sumarsono.com
Take it with a grain of salt


Kubernetes Adguardhome

Posted on

Menjalankan adguardhome di atas kubernetes v1.23.5 menggunakan YAML manifest. YAML berikut ini mencakup definisi untuk object PersistentVolumeClaim, Deployment, Service, and Ingress

Setelah selesai deploy, kita bisa pakai service DNS AdguarHome untuk wireguard yang pernah dibuat di artikel sebelumnya: Kubernetes Wireguard Pakai Wg Easy dengan cara mengganti DNS di konfirgurasi client.

---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: adguardhome
  namespace: adguardhome
  labels:
    app: adguardhome
spec:
  replicas: 1
  strategy:
    type: RollingUpdate
    rollingUpdate:
      maxUnavailable: 1
      maxSurge: 0
  selector:
    matchLabels:
      app: adguardhome
  template:
    metadata:
      labels:
        app: adguardhome
    spec:
      containers:
      - name: adguardhome
        image: adguard/adguardhome:latest
        securityContext:
          privileged: false
          allowPrivilegeEscalation: false
        ports:
        - containerPort: 3000
          protocol: TCP
        - containerPort: 53
          protocol: UDP
        resources:
          requests:
            memory: "128Mi"
            cpu: "100m"
          limits:
            memory: "256Mi"
        readinessProbe:
          httpGet:
            path: /
            port: 3000
        livenessProbe:
          httpGet:
            path: /
            port: 3000
        volumeMounts:
        - name: adguardhome-config
          mountPath: /opt/adguardhome/conf
        - name: adguardhome-logs
          mountPath: /opt/adguardhome/work
      volumes:
      - name: adguardhome-config
        persistentVolumeClaim:
          claimName: adguardhome
      - name: adguardhome-logs
        emptyDir: {}

---
# Persistent volume claim to store all AdGuard Home configuration data
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: adguardhome
  namespace: adguardhome
  labels:
    app: adguardhome
spec:
  storageClassName: openebs-data
  accessModes:
  - ReadWriteOnce
  resources:
    requests:
      storage: 2Gi

---
# Service definition for the AdGuard Home web interface and DNS port
apiVersion: v1
kind: Service
metadata:
  name: adguardhome
  namespace: adguardhome
  labels:
    app: adguardhome
spec:
  type: ClusterIP
  selector:
    app: adguardhome
  ports:
  - port: 3000
    targetPort: 3000
    protocol: TCP
    name: adguard-dashboard
  - port: 53
    targetPort: 53
    protocol: UDP
    name: adguard-dns

---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: adguardhome
  namespace: adguardhome
  labels:
    app: adguardhome
  annotations:
    cert-manager.io/cluster-issuer: "production-issuer"
    nginx.ingress.kubernetes.io/rewrite-target: /

spec:
  ingressClassName: nginx
  rules:
  - host: adguardhome.your-domain.tld
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: adguardhome
            port: 
              number: 3000
  tls:
  - hosts:
    - adguardhome.your-domain.tld
    secretName: adguardhome.your-domain.tld-cert

Contoh penggunaan untuk peer wireguard, dapatkan cluster ip dari service adguardhome:

sumar@lab0:~$ kubectl -n adguardhome get svc
NAME          TYPE        CLUSTER-IP       EXTERNAL-IP   PORT(S)           AGE
adguardhome   ClusterIP   10.110.161.113   <none>        3000/TCP,53/UDP   34m

Masukan cluster ip tsb ke konfigurasi wireguard klien

[Interface]
PrivateKey = <redacted>
Address = 10.8.0.3/24
# pakai dns adguardhome
DNS = 10.110.161.113


[Peer]
PublicKey = <redacted>
PresharedKey = <redacted>
AllowedIPs = 0.0.0.0/0
PersistentKeepalive = 25
Endpoint = <redacted>