Kubernetes Adguardhome
Posted on
Menjalankan adguardhome di atas kubernetes v1.23.5 menggunakan YAML manifest. YAML berikut ini mencakup definisi untuk object PersistentVolumeClaim, Deployment, Service, and Ingress
Setelah selesai deploy, kita bisa pakai service DNS AdguarHome untuk wireguard yang pernah dibuat di artikel sebelumnya: Kubernetes Wireguard Pakai Wg Easy dengan cara mengganti DNS di konfirgurasi client.
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
replicas: 1
strategy:
type: RollingUpdate
rollingUpdate:
maxUnavailable: 1
maxSurge: 0
selector:
matchLabels:
app: adguardhome
template:
metadata:
labels:
app: adguardhome
spec:
containers:
- name: adguardhome
image: adguard/adguardhome:latest
securityContext:
privileged: false
allowPrivilegeEscalation: false
ports:
- containerPort: 3000
protocol: TCP
- containerPort: 53
protocol: UDP
resources:
requests:
memory: "128Mi"
cpu: "100m"
limits:
memory: "256Mi"
readinessProbe:
httpGet:
path: /
port: 3000
livenessProbe:
httpGet:
path: /
port: 3000
volumeMounts:
- name: adguardhome-config
mountPath: /opt/adguardhome/conf
- name: adguardhome-logs
mountPath: /opt/adguardhome/work
volumes:
- name: adguardhome-config
persistentVolumeClaim:
claimName: adguardhome
- name: adguardhome-logs
emptyDir: {}
---
# Persistent volume claim to store all AdGuard Home configuration data
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
storageClassName: openebs-data
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 2Gi
---
# Service definition for the AdGuard Home web interface and DNS port
apiVersion: v1
kind: Service
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
spec:
type: ClusterIP
selector:
app: adguardhome
ports:
- port: 3000
targetPort: 3000
protocol: TCP
name: adguard-dashboard
- port: 53
targetPort: 53
protocol: UDP
name: adguard-dns
---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: adguardhome
namespace: adguardhome
labels:
app: adguardhome
annotations:
cert-manager.io/cluster-issuer: "production-issuer"
nginx.ingress.kubernetes.io/rewrite-target: /
spec:
ingressClassName: nginx
rules:
- host: adguardhome.your-domain.tld
http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: adguardhome
port:
number: 3000
tls:
- hosts:
- adguardhome.your-domain.tld
secretName: adguardhome.your-domain.tld-cert
Contoh penggunaan untuk peer wireguard, dapatkan cluster ip dari service adguardhome:
sumar@lab0:~$ kubectl -n adguardhome get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
adguardhome ClusterIP 10.110.161.113 <none> 3000/TCP,53/UDP 34m
Masukan cluster ip tsb ke konfigurasi wireguard klien
[Interface]
PrivateKey = <redacted>
Address = 10.8.0.3/24
# pakai dns adguardhome
DNS = 10.110.161.113
[Peer]
PublicKey = <redacted>
PresharedKey = <redacted>
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Endpoint = <redacted>