--- apiVersion: v1 kind: Secret metadata: name: pihole-password namespace: live-env type: Opaque data: password: YWRtaW4yMDIw --- apiVersion: apps/v1 kind: Deployment metadata: labels: app: pihole name: pihole spec: replicas: 1 revisionHistoryLimit: 10 selector: matchLabels: app: pihole strategy: rollingUpdate: maxSurge: 1 maxUnavailable: 1 type: RollingUpdate template: metadata: annotations: labels: app: pihole spec: containers: - env: - name: TZ value: Europe/Berlin - name: WEB_PORT value: "80" - name: VIRTUAL_HOST value: pihole.lan - name: WEBPASSWORD valueFrom: secretKeyRef: key: password name: pihole-password - name: DNS1 value: 208.67.222.222 - name: DNS2 value: 208.67.220.220 image: pihole/pihole:latest imagePullPolicy: Always livenessProbe: failureThreshold: 10 httpGet: path: /admin.index.php port: http scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 name: pihole ports: - containerPort: 80 name: http protocol: TCP - containerPort: 53 name: dns protocol: TCP - containerPort: 53 name: dns-udp protocol: UDP - containerPort: 443 name: https protocol: TCP - containerPort: 67 name: client-udp protocol: UDP readinessProbe: failureThreshold: 3 httpGet: path: /admin.index.php port: http scheme: HTTP initialDelaySeconds: 60 periodSeconds: 10 successThreshold: 1 timeoutSeconds: 5 resources: {} # limits: # cpu: 100m # memory: 256Mi # requests: # cpu: 50m # memory: 100Mi securityContext: privileged: false terminationMessagePath: /dev/termination-log terminationMessagePolicy: File volumeMounts: - mountPath: /etc/pihole name: config - mountPath: /etc/dnsmasq.d/02-custom.conf name: custom-dnsmasq subPath: 02-custom.conf - mountPath: /etc/addn-hosts name: custom-dnsmasq subPath: addn-hosts dnsConfig: nameservers: - 208.67.222.222 - 208.67.220.220 dnsPolicy: None restartPolicy: Always schedulerName: default-scheduler securityContext: {} terminationGracePeriodSeconds: 30 volumes: - name: config persistentVolumeClaim: claimName: pihole-data - configMap: defaultMode: 420 name: pihole-custom-dnsmasq name: custom-dnsmasq --- apiVersion: networking.k8s.io/v1 kind: Ingress metadata: name: pihole spec: rules: - host: pihole.lan http: paths: - path: / pathType: ImplementationSpecific backend: service: name: pihole-tcp port: name: http --- apiVersion: v1 kind: PersistentVolumeClaim metadata: name: pihole-data annotations: volume.beta.kubernetes.io/storage-class: "nfs-ssd" spec: #storageClassName: csi-s3-slow storageClassName: nfs-ssd accessModes: - ReadWriteOnce resources: requests: storage: 1Gi --- apiVersion: v1 data: 02-custom.conf: | address=/chaos/192.168.10.1 kind: ConfigMap metadata: name: pihole-custom-dnsmasq --- apiVersion: v1 kind: Service metadata: annotations: kube-router.io/service.scheduler: sh metallb.universe.tf/address-pool: default metallb.universe.tf/allow-shared-ip: pihole-svc labels: app: pihole name: pihole-tcp namespace: live-env spec: type: LoadBalancer loadBalancerIP: 172.23.255.253 externalTrafficPolicy: Cluster ports: - name: http port: 80 protocol: TCP targetPort: 80 - name: https port: 443 protocol: TCP targetPort: 80 - name: dns port: 53 protocol: TCP targetPort: 53 selector: app: pihole sessionAffinity: None --- apiVersion: v1 kind: Service metadata: annotations: kube-router.io/service.scheduler: sh metallb.universe.tf/address-pool: default metallb.universe.tf/allow-shared-ip: pihole-svc labels: app: pihole name: pihole-udp namespace: live-env spec: type: LoadBalancer loadBalancerIP: 172.23.255.253 externalTrafficPolicy: Cluster ports: - name: dns-udp port: 53 protocol: UDP targetPort: 53 - name: client-udp port: 67 protocol: UDP targetPort: 67 selector: app: pihole sessionAffinity: None