fix(blocky): allow port changes, allow dot, fix prometheus and fix api access (#3899)
* fix(blocky): allow port changes, allow dot and fix api access * update documentation and remove non-present unbound feature * more docs * fix a sponsor link while at it * fix mistake * fix two mistakes in prometheus config * fix questions.yaml as well * fix bug in basic auth template
This commit is contained in:
parent
6102619535
commit
42493f8c84
|
@ -24,64 +24,41 @@ prometheus:
|
||||||
path: /metrics
|
path: /metrics
|
||||||
```
|
```
|
||||||
|
|
||||||
Upstreams (from values.yaml):
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
upstream:
|
|
||||||
default:
|
|
||||||
- # Content from `.Values.defaultUpstreams`
|
|
||||||
# Additional upstream groups from `.Values.upstreams`
|
|
||||||
```
|
|
||||||
|
|
||||||
Whitelist/Blacklist (from values.yaml) :
|
|
||||||
|
|
||||||
```yaml
|
|
||||||
blocking:
|
|
||||||
blockType: nxDomain
|
|
||||||
blockTTL: 6h
|
|
||||||
refreshPeriod: 4h
|
|
||||||
downloadTimeout: 60s
|
|
||||||
downloadAttempts: 3
|
|
||||||
downloadCooldown: 2s
|
|
||||||
failStartOnListError: false
|
|
||||||
processingConcurrency: 4
|
|
||||||
whiteLists:
|
|
||||||
# Groupname:
|
|
||||||
- # Content from .Values.blocking.whiteList
|
|
||||||
blackLists:
|
|
||||||
# Groupname:
|
|
||||||
- # Content from .Values.blocking.blackList
|
|
||||||
clientGroupsBlock:
|
|
||||||
# Groupname:
|
|
||||||
- # Content from .Values.blocking.clientGroupsBlock
|
|
||||||
```
|
|
||||||
|
|
||||||
## Configuration Instructions
|
## Configuration Instructions
|
||||||
|
|
||||||
|
We offer two styles of configuration, both can be directly applied in values.yaml, without the need of persistence or editing configmaps.
|
||||||
|
Besides this, the TrueNAS SCALE App exposes all config options directly in the GUI, except the Redis and Prometheus settings which are automatically configured.
|
||||||
|
|
||||||
### TrueNAS SCALE
|
### TrueNAS SCALE
|
||||||
|
|
||||||
For TrueNAS SCALE, we offer only a limited subset of configuration options:
|
All configuration options are directly reflected in the TrueNAS SCALE App GUI and can be edited as you see fit.
|
||||||
|
The App is, by default, configured to be high available so editing and updates should not cause needless downtime.
|
||||||
- Upstream DNS servers
|
|
||||||
- Whitelists
|
|
||||||
- Blacklists
|
|
||||||
|
|
||||||
Those have special variables in `values.yaml`, so we can show them nicely in the TrueNAS SCALE GUI
|
|
||||||
|
|
||||||
### Native Helm
|
### Native Helm
|
||||||
|
|
||||||
For anything but TrueNAS SCALE, we would advice to instead use `blockyConfig` in `Values.yaml` and NOT mount any configuration file manually.
|
There are two ways of editing configuration, we will call them `List Style` and `Blocky Style`.
|
||||||
|
|
||||||
In short:
|
- `List Style` configuration has been developed by us to optimise for display in the TrueNAS SCALE WebUI. However: It can also be completely edited in `values.yaml`. In this case each setting has been pre-configured and is documented in `values.yaml` (available on github)
|
||||||
|
- `Blocky Style` configuration, can be directly added below the `blockyConfig` object in `values.yaml`, please make sure the config is correctly indented
|
||||||
|
|
||||||
- Add your config in `values.yaml` under `blockyConfig:`
|
We would advice using `List Style` when possible as that is the most tested configuration style. But for things like migration some users might prefer to use `Blocky Style` instead
|
||||||
- Add your whitelists in `values.yaml` under `blockyWhitelist` or manually using blockyConfig
|
|
||||||
- Add your blacklists in `values.yaml` under `blockyBlacklist` or manually using blockyConfig
|
|
||||||
|
|
||||||
### Adding config by mounting files
|
### Adding config by mounting files
|
||||||
|
|
||||||
You can mount custom config files, using `persistence` or, in SCALE GUI, `Additional Storage` to the following path:
|
Adding additional configuration files is not possible, as this feature has not been released yet.
