ghp/helm-charts
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

GHP publish

Browse Source
This commit is contained in:
ace
2021-01-17 04:09:41 +03:00
commit 9fe2c2adf2
457 changed files with 40068 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
adguard-home/.helmignore Normal file
View File

@ -0,0 +1,24 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
# OWNERS file for Kubernetes
OWNERS

15
adguard-home/Chart.yaml Normal file
View File

@ -0,0 +1,15 @@
apiVersion: v2
appVersion: v0.102.0
description: DNS proxy as ad-blocker for local network
home: https://github.com/k8s-at-home/charts/tree/master/charts/adguard-home
icon: https://avatars3.githubusercontent.com/u/8361145?s=200&v=4?sanitize=true
keywords:
- adguard-home
- adguard
- dns
maintainers:
- name: billimek
name: adguard-home
sources:
- https://github.com/AdguardTeam/AdGuardHome
version: 2.2.1

64
adguard-home/README.md Normal file
View File

@ -0,0 +1,64 @@
# DNS proxy as ad-blocker for local network
This is an opinionated helm chart for [adguard-home](https://github.com/AdguardTeam/AdGuardHome)
The default values and container images used in this chart will allow for running in a multi-arch cluster (amd64, arm, arm64)
## TL;DR
```shell
helm repo add k8s-at-home https://k8s-at-home.com/charts/
helm install k8s-at-home/adguard-home
```
## Installing the Chart
To install the chart with the release name `my-release`:
```console
helm install --name adguard-home k8s-at-home/adguard-home
```
## Uninstalling the Chart
To uninstall/delete the `adguard-home` deployment:
```console
helm delete adguard-home --purge
```
The command removes all the Kubernetes components associated with the chart and deletes the release.
## Configuration
Read through the [values.yaml](https://github.com/k8s-at-home/charts/blob/master/charts/adguard-home/values.yaml) file. It has several commented out suggested values.
Specify each parameter using the `--set key=value[,key=value]` argument to `helm install`. For example,
```console
helm install --name adguard-home \
--set timeZone="America/New York" \
k8s-at-home/adguard-home
```
Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example,
```console
helm install --name adguard-home -f values.yaml k8s-at-home/adguard-home
```
#### Helm force upgrade
```sh
helm upgrade --force
```
#### Delete the existing `adguard-home` services prior to upgrading
```sh
kubectl delete svc/adguard-home
```
#### Remove the existing adguard-home chart first
This is the 'easiest' approach, but will incur downtime which can be problematic if you rely on adguard-home for DNS

15
adguard-home/templates/NOTES.txt Normal file
View File

@ -0,0 +1,15 @@
1. Get the application URL by running these commands:
{{- if contains "NodePort" .Values.serviceUDP.type }}
export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "adguard-home.fullname" . }})
export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
echo http://$NODE_IP:$NODE_PORT
{{- else if contains "LoadBalancer" .Values.serviceUDP.type }}
NOTE: It may take a few minutes for the LoadBalancer IP to be available.
You can watch the status of by running 'kubectl get svc -w {{ include "adguard-home.fullname" . }}'
export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "adguard-home.fullname" . }} -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
echo http://$SERVICE_IP:{{ .Values.serviceUDP.port }}
{{- else if contains "ClusterIP" .Values.serviceUDP.type }}
export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "adguard-home.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
echo "Visit http://127.0.0.1:8080 to use your application"
kubectl port-forward $POD_NAME 8080:3000
{{- end }}

32
adguard-home/templates/_helpers.tpl Normal file
View File

@ -0,0 +1,32 @@
{{/* vim: set filetype=mustache: */}}
{{/*
Expand the name of the chart.
*/}}
{{- define "adguard-home.name" -}}
{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Create a default fully qualified app name.
We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
If release name contains chart name it will be used as a full name.
*/}}
{{- define "adguard-home.fullname" -}}
{{- if .Values.fullnameOverride -}}
{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- $name := default .Chart.Name .Values.nameOverride -}}
{{- if contains $name .Release.Name -}}
{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
{{- else -}}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{- end -}}
{{- end -}}
{{/*
Create chart name and version as used by the chart label.
*/}}
{{- define "adguard-home.chart" -}}
{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
{{- end -}}

