change(adguard): use lib42 chart

2024-07-03 06:53:30 +00:00 · 2023-04-03 21:51:30 +02:00 · 2023-04-03 21:51:30 +02:00 · f54dad6c22
parent aa4262ccd9
commit f54dad6c22
2 changed files with 163 additions and 124 deletions
--- a/projects/adguard/project.yml
+++ b/projects/adguard/project.yml
@ -3,9 +3,9 @@ config:
 apps:
 - name: adguard
-  repoURL: https://k8s-at-home.com/charts
+  repoURL: https://github.com/lib42/charts
-  chart: adguard-home
+  path: charts/adguard-home
-  targetRevision: 5.5.2
+  targetRevision: add/adguard-home
    #include:
    #- noRoot
    #- tmpdirs
--- a/projects/adguard/values/adguard.yaml
+++ b/projects/adguard/values/adguard.yaml
@ -49,124 +49,163 @@ service:
        targetPort: 5353
    externalTrafficPolicy: Local
-config: |
+configMaps: 
-  bind_host: 0.0.0.0
+  config: 
-  bind_port: 3000
+    enabled: true
-  beta_bind_port: 0
+    data: 
-  users: []
+      AdGuardHome.yaml: |
-  auth_attempts: 5
+        bind_host: 0.0.0.0
-  block_auth_min: 15
+        bind_port: 3000
-  http_proxy: ""
+        beta_bind_port: 0
-  language: en
+        users: []
-  rlimit_nofile: 0
+        auth_attempts: 5
-  debug_pprof: false
+        block_auth_min: 15
-  web_session_ttl: 720
+        http_proxy: ""
-  dns:
+        language: en
-    bind_hosts:
+        rlimit_nofile: 0
-    - 0.0.0.0
+        debug_pprof: false
-    port: 5353
+        web_session_ttl: 720
-    statistics_interval: 1
+        dns:
-    querylog_enabled: true
+          bind_hosts:
-    querylog_file_enabled: true
+          - 0.0.0.0
-    querylog_interval: 90
+          port: 5353
-    querylog_size_memory: 1000
+          statistics_interval: 1
-    anonymize_client_ip: false
+          querylog_enabled: true
-    protection_enabled: true
+          querylog_file_enabled: true
-    blocking_mode: default
+          querylog_interval: 90
-    blocking_ipv4: ""
+          querylog_size_memory: 1000
-    blocking_ipv6: ""
+          anonymize_client_ip: false
-    blocked_response_ttl: 10
+          protection_enabled: true
-    parental_block_host: family-block.dns.adguard.com
+          blocking_mode: default
-    safebrowsing_block_host: standard-block.dns.adguard.com
+          blocking_ipv4: ""
-    ratelimit: 0
+          blocking_ipv6: ""
-    ratelimit_whitelist: []
+          blocked_response_ttl: 10
-    refuse_any: true
+          parental_block_host: family-block.dns.adguard.com
-    upstream_dns:
+          safebrowsing_block_host: standard-block.dns.adguard.com
-    - 192.168.1.1
+          ratelimit: 0
-    #- https://dns10.quad9.net/dns-query
+          ratelimit_whitelist: []
-    upstream_dns_file: ""
+          refuse_any: true
-    bootstrap_dns:
+          upstream_dns:
-    - 192.168.1.1
+          - 192.168.1.1
-    all_servers: false
+          #- https://dns10.quad9.net/dns-query
-    fastest_addr: false
+          upstream_dns_file: ""
-    allowed_clients: []
+          bootstrap_dns:
-    disallowed_clients: []
+          - 192.168.1.1
-    blocked_hosts: []
+          all_servers: false
-    cache_size: 4194304
+          fastest_addr: false
-    cache_ttl_min: 0
+          allowed_clients: []
-    cache_ttl_max: 0
+          disallowed_clients: []
-    bogus_nxdomain: []
+          blocked_hosts: []
-    aaaa_disabled: false
+          cache_size: 4194304
-    enable_dnssec: false
+          cache_ttl_min: 0
-    edns_client_subnet: false
+          cache_ttl_max: 0
-    max_goroutines: 300
+          bogus_nxdomain: []
-    ipset: []
+          aaaa_disabled: false
-    filtering_enabled: true
+          enable_dnssec: false
-    filters_update_interval: 24
+          edns_client_subnet: false
-    parental_enabled: false
+          max_goroutines: 300
-    safesearch_enabled: false
+          ipset: []
-    safebrowsing_enabled: false
+          filtering_enabled: true
-    safebrowsing_cache_size: 1048576
+          filters_update_interval: 24
-    safesearch_cache_size: 1048576
+          parental_enabled: false
-    parental_cache_size: 1048576
+          safesearch_enabled: false
-    cache_time: 30
+          safebrowsing_enabled: false
-    rewrites: []
+          safebrowsing_cache_size: 1048576
