DaJeffers/k8s-at-home-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
5119815aea3f3a052e29f0c413271cf8fbebe482
k8s-at-home-charts/charts/stable/blocky/values.yaml
Bᴇʀɴᴅ Sᴄʜᴏʀɢᴇʀs 5119815aea [meta] Split incubator / stable charts (#688)
2021-03-18 13:11:24 +01:00

230 lines
8.4 KiB
YAML
Raw Blame History

image:
repository: spx01/blocky
tag: v0.12
pullPolicy: IfNotPresent
nameOverride: ""
fullnameOverride: ""
replicas: 1
timeZone: "UTC"
# Blocky configuration, for a full list of options see
# https://github.com/0xERR0R/blocky/blob/master/docs/config.yml
config: |
upstream:
# these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
# format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
externalResolvers:
- 46.182.19.48
- 80.241.218.68
- tcp-tls:fdns1.dismail.de:853
- https://dns.digitale-gesellschaft.ch/dns-query
# optional: custom IP address for domain name (with all sub-domains)
# example: query "printer.lan" or "my.printer.lan" will return 192.168.178.3
customDNS:
mapping:
printer.lan: 192.168.178.3
# optional: definition, which DNS resolver(s) should be used for queries to the domain (with all sub-domains). Multiple resolvers must be separated by comma
# Example: Query client.fritz.box will ask DNS server 192.168.178.1. This is necessary for local network, to resolve clients by host name
conditional:
mapping:
fritz.box: udp:192.168.178.1
lan.net: udp:192.168.178.1,udp:192.168.178.2
# optional: use black and white lists to block queries (for example ads, trackers, adult pages etc.)
blocking:
# definition of blacklist groups. Can be external link (http/https) or local file
blackLists:
ads:
- https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://mirror1.malwaredomains.com/files/justdomains
- http://sysctl.org/cameleon/hosts
- https://zeustracker.abuse.ch/blocklist.php?download=domainblocklist
- https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
special:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews/hosts
# definition of whitelist groups. Attention: if the same group has black and whitelists, whitelists will be used to disable particular blacklist entries. If a group has only whitelist entries -> this means only domains from this list are allowed, all other domains will be blocked
whiteLists:
ads:
- whitelist.txt
# definition: which groups should be applied for which client
clientGroupsBlock:
# default will be used, if no special definition for a client name exists
default:
- ads
- special
# use client name (with wildcard support: * - sequence of any characters, [0-9] - range)
# or single ip address / client subnet as CIDR notation
laptop*:
- ads
192.168.178.1/24:
- special
# which response will be sent, if query is blocked:
# zeroIp: 0.0.0.0 will be returned (default)
# nxDomain: return NXDOMAIN as return code
# comma separated list of destination IP adresses (for example: 192.100.100.15, 2001:0db8:85a3:08d3:1319:8a2e:0370:7344). Should contain ipv4 and ipv6 to cover all query types. Useful with running web server on this address to display the "blocked" page.
blockType: zeroIp
# optional: automatically list refresh period in minutes. Default: 4h.
# Negative value -> deactivate automatically refresh.
# 0 value -> use default
refreshPeriod: 0
# optional: configuration for caching of DNS responses
caching:
# amount in minutes, how long a response must be cached (min value).
# If <=0, use response's TTL, if >0 use this value, if TTL is smaller
# Default: 0
minTime: 5
# amount in minutes, how long a response must be cached (max value).
# If <0, do not cache responses
# If 0, use TTL
# If > 0, use this value, if TTL is greater
# Default: 0
maxTime: -1
# if true, will preload DNS results for often used queries (names queried more than 5 times in a 2 hour time window)
# this improves the response time for often used queries, but significantly increases external traffic
# default: false
prefetching: true
# optional: configuration of client name resolution
clientLookup:
# optional: this DNS resolver will be used to perform reverse DNS lookup (typically local router)
upstream: udp:192.168.178.1
# optional: some routers return multiple names for client (host name and user defined name). Define which single name should be used.
# Example: take second name if present, if not take first name
singleNameOrder:
- 2
- 1
# optional: custom mapping of client name to IP addresses. Useful if reverse DNS does not work properly or just to have custom client names.
clients:
laptop:
- 192.168.178.29
# optional: configuration for prometheus metrics endpoint
# prometheus:
# # enabled if true
# enable: true
# # url path, optional (default '/metrics')
# path: /metrics
# optional: write query information (question, answer, client, duration etc) to daily csv file
# queryLog:
# # directory (should be mounted as volume in docker)
# dir: /logs
# # if true, write one file per client. Writes all queries to single file otherwise
# perClient: true
# # if > 0, deletes log files which are older than ... days
# logRetentionDays: 7
# optional: DNS listener port and bind ip address, default 53 (UDP and TCP). Example: 53, :53, 127.0.0.1:53
port: 53
# optional: HTTP listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH ...
httpPort: 4000
# optional: HTTPS listener port, default 0 = no http listener. If > 0, will be used for prometheus metrics, pprof, REST API, DoH...
#httpsPort: 443
# mandatory, if https port > 0: path to cert and key file for SSL encryption
#httpsCertFile: server.crt
#httpsKeyFile: server.key
# optional: use this DNS server to resolve blacklist urls and upstream DNS servers (DOH). Useful if no DNS resolver is configured and blocky needs to resolve a host name. Format net:IP:port, net must be udp or tcp
bootstrapDns: tcp:1.1.1.1
# optional: Log level (one from debug, info, warn, error). Default: info
logLevel: info
# optional: Log format (text or json). Default: text
logFormat: text
## Add persistence for query logs (if enabled)
persistence:
enabled: false
# storageClassName: default
accessModes:
- ReadWriteOnce
size: 10Gi
# annotations: {}
finalizers:
- kubernetes.io/pvc-protection
# selectorLabels: {}
# subPath: ""
# existingClaim:
# Probes configuration
probes:
liveness:
failureThreshold: 5
periodSeconds: 10
readiness:
failureThreshold: 5
periodSeconds: 10
startup:
initialDelaySeconds: 5
failureThreshold: 30
periodSeconds: 10
service:
type: ClusterIP
# externalTrafficPolicy: Local
# loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: blocky-svc
serviceTCP:
enabled: false
externalIPs: []
type: NodePort
externalTrafficPolicy: Local
loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: blocky-svc
serviceUDP:
enabled: true
externalIPs: []
type: NodePort
externalTrafficPolicy: Local
loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: blocky-svc
serviceMonitor:
enabled: false
additionalLabels: {}
## Pod Annotations
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "api"
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# memory: 500Mi
# requests:
# cpu: 50m
# memory: 275Mi
nodeSelector: {}
tolerations: []
affinity: {}
## Add any extra files you want populated to /app here, e.g.:
# extraLists:
# whitelist.txt: |
# analytics.google.com
# googleadservices.com
extraLists: {}
Reference in New Issue View Git Blame Copy Permalink