29
adguard-home/templates/config-pvc.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if and .Values.persistence.config.enabled (not .Values.persistence.config.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "adguard-home.fullname" . }}-config
{{- if .Values.persistence.config.skipuninstall }}
annotations:
"helm.sh/resource-policy": keep
{{- end }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.persistence.config.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.config.size | quote }}
{{- if .Values.persistence.config.storageClass }}
{{- if (eq "-" .Values.persistence.config.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.config.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}

14
adguard-home/templates/configmap.yaml Normal file
View File

@ -0,0 +1,14 @@
{{- if .Values.configAsCode.enabled }}
kind: ConfigMap
apiVersion: v1
metadata:
name: {{ include "adguard-home.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
data:
AdGuardHome.yaml: |
{{- toYaml .Values.configAsCode.config | nindent 4 }}
{{- end }}

201
adguard-home/templates/deployment.yaml Normal file
View File

@ -0,0 +1,201 @@
apiVersion: apps/v1
kind: Deployment
metadata:
name: {{ include "adguard-home.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
replicas: 1
strategy:
type: {{ .Values.strategyType }}
revisionHistoryLimit: 3
selector:
matchLabels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
template:
metadata:
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
annotations:
{{- with .Values.podAnnotations }}
{{ toYaml . | nindent 8 }}
{{- end }}
{{- if .Values.configAsCode.enabled }}
checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
{{- end }}
spec:
securityContext:
{{- toYaml .Values.podSecurityContext | nindent 8 }}
{{- if or .Values.configAsCode.enabled .Values.securityContext.runAsUser }}
initContainers:
{{- if .Values.configAsCode.enabled }}
- name: "config"
securityContext:
readOnlyRootFilesystem: true
image: "{{ .Values.configAsCode.image.repository }}:{{ .Values.configAsCode.image.tag }}"
imagePullPolicy: {{ .Values.configAsCode.image.pullPolicy }}
command: ["sh", "-c", "cat /configmap/AdGuardHome.yaml > /opt/adguardhome/conf/AdGuardHome.yaml"]
resources: {{- toYaml .Values.configAsCode.resources | nindent 12 }}
volumeMounts:
- name: configmap
mountPath: /configmap
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- end }}
{{- if .Values.securityContext.runAsUser }}
- name: "volume-permissions"
securityContext:
readOnlyRootFilesystem: true
image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}"
imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy }}
command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:", "/opt/adguardhome/work", "/opt/adguardhome/conf"]
resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }}
volumeMounts:
- name: work
mountPath: /opt/adguardhome/work
readOnly: false
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- end }}
{{- end }}
containers:
- name: {{ .Chart.Name }}
securityContext:
{{- toYaml .Values.securityContext | nindent 12 }}
image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}"
imagePullPolicy: {{ .Values.image.pullPolicy }}
env:
{{- if .Values.timezone }}
- name: TZ
value: {{ .Values.timezone | quote }}
{{- end }}
volumeMounts:
- name: work
mountPath: /opt/adguardhome/work
readOnly: false
- name: config
mountPath: /opt/adguardhome/conf
readOnly: false
{{- if .Values.tlsSecretName }}
- name: certs
mountPath: /certs
readOnly: false
{{- end }}
ports:
- name: http
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.bind_port | default 3000 }}
{{- else }}
containerPort: 3000
{{- end }}
- name: dns
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
{{- else }}
containerPort: 53
{{- end }}
protocol: TCP
- name: dns-udp
{{- if .Values.configAsCode.enabled }}
containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }}
{{- else }}
containerPort: 53
{{- end }}
protocol: UDP
{{- if .Values.serviceDHCP.enabled }}
- name: dhcp-server-udp
containerPort: 67
protocol: UDP
- name: dhcp-client-tcp
containerPort: 68
protocol: TCP
- name: dhcp-client-udp
containerPort: 68
protocol: UDP
{{- end }}
{{- if .Values.serviceDNSOverTLS.enabled }}
- name: dns-over-tls
containerPort: 853
protocol: TCP
{{- end }}
{{- if .Values.serviceDNSOverHTTPS.enabled }}
- name: dns-over-https
containerPort: 443
protocol: TCP
{{- end }}
{{- if .Values.probes.liveness.enabled }}
livenessProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
periodSeconds: {{ .Values.probes.liveness.periodSeconds }}
{{- end }}
{{- if .Values.probes.readiness.enabled }}
readinessProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
periodSeconds: {{ .Values.probes.readiness.periodSeconds }}
{{- end }}
{{- if .Values.probes.startup.enabled }}
startupProbe:
httpGet:
path: /login.html
port: http
scheme: HTTP
initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }}
failureThreshold: {{ .Values.probes.startup.failureThreshold }}
periodSeconds: {{ .Values.probes.startup.periodSeconds }}
{{- end }}
resources:
{{- toYaml .Values.resources | nindent 12 }}
volumes:
{{- if .Values.tlsSecretName }}
- name: certs
secret:
secretName: {{ .Values.tlsSecretName }}
{{- end }}
{{- if .Values.configAsCode.enabled }}
- name: configmap
configMap:
name: {{ include "adguard-home.fullname" . }}
{{- end }}
- name: config
{{- if .Values.persistence.config.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-config{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
- name: work
{{- if .Values.persistence.work.enabled }}
persistentVolumeClaim:
claimName: {{ if .Values.persistence.work.existingClaim }}{{ .Values.persistence.work.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-work{{- end }}
{{- else }}
emptyDir: {}
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}

