K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update for adguard-home app

Browse Source
This commit is contained in:
Edward Cheng
2024-06-14 16:32:49 +10:00
parent 8b1ded50cd
commit 11a46ec0b6
9 changed files with 451 additions and 60 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
kubernetes/apps/adguard-home/adguard-home.yaml
View File

@@ -4,7 +4,9 @@ metadata:
name: adguard-home
namespace: flux-system
spec:
interval: 1h
interval: 10m
timeout: 1m30s
retryInterval: 30s
targetNamespace: flux-system
path: ./kubernetes/apps/adguard-home/app
prune: true

76
kubernetes/apps/adguard-home/app/deployment.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: adguard-home
namespace: adguard-home
labels:
app.kubernetes.io/name: adguard-home
spec:
selector:
matchLabels:
app.kubernetes.io/name: adguard-home
template:
metadata:
labels:
app.kubernetes.io/name: adguard-home
spec:
containers:
- name: adguard-home
image: adguard/adguardhome:v0.107.51
ports:
- protocol: TCP
containerPort: 53
name: dns-tcp
- protocol: UDP
containerPort: 53
name: dns-udp
- protocol: UDP
containerPort: 67
name: dhcps-udp
- protocol: UDP
containerPort: 68
name: dhcpc-udp
- protocol: TCP
containerPort: 80
name: http-tcp
- protocol: TCP
containerPort: 443
name: https-tcp
- protocol: UDP
containerPort: 443
name: https-udp
- protocol: TCP
containerPort: 853
name: dns-tls-tcp
- protocol: UDP
containerPort: 853
name: dns-tls-udp
- protocol: TCP
containerPort: 3000
name: http-alt-tcp
- protocol: UDP
containerPort: 3000
name: http-alt-udp
- protocol: TCP
containerPort: 5443
name: dnscrypt-tcp
- protocol: UDP
containerPort: 5443
name: dnscrypt-udp
- protocol: TCP
containerPort: 6060
name: http-pprof
volumeMounts:
- name: adguard-home-data
mountPath: /opt/adguardhome/work
- name: adguard-home-config
mountPath: /opt/adguardhome/config
volumes:
- name: adguard-home-data
hostPath:
path: /mnt/nfs/AppData/adguardhome/work
type: Directory
- name: adguard-home-config
hostPath:
path: /mnt/nfs/AppData/adguardhome/conf
type: Directory

32
kubernetes/apps/adguard-home/app/ingress.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: adguard-home-ingress
namespace: flux-system
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
nginx.ingress.kubernetes.io/use-regex: "true"
nginx.ingress.kubernetes.io/rewrite-target: /$2
spec:
ingressClassName: nginx
rules:
- host: "adguard-home.cluster.local"
http:
paths:
- pathType: ImplementationSpecific
path: "/"
backend:
service:
name: adguard-home
port:
number: 10080
- host: "setup.adguard-home.cluster.local"
http:
paths:
- pathType: ImplementationSpecific
path: "/"
backend:
service:
name: adguard-home
port:
number: 13000

53
kubernetes/apps/adguard-home/app/release.yaml
View File

@@ -1,53 +0,0 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: adguard-home
namespace: adguard-home
spec:
releaseName: adguard-home
chart:
spec:
chart: adguard-home
sourceRef:
kind: HelmRepository
name: truecharts
namespace: flux-system
interval: 5m
install:
remediation:
retries: 3
values:
service:
main:
ports:
main:
port: 10080
protocol: http
setup:
enabled: true
ports:
setup:
enabled: true
port: 13000
targetPort: 3000
persistence:
config:
enabled: true
hostPath: /mnt/nfs/AppData/adguardhome/conf
type: hostPath
work:
enabled: true
hostPath: /mnt/nfs/AppData/adguardhome/work
type: hostPath
portal:
open:
enabled: true
volumeMounts:
- name: work
mountPath: /opt/adguardhome/work
readOnly: false
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false

69
kubernetes/apps/adguard-home/app/service.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: Service
metadata:
name: adguard-home
namespace: adguard-home
labels:
app.kubernetes.io/name: adguard-home
spec:
selector:
app.kubernetes.io/name: adguard-home
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 53
targetPort: 53
name: dns-tcp
- protocol: UDP
port: 53
targetPort: 53
name: dns-udp
- protocol: UDP
port: 67
targetPort: 67
name: dhcps-udp
- protocol: UDP
port: 68
targetPort: 68
name: dhcpc-udp
- protocol: TCP
port: 10080
targetPort: 80
name: http-tcp
- protocol: TCP
port: 443
targetPort: 443
name: https-tcp
- protocol: UDP
port: 443
targetPort: 443
name: https-udp
- protocol: TCP
port: 853
targetPort: 853
name: dns-tls-tcp
- protocol: UDP
port: 853
targetPort: 853
name: dns-tls-udp
- protocol: TCP
port: 13000
targetPort: 3000
name: https-alt-tcp
- protocol: UDP
port: 13000
targetPort: 3000
name: https-alt-udp
- protocol: TCP
port: 5443
targetPort: 5443
name: dnscrypt-tcp
- protocol: UDP
port: 5443
targetPort: 5443
name: dnscrypt-udp
- protocol: TCP
port: 6060
targetPort: 6060
name: https-pprof

