monkeybox_kubernetes/Workloads/testing/pihole.yaml

apiVersion: v1
kind: Service
metadata:
  name: pihole-tcp
  labels:
    run: pihole
  annotations:
    metallb.universe.tf/allow-shared-ip: "pihole"
spec:
  ports:
    - name: tcpdns
      protocol: TCP
      port: 53
      targetPort: 53
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
  selector:
    run: pihole
  type: LoadBalancer
#status:
#  loadBalancer: {}
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-udp
  labels:
    run: pihole
  annotations:
    metallb.universe.tf/allow-shared-ip: "pihole"
spec:
  ports:
    - name: udpdns
      protocol: UDP
      port: 53
      targetPort: 53
#    - name: bootps
#      protocol: UDP
#      port: 67
#      targetPort: 53
  selector:
    run: pihole
  type: LoadBalancer
#status:
#  loadBalancer: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pihole-config
  annotations:
    nfs.io/storage-path: "pihole-config"
spec:
  storageClassName: managed-nfs-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pihole-dnsmasq
  annotations:
    nfs.io/storage-path: "pihole-dnsmasq"
spec:
  storageClassName: managed-nfs-storage
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
spec:
  replicas: 1
  selector:
    matchLabels:
      run: pihole
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: pihole
    spec:
      containers:
        - image: pihole/pihole
          name: pihole
          env:
            - name: TZ
              value: US/Michigan
#            - name: ADMIN_EMAIL
#              value: fred.damstra@gmail.com
#            - name: DNS1
#              value: 10.42.42.1
#            - name: DNS2
#              value: 8.8.8.8
          ports:
            - containerPort: 53
              protocol: UDP
            - containerPort: 53
              protocol: TCP
#            - containerPort: 67
#              protocol: UDP
            - containerPort: 80
              protocol: TCP
          resources: {}
          volumeMounts:
            - mountPath: /etc/pihole/
              name: pihole-config
            - mountPath: /etc/dnsmasq.d/
              name: pihole-dnsmasq
          securityContext:
            capabilities:
              add:
                - CAP_NET_BIND_SERVICE
      restartPolicy: Always
      volumes:
        - name: pihole-config
          persistentVolumeClaim:
            claimName: pihole-config
        - name: pihole-dnsmasq
          persistentVolumeClaim:
            claimName: pihole-dnsmasq
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pihole-ingress
  annotations:
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
    ## No basic auth for pihole
    ## type of authentication
    #nginx.ingress.kubernetes.io/auth-type: basic
    ## name of the secret that contains the user/password definitions
    #nginx.ingress.kubernetes.io/auth-secret: basic-auth
    ## message to display with an appropriate context why the authentication is required
    #nginx.ingress.kubernetes.io/auth-realm: 'Authentication Required - Octoprint'
spec:
  tls:
  - hosts:
    - pihole.monkeybox.org
    - dns.monkeybox.org
    secretName: pihole-tls
  rules:
  - host: pihole.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole-tcp
            port:
              number: 80
  - host: dns.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole-tcp
            port:
              number: 80