scale-catalog/premium/blocky/15.2.1/ix_values.yaml
Julian Haseleu 5d1ab94342 cleanup
2024-07-14 21:54:53 +00:00

381 lines
10 KiB
YAML

image:
repository: spx01/blocky
tag: v0.24@sha256:faa286a50d74a256513493ec26a9cf73793067369c0a2fd4fbb533ade4da3229
pullPolicy: IfNotPresent
k8sgatewayImage:
repository: quay.io/oriedge/k8s_gateway
pullPolicy: IfNotPresent
tag: v0.4.0@sha256:7bdbd447c0244b8f89de9cd6f4826ed0ac66c9406fac3a4ac80081020c251c6b
workload:
main:
replicas: 2
strategy: RollingUpdate
podSpec:
containers:
main:
probes:
liveness:
enabled: false
type: exec
command:
- /app/blocky
- healthcheck
readiness:
enabled: false
type: exec
command:
- /app/blocky
- healthcheck
startup:
enabled: false
type: exec
command:
- /app/blocky
- healthcheck
# -- Blocky Config File content
blockyConfig: {}
# upstream:
# default:
# - 1.1.1.1
# -- some general blocky settings
blocky:
# -- Enable prometheus annotations
enablePrometheus: true
service:
main:
enabled: true
ports:
main:
enabled: true
port: 4000
protocol: http
targetPort: 4000
dns:
enabled: true
ports:
dns:
enabled: true
port: 53
protocol: udp
targetPort: 53
dnstcp:
enabled: true
protocol: tcp
port: "{{ .Values.service.dns.ports.dns.port }}"
targetPort: 53
dot:
enabled: true
ports:
dot:
enabled: true
port: 853
protocol: tcp
targetPort: 853
https:
enabled: true
ports:
https:
enabled: true
port: 4443
protocol: https
targetPort: 4443
k8sgateway:
enabled: true
ports:
k8sgateway:
enabled: true
port: 5353
protocol: udp
targetPort: 5353
## TODO Add support for SCALE certificates and certificates secrets here
certFile: ""
keyFile: ""
logLevel: info
logFormat: text
logTimestamp: true
logPrivacy: false
dohUserAgent: ""
minTlsServeVersion: 1.2
# -- set the default DNS upstream servers
# Primarily designed for inclusion in the TrueNAS SCALE GUI
defaultUpstreams:
# Cloudflare
- 1.1.1.1
- 1.0.0.1
# Google
- 8.8.8.8
- 8.8.4.4
# Quad9
- 9.9.9.9
- 149.112.112.112
# OpenDNS
- 208.67.222.222
- 208.67.220.220
# ComodoSecure DNS
- 8.26.56.26
- 8.20.247.20
# -- set additional upstreams
# Primarily designed for inclusion in the TrueNAS SCALE GUI
upstreams:
# - name: group2
# dnsservers:
# - 1.1.1.1
# -- set bootstrap dns (not needed)
# Ensures bootstrap encryption and ensure it doesn't use k8s dns
bootstrapDns:
# -- Upstream
upstream: ""
# -- IP's linked to upstream DoT/DoH DNS name
ips: []
# -- set additional bootstrap dns (not needed, only used if bootstrapDns is set)
additionalBootstrapDns: []
# - upstream: ""
# ips: []
# -- Return empty answer for these queries
filtering:
# -- Ensures filtering by query type
queryTypes: []
# -- Set manual custom DNS resolution
customDNS:
customTTL: 1h
filterUnmappedTypes: true
rewrite: []
# - in: something.com
# out: somethingelse.com
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- Setup client-name lookup
clientLookup:
# -- upstream used for client-name lookup
upstream: ""
singleNameOrder: []
clients:
# - domain: laptop
# ips: []
# -- Setup caching
caching:
minTime: 15m
maxTime: 0
maxItemsCount: 0
prefetching: true
prefetchExpires: 12h
prefetchThreshold: 5
prefetchMaxItemsCount: 0
cacheTimeNegative: 30m
# -- set conditional settings
# Primarily designed for inclusion in the TrueNAS SCALE GUI
conditional:
rewrite: []
# - in: something.com
# out: somethingelse.com
mapping: []
# - domain: something.com
# dnsserver: 192.168.178.1
# -- set blocking settings using Lists
# Primarily designed for inclusion in the TrueNAS SCALE GUI
blocking:
# -- Sets the blocktype
blockType: nxDomain
# -- Sets the block ttl
blockTTL: 6h
# -- Sets the block refreshPeriod
refreshPeriod: 4h
# -- Sets the block download timeout
downloadTimeout: 60s
# -- Sets the block download attempt count
downloadAttempts: 3
# -- Sets the block download cooldown
downloadCooldown: 5s
# -- Set the start strategy (blocking | failOnError | fast)
startStrategy: fast
# -- Sets how many list-groups can be processed at the same time
processingConcurrency: 8
# -- Add blocky whitelists
# `default` name is reservered for TrueCharts included default whitelist
# example shows the structure, though name should be changed when used
whitelist:
[]
# - name: default
# lists:
# - https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/optional-list.txt
# - https://raw.githubusercontent.com/anudeepND/whitelist/master/domains/whitelist.txt
# - https://raw.githubusercontent.com/rahilpathan/pihole-whitelist/main/1.LowWL.txt
# -- Blocky blacklists
# `default` name is reservered for TrueCharts included default blacklist
# example shows the structure, though name should be changed when used
blacklist:
[]
# - name: default
# lists:
# - https://big.oisd.nl/domainswild
# -- Blocky clientGroupsBlock
clientGroupsBlock:
- name: default
groups:
- default
# -- configure using hostsfile for lookups
# Allows for using the hosts configured in kubernetes and such
hostsFile:
enabled: false
filePath: /etc/hosts
hostsTTL: 60m
refreshPeriod: 30m
podOptions:
automountServiceAccountToken: true
portal:
open:
enabled: false
serviceAccount:
main:
# -- Specifies whether a service account should be created
enabled: true
primary: true
# -- Create a ClusterRole and ClusterRoleBinding
# @default -- See below
rbac:
main:
# -- Enables or disables the ClusterRole and ClusterRoleBinding
enabled: true
primary: true
clusterWide: true
# -- Set Rules on the ClusterRole
rules:
- apiGroups:
- ""
resources:
- services
- namespaces
verbs:
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
- list
- watch
k8sgateway:
enabled: true
# -- TTL for non-apex responses (in seconds)
ttl: 300
# -- Limit what kind of resources to watch, e.g. watchedResources: ["Ingress"]
watchedResources: []
# -- Service name of a secondary DNS server (should be `serviceName.namespace`)
secondary: ""
# -- Override the default `serviceName.namespace` domain apex
apex: ""
# -- list of processed domains
domains: []
# -- Delegated domain
# - domain: "example.com"
# # -- Optional configuration option for DNS01 challenge that will redirect all acme
# # challenge requests to external cloud domain (e.g. managed by cert-manager)
# # See: https://cert-manager.io/docs/configuration/acme/dns01/
# dnsChallenge:
# enabled: false
# domain: dns01.clouddns.com
forward:
enabled: false
primary: tls://1.1.1.1
secondary: tls://1.0.0.1
options:
- name: tls_servername
value: cloudflare-dns.com
configmap:
dashboard:
enabled: true
labels:
grafana_dashboard: "1"
data:
blocky.json: >-
{{ .Files.Get "dashboard.json" | indent 8 }}
blockypostgres.json: >-
{{ .Files.Get "dashboardpsql.json" | indent 8 }}
datasource:
enabled: true
labels:
grafana_datasources: "1"
data:
datasourceblockypsql.yaml: |-
apiVersion: 1
datasources:
- name: BlockyPostgres
type: postgres
uid: blockypostgres
url: {{ printf "%s.%s:5432" (.Values.cnpg.main.creds.host | trimAll "\"") .Release.Namespace }}
access: proxy
user: {{ .Values.cnpg.main.user }}
secureJsonData:
password: {{ .Values.cnpg.main.creds.password | default "na" }}
jsonData:
database: {{ .Values.cnpg.main.database }}
sslmode: 'disable' # disable/require/verify-ca/verify-full
maxOpenConns: 100 # Grafana v5.4+
maxIdleConns: 100 # Grafana v5.4+
maxIdleConnsAuto: true # Grafana v9.5.1+
connMaxLifetime: 14400 # Grafana v5.4+
postgresVersion: 1500 # 903=9.3, 904=9.4, 905=9.5, 906=9.6, 1000=10
timescaledb: false
metrics:
main:
# -- Enable and configure a Prometheus serviceMonitor for the chart under this key.
# @default -- See values.yaml
enabled: true
type: "servicemonitor"
endpoints:
- port: main
path: /metrics
# -- Enable and configure Prometheus Rules for the chart under this key.
# @default -- See values.yaml
prometheusRule:
enabled: false
labels: {}
# -- Configure additionial rules for the chart under this key.
# @default -- See prometheusrules.yaml
rules: []
# - alert: UnifiPollerAbsent
# annotations:
# description: Unifi Poller has disappeared from Prometheus service discovery.
# summary: Unifi Poller is down.
# expr: |
# absent(up{job=~".*unifi-poller.*"} == 1)
# for: 5m
# labels:
# severity: critical
redis:
enabled: true
includeCommon: true
# CANNOT be defined in above yaml section
queryLog:
# optional one of: mysql, postgresql, csv, csv-client. If empty, log to console
type: "postgresql"
# directory (should be mounted as volume in docker) for csv, db connection string for mysql, ignored for included postgresql
# target: /var/log/something
# postgresql target: postgres://user:password@db_host_or_ip:5432/db_name
# if > 0, deletes log files which are older than ... days
logRetentionDays: 0
# optional: Max attempts to create specific query log writer, default: 3
creationAttempts: 3
# optional: Time between the creation attempts, default: 2s
creationCooldown: 2s
cnpg:
main:
enabled: true
user: blocky
database: blocky