Browse Source

feat: all deployed

pull/3/head
Karan Sharma 2 years ago
parent
commit
2085533388
  1. 6
      digitalocean-infra/firewalls.tf
  2. 8
      k8s/adguard/Makefile
  3. 2
      k8s/adguard/base/adguard/adguard-deployment.yml
  4. 88
      k8s/adguard/base/configs/AdGuardHome.tmpl.yml
  5. 4
      k8s/adguard/base/configs/AdGuardHome.yml
  6. 1
      k8s/adguard/base/configs/password
  7. 2
      k8s/adguard/base/kustomization.yml
  8. 2
      k8s/adguard/kubekutr.yml
  9. 3
      k8s/unbound/base/kustomization.yml
  10. 9
      k8s/unbound/base/patches/nodeport-hardcode.yml
  11. 2
      k8s/unbound/base/unbound/unbound-nodeport-service.yml
  12. 13
      k8s/unbound/kubekutr.yml

6
digitalocean-infra/firewalls.tf

@ -26,6 +26,12 @@ resource "digitalocean_firewall" "vpn" {
port_range = "1-65535"
source_addresses = ["0.0.0.0/0", "::/0"]
}
inbound_rule {
protocol = "tcp"
port_range = "853"
source_addresses = ["0.0.0.0/0", "::/0"]
}
}
resource "digitalocean_firewall" "ssh" {

8
k8s/adguard/Makefile

@ -1,14 +1,12 @@
include base/configs/password.env
export
.PHONY: scaffold
scaffold:
kubekutr -c kubekutr.yml scaffold -o .
.PHONY: build-k8s-local
build-k8s-local: scaffold
@envsubst < base/configs/Adguard.tmpl.yml | tee base/configs/AdGuardHome.yaml > /dev/null
@kustomize build base --load_restrictor none
export $(cat base/configs/password | xargs)
envsubst < base/configs/AdGuardHome.tmpl.yml | tee base/configs/AdGuardHome.yml > /dev/null
kustomize build base --load_restrictor none
.PHONY: deploy-k8s-local
deploy-k8s-local: build-k8s-local

2
k8s/adguard/base/adguard/adguard-deployment.yml

@ -37,7 +37,7 @@ spec:
volumeMounts:
- mountPath: /config
name: tmp-config-volume
- mountPath: /app
- mountPath: /opt/adguardhome/conf/
name: config-volume
volumes:
- name: tmp-config-volume

88
k8s/adguard/base/configs/AdGuardHome.tmpl.yml

@ -0,0 +1,88 @@
bind_host: 0.0.0.0
bind_port: 3000
users:
- name: karan
password: ${PASSWORD}
language: ""
rlimit_nofile: 0
web_session_ttl: 720
dns:
bind_host: 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_interval: 90
querylog_memsize: 0
protection_enabled: true
blocking_mode: null_ip
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns: []
all_servers: false
edns_client_subnet: false
allowed_clients: []
disallowed_clients: []
blocked_hosts: []
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
cache_size: 4194304
upstream_dns:
- 192.168.31.217:30103
filtering_enabled: true
filters_update_interval: 24
parental_sensitivity: 0
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard Simplified Domain Names filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: true
url: https://hosts-file.net/ad_servers.txt
name: hpHosts - Ad and Tracking servers only
id: 3
- enabled: true
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
user_rules: []
dhcp:
enabled: false
interface_name: ""
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
log_file: ""
verbose: false
schema_version: 6

4
k8s/adguard/base/configs/Adguard.tmpl.yml → k8s/adguard/base/configs/AdGuardHome.yml

@ -2,7 +2,7 @@ bind_host: 0.0.0.0
bind_port: 3000
users:
- name: karan
password: ${ADGUARD_PASSWORD}
password:
language: ""
rlimit_nofile: 0
web_session_ttl: 720
@ -31,7 +31,7 @@ dns:
safebrowsing_block_host: standard-block.dns.adguard.com
cache_size: 4194304
upstream_dns:
- 1.1.1.1
- 192.168.31.217:30103
filtering_enabled: true
filters_update_interval: 24
parental_sensitivity: 0

1
k8s/adguard/base/configs/password

@ -0,0 +1 @@
PASSWORD=$2a$10$8nOFMPmxR6cP/JnZmNgr2.JQiG09y5xWoVq7Rf2JZGe10qs4oQGIi

2
k8s/adguard/base/kustomization.yml

@ -8,7 +8,7 @@ resources:
configMapGenerator:
- name: app-config
files:
- AdGuardHome.yaml=configs/AdGuardHome.yaml
- AdGuardHome.yaml=configs/AdGuardHome.yml
patchesStrategicMerge:
- patches/init-container.yml
- patches/add-config-volume.yml

2
k8s/adguard/kubekutr.yml

@ -23,7 +23,7 @@ workloads:
- name: tmp-config-volume
mountPath: /config
- name: config-volume
mountPath: /app
mountPath: /opt/adguardhome/conf/
volumes:
- name: tmp-config-volume
- name: config-volume

3
k8s/unbound/base/kustomization.yml

@ -3,3 +3,6 @@ resources:
- namespace.yml
- unbound/unbound-deployment.yml
- unbound/unbound-service.yml
- unbound/unbound-nodeport-service.yml
patchesStrategicMerge:
- patches/nodeport-hardcode.yml

9
k8s/unbound/base/patches/nodeport-hardcode.yml

@ -0,0 +1,9 @@
---
apiVersion: v1
kind: Service
metadata:
name: unbound-nodeport
spec:
ports:
- port: 53
nodePort: 30103

2
k8s/unbound/base/unbound/unbound-dns-service.yml → k8s/unbound/base/unbound/unbound-nodeport-service.yml

@ -2,7 +2,7 @@
apiVersion: v1
kind: Service
metadata:
name: unbound-dns
name: unbound-nodeport
labels:
service: unbound
spec:

13
k8s/unbound/kubekutr.yml

@ -17,3 +17,16 @@ workloads:
memoryLimits: 100Mi
cpuRequests: 50m
memoryRequests: 50Mi
services:
- name: unbound-nodeport
type: NodePort
ports:
- name: dns-port
targetPort: 53
port: 53
protocol: UDP
labels:
- name: 'service: unbound'
selectors:
- name: 'service: unbound'

Loading…
Cancel
Save