Containers
/
monkeybox_kubernetes


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224
							# Notes:
#   To reset web password: 
#     docker exec -it pihole_container_name pihole -a -p
#   Other utils:
#     docker exec pihole_container_name pihole updateGravity
#     docker exec pihole_container_name pihole -w spclient.wg.spotify.com
#     docker exec pihole_container_name pihole -w spclient.wg.spotify.com
apiVersion: v1
kind: Service
metadata:
  name: pihole-tcp
  labels:
    run: pihole
  annotations:
    metallb.universe.tf/allow-shared-ip: "pihole"
spec:
  ports:
    - name: dns
      protocol: TCP
      port: 53
      targetPort: 53
    - name: http
      protocol: TCP
      port: 80
      targetPort: 80
  selector:
    run: pihole
  type: LoadBalancer
  loadBalancerIP: 10.42.42.239
  externalTrafficPolicy: Local
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-udp
  labels:
    run: pihole
  annotations:
    metallb.universe.tf/allow-shared-ip: "pihole"
spec:
  ports:
    - name: dns
      protocol: UDP
      port: 53
      targetPort: 53
  selector:
    run: pihole
  type: LoadBalancer
  loadBalancerIP: 10.42.42.239
  externalTrafficPolicy: Local
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pihole
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/pihole
    server: 10.42.42.10
  claimRef:
    name: pihole
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pihole
  annotations:
    nfs.io/storage-path: "pihole"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: v1
kind: PersistentVolume
metadata:
  name: pihole-dnsmasq
spec:
  capacity:
    storage: 5Mi
  volumeMode: Filesystem
  accessModes:
    - ReadWriteMany
  persistentVolumeReclaimPolicy: Retain # Keep 4eva
  storageClassName: default
  mountOptions:
    - hard
    - nfsvers=3
  nfs:
    path: /mnt/DroboFS/Shares/Kubernetes/volumes/static/pihole-dnsmasq
    server: 10.42.42.10
  claimRef:
    name: pihole-dnsmasq
    namespace: default
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
  name: pihole-dnsmasq
  annotations:
    nfs.io/storage-path: "pihole-dnsmasq"
spec:
  storageClassName: default
  accessModes:
    - ReadWriteMany
  resources:
    requests:
      storage: 5Mi
status: {}
---
apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
spec:
  replicas: 1
  selector:
    matchLabels:
      run: pihole
  strategy:
    type: Recreate
  template:
    metadata:
      labels:
        run: pihole
    spec:
      terminationGracePeriodSeconds: 30
      containers:
        - image: pihole/pihole:latest
          imagePullPolicy: "Always"
          name: pihole
          env:
            - name: TZ
              value: US/Michigan
          ports:
            - containerPort: 53
              protocol: UDP
            - containerPort: 53
              protocol: TCP
            - containerPort: 80
              protocol: TCP
          resources:
            limits:
              memory: "500Mi"
              cpu: "500m"
            requests:
              memory: "100Mi"
              cpu: "250m"
          volumeMounts:
            - mountPath: /etc/pihole/
              name: pihole
            - mountPath: /etc/dnsmasq.d/
              name: pihole-dnsmasq
          livenessProbe:
            exec:
              command:
                - host
                - google.com.
                - 127.0.0.1
            initialDelaySeconds: 300
            periodSeconds: 60
      restartPolicy: Always
      dnsConfig:
        nameservers:
          - 10.42.42.239
          - 10.42.42.1
        searches:
          - default.svc.cluster.local
          - svc.cluster.local
          - cluster.local
        options:
          - name: ndots
            value: "2"
          - name: edns0
          - name: trust-ad
      volumes:
        - name: pihole
          persistentVolumeClaim:
            claimName: pihole
        - name: pihole-dnsmasq
          persistentVolumeClaim:
            claimName: pihole-dnsmasq
status: {}
---
# Hosting
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: pihole-management
  annotations:
    #nginx.ingress.kubernetes.io/backend-protocol: "HTTPS"
    #nginx.ingress.kubernetes.io/proxy-ssl-verify: "off"
    cert-manager.io/cluster-issuer: "letsencrypt-prod"
spec:
  tls:
  - hosts:
    - pihole.monkeybox.org
    secretName: pihole-tls
  rules:
  - host: pihole.monkeybox.org
    http:
      paths:
      - path: /
        pathType: Prefix
        backend:
          service:
            name: pihole-tcp
            port:
              number: 80