feat(helm): update blocky to 0.22.0

isac322 · Oct 17, 2023 · 143b6d2 · 143b6d2
1 parent 296a49a
commit 143b6d2
Show file tree

Hide file tree

Showing 3 changed files with 88 additions and 31 deletions.
diff --git a/charts/blocky/Chart.yaml b/charts/blocky/Chart.yaml
@@ -15,16 +15,16 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.21.0
+version: 0.22.0
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
 # It is recommended to use it with quotes.
-appVersion: "v0.21"
+appVersion: "v0.22"
 
 dependencies:
   - name: redis
     condition: redis.enabled
-    version: 17.9.5
+    version: 18.1.5
     repository: https://charts.bitnami.com/bitnami
diff --git a/charts/blocky/templates/configmap.yaml b/charts/blocky/templates/configmap.yaml
@@ -7,13 +7,15 @@ metadata:
 data:
   config.yaml: |-
     upstream:
-      default: {{- toYaml .Values.upstream.defaultUpstreams | nindent 8 }}
+      strategy: {{ .Values.upstream.strategy }}
+      groups:
+        default: {{- toYaml .Values.upstream.defaultUpstreams | nindent 10 }}
 
-      {{ with .Values.upstream.clientSpecificUpstreams }}
-      {{- toYaml . | nindent 6 }}
-      {{- end }}
+        {{ with .Values.upstream.clientSpecificUpstreams }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
 
-    upstreamTimeout: {{ .Values.upstream.timeout | quote }}
+      timeout: {{ .Values.upstream.timeout | quote }}
 
     startVerifyUpstream: {{ .Values.upstream.startVerify }}
 
@@ -54,12 +56,15 @@ data:
       clientGroupsBlock: {{- toYaml .Values.blocking.clientGroupsBlock | nindent 8 }}
       blockType: {{ .Values.blocking.blockType }}
       blockTTL: {{ .Values.blocking.blockTTL }}
-      refreshPeriod: {{ .Values.blocking.refreshPeriod }}
-      downloadTimeout: {{ .Values.blocking.downloadTimeout }}
-      downloadAttempts: {{ .Values.blocking.downloadAttempts }}
-      downloadCooldown: {{ .Values.blocking.downloadCooldown }}
-      startStrategy: {{ .Values.blocking.startStrategy }}
-      processingConcurrency: {{ .Values.blocking.processingConcurrency }}
+      loading:
+        refreshPeriod: {{ .Values.blocking.loading.refreshPeriod }}
+        downloads:
+          timeout: {{ .Values.blocking.loading.downloads.timeout }}
+          attempts: {{ .Values.blocking.loading.downloads.attempts }}
+          cooldown: {{ .Values.blocking.loading.downloads.cooldown }}
+        strategy: {{ .Values.blocking.loading.strategy }}
+        maxErrorsPerSource: {{ .Values.blocking.loading.maxErrorsPerSource }}
+        concurrency: {{ .Values.blocking.loading.concurrency }}
     {{- end }}
 
     {{- if .Values.caching.customize }}
@@ -151,14 +156,24 @@ data:
       queryTypes: {{- toYaml .Values.filtering.queryTypes | nindent 8 }}
     {{- end }}
 
-    #fqdnOnly: {{ .Values.fqdnOnly }}
+    fqdnOnly:
+      enabled: {{ .Values.fqdnOnly.enabled }}
 
     {{- if .Values.hostsFile.customize }}
     hostsFile:
       filePath: {{ .Values.hostsFile.filePath }}
       hostsTTL: {{ .Values.hostsFile.hostsTTL }}
       refreshPeriod: {{ .Values.hostsFile.refreshPeriod }}
       filterLoopback: {{ .Values.hostsFile.filterLoopback }}
+      loading:
+        refreshPeriod: {{ .Values.hostsFile.loading.refreshPeriod }}
+        downloads:
+          timeout: {{ .Values.hostsFile.loading.downloads.timeout }}
+          attempts: {{ .Values.hostsFile.loading.downloads.attempts }}
+          cooldown: {{ .Values.hostsFile.loading.downloads.cooldown }}
+        strategy: {{ .Values.hostsFile.loading.strategy }}
+        maxErrorsPerSource: {{ .Values.hostsFile.loading.maxErrorsPerSource }}
+        concurrency: {{ .Values.hostsFile.loading.concurrency }}
     {{- end }}
 
     log:
@@ -174,4 +189,7 @@ data:
     # optional: add EDE error codes to dns response
     ede:
       # enabled if true, Default: false
-      enable: {{ .Values.ede.enable }}
+      enable: {{ .Values.ede.enable }}
+
+    specialUseDomains:
+      rfc6762-appendixG: {{ .Values.specialUseDomains.rfc6762_appendixG }}
diff --git a/charts/blocky/values.yaml b/charts/blocky/values.yaml
@@ -96,6 +96,9 @@ certificate:
 ## upstream
 
