Browse Source

feat: unbound and adguard fixes

pull/3/head
Karan Sharma 2 years ago
parent
commit
23b10e5c38
  1. 22
      k8s/adguard/base/dns-svc.yml
  2. 2
      k8s/adguard/base/kustomization.yml
  3. 9
      k8s/adguard/base/patches/nodeport-hardcode.yml
  4. 17
      k8s/adguard/kubekutr.yml
  5. 225
      k8s/adguard/t.yml
  6. 11
      k8s/unbound/Makefile
  7. 5
      k8s/unbound/base/kustomization.yml
  8. 4
      k8s/unbound/base/namespace.yml
  9. 33
      k8s/unbound/base/unbound/unbound-deployment.yml
  10. 16
      k8s/unbound/base/unbound/unbound-dns-service.yml
  11. 14
      k8s/unbound/base/unbound/unbound-service.yml
  12. 19
      k8s/unbound/kubekutr.yml

22
k8s/adguard/base/dns-svc.yml

@ -0,0 +1,22 @@
---
apiVersion: v1
kind: Service
metadata:
name: adguard-dns
labels:
service: adguard
spec:
ports:
- name: tcp
port: 53
targetPort: 53
nodePort: 30110
protocol: TCP
- name: udp
port: 53
targetPort: 53
nodePort: 30111
protocol: UDP
type: NodePort
selector:
service: adguard

2
k8s/adguard/base/kustomization.yml

@ -2,9 +2,9 @@ namespace: adguard
resources:
- namespace.yml
- adguard/adguard-deployment.yml
- adguard/adguard-dns-service.yml
- adguard/adguard-service.yml
- adguard/adguard-web-service.yml
- dns-svc.yml
configMapGenerator:
- name: app-config
files:

9
k8s/adguard/base/patches/nodeport-hardcode.yml

@ -1,12 +1,3 @@
# ---
# apiVersion: v1
# kind: Service
# metadata:
# name: adguard-dns
# spec:
# ports:
# - port: 53
# nodePort: 30100
---
apiVersion: v1
kind: Service

17
k8s/adguard/kubekutr.yml

@ -28,23 +28,6 @@ workloads:
- name: tmp-config-volume
- name: config-volume
services:
- name: adguard-dns
type: NodePort
ports:
- name: dot-port
targetPort: dns-port
port: 53
protocol: TCP
- name: dns-port
targetPort: dns-port
port: 53
protocol: UDP
labels:
- name: 'service: adguard'
- name: 'tier: dns'
selectors:
- name: 'tier: dns'
- name: 'service: adguard'
- name: adguard-web
type: NodePort
ports:

225
k8s/adguard/t.yml

@ -1,225 +0,0 @@
kubekutr -c kubekutr.yml scaffold -o .
apiVersion: v1
kind: Namespace
metadata:
name: adguard
---
apiVersion: v1
data:
AdGuardHome.yaml: |-
bind_host: 0.0.0.0
bind_port: 3000
users:
- name: karan
password: bullah
language: ""
rlimit_nofile: 0
web_session_ttl: 720
dns:
bind_host: 0.0.0.0
port: 53
statistics_interval: 1
querylog_enabled: true
querylog_interval: 90
querylog_memsize: 0
protection_enabled: true
blocking_mode: null_ip
blocking_ipv4: ""
blocking_ipv6: ""
blocked_response_ttl: 10
ratelimit: 20
ratelimit_whitelist: []
refuse_any: true
bootstrap_dns: []
all_servers: false
edns_client_subnet: false
allowed_clients: []
disallowed_clients: []
blocked_hosts: []
parental_block_host: family-block.dns.adguard.com
safebrowsing_block_host: standard-block.dns.adguard.com
cache_size: 4194304
upstream_dns:
- 1.1.1.1
filtering_enabled: true
filters_update_interval: 24
parental_sensitivity: 0
parental_enabled: false
safesearch_enabled: false
safebrowsing_enabled: false
safebrowsing_cache_size: 1048576
safesearch_cache_size: 1048576
parental_cache_size: 1048576
cache_time: 30
rewrites: []
blocked_services: []
tls:
enabled: false
server_name: ""
force_https: false
port_https: 443
port_dns_over_tls: 853
allow_unencrypted_doh: false
certificate_chain: ""
private_key: ""
certificate_path: ""
private_key_path: ""
filters:
- enabled: true
url: https://adguardteam.github.io/AdGuardSDNSFilter/Filters/filter.txt
name: AdGuard Simplified Domain Names filter
id: 1
- enabled: true
url: https://adaway.org/hosts.txt
name: AdAway
id: 2
- enabled: true
url: https://hosts-file.net/ad_servers.txt
name: hpHosts - Ad and Tracking servers only
id: 3
- enabled: true
url: https://www.malwaredomainlist.com/hostslist/hosts.txt
name: MalwareDomainList.com Hosts List
id: 4
user_rules: []
dhcp:
enabled: false
interface_name: ""
gateway_ip: ""
subnet_mask: ""
range_start: ""
range_end: ""
lease_duration: 86400
icmp_timeout_msec: 1000
clients: []
log_file: ""
verbose: false
schema_version: 6
kind: ConfigMap
metadata:
name: app-config-54ckbfb94d
namespace: adguard
---
apiVersion: v1
kind: Service
metadata:
labels:
service: adguard
tier: dns
name: adguard
namespace: adguard
spec:
ports:
- name: dns-port
port: 53
protocol: TCP
targetPort: dns-port
- name: web-port
port: 3000
protocol: TCP
targetPort: web-port
selector:
service: adguard
tier: dns
type: ClusterIP
---
apiVersion: v1
kind: Service
metadata:
labels:
service: adguard
tier: dns
name: adguard-dns
namespace: adguard
spec:
ports:
- name: dot-port
nodePort: 30100
port: 53
protocol: TCP
targetPort: dns-port
- name: dns-port
port: 53
protocol: UDP
targetPort: dns-port
selector:
service: adguard
tier: dns
type: NodePort
---
apiVersion: v1
kind: Service
metadata:
labels:
service: adguard
tier: web
name: adguard-web
namespace: adguard
spec:
ports:
- name: web-port
nodePort: 30102
port: 3000
protocol: TCP
targetPort: web-port
selector:
service: adguard
tier: dns
type: NodePort
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
service: adguard
tier: dns
name: adguard
namespace: adguard
spec:
replicas: 1
selector:
matchLabels:
service: adguard
tier: dns
template:
metadata:
labels:
service: adguard
tier: dns
spec:
containers:
- image: adguard/adguardhome:armhf-edge
name: adguard
ports:
- containerPort: 3000
name: web-port
resources:
limits:
cpu: 180m
memory: 200Mi
requests:
cpu: 90m
memory: 100Mi
volumeMounts:
- mountPath: /config
name: tmp-config-volume
- mountPath: /app
name: config-volume
initContainers:
- command:
- sh
- -c
- cp /config/AdGuardHome.yaml /app
image: balenalib/armv7hf-debian:run
name: init-adguard
volumeMounts:
- mountPath: /config
name: tmp-config-volume
- mountPath: /app
name: config-volume
volumes:
- emptyDir: {}
name: config-volume
- configMap:
name: app-config-54ckbfb94d
name: tmp-config-volume