265
kubernetes/apps/adguard-home/values.yaml Normal file
View File

@@ -0,0 +1,265 @@
#
# IMPORTANT NOTE
#
# This chart inherits from our common library chart. You can check the default values/options here:
# https://github.com/bjw-s/helm-charts/blob/a081de5/charts/library/common/values.yaml
#
env:
# -- Set the container timezone
TZ: Australia/Sydney
controllers:
main:
enabled: true
type: deployment
replicas: 1
containers:
main:
image:
repository: adguard/adguardhome
tag: v0.107.50
pullPolicy: IfNotPresent
service:
# -- Configures settings for the main service.
# @default -- See [values.yaml](./values.yaml)
main:
enabled: true
controller: main
ports:
web-setup:
enabled: true
port: 3000
web-panel:
enabled: true
port: 80
# -- Configures settings for the TCP DNS service.
# @default -- See [values.yaml](./values.yaml)
dns-tcp:
enabled: true
controller: main
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: adguard-home
ports:
dns-tcp:
enabled: true
port: 53
dns-over-tls:
enabled: true
port: 853
# -- Configures settings for the UDP DNS service.
# @default -- See [values.yaml](./values.yaml)
dns-udp:
enabled: true
controller: main
type: LoadBalancer
externalTrafficPolicy: Local
annotations:
metallb.universe.tf/allow-shared-ip: adguard-home
ports:
dns-udp:
enabled: true
protocol: UDP
port: 53
dns-over-quic:
enabled: true
protocol: UDP
port: 784
ingress:
# -- Enable and configure ingress settings for the chart under this key.
# @default -- See [values.yaml](./values.yaml)
main:
enabled: false
# hosts:
# - host: chart-example.local
# paths:
# - path: /
# tls:
# - secretName: chart-example.local
# hosts:
# - chart-example.local
persistence:
# -- Configure config persistence settings for the chart under this key.
# @default -- See [values.yaml](./values.yaml)
config:
enabled: true
type: hostPath
hostPath: /mnt/nfs/AppData/adguardhome/conf
hostPathType: DirectoryOrCreate
# storageClass: ""
# accessMode: ReadWriteOnce
# size: 4Gi
# -- Configure data persistence settings for the chart under this key.
# @default -- See [values.yaml](./values.yaml)
data:
enabled: true
type: hostPath
hostPath: /mnt/nfs/AppData/adguardhome/work
hostPathType: DirectoryOrCreate
# storageClass: ""
# accessMode: ReadWriteOnce
# size: 4Gi
# -- Default AdGuard Home config file.
# This will only be copied if an existing config does not exist.
# [[ref]](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration)
# @default -- See [values.yaml](./values.yaml)
config: |
bind_host: 0.0.0.0
bind_port: 80
users: []
auth_attempts: 5
block_auth_min: 15
http_proxy: ""
language: ""
theme: auto
debug_pprof: false
web_session_ttl: 720
dns:
bind_hosts:
- 0.0.0.0
port: 53
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
upstream_dns_file: ""
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
fastest_timeout: 1s
allowed_clients: []
disallowed_clients: []
blocked_hosts:
- version.bind
- id.server
- hostname.bind
trusted_proxies:
- 127.0.0.0/8
- ::1/128
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
cache_optimistic: false
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet:
custom_ip: ""
enabled: false
use_custom: false
max_goroutines: 300
handle_ddr: true
ipset: []
ipset_file: ""
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
upstream_timeout: 10s
private_networks: []
use_private_ptr_resolvers: true
local_ptr_upstreams: []
use_dns64: false
dns64_prefixes: []
serve_http3: false
use_http3_upstreams: false
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
port_dns_over_quic: 853
port_dnscrypt: 0
dnscrypt_config_file: ""
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
strict_sni_check: false
querylog:
enabled: true
file_enabled: true
interval: 2160h
size_memory: 1000
ignored: []
statistics:
enabled: true
interval: 1
ignored: []
filters:
- enabled: true
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt
name: AdAway Default Blocklist
id: 2
whitelist_filters: []
user_rules: []
dhcp:
enabled: false
interface_name: ""
local_domain_name: lan
dhcpv4:
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
options: []
dhcpv6:
range_start: ""
lease_duration: 86400
ra_slaac_only: false
ra_allow_slaac: false
clients:
runtime_sources:
whois: true
arp: true
rdns: true
dhcp: true
hosts: true
persistent: []
log_file: ""
log_max_backups: 0
log_max_size: 100
log_max_age: 3
log_compress: false
log_localtime: false
verbose: false
os:
group: ""
user: ""
rlimit_nofile: 0
schema_version: 17

8
kubernetes/infrastructure/ingress-nginx/ingress.yaml → kubernetes/apps/capacitor/app/ingress.yaml
View File

@@ -1,7 +1,7 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: cluster-ingress
name: capacitor-ingress
namespace: flux-system
annotations:
nginx.ingress.kubernetes.io/ssl-redirect: "false"
@@ -13,17 +13,17 @@ spec:
- host: "capacitor.edward.sydney"
http:
paths:
- pathType: Prefix
- pathType: ImplementationSpecific
path: "/"
backend:
service:
name: capacitor
port:
number: 9100
- host: "capacitor.local"
- host: "capacitor.cluster.local"
http:
paths:
- pathType: Prefix
- pathType: ImplementationSpecific
path: "/"
backend:
service:

2
kubernetes/infrastructure/ingress-nginx/kustomization.yaml
View File

@@ -3,4 +3,4 @@ kind: Kustomization
resources:
- ingress-nginx.yaml
- ingress-nginx-config.yaml
- ingress.yaml
- ../../apps/adguard-home/app/ingress.yaml

2
kubernetes/infrastructure/kustomization.yaml
View File

@@ -5,4 +5,4 @@ resources:
- ./cilium/cilium.yaml
- ./ingress-nginx/ingress-nginx-config.yaml
- ./ingress-nginx/ingress-nginx.yaml
- ./ingress-nginx/ingress.yaml
- ../apps/adguard-home/app/ingress.yaml