fix(blocky): allow port changes, allow dot, fix prometheus and fix api access (#3899)

* fix(blocky): allow port changes, allow dot and fix api access * update documentation and remove non-present unbound feature * more docs * fix a sponsor link while at it * fix mistake * fix two mistakes in prometheus config * fix questions.yaml as well * fix bug in basic auth template
2022-09-25 19:42:59 +02:00 · 2022-09-25 19:42:59 +02:00 · 42493f8c84
parent 6102619535
commit 42493f8c84
7 changed files with 50 additions and 60 deletions
--- a/charts/enterprise/blocky/docs/installation-notes.md
+++ b/charts/enterprise/blocky/docs/installation-notes.md
@ -24,64 +24,41 @@ prometheus:
  path: /metrics
 ```

-Upstreams (from values.yaml):
-
-```yaml
-upstream:
-  default:
-    -  # Content from `.Values.defaultUpstreams`
-  # Additional upstream groups from `.Values.upstreams`
-```
-
-Whitelist/Blacklist (from values.yaml) :
-
-```yaml
-blocking:
-  blockType: nxDomain
-  blockTTL: 6h
-  refreshPeriod: 4h
-  downloadTimeout: 60s
-  downloadAttempts: 3
-  downloadCooldown: 2s
-  failStartOnListError: false
-  processingConcurrency: 4
-  whiteLists:
-    # Groupname:
-    -  # Content from .Values.blocking.whiteList
-  blackLists:
-    # Groupname:
-    -  # Content from .Values.blocking.blackList
-  clientGroupsBlock:
-    # Groupname:
-    -  # Content from .Values.blocking.clientGroupsBlock
-```
-
 ## Configuration Instructions

+We offer two styles of configuration, both can be directly applied in values.yaml, without the need of persistence or editing configmaps.
+Besides this, the TrueNAS SCALE App exposes all config options directly in the GUI, except the Redis and Prometheus settings which are automatically configured.
+
 ### TrueNAS SCALE

-For TrueNAS SCALE, we offer only a limited subset of configuration options:
-
- Upstream DNS servers
- Whitelists
- Blacklists
-
-Those have special variables in `values.yaml`, so we can show them nicely in the TrueNAS SCALE GUI
+All configuration options are directly reflected in the TrueNAS SCALE App GUI and can be edited as you see fit.
+The App is, by default, configured to be high available so editing and updates should not cause needless downtime.

 ### Native Helm

-For anything but TrueNAS SCALE, we would advice to instead use `blockyConfig` in `Values.yaml` and NOT mount any configuration file manually.
+There are two ways of editing configuration, we will call them `List Style` and `Blocky Style`.

-In short:
+- `List Style` configuration has been developed by us to optimise for display in the TrueNAS SCALE WebUI. However: It can also be completely edited in `values.yaml`. In this case each setting has been pre-configured and is documented in `values.yaml` (available on github)
+- `Blocky Style` configuration, can be directly added below the `blockyConfig` object in `values.yaml`, please make sure the config is correctly indented

- Add your config in `values.yaml` under `blockyConfig:`
- Add your whitelists in `values.yaml` under `blockyWhitelist` or manually using blockyConfig
- Add your blacklists in `values.yaml` under `blockyBlacklist` or manually using blockyConfig
+We would advice using `List Style` when possible as that is the most tested configuration style. But for things like migration some users might prefer to use `Blocky Style` instead

 ### Adding config by mounting files

-You can mount custom config files, using `persistence` or, in SCALE GUI, `Additional Storage` to the following path:
-`/app/config/`
-_However it cannot reference any of the pre-defined variables listed above, so it's use is severely limited._
+Adding additional configuration files is not possible, as this feature has not been released yet.
+
+However: We have verified if this would work and we will have to conclude that when 0.20 is released, we will not support multiple config files, as those will inherently conflict with our design. Due to duplicate keys breaking blocky.
+With all the config already available in values.yaml, we do not really see a usecase for this on kubernetes. Apart from this, manually mounting configfiles might negatively affect High Availability and Rollback on kubernetes.

 You can also mount custom Whitelist/Blacklist files, using `persistence` or, in SCALE GUI, `Additional Storage` and enter the path in your whitelist or blacklist settings manually
+However: this negatively affects rollback and high availability, so we _highly_ advice against doing this.
