Containers
/
monkeybox_kubernetes


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217
							apiVersion: v1
kind: Service
metadata:
  name: adguard-tcp
  labels:
    run: adguard
  annotations:
    metallb.universe.tf/allow-shared-ip: "adguard"
spec:
  ports:
    - name: dns
      protocol: TCP
      port: 53
      targetPort: 53
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
    - name: dns-over-https
      protocol: TCP
      port: 443
      targetPort: 443
    - name: dns-over-tls
      protocol: TCP
      port: 853
      targetPort: 853
    - name: adguard-management
      protocol: TCP
      port: 3000
      targetPort: 3000
    - name: dnscrypt
      protocol: TCP
      port: 5443
      targetPort: 5443
  selector:
    run: adguard
  type: LoadBalancer
  loadBalancerIP: 10.42.42.239
---
apiVersion: v1
kind: Service
metadata:
  name: adguard-udp
  labels:
    run: adguard
  annotations:
    metallb.universe.tf/allow-shared-ip: "adguard"
spec:
  ports:
    - name: dns
      protocol: UDP
      port: 53
      targetPort: 53
    - name: dns-over-quic
      protocol: UDP
      port: 784
      targetPort: 784
    - name: dnscrypt
      protocol: UDP
      port: 5443
      targetPort: 5443
  selector:
    run: adguard
  type: LoadBalancer
  loadBalancerIP: 10.42.42.239
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: adguard-config
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/adguard-config
    server: 10.42.42.10
  claimRef:
    name: adguard-config
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: adguard-config
  annotations:
    nfs.io/storage-path: "adguard-config"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: adguard-data
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/adguard-data
    server: 10.42.42.10
  claimRef:
    name: adguard-data
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: adguard-data
  annotations:
    nfs.io/storage-path: "adguard-data"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: adguard
spec:
  replicas: 1
  selector:
    matchLabels:
      run: adguard
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: adguard
    spec:
      containers:
        - image: adguard/adguardhome
          name: adguard
          ports:
            - containerPort: 53
              protocol: UDP
            - containerPort: 53
              protocol: TCP
            - containerPort: 80
              protocol: TCP
            - containerPort: 3000
              protocol: TCP
            - containerPort: 443
              protocol: TCP
            - containerPort: 853
              protocol: TCP
            - containerPort: 5443
              protocol: TCP
            - containerPort: 5443
              protocol: UDP
          resources: {}
          volumeMounts:
            - mountPath: /opt/adguardhome/work
              name: adguard-data
            - mountPath: /opt/adguardhome/conf
              name: adguard-config
      restartPolicy: Always
      volumes:
        - name: adguard-data
          persistentVolumeClaim:
            claimName: adguard-data
        - name: adguard-config
          persistentVolumeClaim:
            claimName: adguard-config
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: adguard-management
  annotations:
    #nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    #nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - adguard.monkeybox.org
    secretName: adguard-tls
  rules:
  - host: adguard.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: adguard-tcp
            port:
              number: 3000