From 11a46ec0b63a28d6c7617f479ea7ca08948e2c01 Mon Sep 17 00:00:00 2001 From: Edward Cheng Date: Fri, 14 Jun 2024 16:32:49 +1000 Subject: [PATCH] update for adguard-home app --- .../apps/adguard-home/adguard-home.yaml | 4 +- .../apps/adguard-home/app/deployment.yaml | 76 +++++ kubernetes/apps/adguard-home/app/ingress.yaml | 32 +++ kubernetes/apps/adguard-home/app/release.yaml | 53 ---- kubernetes/apps/adguard-home/app/service.yaml | 69 +++++ kubernetes/apps/adguard-home/values.yaml | 265 ++++++++++++++++++ .../capacitor/app}/ingress.yaml | 8 +- .../ingress-nginx/kustomization.yaml | 2 +- kubernetes/infrastructure/kustomization.yaml | 2 +- 9 files changed, 451 insertions(+), 60 deletions(-) create mode 100644 kubernetes/apps/adguard-home/app/deployment.yaml create mode 100644 kubernetes/apps/adguard-home/app/ingress.yaml delete mode 100644 kubernetes/apps/adguard-home/app/release.yaml create mode 100644 kubernetes/apps/adguard-home/app/service.yaml create mode 100644 kubernetes/apps/adguard-home/values.yaml rename kubernetes/{infrastructure/ingress-nginx => apps/capacitor/app}/ingress.yaml (78%) diff --git a/kubernetes/apps/adguard-home/adguard-home.yaml b/kubernetes/apps/adguard-home/adguard-home.yaml index 7d1a350..ce20174 100644 --- a/kubernetes/apps/adguard-home/adguard-home.yaml +++ b/kubernetes/apps/adguard-home/adguard-home.yaml @@ -4,7 +4,9 @@ metadata: name: adguard-home namespace: flux-system spec: - interval: 1h + interval: 10m + timeout: 1m30s + retryInterval: 30s targetNamespace: flux-system path: ./kubernetes/apps/adguard-home/app prune: true diff --git a/kubernetes/apps/adguard-home/app/deployment.yaml b/kubernetes/apps/adguard-home/app/deployment.yaml new file mode 100644 index 0000000..1fa4459 --- /dev/null +++ b/kubernetes/apps/adguard-home/app/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguard-home + namespace: adguard-home + labels: + app.kubernetes.io/name: adguard-home +spec: + selector: + matchLabels: + app.kubernetes.io/name: adguard-home + template: + metadata: + labels: + app.kubernetes.io/name: adguard-home + spec: + containers: + - name: adguard-home + image: adguard/adguardhome:v0.107.51 + ports: + - protocol: TCP + containerPort: 53 + name: dns-tcp + - protocol: UDP + containerPort: 53 + name: dns-udp + - protocol: UDP + containerPort: 67 + name: dhcps-udp + - protocol: UDP + containerPort: 68 + name: dhcpc-udp + - protocol: TCP + containerPort: 80 + name: http-tcp + - protocol: TCP + containerPort: 443 + name: https-tcp + - protocol: UDP + containerPort: 443 + name: https-udp + - protocol: TCP + containerPort: 853 + name: dns-tls-tcp + - protocol: UDP + containerPort: 853 + name: dns-tls-udp + - protocol: TCP + containerPort: 3000 + name: http-alt-tcp + - protocol: UDP + containerPort: 3000 + name: http-alt-udp + - protocol: TCP + containerPort: 5443 + name: dnscrypt-tcp + - protocol: UDP + containerPort: 5443 + name: dnscrypt-udp + - protocol: TCP + containerPort: 6060 + name: http-pprof + volumeMounts: + - name: adguard-home-data + mountPath: /opt/adguardhome/work + - name: adguard-home-config + mountPath: /opt/adguardhome/config + volumes: + - name: adguard-home-data + hostPath: + path: /mnt/nfs/AppData/adguardhome/work + type: Directory + - name: adguard-home-config + hostPath: + path: /mnt/nfs/AppData/adguardhome/conf + type: Directory diff --git a/kubernetes/apps/adguard-home/app/ingress.yaml b/kubernetes/apps/adguard-home/app/ingress.yaml new file mode 100644 index 0000000..2c57855 --- /dev/null +++ b/kubernetes/apps/adguard-home/app/ingress.yaml @@ -0,0 +1,32 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: adguard-home-ingress + namespace: flux-system + annotations: + nginx.ingress.kubernetes.io/ssl-redirect: "false" + nginx.ingress.kubernetes.io/use-regex: "true" + nginx.ingress.kubernetes.io/rewrite-target: /$2 +spec: + ingressClassName: nginx + rules: + - host: "adguard-home.cluster.local" + http: + paths: + - pathType: ImplementationSpecific + path: "/" + backend: + service: + name: adguard-home + port: + number: 10080 + - host: "setup.adguard-home.cluster.local" + http: + paths: + - pathType: ImplementationSpecific + path: "/" + backend: + service: + name: adguard-home + port: + number: 13000 diff --git a/kubernetes/apps/adguard-home/app/release.yaml b/kubernetes/apps/adguard-home/app/release.yaml deleted file mode 100644 index d2df253..0000000 --- a/kubernetes/apps/adguard-home/app/release.yaml +++ /dev/null @@ -1,53 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2 -kind: HelmRelease -metadata: - name: adguard-home - namespace: adguard-home -spec: - releaseName: adguard-home - chart: - spec: - chart: adguard-home - sourceRef: - kind: HelmRepository - name: truecharts - namespace: flux-system - interval: 5m - install: - remediation: - retries: 3 - values: - service: - main: - ports: - main: - port: 10080 - protocol: http - setup: - enabled: true - ports: - setup: - enabled: true - port: 13000 - targetPort: 3000 - persistence: - config: - enabled: true - hostPath: /mnt/nfs/AppData/adguardhome/conf - type: hostPath - work: - enabled: true - hostPath: /mnt/nfs/AppData/adguardhome/work - type: hostPath - portal: - open: - enabled: true - volumeMounts: - - name: work - mountPath: /opt/adguardhome/work - readOnly: false - - name: config - mountPath: /opt/adguardhome/conf - readOnly: false - - diff --git a/kubernetes/apps/adguard-home/app/service.yaml b/kubernetes/apps/adguard-home/app/service.yaml new file mode 100644 index 0000000..937ebcd --- /dev/null +++ b/kubernetes/apps/adguard-home/app/service.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-home + namespace: adguard-home + labels: + app.kubernetes.io/name: adguard-home +spec: + selector: + app.kubernetes.io/name: adguard-home + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 53 + targetPort: 53 + name: dns-tcp + - protocol: UDP + port: 53 + targetPort: 53 + name: dns-udp + - protocol: UDP + port: 67 + targetPort: 67 + name: dhcps-udp + - protocol: UDP + port: 68 + targetPort: 68 + name: dhcpc-udp + - protocol: TCP + port: 10080 + targetPort: 80 + name: http-tcp + - protocol: TCP + port: 443 + targetPort: 443 + name: https-tcp + - protocol: UDP + port: 443 + targetPort: 443 + name: https-udp + - protocol: TCP + port: 853 + targetPort: 853 + name: dns-tls-tcp + - protocol: UDP + port: 853 + targetPort: 853 + name: dns-tls-udp + - protocol: TCP + port: 13000 + targetPort: 3000 + name: https-alt-tcp + - protocol: UDP + port: 13000 + targetPort: 3000 + name: https-alt-udp + - protocol: TCP + port: 5443 + targetPort: 5443 + name: dnscrypt-tcp + - protocol: UDP + port: 5443 + targetPort: 5443 + name: dnscrypt-udp + - protocol: TCP + port: 6060 + targetPort: 6060 + name: https-pprof diff --git a/kubernetes/apps/adguard-home/values.yaml b/kubernetes/apps/adguard-home/values.yaml new file mode 100644 index 0000000..7243102 --- /dev/null +++ b/kubernetes/apps/adguard-home/values.yaml @@ -0,0 +1,265 @@ +# +# IMPORTANT NOTE +# +# This chart inherits from our common library chart. You can check the default values/options here: +# https://github.com/bjw-s/helm-charts/blob/a081de5/charts/library/common/values.yaml +# + +env: + # -- Set the container timezone + TZ: Australia/Sydney + +controllers: + main: + enabled: true + type: deployment + replicas: 1 + containers: + main: + image: + repository: adguard/adguardhome + tag: v0.107.50 + pullPolicy: IfNotPresent + +service: + # -- Configures settings for the main service. + # @default -- See [values.yaml](./values.yaml) + main: + enabled: true + controller: main + ports: + web-setup: + enabled: true + port: 3000 + web-panel: + enabled: true + port: 80 + + # -- Configures settings for the TCP DNS service. + # @default -- See [values.yaml](./values.yaml) + dns-tcp: + enabled: true + controller: main + type: LoadBalancer + externalTrafficPolicy: Local + annotations: + metallb.universe.tf/allow-shared-ip: adguard-home + ports: + dns-tcp: + enabled: true + port: 53 + dns-over-tls: + enabled: true + port: 853 + # -- Configures settings for the UDP DNS service. + # @default -- See [values.yaml](./values.yaml) + dns-udp: + enabled: true + controller: main + type: LoadBalancer + externalTrafficPolicy: Local + annotations: + metallb.universe.tf/allow-shared-ip: adguard-home + ports: + dns-udp: + enabled: true + protocol: UDP + port: 53 + dns-over-quic: + enabled: true + protocol: UDP + port: 784 + +ingress: + # -- Enable and configure ingress settings for the chart under this key. + # @default -- See [values.yaml](./values.yaml) + main: + enabled: false + # hosts: + # - host: chart-example.local + # paths: + # - path: / + # tls: + # - secretName: chart-example.local + # hosts: + # - chart-example.local + +persistence: + # -- Configure config persistence settings for the chart under this key. + # @default -- See [values.yaml](./values.yaml) + config: + enabled: true + type: hostPath + hostPath: /mnt/nfs/AppData/adguardhome/conf + hostPathType: DirectoryOrCreate + # storageClass: "" + # accessMode: ReadWriteOnce + # size: 4Gi + # -- Configure data persistence settings for the chart under this key. + # @default -- See [values.yaml](./values.yaml) + data: + enabled: true + type: hostPath + hostPath: /mnt/nfs/AppData/adguardhome/work + hostPathType: DirectoryOrCreate + # storageClass: "" + # accessMode: ReadWriteOnce + # size: 4Gi + +# -- Default AdGuard Home config file. +# This will only be copied if an existing config does not exist. +# [[ref]](https://github.com/AdguardTeam/AdGuardHome/wiki/Configuration) +# @default -- See [values.yaml](./values.yaml) +config: | + bind_host: 0.0.0.0 + bind_port: 80 + users: [] + auth_attempts: 5 + block_auth_min: 15 + http_proxy: "" + language: "" + theme: auto + debug_pprof: false + web_session_ttl: 720 + dns: + bind_hosts: + - 0.0.0.0 + port: 53 + anonymize_client_ip: false + protection_enabled: true + blocking_mode: default + blocking_ipv4: "" + blocking_ipv6: "" + blocked_response_ttl: 10 + parental_block_host: family-block.dns.adguard.com + safebrowsing_block_host: standard-block.dns.adguard.com + ratelimit: 20 + ratelimit_whitelist: [] + refuse_any: true + upstream_dns: + - https://dns10.quad9.net/dns-query + upstream_dns_file: "" + bootstrap_dns: + - 9.9.9.10 + - 149.112.112.10 + - 2620:fe::10 + - 2620:fe::fe:10 + all_servers: false + fastest_addr: false + fastest_timeout: 1s + allowed_clients: [] + disallowed_clients: [] + blocked_hosts: + - version.bind + - id.server + - hostname.bind + trusted_proxies: + - 127.0.0.0/8 + - ::1/128 + cache_size: 4194304 + cache_ttl_min: 0 + cache_ttl_max: 0 + cache_optimistic: false + bogus_nxdomain: [] + aaaa_disabled: false + enable_dnssec: false + edns_client_subnet: + custom_ip: "" + enabled: false + use_custom: false + max_goroutines: 300 + handle_ddr: true + ipset: [] + ipset_file: "" + filtering_enabled: true + filters_update_interval: 24 + parental_enabled: false + safesearch_enabled: false + safebrowsing_enabled: false + safebrowsing_cache_size: 1048576 + safesearch_cache_size: 1048576 + parental_cache_size: 1048576 + cache_time: 30 + rewrites: [] + blocked_services: [] + upstream_timeout: 10s + private_networks: [] + use_private_ptr_resolvers: true + local_ptr_upstreams: [] + use_dns64: false + dns64_prefixes: [] + serve_http3: false + use_http3_upstreams: false + tls: + enabled: false + server_name: "" + force_https: false + port_https: 443 + port_dns_over_tls: 853 + port_dns_over_quic: 853 + port_dnscrypt: 0 + dnscrypt_config_file: "" + allow_unencrypted_doh: false + certificate_chain: "" + private_key: "" + certificate_path: "" + private_key_path: "" + strict_sni_check: false + querylog: + enabled: true + file_enabled: true + interval: 2160h + size_memory: 1000 + ignored: [] + statistics: + enabled: true + interval: 1 + ignored: [] + filters: + - enabled: true + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_1.txt + name: AdGuard DNS filter + id: 1 + - enabled: false + url: https://adguardteam.github.io/HostlistsRegistry/assets/filter_2.txt + name: AdAway Default Blocklist + id: 2 + whitelist_filters: [] + user_rules: [] + dhcp: + enabled: false + interface_name: "" + local_domain_name: lan + dhcpv4: + gateway_ip: "" + subnet_mask: "" + range_start: "" + range_end: "" + lease_duration: 86400 + icmp_timeout_msec: 1000 + options: [] + dhcpv6: + range_start: "" + lease_duration: 86400 + ra_slaac_only: false + ra_allow_slaac: false + clients: + runtime_sources: + whois: true + arp: true + rdns: true + dhcp: true + hosts: true + persistent: [] + log_file: "" + log_max_backups: 0 + log_max_size: 100 + log_max_age: 3 + log_compress: false + log_localtime: false + verbose: false + os: + group: "" + user: "" + rlimit_nofile: 0 + schema_version: 17 diff --git a/kubernetes/infrastructure/ingress-nginx/ingress.yaml b/kubernetes/apps/capacitor/app/ingress.yaml similarity index 78% rename from kubernetes/infrastructure/ingress-nginx/ingress.yaml rename to kubernetes/apps/capacitor/app/ingress.yaml index 028d219..2ebdaaf 100644 --- a/kubernetes/infrastructure/ingress-nginx/ingress.yaml +++ b/kubernetes/apps/capacitor/app/ingress.yaml @@ -1,7 +1,7 @@ apiVersion: networking.k8s.io/v1 kind: Ingress metadata: - name: cluster-ingress + name: capacitor-ingress namespace: flux-system annotations: nginx.ingress.kubernetes.io/ssl-redirect: "false" @@ -13,17 +13,17 @@ spec: - host: "capacitor.edward.sydney" http: paths: - - pathType: Prefix + - pathType: ImplementationSpecific path: "/" backend: service: name: capacitor port: number: 9100 - - host: "capacitor.local" + - host: "capacitor.cluster.local" http: paths: - - pathType: Prefix + - pathType: ImplementationSpecific path: "/" backend: service: diff --git a/kubernetes/infrastructure/ingress-nginx/kustomization.yaml b/kubernetes/infrastructure/ingress-nginx/kustomization.yaml index 35a8e32..d15f78f 100644 --- a/kubernetes/infrastructure/ingress-nginx/kustomization.yaml +++ b/kubernetes/infrastructure/ingress-nginx/kustomization.yaml @@ -3,4 +3,4 @@ kind: Kustomization resources: - ingress-nginx.yaml - ingress-nginx-config.yaml - - ingress.yaml \ No newline at end of file + - ../../apps/adguard-home/app/ingress.yaml \ No newline at end of file diff --git a/kubernetes/infrastructure/kustomization.yaml b/kubernetes/infrastructure/kustomization.yaml index 231209c..9a4bde1 100644 --- a/kubernetes/infrastructure/kustomization.yaml +++ b/kubernetes/infrastructure/kustomization.yaml @@ -5,4 +5,4 @@ resources: - ./cilium/cilium.yaml - ./ingress-nginx/ingress-nginx-config.yaml - ./ingress-nginx/ingress-nginx.yaml - - ./ingress-nginx/ingress.yaml + - ../apps/adguard-home/app/ingress.yaml