+
+## k8s-gateway
+
+Our blocky Chart/App, includes build-in compatibility for [k8s_gateway](https://github.com/ori-edge/k8s_gateway), this tool can be used to ensure devices on your local network, connect directly to the LAN IP of any Charts/Apps using Ingress, instead of via the outside world or, in a lot of cases, having a bunch of connectivity issues.
+
+The setup of k8s_gateway is simple:
+Just add the domain(s), which will include and subdomains(!), to the k8s_gateway domains list.
+From that point onwards we will take care to automatically apply the required `conditional` settings in `blocky` as well.
+
+Please be mindfull that using `Blocky Style` configuration using the `blockyConfig` object in `values.yaml`, might override this automatic setup.
--- a/charts/enterprise/blocky/questions.yaml
+++ b/charts/enterprise/blocky/questions.yaml
@ -652,7 +652,7 @@ questions:
                                  schema:
                                    type: int
                                    default: 80
-        - variable: dns-tcp
+        - variable: dnstcp
          label: DNS TCP Service
          description: The DNS TCP service
          schema:
@ -661,7 +661,7 @@ questions:
            attrs:
 # Include{serviceSelectorLoadBalancer}
 # Include{serviceSelectorExtras}
-                    - variable: dns-tcp
+                    - variable: dnstcp
                      label: DNS TCP Port Configuration
                      schema:
                        additional_attrs: true
@ -681,7 +681,7 @@ questions:
                                  schema:
                                    type: int
                                    default: 53
-        - variable: dns-udp
+        - variable: dnsudp
          label: DNS UDP Service
          description: The DNS UDP service
          schema:
@ -690,7 +690,7 @@ questions:
            attrs:
 # Include{serviceSelectorLoadBalancer}
 # Include{serviceSelectorExtras}
-                    - variable: dns-udp
+                    - variable: dnsudp
                      label: DNS UDP Port Configuration
                      schema:
                        additional_attrs: true
--- a/charts/enterprise/blocky/templates/_blockyConfig.tpl
+++ b/charts/enterprise/blocky/templates/_blockyConfig.tpl
@ -35,6 +35,22 @@ upstream:
 {{- $value.dnsservers | toYaml | nindent 8 }}
 {{- end }}

+{{- if .Values.service.dnsudp.enabled }}
+port: {{ .Values.service.dnsudp.ports.dnsudp.targetPort }}
+{{- end }}
+
+{{- if .Values.service.dot.enabled }}
+tlsPort: {{ .Values.service.dot.ports.dot.targetPort }}
+{{- end }}
+
+{{- if .Values.service.http.enabled }}
+httpPort: {{ .Values.service.http.ports.http.targetPort }}
+{{- end }}
+
+{{- if .Values.service.https.enabled }}
+httpsPort: {{ .Values.service.https.ports.https.targetPort }}
+{{- end }}
+
 {{- if .Values.certFile }}
 certFile: {{ .Values.certFile }}
 {{- end }}
--- a/charts/enterprise/blocky/templates/common.yaml
+++ b/charts/enterprise/blocky/templates/common.yaml
@ -34,7 +34,7 @@ volumeSpec:

 {{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
 {{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
-{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | quote) -}}
+{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.http.ports.http.targetPort | toString) -}}

 {{- if .Values.blocky.enableWebUI -}}
 {{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}}
--- a/charts/enterprise/blocky/values.yaml
+++ b/charts/enterprise/blocky/values.yaml
@ -77,17 +77,17 @@ service:
        port: 10315
        protocol: HTTP
        targetPort: 80
-  dns-tcp:
+  dnstcp:
    enabled: true
    ports:
-      dns-tcp:
+      dnstcp:
        enabled: true
        port: 53
        targetPort: 53
-  dns-udp:
+  dnsudp:
    enabled: true
    ports:
-      dns-udp:
+      dnsudp:
        enabled: true
        port: 53
        protocol: UDP
@ -338,9 +338,6 @@ k8sgateway:
      - name: tls_servername
        value: cloudflare-dns.com

-unbound:
-  enabled: false
-
 redis:
  enabled: true
  existingSecret: "rediscreds"
--- a/templates/questions/documentation.yaml
+++ b/templates/questions/documentation.yaml
@ -14,7 +14,7 @@
            default: true
  - variable: donateNag
    group: Documentation
-    label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor
+    label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
    description: Please consider supporting TrueCharts, see
      <br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
    schema:
--- a/templates/questions/traefik/middlewares/basicAuth.yaml
+++ b/templates/questions/traefik/middlewares/basicAuth.yaml