apiVersion: apps/v1 kind: Deployment metadata: name: {{ include "adguard-home.fullname" . }} labels: app.kubernetes.io/name: {{ include "adguard-home.name" . }} helm.sh/chart: {{ include "adguard-home.chart" . }} app.kubernetes.io/instance: {{ .Release.Name }} app.kubernetes.io/managed-by: {{ .Release.Service }} spec: replicas: 1 strategy: type: {{ .Values.strategyType }} revisionHistoryLimit: 3 selector: matchLabels: app.kubernetes.io/name: {{ include "adguard-home.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} template: metadata: labels: app.kubernetes.io/name: {{ include "adguard-home.name" . }} app.kubernetes.io/instance: {{ .Release.Name }} annotations: {{- with .Values.podAnnotations }} {{ toYaml . | nindent 8 }} {{- end }} {{- if .Values.configAsCode.enabled }} checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} {{- end }} spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} {{- if or .Values.configAsCode.enabled .Values.securityContext.runAsUser }} initContainers: {{- if .Values.configAsCode.enabled }} - name: "config" securityContext: readOnlyRootFilesystem: true image: "{{ .Values.configAsCode.image.repository }}:{{ .Values.configAsCode.image.tag }}" imagePullPolicy: {{ .Values.configAsCode.image.pullPolicy }} command: ["sh", "-c", "cat /configmap/AdGuardHome.yaml > /opt/adguardhome/conf/AdGuardHome.yaml"] resources: {{- toYaml .Values.configAsCode.resources | nindent 12 }} volumeMounts: - name: configmap mountPath: /configmap - name: config mountPath: /opt/adguardhome/conf readOnly: false {{- end }} {{- if .Values.securityContext.runAsUser }} - name: "volume-permissions" securityContext: readOnlyRootFilesystem: true image: "{{ .Values.volumePermissions.image.repository }}:{{ .Values.volumePermissions.image.tag }}" imagePullPolicy: {{ .Values.volumePermissions.image.pullPolicy }} command: ["/bin/chown", "-R", "{{ .Values.securityContext.runAsUser }}:", "/opt/adguardhome/work", "/opt/adguardhome/conf"] resources: {{- toYaml .Values.volumePermissions.resources | nindent 12 }} volumeMounts: - name: work mountPath: /opt/adguardhome/work readOnly: false - name: config mountPath: /opt/adguardhome/conf readOnly: false {{- end }} {{- end }} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ default .Chart.AppVersion .Values.image.tag }}" imagePullPolicy: {{ .Values.image.pullPolicy }} env: {{- if .Values.timezone }} - name: TZ value: {{ .Values.timezone | quote }} {{- end }} volumeMounts: - name: work mountPath: /opt/adguardhome/work readOnly: false - name: config mountPath: /opt/adguardhome/conf readOnly: false {{- if .Values.tlsSecretName }} - name: certs mountPath: /certs readOnly: false {{- end }} ports: - name: http {{- if .Values.configAsCode.enabled }} containerPort: {{ .Values.configAsCode.config.bind_port | default 3000 }} {{- else }} containerPort: 3000 {{- end }} - name: dns {{- if .Values.configAsCode.enabled }} containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }} {{- else }} containerPort: 53 {{- end }} protocol: TCP - name: dns-udp {{- if .Values.configAsCode.enabled }} containerPort: {{ .Values.configAsCode.config.dns.port | default 53 }} {{- else }} containerPort: 53 {{- end }} protocol: UDP {{- if .Values.serviceDHCP.enabled }} - name: dhcp-server-udp containerPort: 67 protocol: UDP - name: dhcp-client-tcp containerPort: 68 protocol: TCP - name: dhcp-client-udp containerPort: 68 protocol: UDP {{- end }} {{- if .Values.serviceDNSOverTLS.enabled }} - name: dns-over-tls containerPort: 853 protocol: TCP {{- end }} {{- if .Values.serviceDNSOverHTTPS.enabled }} - name: dns-over-https containerPort: 443 protocol: TCP {{- end }} {{- if .Values.probes.liveness.enabled }} livenessProbe: httpGet: path: /login.html port: http scheme: HTTP initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} periodSeconds: {{ .Values.probes.liveness.periodSeconds }} {{- end }} {{- if .Values.probes.readiness.enabled }} readinessProbe: httpGet: path: /login.html port: http scheme: HTTP initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} periodSeconds: {{ .Values.probes.readiness.periodSeconds }} {{- end }} {{- if .Values.probes.startup.enabled }} startupProbe: httpGet: path: /login.html port: http scheme: HTTP initialDelaySeconds: {{ .Values.probes.startup.initialDelaySeconds }} failureThreshold: {{ .Values.probes.startup.failureThreshold }} periodSeconds: {{ .Values.probes.startup.periodSeconds }} {{- end }} resources: {{- toYaml .Values.resources | nindent 12 }} volumes: {{- if .Values.tlsSecretName }} - name: certs secret: secretName: {{ .Values.tlsSecretName }} {{- end }} {{- if .Values.configAsCode.enabled }} - name: configmap configMap: name: {{ include "adguard-home.fullname" . }} {{- end }} - name: config {{- if .Values.persistence.config.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.config.existingClaim }}{{ .Values.persistence.config.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-config{{- end }} {{- else }} emptyDir: {} {{- end }} - name: work {{- if .Values.persistence.work.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistence.work.existingClaim }}{{ .Values.persistence.work.existingClaim }}{{- else }}{{ template "adguard-home.fullname" . }}-work{{- end }} {{- else }} emptyDir: {} {{- end }} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{- toYaml . | nindent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{- toYaml . | nindent 8 }} {{- end }}