Skip to content

Instantly share code, notes, and snippets.

@cclloyd

cclloyd/pihole.yml

Created May 13, 2020 02:08
Show Gist options
  • Save cclloyd/13b6f43c9cd633d3cc08e66bbaacfec4 to your computer and use it in GitHub Desktop.
Save cclloyd/13b6f43c9cd633d3cc08e66bbaacfec4 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
pihole.yml
---
apiVersion: apps/v1
kind: Deployment
metadata:
name: pihole
labels:
app: pihole
spec:
replicas: 1
selector:
matchLabels:
app: pihole
template:
metadata:
labels:
app: pihole
spec:
dnsConfig:
nameservers:
- 127.0.0.1
- 10.0.0.1
dnsPolicy: None
containers:
- name: pihole
image: pihole/pihole:latest
imagePullPolicy: Always
securityContext:
capabilities:
add:
- NET_ADMIN
ports:
- containerPort: 80
name: http
protocol: TCP
- containerPort: 53
name: dns-tcp
protocol: TCP
- containerPort: 53
name: dns-udp
protocol: UDP
env:
- name: TZ
value: "America/New_York"
- name: DNS1
value: "10.0.0.1"
- name: DNS2
value: "1.1.1.1"
volumeMounts:
- name: pihole
mountPath: /etc/pihole
subPath: data
- name: pihole
mountPath: /etc/dnsmasq.d
subPath: dns
volumes:
- name: pihole
persistentVolumeClaim:
claimName: pihole
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: pihole
labels:
app: pihole
spec:
storageClassName: fastnfs
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 64Mi
---
kind: Service
apiVersion: v1
metadata:
name: pihole-tcp
annotations:
metallb.universe.tf/address-pool: default
metallb.universe.tf/allow-shared-ip: pihole
spec:
selector:
app: pihole
externalTrafficPolicy: Local
ports:
- protocol: TCP
name: dns-tcp
port: 53
targetPort: dns-tcp
- protocol: TCP
name: http
port: 80
targetPort: http
type: LoadBalancer
---
kind: Service
apiVersion: v1
metadata:
name: pihole-udp
annotations:
metallb.universe.tf/address-pool: default
metallb.universe.tf/allow-shared-ip: pihole
spec:
selector:
app: pihole
externalTrafficPolicy: Local
ports:
- protocol: UDP
name: dns-udp
port: 53
targetPort: dns-udp
type: LoadBalancer
---
apiVersion: extensions/v1beta1
kind: Ingress
metadata:
name: pihole
labels:
app: pihole
annotations:
kubernetes.io/ingress.class: nginx
cert-manager.io/cluster-issuer: "letsencrypt-prod"
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/whitelist-source-range: "10.0.0.0/8"
spec:
tls:
- hosts:
- pihole.example.com
secretName: pihole-tls
rules:
- host: pihole.example.com
http:
paths:
- path: /
backend:
serviceName: pihole-tcp
servicePort: http
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment