K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

adding app adguard-home

Browse Source
This commit is contained in:
Edward Cheng
2024-06-12 14:00:19 +10:00
parent 904463acaa
commit 88de31ffa9
7 changed files with 402 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
kubernetes/apps/adguard-home/adguard-home.yaml Normal file
View File

@@ -0,0 +1,16 @@
apiVersion: kustomize.toolkit.fluxcd.io/v1
kind: Kustomization
metadata:
name: adguard-home
namespace: adguard-home
spec:
interval: 1h
targetNamespace: adguard-home
path: ./kubernetes/apps/adguard-home/app
prune: true
sourceRef:
kind: GitRepository
namespace: flux-system
name: flux-system
postBuild:
substituteFrom: []

32
kubernetes/apps/adguard-home/app/chart.yaml Normal file
View File

@@ -0,0 +1,32 @@
apiVersion: v2
name: adguard-home
description: Free and open source, powerful network-wide ads & trackers blocking DNS server.
home: https://github.com/3dwardch3ng/helm-charts/tree/main/charts/adguard-home
icon: https://raw.githubusercontent.com/3dwardch3ng/helm-charts/main/charts/adguard-home/icon.svg
# A chart can be either an 'application' or a 'library' chart.
#
# Application charts are a collection of templates that can be packaged into versioned archives
# to be deployed.
#
# Library charts provide useful utilities or functions for the chart developer. They're included as
# a dependency of application charts to inject those utilities and functions into the rendering
# pipeline. Library charts do not define any templates and therefore cannot be deployed.
type: application
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 0.1.0
# renovate datasource=docker depName=adguard/adguardhome
# This is the version number of the application being deployed. This version number should be
# incremented each time you make changes to the application. Versions are not expected to
# follow Semantic Versioning. They should reflect the version the application is using.
# It is recommended to use it with quotes.
appVersion: "v0.107.51"
kubeVersion: ">=1.22.0-0"
keywords:
- adblock
- dns
- privacy
sources:
- https://github.com/AdguardTeam/AdGuardHome

76
kubernetes/apps/adguard-home/app/deployment.yaml Normal file
View File

@@ -0,0 +1,76 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: adguard-home
namespace: adguard-home
labels:
app.kubernetes.io/name: adguard-home
spec:
selector:
matchLabels:
app.kubernetes.io/name: adguard-home
template:
metadata:
labels:
app.kubernetes.io/name: adguard-home
spec:
containers:
- name: adguard-home
image: adguard/adguardhome:v0.107.51
ports:
- protocol: TCP
containerPort: 53
name: c-dns-tcp
- protocol: UDP
containerPort: 53
name: c-dns-udp
- protocol: UDP
containerPort: 67
name: c-dhcp-svr
- protocol: UDP
containerPort: 68
name: con-dhcp-clt
- protocol: TCP
containerPort: 80
name: c-main-tcp
- protocol: TCP
containerPort: 443
name: c-https-tcp
- protocol: UDP
containerPort: 443
name: c-https-udp
- protocol: TCP
containerPort: 853
name: c-dns-tls-tcp
- protocol: UDP
containerPort: 853
name: c-dns-tls-udp
- protocol: TCP
containerPort: 3000
name: c-http-alt-tcp
- protocol: UDP
containerPort: 3000
name: c-httpalt-udp
- protocol: TCP
containerPort: 5443
name: c-dnscrypt-tcp
- protocol: UDP
containerPort: 5443
name: c-dnscrypt-udp
- protocol: TCP
containerPort: 6060
name: c-http-pprof
volumeMounts:
- name: adguard-home-data
mountPath: /opt/adguardhome/work
- name: adguard-home-config
mountPath: /opt/adguardhome/config
volumes:
- name: adguard-home-data
hostPath:
path: /mnt/nfs/AppData/adguardhome/work
type: Directory
- name: adguard-home-config
hostPath:
path: /mnt/nfs/AppData/adguardhome/conf
type: Directory

28
kubernetes/apps/adguard-home/app/release.yaml Normal file
View File

@@ -0,0 +1,28 @@
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: adguard-home
namespace: adguard-home
spec:
chart:
metadata:
name: adguard-home
namespace: adguard-home
spec:
chart: adguard-home
version: 0.1.0
sourceRef:
kind: HelmRepository
name: flux-system
namespace: flux-system
interval: 5m
interval: 5m
targetNamespace: adguard-home
dependsOn:
install:
crds: Create
upgrade:
crds: CreateReplace
valuesFrom:
- kind: Secret
name: adguard-home-vars

