diff --git a/kubernetes/apps/adguard-home/adguard-home.yaml b/kubernetes/apps/adguard-home/adguard-home.yaml new file mode 100644 index 0000000..80b0948 --- /dev/null +++ b/kubernetes/apps/adguard-home/adguard-home.yaml @@ -0,0 +1,16 @@ +apiVersion: kustomize.toolkit.fluxcd.io/v1 +kind: Kustomization +metadata: + name: adguard-home + namespace: adguard-home +spec: + interval: 1h + targetNamespace: adguard-home + path: ./kubernetes/apps/adguard-home/app + prune: true + sourceRef: + kind: GitRepository + namespace: flux-system + name: flux-system + postBuild: + substituteFrom: [] \ No newline at end of file diff --git a/kubernetes/apps/adguard-home/app/chart.yaml b/kubernetes/apps/adguard-home/app/chart.yaml new file mode 100644 index 0000000..c31ae0d --- /dev/null +++ b/kubernetes/apps/adguard-home/app/chart.yaml @@ -0,0 +1,32 @@ +apiVersion: v2 +name: adguard-home +description: Free and open source, powerful network-wide ads & trackers blocking DNS server. +home: https://github.com/3dwardch3ng/helm-charts/tree/main/charts/adguard-home +icon: https://raw.githubusercontent.com/3dwardch3ng/helm-charts/main/charts/adguard-home/icon.svg +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 +# renovate datasource=docker depName=adguard/adguardhome + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "v0.107.51" +kubeVersion: ">=1.22.0-0" +keywords: + - adblock + - dns + - privacy +sources: + - https://github.com/AdguardTeam/AdGuardHome diff --git a/kubernetes/apps/adguard-home/app/deployment.yaml b/kubernetes/apps/adguard-home/app/deployment.yaml new file mode 100644 index 0000000..34d47ca --- /dev/null +++ b/kubernetes/apps/adguard-home/app/deployment.yaml @@ -0,0 +1,76 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguard-home + namespace: adguard-home + labels: + app.kubernetes.io/name: adguard-home +spec: + selector: + matchLabels: + app.kubernetes.io/name: adguard-home + template: + metadata: + labels: + app.kubernetes.io/name: adguard-home + spec: + containers: + - name: adguard-home + image: adguard/adguardhome:v0.107.51 + ports: + - protocol: TCP + containerPort: 53 + name: c-dns-tcp + - protocol: UDP + containerPort: 53 + name: c-dns-udp + - protocol: UDP + containerPort: 67 + name: c-dhcp-svr + - protocol: UDP + containerPort: 68 + name: con-dhcp-clt + - protocol: TCP + containerPort: 80 + name: c-main-tcp + - protocol: TCP + containerPort: 443 + name: c-https-tcp + - protocol: UDP + containerPort: 443 + name: c-https-udp + - protocol: TCP + containerPort: 853 + name: c-dns-tls-tcp + - protocol: UDP + containerPort: 853 + name: c-dns-tls-udp + - protocol: TCP + containerPort: 3000 + name: c-http-alt-tcp + - protocol: UDP + containerPort: 3000 + name: c-httpalt-udp + - protocol: TCP + containerPort: 5443 + name: c-dnscrypt-tcp + - protocol: UDP + containerPort: 5443 + name: c-dnscrypt-udp + - protocol: TCP + containerPort: 6060 + name: c-http-pprof + volumeMounts: + - name: adguard-home-data + mountPath: /opt/adguardhome/work + - name: adguard-home-config + mountPath: /opt/adguardhome/config + volumes: + - name: adguard-home-data + hostPath: + path: /mnt/nfs/AppData/adguardhome/work + type: Directory + - name: adguard-home-config + hostPath: + path: /mnt/nfs/AppData/adguardhome/conf + type: Directory diff --git a/kubernetes/apps/adguard-home/app/release.yaml b/kubernetes/apps/adguard-home/app/release.yaml new file mode 100644 index 0000000..1f2e836 --- /dev/null +++ b/kubernetes/apps/adguard-home/app/release.yaml @@ -0,0 +1,28 @@ +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: adguard-home + namespace: adguard-home +spec: + chart: + metadata: + name: adguard-home + namespace: adguard-home + spec: + chart: adguard-home + version: 0.1.0 + sourceRef: + kind: HelmRepository + name: flux-system + namespace: flux-system + interval: 5m + interval: 5m + targetNamespace: adguard-home + dependsOn: + install: + crds: Create + upgrade: + crds: CreateReplace + valuesFrom: + - kind: Secret + name: adguard-home-vars \ No newline at end of file diff --git a/kubernetes/apps/adguard-home/app/service.yaml b/kubernetes/apps/adguard-home/app/service.yaml new file mode 100644 index 0000000..8f3a8b4 --- /dev/null +++ b/kubernetes/apps/adguard-home/app/service.yaml @@ -0,0 +1,69 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-home + namespace: adguard-home + labels: + app.kubernetes.io/name: adguard-home +spec: + selector: + app.kubernetes.io/name: adguard-home + type: ClusterIP + internalTrafficPolicy: Cluster + ports: + - protocol: TCP + port: 53 + targetPort: 53 + name: dns-tcp + - protocol: UDP + port: 53 + targetPort: 53 + name: dns-udp + - protocol: UDP + port: 67 + targetPort: 67 + name: dhcp-server-udp + - protocol: UDP + port: 68 + targetPort: 68 + name: dhcp-client-udp + - protocol: TCP + port: 80 + targetPort: 80 + name: http-main-tcp + - protocol: TCP + port: 443 + targetPort: 443 + name: https-tcp + - protocol: UDP + port: 443 + targetPort: 443 + name: https-udp + - protocol: TCP + port: 853 + targetPort: 853 + name: dns-tls-tcp + - protocol: UDP + port: 853 + targetPort: 853 + name: dns-tls-udp + - protocol: TCP + port: 3000 + targetPort: 3000 + name: https-alt-tcp + - protocol: UDP + port: 3000 + targetPort: 3000 + name: https-alt-udp + - protocol: TCP + port: 5443 + targetPort: 5443 + name: dns-crypt-tcp + - protocol: UDP + port: 5443 + targetPort: 5443 + name: dns-crypt-udp + - protocol: TCP + port: 6060 + targetPort: 6060 + name: https-pprof diff --git a/kubernetes/apps/adguard-home/kustomization.yaml b/kubernetes/apps/adguard-home/kustomization.yaml new file mode 100644 index 0000000..94126a2 --- /dev/null +++ b/kubernetes/apps/adguard-home/kustomization.yaml @@ -0,0 +1,4 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization +resources: + - ./adguard-home.yaml diff --git a/kubernetes/apps/adguard-home/release.yaml b/kubernetes/apps/adguard-home/release.yaml new file mode 100644 index 0000000..e681e84 --- /dev/null +++ b/kubernetes/apps/adguard-home/release.yaml @@ -0,0 +1,177 @@ +# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.2.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json +apiVersion: helm.toolkit.fluxcd.io/v2 +kind: HelmRelease +metadata: + name: adguard-home + namespace: adguard-home +spec: + chart: + spec: + chart: adguard-home + version: 0.1.0 + reconcileStrategy: ChartVersion + sourceRef: + kind: HelmRepository + namespace: flux-system + name: bjw-s + interval: 1h + driftDetection: + mode: enabled + values: + controllers: + adguard-home: + type: statefulset + replicas: 2 + containers: + adguard-home: + image: + repository: adguard/adguardhome + tag: v0.107.51 + pullPolicy: IfNotPresent + env: + TZ: Australia/Sydney + probes: + liveness: &probe + enabled: true + type: HTTP + port: 3000 + path: /login.html + readiness: *probe + startup: + <<: *probe + spec: + failureThreshold: 30 + periodSeconds: 5 + securityContext: + readOnlyRootFilesystem: true + pod: + priorityClassName: system-cluster-critical + labels: + rpi5.cluster.policy/egress-namespace: "true" + rpi5.cluster.policy/egress-world: "true" + rpi5.cluster.policy/ingress-ingress: "true" + rpi5.cluster.policy/ingress-namespace: "true" + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 1 + podAffinityTerm: + topologyKey: kubernetes.io/hostname + labelSelector: + matchLabels: + app.kubernetes.io/name: adguard-home + app.kubernetes.io/component: adguard-home + statefulset: + volumeClaimTemplates: + - name: data + storageClass: longhorn-ssd + accessMode: ReadWriteOnce + size: 2Gi + globalMounts: + - path: /opt/adguardhome/conf + subPath: conf + - path: /opt/adguardhome/work + subPath: work + sync: + containers: + app: + image: + repository: ghcr.io/bakito/adguardhome-sync + tag: alpine-v0.6.11@sha256:aa6e74003e9c7a1719967f3d80955fb7b89ca659a4dd8fae9ec8901103f018d9 + pullPolicy: IfNotPresent + args: [run] + env: + ORIGIN_URL: http://adguard-home-origin:3000 + ORIGIN_WEB_URL: https://${app_url} + ORIGIN_USERNAME: ${sync_username} + ORIGIN_PASSWORD: ${sync_password} + REPLICA_URL: http://adguard-home-replica:3000 + REPLICA_WEB_URL: https://replica.${app_url} + REPLICA_USERNAME: ${sync_username} + REPLICA_PASSWORD: ${sync_password} + REPLICA_AUTO_SETUP: "true" + CRON: "*/10 * * * *" + securityContext: + readOnlyRootFilesystem: true + pod: + labels: + rpi5.cluster.policy/egress-namespace: "true" + securityContext: + runAsNonRoot: true + + service: + adguard-home: + controller: adguard-home + ports: + http: + port: 3000 + sync: + controller: sync + ports: + http: + port: 8080 + origin: &origin-http + controller: adguard-home + extraSelectorLabels: + apps.kubernetes.io/pod-index: "0" + ports: + http: + port: 3000 + origin-dns: &origin-dns + controller: adguard-home + extraSelectorLabels: + apps.kubernetes.io/pod-index: "0" + type: LoadBalancer + externalTrafficPolicy: Local + loadBalancerIP: 192.168.1.221 + ports: + dns-tcp: + port: 53 + protocol: TCP + dns-udp: + port: 53 + protocol: UDP + + replica: + <<: *origin-http + extraSelectorLabels: + apps.kubernetes.io/pod-index: "1" + replica-dns: + <<: *origin-dns + extraSelectorLabels: + apps.kubernetes.io/pod-index: "1" + loadBalancerIP: 192.168.1.222 + + ingress: + origin: &ingress + enabled: true + annotations: + nginx.ingress.kubernetes.io/auth-url: |- + http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx + nginx.ingress.kubernetes.io/auth-signin: |- + /outpost.goauthentik.io/start?rd=$escaped_request_uri + nginx.ingress.kubernetes.io/auth-response-headers: |- + Set-Cookie,Authorization + nginx.ingress.kubernetes.io/auth-snippet: | + proxy_set_header X-Forwarded-Host $http_host; + hosts: + - host: ${app_url} + paths: + - path: / + service: + identifier: origin + port: http + tls: + - secretName: ${certificate_name} + hosts: + - ${app_url} + - replica.${app_url} + replica: + <<: *ingress + hosts: + - host: replica.${app_url} + paths: + - path: / + service: + identifier: replica + port: http