11
k8s/unbound/Makefile

@ -0,0 +1,11 @@
.PHONY: scaffold
scaffold:
@kubekutr -c kubekutr.yml scaffold -o .
.PHONY: build-k8s-local
build-k8s-local: scaffold
@kustomize build base --load_restrictor none
.PHONY: deploy-k8s-local
deploy-k8s-local: build-k8s-local
kustomize build base/ --load_restrictor none | kubectl apply -f -

5
k8s/unbound/base/kustomization.yml

@ -0,0 +1,5 @@
namespace: unbound
resources:
- namespace.yml
- unbound/unbound-deployment.yml
- unbound/unbound-service.yml

4
k8s/unbound/base/namespace.yml

@ -0,0 +1,4 @@
apiVersion: v1
kind: Namespace
metadata:
name: unbound

33
k8s/unbound/base/unbound/unbound-deployment.yml

@ -0,0 +1,33 @@
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: unbound
labels:
service: unbound
tier: dns
spec:
replicas: 2
selector:
matchLabels:
service: unbound
tier: dns
template:
metadata:
labels:
service: unbound
tier: dns
spec:
containers:
- name: unbound
image: mvance/unbound-rpi:latest
ports:
- containerPort: 53
name: dns-port
resources:
requests:
memory: 50Mi
cpu: 50m
limits:
memory: 100Mi
cpu: 80m

16
k8s/unbound/base/unbound/unbound-dns-service.yml

@ -0,0 +1,16 @@
---
apiVersion: v1
kind: Service
metadata:
name: unbound-dns
labels:
service: unbound
spec:
ports:
- port: 53
name: dns-port
targetPort: 53
protocol: UDP
type: NodePort
selector:
service: unbound

14
k8s/adguard/base/adguard/adguard-dns-service.yml → k8s/unbound/base/unbound/unbound-service.yml

@ -2,21 +2,17 @@
apiVersion: v1
kind: Service
metadata:
name: adguard-dns
name: unbound
labels:
service: adguard
service: unbound
tier: dns
spec:
ports:
- port: 53
name: dot-port
targetPort: dns-port
protocol: TCP
- port: 53
name: dns-port
targetPort: dns-port
protocol: UDP
type: NodePort
protocol: TCP
type: ClusterIP
selector:
service: unbound
tier: dns
service: adguard

19
k8s/unbound/kubekutr.yml

@ -0,0 +1,19 @@
workloads:
- name: unbound
deployments:
- name: unbound
replicas: 2
labels:
- name: 'service: unbound'
- name: 'tier: dns'
containers:
- name: unbound
createService: true
image: 'mvance/unbound-rpi:latest'
ports:
- name: dns-port
port: 53
cpuLimits: 80m
memoryLimits: 100Mi
cpuRequests: 50m
memoryRequests: 50Mi
Loading…
Cancel
Save