From a9d6387f8a57dcf0e0c166179869313322c44240 Mon Sep 17 00:00:00 2001 From: Tanguy Herbron Date: Sat, 29 Jul 2023 13:47:58 +0200 Subject: [PATCH] feat(*): Initial commit --- README.md | 22 ++++++++++++ manifests/deployment.yaml | 67 +++++++++++++++++++++++++++++++++++ manifests/ingress.yaml | 19 ++++++++++ manifests/kustomization.yaml | 11 ++++++ manifests/namespace.yaml | 4 +++ manifests/pvc.yaml | 12 +++++++ manifests/service-dns.yaml | 19 ++++++++++ manifests/service.yaml | 19 ++++++++++ manifests/servicemonitor.yaml | 14 ++++++++ 9 files changed, 187 insertions(+) create mode 100644 README.md create mode 100644 manifests/deployment.yaml create mode 100644 manifests/ingress.yaml create mode 100644 manifests/kustomization.yaml create mode 100644 manifests/namespace.yaml create mode 100644 manifests/pvc.yaml create mode 100644 manifests/service-dns.yaml create mode 100644 manifests/service.yaml create mode 100644 manifests/servicemonitor.yaml diff --git a/README.md b/README.md new file mode 100644 index 0000000..951dd94 --- /dev/null +++ b/README.md @@ -0,0 +1,22 @@ +# AdGuard Home + +## Kubernetes configuration +### Generate password +``` +htpasswd -B -n -b +``` +This returns `:` + +Add this in the `AdGuradHome.yaml` file as follows: +``` +users: + - name: + password: +``` + +### DNS exposition +When creating the DNS service, externalIPs need to include a out-cluster facing IP +For Wireguard only access, the outbound node's WG IP suffices + +For internet exposition (not recommended), the public interface's IP on the outbound server will work +When behind a VPS provider, it is important to add the IP seen from within the VPS, not the one given through the VPS panel, if different diff --git a/manifests/deployment.yaml b/manifests/deployment.yaml new file mode 100644 index 0000000..8c1a296 --- /dev/null +++ b/manifests/deployment.yaml @@ -0,0 +1,67 @@ +apiVersion: apps/v1 +kind: Deployment +metadata: + name: adguard + namespace: adguard +spec: + replicas: 1 + selector: + matchLabels: + app: adguard + template: + metadata: + labels: + app: adguard + spec: + initContainers: + - name: config-binder + image: alpine + command: ["sh", "-c", "mkdir -p /adguard/conf && cp /binder/config /adguard/conf/AdGuardHome.yaml"] + volumeMounts: + - name: adguard-config-file + mountPath: /binder + - name: adguard-data + mountPath: /adguard + containers: + - name: adguard + image: adguard/adguardhome + ports: + - containerPort: 53 + protocol: UDP + - containerPort: 53 + protocol: TCP + - containerPort: 3000 + protocol: TCP + volumeMounts: + - name: adguard-data + mountPath: /opt/adguardhome/conf + subPath: conf + - name: adguard-data + mountPath: /opt/adguardhome/work + subPath: work + - name: exporter + image: ebrianne/adguard-exporter + ports: + - containerPort: 9617 + env: + - name: adguard_protocol + value: http + - name: adguard_hostname + value: adguard-svc.adguard.svc.cluster.local + - name: adguard_username + valueFrom: + secretKeyRef: + name: adguard-exporter + key: username + - name: adguard_password + valueFrom: + secretKeyRef: + name: adguard-exporter + key: password + volumes: + - name: adguard-config-file + secret: + secretName: adguard-secret-config + - name: adguard-data + persistentVolumeClaim: + claimName: adguard-pvc diff --git a/manifests/ingress.yaml b/manifests/ingress.yaml new file mode 100644 index 0000000..b2dd3f8 --- /dev/null +++ b/manifests/ingress.yaml @@ -0,0 +1,19 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: adguard-ingress + namespace: adguard + annotations: + kubernetes.io/ingress.class: "traefik-inter" +spec: + rules: + - host: adguard.beta.entos + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: adguard-svc + port: + number: 80 diff --git a/manifests/kustomization.yaml b/manifests/kustomization.yaml new file mode 100644 index 0000000..1757ca9 --- /dev/null +++ b/manifests/kustomization.yaml @@ -0,0 +1,11 @@ +apiVersion: kustomize.config.k8s.io/v1beta1 +kind: Kustomization + +resources: + - namespace.yaml + - service.yaml + - service-dns.yaml + - servicemonitor.yaml + - ingress.yaml + - pvc.yaml + - deployment.yaml diff --git a/manifests/namespace.yaml b/manifests/namespace.yaml new file mode 100644 index 0000000..659575d --- /dev/null +++ b/manifests/namespace.yaml @@ -0,0 +1,4 @@ +apiVersion: v1 +kind: Namespace +metadata: + name: adguard diff --git a/manifests/pvc.yaml b/manifests/pvc.yaml new file mode 100644 index 0000000..19b2b6f --- /dev/null +++ b/manifests/pvc.yaml @@ -0,0 +1,12 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: adguard-pvc + namespace: adguard +spec: + accessModes: + - ReadWriteOnce + storageClassName: flat-storage-class + resources: + requests: + storage: 1Gi diff --git a/manifests/service-dns.yaml b/manifests/service-dns.yaml new file mode 100644 index 0000000..bf8e24b --- /dev/null +++ b/manifests/service-dns.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-dns-svc + namespace: adguard +spec: + ports: + - name: dns-udp + protocol: UDP + port: 53 + - name: dns-tcp + protocol: TCP + port: 53 + selector: + app: adguard + externalIPs: + # Wireguard outbound node IP + - 10.20.0.254 + diff --git a/manifests/service.yaml b/manifests/service.yaml new file mode 100644 index 0000000..1109430 --- /dev/null +++ b/manifests/service.yaml @@ -0,0 +1,19 @@ +apiVersion: v1 +kind: Service +metadata: + name: adguard-svc + namespace: adguard + labels: + app.kubernetes.io/name: adguard +spec: + ports: + - name: http + protocol: TCP + port: 80 + targetPort: 3000 + - name: metrics + protocol: TCP + port: 9617 + targetPort: 9617 + selector: + app: adguard diff --git a/manifests/servicemonitor.yaml b/manifests/servicemonitor.yaml new file mode 100644 index 0000000..6e40027 --- /dev/null +++ b/manifests/servicemonitor.yaml @@ -0,0 +1,14 @@ +apiVersion: monitoring.coreos.com/v1 +kind: ServiceMonitor +metadata: + name: adguard + namespace: adguard + labels: + team: core +spec: + selector: + matchLabels: + app.kubernetes.io/name: adguard + endpoints: + - port: metrics + path: /metrics