-    blocked_services: []
+          safesearch_cache_size: 1048576
-    local_domain_name: lan
+          parental_cache_size: 1048576
-    resolve_clients: true
+          cache_time: 30
-    local_ptr_upstreams: []
+          rewrites: []
-  tls:
+          blocked_services: []
-    enabled: false
+          local_domain_name: lan
-    server_name: ""
+          resolve_clients: true
-    force_https: false
+          local_ptr_upstreams: []
-    port_https: 443
+        tls:
-    port_dns_over_tls: 853
+          enabled: false
-    port_dns_over_quic: 784
+          server_name: ""
-    port_dnscrypt: 0
+          force_https: false
-    dnscrypt_config_file: ""
+          port_https: 443
-    allow_unencrypted_doh: false
+          port_dns_over_tls: 853
-    strict_sni_check: false
+          port_dns_over_quic: 784
-    certificate_chain: ""
+          port_dnscrypt: 0
-    private_key: ""
+          dnscrypt_config_file: ""
-    certificate_path: ""
+          allow_unencrypted_doh: false
-    private_key_path: ""
+          strict_sni_check: false
-  filters:
+          certificate_chain: ""
-  - enabled: true
+          private_key: ""
-    url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
+          certificate_path: ""
-    name: AdGuard DNS filter
+          private_key_path: ""
-    id: 1
+        filters:
-  - enabled: false
+        - enabled: true
-    url: https://adaway.org/hosts.txt
+          url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
-    name: AdAway
+          name: AdGuard DNS filter
-    id: 2
+          id: 1
-  - enabled: false
+        - enabled: false
-    url: https://www.malwaredomainlist.com/hostslist/hosts.txt
+          url: https://adaway.org/hosts.txt
-    name: MalwareDomainList.com Hosts List
+          name: AdAway
-    id: 4
+          id: 2
-  whitelist_filters: []
+        - enabled: false
-  user_rules: []
+          url: https://www.malwaredomainlist.com/hostslist/hosts.txt
-  dhcp:
+          name: MalwareDomainList.com Hosts List
-    enabled: false
+          id: 4
-    interface_name: ""
+        whitelist_filters: []
-    dhcpv4:
+        user_rules: []
-      gateway_ip: ""
+        dhcp:
-      subnet_mask: ""
+          enabled: false
-      range_start: ""
+          interface_name: ""
-      range_end: ""
+          dhcpv4:
-      lease_duration: 86400
+            gateway_ip: ""
-      icmp_timeout_msec: 1000
+            subnet_mask: ""
-      options: []
+            range_start: ""
-    dhcpv6:
+            range_end: ""
-      range_start: ""
+            lease_duration: 86400
-      lease_duration: 86400
+            icmp_timeout_msec: 1000
-      ra_slaac_only: false
+            options: []
-      ra_allow_slaac: false
+          dhcpv6:
-  clients: []
+            range_start: ""
-  log_compress: false
+            lease_duration: 86400
-  log_localtime: false
+            ra_slaac_only: false
-  log_max_backups: 0
+            ra_allow_slaac: false
-  log_max_size: 100
+        clients: []
-  log_max_age: 3
+        log_compress: false
-  log_file: ""
+        log_localtime: false
-  verbose: false
+        log_max_backups: 0
-  schema_version: 10
+        log_max_size: 100
        log_max_age: 3
        log_file: ""
        verbose: false
        schema_version: 10
 # When using adguard-exporter:
 podAnnotations:
  prometheus.io/scrape: "true"
  prometheus.io/port: "9617"
  prometheus.io/path: "/metrics"
 # See: https://github.com/ebrianne/adguard-exporter
 additionalContainers:
  adguard-exporter:
    image: ebrianne/adguard-exporter:latest
    env:
      - name: adguard_protocol
        value: "http"
      - name: adguard_hostname
        value: '127.0.0.1'
      - name: adguard_username
        value: ""
      - name: adguard_password
        value: ""
      - name: adguard_port
        value: "3000"
      - name: interval 
        value: "10s"
      - name: log_limit
        value: "10000"
      - name: server_port
        value: 9617
    securityContext:
      #  runAsNonRoot: true
      privileged: false
      readOnlyRootFilesystem: true
      allowPrivilegeEscalation: false
      capabilities:
        drop:
        - ALL