helm-charts/adguard-home/values.yaml

378 lines
9.6 KiB
YAML

# upgrade strategy type (e.g. Recreate or RollingUpdate)
strategyType: Recreate
image:
repository: adguard/adguardhome
# Image tag is set via charts appVersion. If you want to override the tag, specify it here
tag: v0.107.48
pullPolicy: IfNotPresent
nameOverride: ""
fullnameOverride: ""
configAsCode:
enabled: false
resources: {}
# requests:
# memory: 128Mi
# cpu: 100m
image:
repository: busybox
tag: latest
pullPolicy: Always
config:
bind_host: 0.0.0.0
bind_port: 3000
users: []
# - name: admin
# password: $2y$05$mV4GSa5Dymk4Hjg3NCscBuCYSckCGfc2mbS57SNkBkBAfvqfOdFfm
http_proxy: ""
language: "en"
rlimit_nofile: 0
debug_pprof: false
web_session_ttl: 720
dns:
bind_host: 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_interval: 90
querylog_size_memory: 1000
anonymize_client_ip: false
protection_enabled: true
blocking_mode: default
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
ratelimit: 0
ratelimit_whitelist: []
refuse_any: true
upstream_dns:
- https://dns10.quad9.net/dns-query
bootstrap_dns:
- 9.9.9.10
- 149.112.112.10
- 2620:fe::10
- 2620:fe::fe:10
all_servers: false
fastest_addr: false
allowed_clients: []
# - 10.0.0.1
# - 10.0.1.1/24
disallowed_clients: []
# - 10.0.1.1
# - 10.0.11.1/24
blocked_hosts: []
# - example.org
# - '*.example.org'
# - '||example.org^'
cache_size: 4194304
cache_ttl_min: 0
cache_ttl_max: 0
bogus_nxdomain: []
aaaa_disabled: false
enable_dnssec: false
edns_client_subnet: false
filtering_enabled: true
filters_update_interval: 24
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
# - domain: example.org
# answer: 127.0.0.1
# - domain: '*.example.org'
# answer: 127.0.0.1
blocked_services: []
# - facebook
# - origin
# - twitter
# - snapchat
# - skype
# - whatsapp
# - instagram
# - youtube
# - netflix
# - twitch
# - discord
# - amazon
# - ebay
# - cloudflare
# - steam
# - epic_games
# - reddit
# - ok
# - vk
# - mail_ru
# - tiktok
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
allow_unencrypted_doh: false
strict_sni_check: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard DNS filter
id: 1
- enabled: false
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: false
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
whitelist_filters: []
# - enabled: true
# url: https://easylist-downloads.adblockplus.org/exceptionrules.txt
# name: Allow nonintrusive advertising
# id: 1595760241
user_rules: []
# - '||example.org^'
# - '@@||example.org^'
# - 127.0.0.1 example.org
# - '! Here goes a comment'
# - '# Also a comment'
dhcp:
enabled: false
interface_name: ""
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
# - name: myuser
# tags:
# - user_admin
# ids:
# - 192.168.91.1
# use_global_settings: true
# filtering_enabled: false
# parental_enabled: false
# safesearch_enabled: false
# safebrowsing_enabled: false
# use_global_blocked_services: true
# blocked_services: []
# upstreams: []
log_file: ""
verbose: false
schema_version: 6
tlsSecretName: ""
# name of the secret that contains the tls cert and key.
# this secret will be mounted inside the adguard container /certs path. e.g. works with cert-manager
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# add:
# - NET_BIND_SERVICE
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
timezone: "UTC"
ingress:
enabled: false
className: ""
annotations: {}
hosts:
- host: chart-example.local
paths:
- path: /
pathType: ImplementationSpecific
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
# Probes configuration
probes:
liveness:
enabled: true
initialDelaySeconds: 5
failureThreshold: 5
periodSeconds: 10
readiness:
enabled: false
initialDelaySeconds: 5
failureThreshold: 5
periodSeconds: 10
startup:
enabled: false
initialDelaySeconds: 5
failureThreshold: 30
periodSeconds: 10
service:
type: ClusterIP
# externalTrafficPolicy: Local
# externalIPs: []
# loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
port: 80
serviceTCP:
enabled: false
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceUDP:
enabled: true
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverTLS:
enabled: false
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDNSOverHTTPS:
enabled: false
## Enable if you use AdGuard as a DNS over TLS/HTTPS server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
# loadBalancerSourceRanges: []
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
serviceDHCP:
enabled: false
## Enable if you use AdGuard as a DHCP Server
type: NodePort
# externalTrafficPolicy: Local
# externalIPs: []
loadBalancerIP: ""
# a fixed LoadBalancer IP
annotations: {}
# metallb.universe.tf/address-pool: network-services
# metallb.universe.tf/allow-shared-ip: adguard-home-svc
# external-dns.alpha.kubernetes.io/hostname: dns.example.com
serviceMonitor:
enabled: false
additionalLabels: {}
## Pod Annotations
podAnnotations:
prometheus.io/scrape: "true"
prometheus.io/port: "api"
persistence:
config:
enabled: true
## adguard-home configuration data Persistent Volume Storage Class
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 20Mi
## Do not delete the pvc upon helm uninstall
skipuninstall: false
work:
enabled: true
## adguard-home work volume configuration
## If defined, storageClassName: <storageClass>
## If set to "-", storageClassName: "", which disables dynamic provisioning
## If undefined (the default) or set to null, no storageClassName spec is
## set, choosing the default provisioner. (gp2 on AWS, standard on
## GKE, AWS & OpenStack)
##
# storageClass: "-"
##
## If you want to reuse an existing claim, you can pass the name of the PVC using
## the existingClaim variable
# existingClaim: your-claim
# subPath: some-subpath
accessMode: ReadWriteOnce
size: 10Gi
## Do not delete the pvc upon helm uninstall
skipuninstall: false
volumePermissions:
image:
repository: busybox
tag: latest
pullPolicy: Always
resources: {}
# requests:
# memory: 128Mi
# cpu: 100m
resources: {}
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# memory: 500Mi
# requests:
# cpu: 50m
# memory: 275Mi
nodeSelector: {}
tolerations: []
affinity: {}