# Notes: # To reset web password: # docker exec -it pihole_container_name pihole -a -p # Other utils: # docker exec pihole_container_name pihole updateGravity # docker exec pihole_container_name pihole -w spclient.wg.spotify.com # docker exec pihole_container_name pihole -w spclient.wg.spotify.com apiVersion: v1 kind: Service metadata: name: pihole-tcp labels: run: pihole annotations: metallb.universe.tf/allow-shared-ip: "pihole" spec: ports: - name: dns protocol: TCP port: 53 targetPort: 53 - name: http protocol: TCP port: 80 targetPort: 80 selector: run: pihole type: LoadBalancer loadBalancerIP: 10.42.42.239 externalTrafficPolicy: Local --- apiVersion: v1 kind: Service metadata: name: pihole-udp labels: run: pihole annotations: metallb.universe.tf/allow-shared-ip: "pihole" spec: ports: - name: dns protocol: UDP port: 53 targetPort: 53 selector: run: pihole type: LoadBalancer loadBalancerIP: 10.42.42.239 externalTrafficPolicy: Local --- apiVersion: v1 kind: PersistentVolume metadata: name: pihole spec: capacity: storage: 5Mi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain # Keep 4eva storageClassName: default mountOptions: - hard - nfsvers=3 nfs: path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/pihole server: 10.42.42.10 claimRef: name: pihole namespace: default --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pihole annotations: nfs.io/storage-path: "pihole" spec: storageClassName: default accessModes: - ReadWriteMany resources: requests: storage: 5Mi status: {} --- apiVersion: v1 kind: PersistentVolume metadata: name: pihole-dnsmasq spec: capacity: storage: 5Mi volumeMode: Filesystem accessModes: - ReadWriteMany persistentVolumeReclaimPolicy: Retain # Keep 4eva storageClassName: default mountOptions: - hard - nfsvers=3 nfs: path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/pihole-dnsmasq server: 10.42.42.10 claimRef: name: pihole-dnsmasq namespace: default --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pihole-dnsmasq annotations: nfs.io/storage-path: "pihole-dnsmasq" spec: storageClassName: default accessModes: - ReadWriteMany resources: requests: storage: 5Mi status: {} --- apiVersion: apps/v1 kind: Deployment metadata: name: pihole spec: replicas: 1 selector: matchLabels: run: pihole strategy: type: Recreate template: metadata: labels: run: pihole spec: terminationGracePeriodSeconds: 30 containers: - image: pihole/pihole imagePullPolicy: "Always" name: pihole env: - name: TZ value: US/Michigan ports: - containerPort: 53 protocol: UDP - containerPort: 53 protocol: TCP - containerPort: 80 protocol: TCP resources: limits: memory: "500Mi" cpu: "500m" requests: memory: "100Mi" cpu: "250m" volumeMounts: - mountPath: /etc/pihole/ name: pihole - mountPath: /etc/dnsmasq.d/ name: pihole-dnsmasq livenessProbe: exec: command: - host - google.com. - 127.0.0.1 initialDelaySeconds: 300 periodSeconds: 60 restartPolicy: Always volumes: - name: pihole persistentVolumeClaim: claimName: pihole - name: pihole-dnsmasq persistentVolumeClaim: claimName: pihole-dnsmasq status: {} --- # Hosting apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pihole-management annotations: #nginx.ingress.kubernetes.io/backend-protocol: "HTTPS" #nginx.ingress.kubernetes.io/proxy-ssl-verify: "off" cert-manager.io/cluster-issuer: "letsencrypt-prod" spec: tls: - hosts: - pihole.monkeybox.org secretName: pihole-tls rules: - host: pihole.monkeybox.org http: paths: - path: / pathType: Prefix backend: service: name: pihole-tcp port: number: 80