sirkirby/adguard-values.yaml

## adguard-values.yaml
image:
  repository: adguard/adguardhome
  pullPolicy: IfNotPresent
  tag: latest

env:
  TZ: America/Detroit

# customizing my web and dns services
# using the LoadBalancer to expose outside of the cluster
service:
  main:
    ports:
      http:
        port: 80
        targetPort: 3000
      https:
        enabled: true
        port: 443
        targetPort: 3000
  dns-tcp:
    enabled: true
    type: LoadBalancer
    externalTrafficPolicy: Local
    ports:
      dns-tcp:
        enabled: true
        port: 53
      dns-over-tls:
        enabled: true
        port: 853
  dns-udp:
    enabled: true
    type: LoadBalancer
    externalTrafficPolicy: Local
    ports:
      dns-udp:
        enabled: true
        protocol: UDP
        port: 53
      dns-over-quic:
        enabled: true
        protocol: UDP
        port: 784

ingress:
  main:
    enabled: true
    ingressClassName: nginx
    annotations:
      nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
      nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
      nginx.ingress.kubernetes.io/ssl-redirect: "true"
      nginx.ingress.kubernetes.io/proxy-body-size: "0"
      nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
      nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
      nginx.ingress.kubernetes.io/configuration-snippet: |
        proxy_set_header Accept-Encoding "";
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    hosts:
      - host: adguard.chriskirby.net
        paths:
          - path: /
            pathType: Prefix
    tls:
      - hosts:
          - adguard.chriskirby.net
        secretName: adguard-tls-cert

persistence:
  config:
    enabled: true
    storageClass: longhorn
    accessMode: ReadWriteOnce
    size: 4Gi
    annotations:
      "helm.sh/resource-policy": "delete"
  data:
    enabled: true
    storageClass: longhorn
    accessMode: ReadWriteOnce
    size: 16Gi
    annotations:
      "helm.sh/resource-policy": "delete"
  tls-cert:
    enabled: true
    type: secret
    name: adguard-tls-cert
    mountPath: /opt/adguardhome/conf/tls
    readOnly: true
    annotations:
      "helm.sh/resource-policy": "keep"

securityContext:
  # Ensure the container can read the cert files
  readOnlyRootFilesystem: false

# Add probes configuration
probes:
  liveness:
    enabled: true
    custom: true
    spec:
      tcpSocket:
        port: 3000
      initialDelaySeconds: 60
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
  readiness:
    enabled: true
    custom: true
    spec:
      tcpSocket:
        port: 3000
      initialDelaySeconds: 60
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 3
  startup:
    enabled: true
    custom: true
    spec:
      tcpSocket:
        port: 3000
      initialDelaySeconds: 60
      periodSeconds: 10
      timeoutSeconds: 5
      failureThreshold: 30
	image:
	repository: adguard/adguardhome
	pullPolicy: IfNotPresent
	tag: latest

	env:
	TZ: America/Detroit

	# customizing my web and dns services
	# using the LoadBalancer to expose outside of the cluster
	service:
	main:
	ports:
	http:
	port: 80
	targetPort: 3000
	https:
	enabled: true
	port: 443
	targetPort: 3000
	dns-tcp:
	enabled: true
	type: LoadBalancer
	externalTrafficPolicy: Local
	ports:
	dns-tcp:
	enabled: true
	port: 53
	dns-over-tls:
	enabled: true
	port: 853
	dns-udp:
	enabled: true
	type: LoadBalancer
	externalTrafficPolicy: Local
	ports:
	dns-udp:
	enabled: true
	protocol: UDP
	port: 53
	dns-over-quic:
	enabled: true
	protocol: UDP
	port: 784

	ingress:
	main:
	enabled: true
	ingressClassName: nginx
	annotations:
	nginx.ingress.kubernetes.io/backend-protocol: "HTTP"
	nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
	nginx.ingress.kubernetes.io/ssl-redirect: "true"
	nginx.ingress.kubernetes.io/proxy-body-size: "0"
	nginx.ingress.kubernetes.io/proxy-read-timeout: "600"
	nginx.ingress.kubernetes.io/proxy-send-timeout: "600"
	nginx.ingress.kubernetes.io/configuration-snippet: \|
	proxy_set_header Accept-Encoding "";
	proxy_set_header X-Forwarded-Proto $scheme;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	hosts:
	- host: adguard.chriskirby.net
	paths:
	- path: /
	pathType: Prefix
	tls:
	- hosts:
	- adguard.chriskirby.net
	secretName: adguard-tls-cert

	persistence:
	config:
	enabled: true
	storageClass: longhorn
	accessMode: ReadWriteOnce
	size: 4Gi
	annotations:
	"helm.sh/resource-policy": "delete"
	data:
	enabled: true
	storageClass: longhorn
	accessMode: ReadWriteOnce
	size: 16Gi
	annotations:
	"helm.sh/resource-policy": "delete"
	tls-cert:
	enabled: true
	type: secret
	name: adguard-tls-cert
	mountPath: /opt/adguardhome/conf/tls
	readOnly: true
	annotations:
	"helm.sh/resource-policy": "keep"

	securityContext:
	# Ensure the container can read the cert files
	readOnlyRootFilesystem: false

	# Add probes configuration
	probes:
	liveness:
	enabled: true
	custom: true
	spec:
	tcpSocket:
	port: 3000
	initialDelaySeconds: 60
	periodSeconds: 10
	timeoutSeconds: 5
	failureThreshold: 3
	readiness:
	enabled: true
	custom: true
	spec:
	tcpSocket:
	port: 3000
	initialDelaySeconds: 60
	periodSeconds: 10
	timeoutSeconds: 5
	failureThreshold: 3
	startup:
	enabled: true
	custom: true
	spec:
	tcpSocket:
	port: 3000
	initialDelaySeconds: 60
	periodSeconds: 10
	timeoutSeconds: 5
	failureThreshold: 30