38
adguard-home/templates/ingress.yaml Normal file
View File

@ -0,0 +1,38 @@
{{- if .Values.ingress.enabled -}}
{{- $fullName := include "adguard-home.fullname" . -}}
{{- $ingressPath := .Values.ingress.path -}}
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: {{ $fullName }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- with .Values.ingress.annotations }}
annotations:
{{ toYaml . | indent 4 }}
{{- end }}
spec:
{{- if .Values.ingress.tls }}
tls:
{{- range .Values.ingress.tls }}
- hosts:
{{- range .hosts }}
- {{ . | quote }}
{{- end }}
secretName: {{ .secretName }}
{{- end }}
{{- end }}
rules:
{{- range .Values.ingress.hosts }}
- host: {{ . | quote }}
http:
paths:
- path: {{ $ingressPath }}
backend:
serviceName: {{ $fullName }}
servicePort: http
{{- end }}
{{- end }}

45
adguard-home/templates/service-dhcp.yaml Normal file
View File

@ -0,0 +1,45 @@
{{- if .Values.serviceDHCP.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}-dhcp
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.serviceDHCP.annotations }}
annotations:
{{ toYaml .Values.serviceDHCP.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.serviceDHCP.type }}
{{- if .Values.serviceDHCP.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceDHCP.loadBalancerIP }}
{{- end }}
{{- if .Values.serviceDHCP.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.serviceDHCP.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.serviceDHCP.externalIPs }}
externalIPs:
{{ toYaml .Values.serviceDHCP.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.serviceDHCP.externalTrafficPolicy }}
ports:
- port: 67
targetPort: dhcp-server-udp
protocol: UDP
name: dhcp-server-udp
- port: 68
targetPort: dhcp-client-tcp
protocol: TCP
name: dhcp-client-tcp
- port: 68
targetPort: dhcp-client-udp
protocol: UDP
name: dhcp-client-udp
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

37
adguard-home/templates/service-dns-over-https.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.serviceDNSOverHTTPS.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}-dns-over-https
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.serviceDNSOverHTTPS.annotations }}
annotations:
{{ toYaml .Values.serviceDNSOverHTTPS.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.serviceDNSOverHTTPS.type }}
{{- if .Values.serviceDNSOverHTTPS.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceDNSOverHTTPS.loadBalancerIP }}
{{- end }}
{{- if .Values.serviceDNSOverHTTPS.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.serviceDNSOverHTTPS.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.serviceDNSOverHTTPS.externalIPs }}
externalIPs:
{{ toYaml .Values.serviceDNSOverHTTPS.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.serviceDNSOverHTTPS.externalTrafficPolicy }}
ports:
- port: 443
targetPort: dns-over-https
protocol: TCP
name: dns-over-https
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

37
adguard-home/templates/service-dns-over-tls.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.serviceDNSOverTLS.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}-dns-over-tls
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.serviceDNSOverTLS.annotations }}
annotations:
{{ toYaml .Values.serviceDNSOverTLS.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.serviceDNSOverTLS.type }}
{{- if .Values.serviceDNSOverTLS.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceDNSOverTLS.loadBalancerIP }}
{{- end }}
{{- if .Values.serviceDNSOverTLS.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.serviceDNSOverTLS.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.serviceDNSOverTLS.externalIPs }}
externalIPs:
{{ toYaml .Values.serviceDNSOverTLS.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.serviceDNSOverTLS.externalTrafficPolicy }}
ports:
- port: 853
targetPort: dns-over-tls
protocol: TCP
name: dns-over-tls
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