|
||||||
`/app/config/`
|
|
||||||
_However it cannot reference any of the pre-defined variables listed above, so it's use is severely limited._
|
However: We have verified if this would work and we will have to conclude that when 0.20 is released, we will not support multiple config files, as those will inherently conflict with our design. Due to duplicate keys breaking blocky.
|
||||||
|
With all the config already available in values.yaml, we do not really see a usecase for this on kubernetes. Apart from this, manually mounting configfiles might negatively affect High Availability and Rollback on kubernetes.
|
||||||
|
|
||||||
You can also mount custom Whitelist/Blacklist files, using `persistence` or, in SCALE GUI, `Additional Storage` and enter the path in your whitelist or blacklist settings manually
|
You can also mount custom Whitelist/Blacklist files, using `persistence` or, in SCALE GUI, `Additional Storage` and enter the path in your whitelist or blacklist settings manually
|
||||||
|
However: this negatively affects rollback and high availability, so we _highly_ advice against doing this.
|
||||||
|
|
||||||
|
## k8s-gateway
|
||||||
|
|
||||||
|
Our blocky Chart/App, includes build-in compatibility for [k8s_gateway](https://github.com/ori-edge/k8s_gateway), this tool can be used to ensure devices on your local network, connect directly to the LAN IP of any Charts/Apps using Ingress, instead of via the outside world or, in a lot of cases, having a bunch of connectivity issues.
|
||||||
|
|
||||||
|
The setup of k8s_gateway is simple:
|
||||||
|
Just add the domain(s), which will include and subdomains(!), to the k8s_gateway domains list.
|
||||||
|
From that point onwards we will take care to automatically apply the required `conditional` settings in `blocky` as well.
|
||||||
|
|
||||||
|
Please be mindfull that using `Blocky Style` configuration using the `blockyConfig` object in `values.yaml`, might override this automatic setup.
|
||||||
|
|
|
@ -652,7 +652,7 @@ questions:
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 80
|
default: 80
|
||||||
- variable: dns-tcp
|
- variable: dnstcp
|
||||||
label: DNS TCP Service
|
label: DNS TCP Service
|
||||||
description: The DNS TCP service
|
description: The DNS TCP service
|
||||||
schema:
|
schema:
|
||||||
|
@ -661,7 +661,7 @@ questions:
|
||||||
attrs:
|
attrs:
|
||||||
# Include{serviceSelectorLoadBalancer}
|
# Include{serviceSelectorLoadBalancer}
|
||||||
# Include{serviceSelectorExtras}
|
# Include{serviceSelectorExtras}
|
||||||
- variable: dns-tcp
|
- variable: dnstcp
|
||||||
label: DNS TCP Port Configuration
|
label: DNS TCP Port Configuration
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
|
@ -681,7 +681,7 @@ questions:
|
||||||
schema:
|
schema:
|
||||||
type: int
|
type: int
|
||||||
default: 53
|
default: 53
|
||||||
- variable: dns-udp
|
- variable: dnsudp
|
||||||
label: DNS UDP Service
|
label: DNS UDP Service
|
||||||
description: The DNS UDP service
|
description: The DNS UDP service
|
||||||
schema:
|
schema:
|
||||||
|
@ -690,7 +690,7 @@ questions:
|
||||||
attrs:
|
attrs:
|
||||||
# Include{serviceSelectorLoadBalancer}
|
# Include{serviceSelectorLoadBalancer}
|
||||||
# Include{serviceSelectorExtras}
|
# Include{serviceSelectorExtras}
|
||||||
- variable: dns-udp
|
- variable: dnsudp
|
||||||
label: DNS UDP Port Configuration
|
label: DNS UDP Port Configuration
|
||||||
schema:
|
schema:
|
||||||
additional_attrs: true
|
additional_attrs: true
|
||||||
|
|
|
@ -35,6 +35,22 @@ upstream:
|
||||||
{{- $value.dnsservers | toYaml | nindent 8 }}
|
{{- $value.dnsservers | toYaml | nindent 8 }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.dnsudp.enabled }}
|
||||||
|
port: {{ .Values.service.dnsudp.ports.dnsudp.targetPort }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.dot.enabled }}
|
||||||
|
tlsPort: {{ .Values.service.dot.ports.dot.targetPort }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.http.enabled }}
|
||||||
|
httpPort: {{ .Values.service.http.ports.http.targetPort }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
|
{{- if .Values.service.https.enabled }}
|
||||||
|
httpsPort: {{ .Values.service.https.ports.https.targetPort }}
|
||||||
|
{{- end }}
|
||||||
|
|
||||||
{{- if .Values.certFile }}
|
{{- if .Values.certFile }}
|
||||||
certFile: {{ .Values.certFile }}
|
certFile: {{ .Values.certFile }}
|
||||||
{{- end }}
|
{{- end }}
|
||||||
|
|
|
@ -34,7 +34,7 @@ volumeSpec:
|
||||||
|
|
||||||
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
{{- $_ := set .Values.podAnnotations "prometheus.io/scrape" "true" -}}
|
||||||
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
{{- $_ := set .Values.podAnnotations "prometheus.io/path" "/metrics" -}}
|
||||||
{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.main.ports.main.targetPort | quote) -}}
|
{{- $_ := set .Values.podAnnotations "prometheus.io/port" (.Values.service.http.ports.http.targetPort | toString) -}}
|
||||||
|
|
||||||
{{- if .Values.blocky.enableWebUI -}}
|
{{- if .Values.blocky.enableWebUI -}}
|
||||||
{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}}
|
{{- $_ := set .Values.additionalContainers "frontend" (include "blocky.frontend" . | fromYaml) -}}
|
||||||
|
|
|
@ -77,17 +77,17 @@ service:
|
||||||
port: 10315
|
port: 10315
|
||||||
protocol: HTTP
|
protocol: HTTP
|
||||||
targetPort: 80
|
targetPort: 80
|
||||||
dns-tcp:
|
dnstcp:
|
||||||
enabled: true
|
enabled: true
|
||||||
ports:
|
ports:
|
||||||
dns-tcp:
|
dnstcp:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 53
|
port: 53
|
||||||
targetPort: 53
|
targetPort: 53
|
||||||
dns-udp:
|
dnsudp:
|
||||||
enabled: true
|
enabled: true
|
||||||
ports:
|
ports:
|
||||||
dns-udp:
|
dnsudp:
|
||||||
enabled: true
|
enabled: true
|
||||||
port: 53
|
port: 53
|
||||||
protocol: UDP
|
protocol: UDP
|
||||||
|
@ -338,9 +338,6 @@ k8sgateway:
|
||||||
- name: tls_servername
|
- name: tls_servername
|
||||||
value: cloudflare-dns.com
|
value: cloudflare-dns.com
|
||||||
|
|
||||||
unbound:
|
|
||||||
enabled: false
|
|
||||||
|
|
||||||
redis:
|
redis:
|
||||||
enabled: true
|
enabled: true
|
||||||
existingSecret: "rediscreds"
|
existingSecret: "rediscreds"
|
||||||
|
|
|
@ -14,7 +14,7 @@
|
||||||
default: true
|
default: true
|
||||||
- variable: donateNag
|
- variable: donateNag
|
||||||
group: Documentation
|
group: Documentation
|
||||||
label: Please consider supporting TrueCharts, see https://truecharts.org/docs/about/sponsor
|
label: Please consider supporting TrueCharts, see https://truecharts.org/sponsor
|
||||||
description: Please consider supporting TrueCharts, see
|
description: Please consider supporting TrueCharts, see
|
||||||
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
<br /><a href="https://truecharts.org/sponsor">https://truecharts.org/sponsor</a>
|
||||||
schema:
|
schema:
|
||||||
|
|
Loading…
Reference in New Issue