K3S-Cluster/home-cluster-ops
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
88de31ffa946af3568d60dd5635d9e8dbf74d2c0
home-cluster-ops/kubernetes/apps/adguard-home/release.yaml
Edward Cheng 88de31ffa9 adding app adguard-home
2024-06-12 14:00:19 +10:00

178 lines
5.4 KiB
YAML
Raw Blame History

# yaml-language-server: $schema=https://raw.githubusercontent.com/bjw-s/helm-charts/app-template-3.2.1/charts/other/app-template/schemas/helmrelease-helm-v2.schema.json
apiVersion: helm.toolkit.fluxcd.io/v2
kind: HelmRelease
metadata:
name: adguard-home
namespace: adguard-home
spec:
chart:
spec:
chart: adguard-home
version: 0.1.0
reconcileStrategy: ChartVersion
sourceRef:
kind: HelmRepository
namespace: flux-system
name: bjw-s
interval: 1h
driftDetection:
mode: enabled
values:
controllers:
adguard-home:
type: statefulset
replicas: 2
containers:
adguard-home:
image:
repository: adguard/adguardhome
tag: v0.107.51
pullPolicy: IfNotPresent
env:
TZ: Australia/Sydney
probes:
liveness: &probe
enabled: true
type: HTTP
port: 3000
path: /login.html
readiness: *probe
startup:
<<: *probe
spec:
failureThreshold: 30
periodSeconds: 5
securityContext:
readOnlyRootFilesystem: true
pod:
priorityClassName: system-cluster-critical
labels:
rpi5.cluster.policy/egress-namespace: "true"
rpi5.cluster.policy/egress-world: "true"
rpi5.cluster.policy/ingress-ingress: "true"
rpi5.cluster.policy/ingress-namespace: "true"
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
podAffinityTerm:
topologyKey: kubernetes.io/hostname
labelSelector:
matchLabels:
app.kubernetes.io/name: adguard-home
app.kubernetes.io/component: adguard-home
statefulset:
volumeClaimTemplates:
- name: data
storageClass: longhorn-ssd
accessMode: ReadWriteOnce
size: 2Gi
globalMounts:
- path: /opt/adguardhome/conf
subPath: conf
- path: /opt/adguardhome/work
subPath: work
sync:
containers:
app:
image:
repository: ghcr.io/bakito/adguardhome-sync
tag: alpine-v0.6.11@sha256:aa6e74003e9c7a1719967f3d80955fb7b89ca659a4dd8fae9ec8901103f018d9
pullPolicy: IfNotPresent
args: [run]
env:
ORIGIN_URL: http://adguard-home-origin:3000
ORIGIN_WEB_URL: https://${app_url}
ORIGIN_USERNAME: ${sync_username}
ORIGIN_PASSWORD: ${sync_password}
REPLICA_URL: http://adguard-home-replica:3000
REPLICA_WEB_URL: https://replica.${app_url}
REPLICA_USERNAME: ${sync_username}
REPLICA_PASSWORD: ${sync_password}
REPLICA_AUTO_SETUP: "true"
CRON: "*/10 * * * *"
securityContext:
readOnlyRootFilesystem: true
pod:
labels:
rpi5.cluster.policy/egress-namespace: "true"
securityContext:
runAsNonRoot: true
service:
adguard-home:
controller: adguard-home
ports:
http:
port: 3000
sync:
controller: sync
ports:
http:
port: 8080
origin: &origin-http
controller: adguard-home
extraSelectorLabels:
apps.kubernetes.io/pod-index: "0"
ports:
http:
port: 3000
origin-dns: &origin-dns
controller: adguard-home
extraSelectorLabels:
apps.kubernetes.io/pod-index: "0"
type: LoadBalancer
externalTrafficPolicy: Local
loadBalancerIP: 192.168.1.221
ports:
dns-tcp:
port: 53
protocol: TCP
dns-udp:
port: 53
protocol: UDP
replica:
<<: *origin-http
extraSelectorLabels:
apps.kubernetes.io/pod-index: "1"
replica-dns:
<<: *origin-dns
extraSelectorLabels:
apps.kubernetes.io/pod-index: "1"
loadBalancerIP: 192.168.1.222
ingress:
origin: &ingress
enabled: true
annotations:
nginx.ingress.kubernetes.io/auth-url: |-
http://ak-outpost-gabernetes.authentik.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: |-
/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: |-
Set-Cookie,Authorization
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
hosts:
- host: ${app_url}
paths:
- path: /
service:
identifier: origin
port: http
tls:
- secretName: ${certificate_name}
hosts:
- ${app_url}
- replica.${app_url}
replica:
<<: *ingress
hosts:
- host: replica.${app_url}
paths:
- path: /
service:
identifier: replica
port: http
Reference in New Issue View Git Blame Copy Permalink