37
adguard-home/templates/service-tcp.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.serviceTCP.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}-tcp
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.serviceTCP.annotations }}
annotations:
{{ toYaml .Values.serviceTCP.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.serviceTCP.type }}
{{- if .Values.serviceTCP.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceTCP.loadBalancerIP }}
{{- end }}
{{- if .Values.serviceTCP.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.serviceTCP.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.serviceTCP.externalIPs }}
externalIPs:
{{ toYaml .Values.serviceTCP.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.serviceTCP.externalTrafficPolicy }}
ports:
- port: 53
targetPort: dns
protocol: TCP
name: dns
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

37
adguard-home/templates/service-udp.yaml Normal file
View File

@ -0,0 +1,37 @@
{{- if .Values.serviceUDP.enabled }}
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}-udp
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.serviceUDP.annotations }}
annotations:
{{ toYaml .Values.serviceUDP.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.serviceUDP.type }}
{{- if .Values.serviceUDP.loadBalancerIP }}
loadBalancerIP: {{ .Values.serviceUDP.loadBalancerIP }}
{{- end }}
{{- if .Values.serviceUDP.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.serviceUDP.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.serviceUDP.externalIPs }}
externalIPs:
{{ toYaml .Values.serviceUDP.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.serviceUDP.externalTrafficPolicy }}
ports:
- port: 53
targetPort: dns-udp
protocol: UDP
name: dns-udp
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
{{- end }}

35
adguard-home/templates/service.yaml Normal file
View File

@ -0,0 +1,35 @@
apiVersion: v1
kind: Service
metadata:
name: {{ include "adguard-home.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
{{- if .Values.service.annotations }}
annotations:
{{ toYaml .Values.service.annotations | indent 4 }}
{{- end }}
spec:
type: {{ .Values.service.type }}
{{- if .Values.service.loadBalancerIP }}
loadBalancerIP: {{ .Values.service.loadBalancerIP }}
{{- end }}
{{- if .Values.service.loadBalancerSourceRanges }}
loadBalancerSourceRanges:
{{ toYaml .Values.service.loadBalancerSourceRanges | indent 4 }}
{{- end -}}
{{- if .Values.service.externalIPs }}
externalIPs:
{{ toYaml .Values.service.externalIPs | indent 4 }}
{{- end }}
externalTrafficPolicy: {{ .Values.service.externalTrafficPolicy }}
ports:
- port: 3000
targetPort: http
protocol: TCP
name: http
selector:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}

23
adguard-home/templates/servicemonitor.yaml Normal file
View File

@ -0,0 +1,23 @@
{{- if .Values.serviceMonitor.enabled }}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
name: {{ include "adguard-home.fullname" . }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
{{- with .Values.serviceMonitor.additionalLabels }}
{{- toYaml . | nindent 4 }}
{{- end }}
spec:
selector:
matchLabels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
endpoints:
- port: http
interval: 30s
path: /
{{- end }}

29
adguard-home/templates/work-pvc.yaml Normal file
View File

@ -0,0 +1,29 @@
{{- if and .Values.persistence.work.enabled (not .Values.persistence.work.existingClaim) }}
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: {{ template "adguard-home.fullname" . }}-work
{{- if .Values.persistence.work.skipuninstall }}
annotations:
"helm.sh/resource-policy": keep
{{- end }}
labels:
app.kubernetes.io/name: {{ include "adguard-home.name" . }}
helm.sh/chart: {{ include "adguard-home.chart" . }}
app.kubernetes.io/instance: {{ .Release.Name }}
app.kubernetes.io/managed-by: {{ .Release.Service }}
spec:
accessModes:
- {{ .Values.persistence.work.accessMode | quote }}
resources:
requests:
storage: {{ .Values.persistence.work.size | quote }}
{{- if .Values.persistence.work.storageClass }}
{{- if (eq "-" .Values.persistence.work.storageClass) }}
storageClassName: ""
{{- else }}
storageClassName: "{{ .Values.persistence.work.storageClass }}"
{{- end }}
{{- end }}
{{- end -}}

