feat(*): Initial commit

2023-07-29 13:47:58 +02:00 · 2023-07-29 13:47:58 +02:00 · a9d6387f8a
commit a9d6387f8a
9 changed files with 187 additions and 0 deletions
--- a/README.md
+++ b/README.md
@ -0,0 +1,22 @@
+# AdGuard Home
+
+## Kubernetes configuration
+### Generate password
+```
+htpasswd -B -n -b <USERNAME> <PASSWORD>
+```
+This returns `<USERNAME>:<HASH>`
+
+Add this in the `AdGuradHome.yaml` file as follows:
+```
+users:
+  - name: <USERNAME>
+    password: <HASH>
+```
+
+### DNS exposition
+When creating the DNS service, externalIPs need to include a out-cluster facing IP
+For Wireguard only access, the outbound node's WG IP suffices
+
+For internet exposition (not recommended), the public interface's IP on the outbound server will work
+When behind a VPS provider, it is important to add the IP seen from within the VPS, not the one given through the VPS panel, if different
--- a/manifests/deployment.yaml
+++ b/manifests/deployment.yaml
@ -0,0 +1,67 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: adguard
+  namespace: adguard
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: adguard
+  template:
+    metadata:
+      labels:
+        app: adguard
+    spec: 
+      initContainers:
+        - name: config-binder
+          image: alpine
+          command: ["sh", "-c", "mkdir -p /adguard/conf && cp /binder/config /adguard/conf/AdGuardHome.yaml"]
+          volumeMounts:
+            - name: adguard-config-file
+              mountPath: /binder
+            - name: adguard-data
+              mountPath: /adguard
+      containers:
+        - name: adguard
+          image: adguard/adguardhome
+          ports:
+            - containerPort: 53
+              protocol: UDP
+            - containerPort: 53
+              protocol: TCP
+            - containerPort: 3000
+              protocol: TCP
+          volumeMounts:
+            - name: adguard-data
+              mountPath: /opt/adguardhome/conf
+              subPath: conf
+            - name: adguard-data
+              mountPath: /opt/adguardhome/work
+              subPath: work
+        - name: exporter
+          image: ebrianne/adguard-exporter
+          ports:
+            - containerPort: 9617
+          env:
+            - name: adguard_protocol
+              value: http
+            - name: adguard_hostname
+              value: adguard-svc.adguard.svc.cluster.local
+            - name: adguard_username
+              valueFrom:
+                secretKeyRef:
+                  name: adguard-exporter
+                  key: username
+            - name: adguard_password
+              valueFrom:
+                secretKeyRef:
+                  name: adguard-exporter
+                  key: password
+      volumes:
+        - name: adguard-config-file
+          secret:
+            secretName: adguard-secret-config
+        - name: adguard-data
+          persistentVolumeClaim:
+              claimName: adguard-pvc
--- a/manifests/ingress.yaml
+++ b/manifests/ingress.yaml
@ -0,0 +1,19 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: adguard-ingress
+  namespace: adguard
+  annotations:
+    kubernetes.io/ingress.class: "traefik-inter"
+spec:
+  rules:
+    - host: adguard.beta.entos
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend: 
+              service:
+                name: adguard-svc
+                port:
+                  number: 80
--- a/manifests/kustomization.yaml
+++ b/manifests/kustomization.yaml
@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+
+resources:
+  - namespace.yaml
+  - service.yaml
+  - service-dns.yaml
+  - servicemonitor.yaml
+  - ingress.yaml
+  - pvc.yaml
+  - deployment.yaml
--- a/manifests/namespace.yaml
+++ b/manifests/namespace.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: adguard
--- a/manifests/pvc.yaml
+++ b/manifests/pvc.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: adguard-pvc
+  namespace: adguard
+spec:
+    accessModes:
+        - ReadWriteOnce
+    storageClassName: flat-storage-class
+    resources:
+        requests:
+            storage: 1Gi
--- a/manifests/service-dns.yaml
+++ b/manifests/service-dns.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: adguard-dns-svc
+  namespace: adguard
+spec:
+  ports:
+    - name: dns-udp
+      protocol: UDP
+      port: 53
+    - name: dns-tcp
+      protocol: TCP
+      port: 53
+  selector:
+    app: adguard
+  externalIPs:
+    # Wireguard outbound node IP
+    - 10.20.0.254
+
--- a/manifests/service.yaml
+++ b/manifests/service.yaml
@ -0,0 +1,19 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: adguard-svc
+  namespace: adguard
+  labels:
+    app.kubernetes.io/name: adguard
+spec:
+  ports:
+    - name: http
+      protocol: TCP
+      port: 80
+      targetPort: 3000
+    - name: metrics
+      protocol: TCP
+      port: 9617
+      targetPort: 9617
+  selector:
+    app: adguard
--- a/manifests/servicemonitor.yaml
+++ b/manifests/servicemonitor.yaml
@ -0,0 +1,14 @@
+apiVersion: monitoring.coreos.com/v1
+kind: ServiceMonitor
+metadata:
+  name: adguard
+  namespace: adguard
+  labels:
+    team: core
+spec:
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: adguard
+  endpoints:
+    - port: metrics
+      path: /metrics