# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.2.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json apiVersion: helm.toolkit.fluxcd.io/v2 kind: HelmRelease metadata: name: adguard-home namespace: adguard-home spec: chart: spec: chart: adguard-home version: 0.1.0 reconcileStrategy: ChartVersion sourceRef: kind: HelmRepository namespace: flux-system name: bjw-s interval: 1h driftDetection: mode: enabled values: controllers: adguard-home: type: statefulset replicas: 2 containers: adguard-home: image: repository: adguard/adguardhome tag: v0.107.51 pullPolicy: IfNotPresent env: TZ: Australia/Sydney probes: liveness: &probe enabled: true type: HTTP port: 3000 path: /login.html readiness: *probe startup: <<: *probe spec: failureThreshold: 30 periodSeconds: 5 securityContext: readOnlyRootFilesystem: true pod: priorityClassName: system-cluster-critical labels: rpi5.cluster.policy/egress-namespace: "true" rpi5.cluster.policy/egress-world: "true" rpi5.cluster.policy/ingress-ingress: "true" rpi5.cluster.policy/ingress-namespace: "true" affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 1 podAffinityTerm: topologyKey: kubernetes.io/hostname labelSelector: matchLabels: app.kubernetes.io/name: adguard-home app.kubernetes.io/component: adguard-home statefulset: volumeClaimTemplates: - name: data storageClass: longhorn-ssd accessMode: ReadWriteOnce size: 2Gi globalMounts: - path: /opt/adguardhome/conf subPath: conf - path: /opt/adguardhome/work subPath: work sync: containers: app: image: repository: ghcr.io/bakito/adguardhome-sync tag: alpine-v0.6.11@sha256:aa6e74003e9c7a1719967f3d80955fb7b89ca659a4dd8fae9ec8901103f018d9 pullPolicy: IfNotPresent args: [run] env: ORIGIN_URL: http://adguard-home-origin:3000 ORIGIN_WEB_URL: https://${app_url} ORIGIN_USERNAME: ${sync_username} ORIGIN_PASSWORD: ${sync_password} REPLICA_URL: http://adguard-home-replica:3000 REPLICA_WEB_URL: https://replica.${app_url} REPLICA_USERNAME: ${sync_username} REPLICA_PASSWORD: ${sync_password} REPLICA_AUTO_SETUP: "true" CRON: "*/10 * * * *" securityContext: readOnlyRootFilesystem: true pod: labels: rpi5.cluster.policy/egress-namespace: "true" securityContext: runAsNonRoot: true service: adguard-home: controller: adguard-home ports: http: port: 3000 sync: controller: sync ports: http: port: 8080 origin: &origin-http controller: adguard-home extraSelectorLabels: apps.kubernetes.io/pod-index: "0" ports: http: port: 3000 origin-dns: &origin-dns controller: adguard-home extraSelectorLabels: apps.kubernetes.io/pod-index: "0" type: LoadBalancer externalTrafficPolicy: Local loadBalancerIP: 192.168.1.221 ports: dns-tcp: port: 53 protocol: TCP dns-udp: port: 53 protocol: UDP replica: <<: *origin-http extraSelectorLabels: apps.kubernetes.io/pod-index: "1" replica-dns: <<: *origin-dns extraSelectorLabels: apps.kubernetes.io/pod-index: "1" loadBalancerIP: 192.168.1.222 ingress: origin: &ingress enabled: true annotations: nginx.ingress.kubernetes.io/auth-url: |- http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx nginx.ingress.kubernetes.io/auth-signin: |- /outpost.goauthentik.io/start?rd=$escaped_request_uri nginx.ingress.kubernetes.io/auth-response-headers: |- Set-Cookie,Authorization nginx.ingress.kubernetes.io/auth-snippet: | proxy_set_header X-Forwarded-Host $http_host; hosts: - host: ${app_url} paths: - path: / service: identifier: origin port: http tls: - secretName: ${certificate_name} hosts: - ${app_url} - replica.${app_url} replica: <<: *ingress hosts: - host: replica.${app_url} paths: - path: / service: identifier: replica port: http