69
kubernetes/apps/adguard-home/app/service.yaml Normal file
View File

@@ -0,0 +1,69 @@
apiVersion: v1
kind: Service
metadata:
name: adguard-home
namespace: adguard-home
labels:
app.kubernetes.io/name: adguard-home
spec:
selector:
app.kubernetes.io/name: adguard-home
type: ClusterIP
internalTrafficPolicy: Cluster
ports:
- protocol: TCP
port: 53
targetPort: 53
name: dns-tcp
- protocol: UDP
port: 53
targetPort: 53
name: dns-udp
- protocol: UDP
port: 67
targetPort: 67
name: dhcp-server-udp
- protocol: UDP
port: 68
targetPort: 68
name: dhcp-client-udp
- protocol: TCP
port: 80
targetPort: 80
name: http-main-tcp
- protocol: TCP
port: 443
targetPort: 443
name: https-tcp
- protocol: UDP
port: 443
targetPort: 443
name: https-udp
- protocol: TCP
port: 853
targetPort: 853
name: dns-tls-tcp
- protocol: UDP
port: 853
targetPort: 853
name: dns-tls-udp
- protocol: TCP
port: 3000
targetPort: 3000
name: https-alt-tcp
- protocol: UDP
port: 3000
targetPort: 3000
name: https-alt-udp
- protocol: TCP
port: 5443
targetPort: 5443
name: dns-crypt-tcp
- protocol: UDP
port: 5443
targetPort: 5443
name: dns-crypt-udp
- protocol: TCP
port: 6060
targetPort: 6060
name: https-pprof

4
kubernetes/apps/adguard-home/kustomization.yaml Normal file
View File

@@ -0,0 +1,4 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization
resources:
- ./adguard-home.yaml

177
kubernetes/apps/adguard-home/release.yaml Normal file
View File

@@ -0,0 +1,177 @@
# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.2.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: adguard-home
namespace: adguard-home
spec:
chart:
spec:
chart: adguard-home
version: 0.1.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
adguard-home:
type: statefulset
replicas: 2
containers:
adguard-home:
image:
repository: adguard/adguardhome
tag: v0.107.51
pullPolicy: IfNotPresent
env:
TZ: Australia/Sydney
probes:
liveness: &probe
enabled: true
type: HTTP
port: 3000
path: /login.html
readiness: *probe
startup:
<<: *probe
spec:
failureThreshold: 30
periodSeconds: 5
securityContext:
readOnlyRootFilesystem: true
pod:
priorityClassName: system-cluster-critical
labels:
rpi5.cluster.policy/egress-namespace: "true"
rpi5.cluster.policy/egress-world: "true"
rpi5.cluster.policy/ingress-ingress: "true"
rpi5.cluster.policy/ingress-namespace: "true"
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app.kubernetes.io/name: adguard-home
app.kubernetes.io/component: adguard-home
statefulset:
volumeClaimTemplates:
- name: data
storageClass: longhorn-ssd
accessMode: ReadWriteOnce
size: 2Gi
globalMounts:
- path: /opt/adguardhome/conf
subPath: conf
- path: /opt/adguardhome/work
subPath: work
sync:
containers:
app:
image:
repository: ghcr.io/bakito/adguardhome-sync
tag: alpine-v0.6.11@sha256:aa6e74003e9c7a1719967f3d80955fb7b89ca659a4dd8fae9ec8901103f018d9
pullPolicy: IfNotPresent
args: [run]
env:
ORIGIN_URL: http://adguard-home-origin:3000
ORIGIN_WEB_URL: https://${app_url}
ORIGIN_USERNAME: ${sync_username}
ORIGIN_PASSWORD: ${sync_password}
REPLICA_URL: http://adguard-home-replica:3000
REPLICA_WEB_URL: https://replica.${app_url}
REPLICA_USERNAME: ${sync_username}
REPLICA_PASSWORD: ${sync_password}
REPLICA_AUTO_SETUP: "true"
CRON: "*/10 * * * *"
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
rpi5.cluster.policy/egress-namespace: "true"
securityContext:
runAsNonRoot: true
service:
adguard-home:
controller: adguard-home
ports:
http:
port: 3000
sync:
controller: sync
ports:
http:
port: 8080
origin: &origin-http
controller: adguard-home
extraSelectorLabels:
apps.kubernetes.io/pod-index: "0"
ports:
http:
port: 3000
origin-dns: &origin-dns
controller: adguard-home
extraSelectorLabels:
apps.kubernetes.io/pod-index: "0"
type: LoadBalancer
externalTrafficPolicy: Local
loadBalancerIP: 192.168.1.221
ports:
dns-tcp:
port: 53
protocol: TCP
dns-udp:
port: 53
protocol: UDP
replica:
<<: *origin-http
extraSelectorLabels:
apps.kubernetes.io/pod-index: "1"
replica-dns:
<<: *origin-dns
extraSelectorLabels:
apps.kubernetes.io/pod-index: "1"
loadBalancerIP: 192.168.1.222
ingress:
origin: &ingress
enabled: true
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,Authorization
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: origin
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
- replica.${app_url}
replica:
<<: *ingress
hosts:
- host: replica.${app_url}
paths:
- path: /
service:
identifier: replica
port: http