
+appVersion: v0.12
 description: DNS proxy as ad-blocker for local network
 name: blocky
-version: 4.1.1
+version: 5.0.0
 keywords:
  - blocky
-  - dbs
+  - adblock
  - dns
 home: https://github.com/k8s-at-home/charts/tree/master/charts/blocky
 icon: https://github.com/0xERR0R/blocky/raw/master/docs/blocky.svg?sanitize=true
 sources:
--- a/charts/blocky/README.md
+++ b/charts/blocky/README.md
@ -47,6 +47,8 @@ Alternatively, a YAML file that specifies the values for the above parameters ca
 helm install --name blocky -f values.yaml k8s-at-home/blocky
 ```
 ---
 ## Upgrading an existing Release to a new major version
 A major chart version change (like 2.2.2 -> 3.0.0) indicates that there is an
@ -72,3 +74,6 @@ kubectl delete svc/blocky
 This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on blocky for DNS
 ### Upgrading from 4.x.x to 5.x.x
 Configuration inside `config` is no longer a yaml object, it is now a multiline string
--- a/charts/blocky/templates/configmap.yaml
+++ b/charts/blocky/templates/configmap.yaml
@ -9,12 +9,5 @@ metadata:
    app.kubernetes.io/instance: {{ .Release.Name }}
    app.kubernetes.io/managed-by: {{ .Release.Service }}
 data:
 {{- if .Values.config }}
 {{ $root := . }}
  config.yml: |
-{{ tpl (toYaml .Values.config | indent 4) $root }}
+{{ .Values.config | indent 4 }}
 {{- end }}
 {{- range $name, $value := .Values.extraLists }}
  {{ $name }}: |-
 {{ $value | indent 4}}
 {{- end }}
--- a/charts/blocky/templates/deployment.yaml
+++ b/charts/blocky/templates/deployment.yaml
@ -1,3 +1,4 @@
 {{- $blockyConfig := .Values.config | fromYaml }}
 apiVersion: apps/v1
 kind: Deployment
 metadata:
@ -45,9 +46,9 @@ spec:
              subPath: {{ $name }}
              readOnly: true
            {{- end }}
-            {{- if .Values.config.queryLog }}
+            {{- if hasKey $blockyConfig "queryLog" }}
            - name: data
-              mountPath: {{ .Values.config.queryLog.dir }}
+              mountPath: {{ $blockyConfig.queryLog.dir }}
              {{- if .Values.persistence.subPath }}
              subPath: {{ .Values.persistence.subPath }}
              {{- end }}
@ -96,7 +97,7 @@ spec:
                    - key: {{ $name }}
                      path: {{ $name }}
                  {{- end }}
-        {{- if .Values.config.queryLog }}
+        {{- if hasKey $blockyConfig "queryLog" }}
        - name: data
          {{- if .Values.persistence.enabled }}
          persistentVolumeClaim:
--- a/charts/blocky/values.yaml
+++ b/charts/blocky/values.yaml
@ -1,6 +1,6 @@
 image:
  repository: spx01/blocky
-  tag: v0.11
+  tag: v0.12
  pullPolicy: IfNotPresent
 nameOverride: ""
@ -10,29 +10,30 @@ replicas: 1
 timeZone: "UTC"
-# blocky configuration - will translate to config.yml file inside the pod
+# Blocky configuration, for a full list of options see
-config:
+# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
 config: |
  upstream:
    # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
-    # format for resolver: net:host:[port][/path]. net could be tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
+    # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
    externalResolvers:
-      - udp:8.8.8.8
+      - 46.182.19.48
-      - udp:8.8.4.4
+      - 80.241.218.68
-      - udp:1.1.1.1
+      - tcp-tls:fdns1.dismail.de:853
-      - tcp-tls:1.0.0.1:853
+      - https://dns.digitale-gesellschaft.ch/dns-query
      - https://cloudflare-dns.com/dns-query
  # optional: custom IP address for domain name (with all sub-domains)
  # example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
-  # customDNS:
+  customDNS:
-  #   mapping:
+    mapping:
-  #     printer.lan: 192.168.178.3
+      printer.lan: 192.168.178.3
-  # optional: definition, which DNS resolver should be used for queries to the domain (with all sub-domains).
+  # optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
  # Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
-  # conditional:
+  conditional:
-  #   mapping:
+    mapping:
-  #     fritz.box: udp:192.168.178.1
+      fritz.box: udp:192.168.178.1
      lan.net: udp:192.168.178.1,udp:192.168.178.2
  # optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
  blocking:
@ -46,77 +47,95 @@ config:
        - https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
        - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
      special:
-        - https://hosts-file.net/ad_servers.txt
+        - https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
-    # definition of whitelist groups. Attention: if the same group has black and whitelists,
+    # definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
-    # whitelists will be used to disable particular blacklist entries. If a group has only
+    whiteLists:
-    # whitelist entries -> this means only domains from this list are allowed,
+      ads:
-    # all other domains will be blocked.
+        - whitelist.txt
    # Also see the extraLists section below to add your own in-line whitelists
    # whiteLists:
    #   ads:
    #     - whitelist.txt
    # definition: which groups should be applied for which client
    clientGroupsBlock:
      # default will be used, if no special definition for a client name exists
      default:
        - ads
        - special
-      # use client name or ip address
+      # use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
-      # laptop.fritz.box:
+      # or single ip address / client subnet as CIDR notation
-      #   - ads
+      laptop*:
-
+        - ads
      192.168.178.1/24:
        - special
    # which response will be sent, if query is blocked:
    # zeroIp: 0.0.0.0 will be returned (default)
    # nxDomain: return NXDOMAIN as return code
-    # blockType: zeroIp
+    # comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
-
+    blockType: zeroIp
    # optional: automatically list refresh period in minutes. Default: 4h.
    # Negative value -> deactivate automatically refresh.
    # 0 value -> use default
-    # refreshPeriod: 1
+    refreshPeriod: 0
  # optional: configuration for caching of DNS responses
-  # caching:
+  caching:
-  #   # amount in minutes, how long a response must be cached (min value).
+    # amount in minutes, how long a response must be cached (min value).
-  #   # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
+    # If <=0, use response's TTL, if >0 use this value, if TTL is smaller
-  #   # Default: 0
+    # Default: 0
-  #   minTime: 40
+    minTime: 5
-  #   # amount in minutes, how long a response must be cached (max value).
+    # amount in minutes, how long a response must be cached (max value).
-  #   # If <0, do not cache responses
+    # If <0, do not cache responses
-  #   # If 0, use TTL
+    # If 0, use TTL
-  #   # If > 0, use this value, if TTL is greater
+    # If > 0, use this value, if TTL is greater
-  #   # Default: 0
+    # Default: 0
-  #   maxTime: -1
+    maxTime: -1
    # if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
    # this improves the response time for often used queries, but significantly increases external traffic
    # default: false
    prefetching: true
  # optional: configuration of client name resolution
-  # clientLookup:
+  clientLookup:
-  #   # this DNS resolver will be used to perform reverse DNS lookup (typically local router)
+    # optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
-  #   upstream: udp:192.168.178.1
+    upstream: udp:192.168.178.1
-  #   # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
+    # optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
-  #   # Example: take second name if present, if not take first name
+    # Example: take second name if present, if not take first name
-  #   singleNameOrder:
+    singleNameOrder:
-  #     - 2
+      - 2
-  #     - 1
+      - 1
    # optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
    clients:
      laptop:
        - 192.168.178.29
  # optional: configuration for prometheus metrics endpoint
-  prometheus:
+  # prometheus:
-    # enabled if true
+  #   # enabled if true
-    enable: true
+  #   enable: true
-    # url path, optional (default '/metrics')
+  #   # url path, optional (default '/metrics')
-    path: /metrics
+  #   path: /metrics
  # optional: write query information (question, answer, client, duration etc) to daily csv file
  # queryLog:
-  #     # directory (will be mounted as volume in the pod)
+  #   # directory (should be mounted as volume in docker)
  #   dir: /logs
  #   # if true, write one file per client. Writes all queries to single file otherwise
  #   perClient: true
  #   # if > 0, deletes log files which are older than ... days
  #   logRetentionDays: 7
-  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, ...
+  # optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
  port: 53
  # optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
  httpPort: 4000
  # optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
  #httpsPort: 443
  # mandatory, if https port > 0: path to cert and key file for SSL encryption
  #httpsCertFile: server.crt
  #httpsKeyFile: server.key
  # optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
  bootstrapDns: tcp:1.1.1.1
  # optional: Log level (one from debug, info, warn, error). Default: info
  logLevel: info
  # optional: Log format (text or json). Default: text
  logFormat: text
 ## Add persistence for query logs (if enabled)
 persistence: