TrueChartsClone/charts/enterprise/blocky/values.yaml

380 lines
8.7 KiB
YAML

image:
# repository: spx01/blocky
# tag: development@sha256:ddb35986cbc924de11cd37ccf625ff6bd0896fad456e57ee9c0bd67bd034770e
repository: tccr.io/truecharts/blocky
tag: v0.19@sha256:77a474542f12f480deca33ff0a6375846918b86988c13f858620839d8818ca84
pullPolicy: IfNotPresent
WebUIImage:
repository: tccr.io/truecharts/blocky-frontend
tag: v0.0.3@sha256:81058f20520dcdb80c9883b6f21b338446fefc333e3ca8bd7d17336a24a5d842
pullPolicy: IfNotPresent
k8sgatewayImage:
repository: tccr.io/truecharts/k8s_gateway
pullPolicy: IfNotPresent
tag: 0.3.3@sha256:246e7006afaf57a398b02e417a31d6f14fb43562901388772778f60be586b807
controller:
# -- Set additional annotations on the deployment/statefulset/daemonset
# -- Number of desired pods
replicas: 2
# -- Set the controller upgrade strategy
# For Deployments, valid values are Recreate (default) and RollingUpdate.
# For StatefulSets, valid values are OnDelete and RollingUpdate (default).
# DaemonSets ignore this.
strategy: RollingUpdate
# -- Blocky Config File content
blockyConfig: {}
# upstream:
# default:
# - 1.1.1.1
# -- Configures blocky webUI
# Requires apiURL or ingress
webUI:
# -- Enable the WebUI
enabled: true
# -- url to the api, used by the WebUI. Only required when not using ingress
apiURL: "127.0.0.1:4000"
# -- some general blocky settings
blocky:
# -- Enable prometheus annotations
enablePrometheus: true
probes:
liveness:
enabled: false
# TODO: Enable after v0.20 is released.
# Current version does not include the healthcheck command
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /app/blocky
# - healthcheck
readiness:
enabled: false
# TODO: Enable after v0.20 is released.
# Current version does not include the healthcheck command
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /app/blocky
# - healthcheck
startup:
enabled: false
# TODO: Enable after v0.20 is released.
# Current version does not include the healthcheck command
# enabled: true
# custom: true
# spec:
# exec:
# command:
# - /app/blocky
# - healthcheck
service:
main:
ports:
main:
port: 10315
protocol: HTTP
targetPort: 80
dnstcp:
enabled: true
ports:
dnstcp:
enabled: true
port: 53
targetPort: 53
dnsudp:
enabled: true
ports:
dnsudp:
enabled: true
port: 53
protocol: UDP
targetPort: 53
dot:
enabled: true
ports:
dot:
enabled: true
port: 853
protocol: TCP
targetPort: 853
http:
enabled: true
ports:
http:
enabled: true
port: 4000
protocol: HTTP
targetPort: 4000
https:
enabled: true
ports:
https:
enabled: true
port: 4443
protocol: HTTPS
targetPort: 4443
k8sgateway:
enabled: true
ports:
k8sgateway:
enabled: true
port: 5353
protocol: UDP
targetPort: 5353
## TODO Add support for SCALE certificates and certificates secrets here
certFile: ""
keyFile: ""
logLevel: info
logFormat: text
logTimestamp: true
logPrivacy: false
dohUserAgent: ""
minTlsServeVersion: 1.2
# -- set the default DNS upstream servers
# Primarily designed for inclusion in the TrueNAS SCALE GUI
defaultUpstreams:
- 1.1.1.1
- 1.0.0.1
- 8.8.8.8
- 8.8.4.4
- 9.9.9.9
- 149.112.112.112
- 208.67.222.222
- 208.67.220.220
- 8.26.56.26
- 8.20.247.20
- 185.228.168.9
- 185.228.169.9
- 76.76.19.19
- 76.223.122.150
- 76.76.2.0
- 76.76.10.0
# -- set additional upstreams
# Primarily designed for inclusion in the TrueNAS SCALE GUI
upstreams:
# - name: group2
# dnsservers:
# - 1.1.1.1
# -- set bootstrap dns (not needed)
# Ensures bootstrap encryption and ensure it doesn't use k8s dns
bootstrapDns:
# -- Upstream
upstream: ""
# -- IP's linked to upstream DoT/DoH DNS name
ips: []
# -- Return empty answer for these queries
filtering:
# -- Ensures filtering by query type
queryTypes: []
# -- Set manual custom DNS resolution
customDNS:
customTTL: 1h
filterUnmappedTypes: true
rewrite: []
# - in: something.com
# out: somethingelse.com
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- Setup client-name lookup
clientLookup:
# -- upstream used for client-name lookup
upstream: ""
singleNameOrder: []
clients:
# - domain: laptop
# ips: []
# -- Setup caching
caching:
minTime: 5m
maxTime: 30m
maxItemsCount: 0
prefetching: false
prefetchExpires: 2h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
# -- set conditional settings
# Primarily designed for inclusion in the TrueNAS SCALE GUI
conditional:
rewrite: []
# - in: something.com
# out: somethingelse.com
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- set blocking settings using Lists
# Primarily designed for inclusion in the TrueNAS SCALE GUI
blocking:
# -- Sets the blocktype
blockType: nxDomain
# -- Sets the block ttl
blockTTL: 6h
# -- Sets the block refreshPeriod
refreshPeriod: 4h
# -- Sets the block download timeout
downloadTimeout: 60s
# -- Sets the block download attempt count
downloadAttempts: 3
# -- Sets the block download cooldown
downloadCooldown: 2s
# -- Set to fail start of lists cannot be downloaded
failStartOnListError: false
# -- Sets how many list-groups can be processed at the same time
processingConcurrency: 4
# -- Add blocky whitelists
whitelist: []
# - name: ads
# lists:
# - https://someurl.com/list.txt
# - /somefile.txt
# -- Blocky blacklists
blacklist: []
# - name: ads
# lists:
# - https://someurl.com/list.txt
# - /somefile.txt
# -- Blocky clientGroupsBlock
clientGroupsBlock: []
# - name: default
# groups:
# - ads
# -- configure using hostsfile for lookups
# Allows for using the hosts configured in kubernetes and such
hostsFile:
enabled: false
filePath: /etc/hosts
hostsTTL: 60m
refreshPeriod: 30m
## TODO: add this with postgresql support as well
# queryLog:
# type: csv
# target: /logs
# logRetentionDays: 0
# creationAttempts: 3
# CreationCooldown: 2
portal:
enabled: true
serviceAccount:
main:
# -- Specifies whether a service account should be created
enabled: true
# -- Create a ClusterRole and ClusterRoleBinding
# @default -- See below
rbac:
main:
# -- Enables or disables the ClusterRole and ClusterRoleBinding
enabled: true
# -- Set Rules on the ClusterRole
rules:
- apiGroups:
- ""
resources:
- services
- namespaces
verbs:
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- watch
k8sgateway:
enabled: true
# -- TTL for non-apex responses (in seconds)
ttl: 300
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
watchedResources: []
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
secondary: ""
# -- Override the default `serviceName.namespace` domain apex
apex: ""
# -- list of processed domains
domains: []
# -- Delegated domain
# - domain: "example.com"
# # -- Optional configuration option for DNS01 challenge that will redirect all acme
# # challenge requests to external cloud domain (e.g. managed by cert-manager)
# # See: https://cert-manager.io/docs/configuration/acme/dns01/
# dnsChallenge:
# enabled: false
# domain: dns01.clouddns.com
forward:
enabled: false
primary: tls://1.1.1.1
secondary: tls://1.0.0.1
options:
- name: tls_servername
value: cloudflare-dns.com
metrics:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: true
serviceMonitor:
interval: 1m
scrapeTimeout: 30s
labels: {}
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules:
[]
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
redis:
enabled: true
existingSecret: "rediscreds"