 upstream:
+  # Blocky supports different upstream strategies (default `parallel_best`) that determine how and to which upstream DNS servers requests are forwarded.
+  strategy: parallel_best
+
   # these external DNS resolvers will be used. Blocky picks 2 random resolvers from the list for each query
   # format for resolver: [net:]host:[port][/path]. net could be empty (default, shortcut for tcp+udp), tcp+udp, tcp, udp, tcp-tls or https (DoH). If port is empty, default port will be used (53 for udp and tcp, 853 for tcp-tls, 443 for https (Doh))
   # this configuration is mandatory, please define at least one external DNS resolver
@@ -132,6 +135,28 @@ hostsFile:
   refreshPeriod: 1h
   # optional: Whether loopback hosts addresses (127.0.0.0/8 and ::1) should be filtered or not, default: false
   filterLoopback: false
+  loading:
+    # optional: automatically list refresh period (in duration format). Default: 4h.
+    # Negative value -> deactivate automatically refresh.
+    # 0 value -> use default
+    refreshPeriod: 4h
+    # Configures how HTTP(S) sources are downloaded
+    downloads:
+      # optional: Download attempt timeout. Default: 5s
+      timeout: 5s
+      # optional: How many download attempts should be performed. Default: 3
+      attempts: 3
+      # optional: Time between the download attempts. Default: 500ms
+      cooldown: 500ms
+    # optional: This configures how Blocky startup works. The default strategy is blocking.. Default: blocking
+    #  blocking -> all sources are loaded before DNS resolution starts
+    #  failOnError -> like blocking but blocky will shut down if any source fails to load
+    #  fast -> blocky starts serving DNS immediately and sources are loaded asynchronously. The features requiring the sources should enable soon after
+    strategy: blocking
+    # optional: Number of errors allowed when parsing a source before it is considered invalid and parsing stops. A value of -1 disables the limit. Default: 5
+    maxErrorsPerSource: 5
+    # optional: Blocky downloads and processes sources concurrently. This allows limiting how many can be processed in the same time. Larger values can reduce the overall list refresh time at the cost of using more RAM. Please consider reducing this value on systems with limited memory. Default value is 4.
+    concurrency: 4
 
 # optional: Determines how blocky will create outgoing connections. This impacts both upstreams, and lists. accepted: dual, v4, v6, default: dual
 connectIPVersion: dual
@@ -232,20 +257,28 @@ blocking:
   # optional: TTL for answers to blocked domains
   # default: 6h
   blockTTL: 6h
-  # optional: automatically list refresh period (in duration format). Default: 4h.
-  # Negative value -> deactivate automatically refresh.
-  # 0 value -> use default
-  refreshPeriod: 4h
-  # optional: timeout for list download (each url). Default: 60s. Use large values for big lists or slow internet connections
-  downloadTimeout: 60s
-  # optional: How many download attempts should be performed. Default: 3
-  downloadAttempts: 3
-  # optional: Time between the download attempts. Default: 1s
-  downloadCooldown: 1s
-  # optional: if failOnError, application startup will fail if at least one list can't be downloaded / opened. Default: blocking
-  startStrategy: failOnError
-  # optional: Blocky downloads and processes links in a single group concurrently. With parameter processingConcurrency you can adjust how many links can be processed in the same time. Higher value can reduce the overall list refresh time, but more parallel download and processing jobs need more RAM. Please consider to reduce this value on systems with limited memory. Default value is 4.
-  processingConcurrency: 4
+  loading:
+    # optional: automatically list refresh period (in duration format). Default: 4h.
+    # Negative value -> deactivate automatically refresh.
+    # 0 value -> use default
+    refreshPeriod: 4h
+    # Configures how HTTP(S) sources are downloaded
+    downloads:
+      # optional: Download attempt timeout. Default: 5s
+      timeout: 5s
+      # optional: How many download attempts should be performed. Default: 3
+      attempts: 3
+      # optional: Time between the download attempts. Default: 500ms
+      cooldown: 500ms
+    # optional: This configures how Blocky startup works. The default strategy is blocking.. Default: blocking
+    #  blocking -> all sources are loaded before DNS resolution starts
+    #  failOnError -> like blocking but blocky will shut down if any source fails to load
+    #  fast -> blocky starts serving DNS immediately and sources are loaded asynchronously. The features requiring the sources should enable soon after
+    strategy: blocking
+    # optional: Number of errors allowed when parsing a source before it is considered invalid and parsing stops. A value of -1 disables the limit. Default: 5
+    maxErrorsPerSource: 5
+    # optional: Blocky downloads and processes sources concurrently. This allows limiting how many can be processed in the same time. Larger values can reduce the overall list refresh time at the cost of using more RAM. Please consider reducing this value on systems with limited memory. Default value is 4.
+    concurrency: 4
 
 # optional: Under certain circumstances, it may be useful to filter some types of DNS queries. You can define one or more DNS query types, all queries with these types will be dropped (empty answer will be returned).
 filtering:
@@ -254,7 +287,8 @@ filtering:
   queryTypes: []
 
 # optional: In domain environments, it may be useful to only response to FQDN requests. If this option is enabled blocky respond immediately with NXDOMAIN if the request is not a valid FQDN. The request is therefore not further processed by other options like custom or conditional. Please be aware that by enabling it your hostname resolution will break unless every hostname is part of a domain.
-fqdnOnly: false
+fqdnOnly:
+  enabled: false
 
 #####
 ## DNS caching
@@ -345,6 +379,11 @@ prometheus:
     annotations: {}
     honorLabels: false
 
+# optional: SUDN (Special Use Domain Names) are always enabled as they are required by various RFCs.
+# Some RFCs have optional recommendations, which are configurable as described below.
+specialUseDomains:
+  # Block TLDs listed in RFC 6762 Appendix G
+  rfc6762_appendixG: true
 
 
 #####