376
adguard-home/values.yaml Normal file
View File

@ -0,0 +1,376 @@
# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: Recreate
configAsCode:
enabled: false
resources: {}
# requests:
# memory: 128Mi
# cpu: 100m
image:
repository: busybox
tag: latest
pullPolicy: Always
config:
bind_host: 0.0.0.0
bind_port: 3000
users: []
# - name: admin
# password: $2y$05$mV4GSa5Dymk4Hjg3NCscBuCYSckCGfc2mbS57SNkBkBAfvqfOdFfm
http_proxy: ""
language: "en"
rlimit_nofile: 0
debug_pprof: false
web_session_ttl: 720
dns:
bind_host: 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_interval: 90
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 0
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
allowed_clients: []
# - 10.0.0.1
# - 10.0.1.1/24
disallowed_clients: []
# - 10.0.1.1
# - 10.0.11.1/24
blocked_hosts: []
# - example.org
# - '*.example.org'
# - '||example.org^'
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
# - domain: example.org
# answer: 127.0.0.1
# - domain: '*.example.org'
# answer: 127.0.0.1
blocked_services: []
# - facebook
# - origin
# - twitter
# - snapchat
# - skype
# - whatsapp
# - instagram
# - youtube
# - netflix
# - twitch
# - discord
# - amazon
# - ebay
# - cloudflare
# - steam
# - epic_games
# - reddit
# - ok
# - vk
# - mail_ru
# - tiktok
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: false
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
whitelist_filters: []
# - enabled: true
# url: https://easylist-downloads.adblockplus.org/exceptionrules.txt
# name: Allow nonintrusive advertising
# id: 1595760241
user_rules: []
# - '||example.org^'
# - '@@||example.org^'
# - 127.0.0.1 example.org
# - '! Here goes a comment'
# - '# Also a comment'
dhcp:
enabled: false
interface_name: ""
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
# - name: myuser
# tags:
# - user_admin
# ids:
# - 192.168.91.1
# use_global_settings: true
# filtering_enabled: false
# parental_enabled: false
# safesearch_enabled: false
# safebrowsing_enabled: false
# use_global_blocked_services: true
# blocked_services: []
# upstreams: []
log_file: ""
verbose: false
schema_version: 6
tlsSecretName: ""
# name of the secret that contains the tls cert and key.
# this secret will be mounted inside the adguard container /certs path. e.g. works with cert-manager
image:
repository: adguard/adguardhome
# Image tag is set via charts appVersion. If you want to override the tag, specify it here
# tag: vX.Y.Z
pullPolicy: IfNotPresent
nameOverride: ""
fullnameOverride: ""
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# add:
# - NET_BIND_SERVICE
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
timezone: "UTC"
ingress:
enabled: false
annotations: {}
# kubernetes.io/ingress.class: nginx
# kubernetes.io/tls-acme: "true"
path: /
hosts:
- chart-example.local
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Probes configuration
probes:
liveness:
enabled: true
initialDelaySeconds: 5
failureThreshold: 5
periodSeconds: 10
readiness:
enabled: false
initialDelaySeconds: 5
failureThreshold: 5
periodSeconds: 10
startup:
enabled: false
initialDelaySeconds: 5
failureThreshold: 30
periodSeconds: 10
service:
type: ClusterIP
# externalTrafficPolicy: Local
# externalIPs: []
# loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceTCP:
enabled: false
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceUDP:
enabled: true
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverTLS:
enabled: false
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverHTTPS:
enabled: false
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDHCP:
enabled: false
## Enable if you use AdGuard as a DHCP Server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
# external-dns.alpha.kubernetes.io/hostname: dns.example.com
serviceMonitor:
enabled: false
additionalLabels: {}
## Pod Annotations
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "api"
persistence:
config:
enabled: true
## adguard-home configuration data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 20Mi
## Do not delete the pvc upon helm uninstall
skipuninstall: false
work:
enabled: true
## adguard-home work volume configuration
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 10Gi
## Do not delete the pvc upon helm uninstall
skipuninstall: false
volumePermissions:
image:
repository: busybox
tag: latest
pullPolicy: Always
resources: {}
# requests:
# memory: 128Mi
# cpu: 100m
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# memory: 500Mi
# requests:
# cpu: 50m
# memory: 275Mi
nodeSelector: {}
tolerations: []
affinity: {}