apiVersion: apps/v1 kind: Deployment metadata: name: pihole labels: app: pihole spec: selector: matchLabels: octopusexport: OctopusExport revisionHistoryLimit: 10 replicas: 3 strategy: type: RollingUpdate template: metadata: labels: app: pihole octopusexport: OctopusExport spec: dnsPolicy: ClusterFirstWithHostNet dnsConfig: nameservers: - 8.8.8.8 searches: - dezendorf.net - dezendorf.com volumes: - name: "pihole-custom-list" configMap: name: "pihole-custom-list" - name: "dnsmasq-options" configMap: name: "dnsmasq-options" containers: - name: pihole image: 'pihole/pihole:latest' readinessProbe: httpGet: path: /admin/ port: 80 initialDelaySeconds: 20 livenessProbe: tcpSocket: port: 53 initialDelaySeconds: 20 ports: - name: dns-udp containerPort: 53 protocol: UDP - name: dns-tcp containerPort: 53 protocol: TCP - name: web containerPort: 80 protocol: TCP volumeMounts: - name: "pihole-custom-list" mountPath: "/etc/pihole/custom.list" subPath: "custom.list" readOnly: true - name: "dnsmasq-options" mountPath: "/etc/dnsmasq.d/01-pihole.conf" subPath: "01-pihole.conf" readOnly: true affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - web topologyKey: kubernetes.io/hostname --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: pihole-websecure-route namespace: default spec: entryPoints: - websecure routes: - match: Host(`pihole.dezendorf.net`) kind: Rule services: - name: pihole-web-svc port: 80 tls: certResolver: myresolver --- apiVersion: v1 kind: Service metadata: name: pihole-web-svc spec: type: ClusterIP ports: - name: websecure port: 80 targetPort: 80 selector: app: pihole --- apiVersion: v1 kind: Service metadata: name: pihole-dns-tcp-svc spec: type: ClusterIP selector: app: pihole ports: - name: dns-tcp port: 53 targetPort: 53 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: pihole-dns-udp-svc spec: type: ClusterIP selector: app: pihole ports: - name: dns-udp port: 53 targetPort: 53 protocol: UDP --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: pihole-web-route namespace: default spec: entryPoints: - web routes: - match: Host(`pihole.dezendorf.net`) kind: Rule middlewares: - name: redirecthttps services: - name: pihole-web-svc port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP metadata: name: pihole-tcp-route spec: entryPoints: - dns-tcp routes: - match: HostSNI(`*`) priority: 10 services: - name: pihole-dns-tcp-svc port: 53 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteUDP metadata: name: pihole-udp-route spec: entryPoints: - dns-udp routes: - services: - name: pihole-dns-udp-svc port: 53 --- apiVersion: v1 kind: ConfigMap metadata: name: pihole-custom-list namespace: default data: custom.list: | 192.168.1.9 gondor.dezendorf.net 192.168.1.50 astoria.dezendorf.net 192.168.1.87 go.dezendorf.net 192.168.1.87 pihole.dezendorf.net 192.168.1.87 tesseract.dezendorf.net 192.168.1.87 sso.dezendorf.net 192.168.1.87 argocd.dezendorf.net 192.168.1.87 auth.dezendorf.net 192.168.1.87 longhorn.dezendorf.net 192.168.1.87 whoami.dezendorf.net 192.168.1.87 transmission.dezendorf.net 192.168.1.87 traefik.dezendorf.net 192.168.1.87 jackett.dezendorf.net 192.168.1.87 sonarr.dezendorf.net 192.168.1.87 whisparr.dezendorf.net 192.168.1.87 radarr.dezendorf.net 192.168.1.87 bazarr.dezendorf.net 192.168.1.87 prometheus.dezendorf.net 192.168.1.87 alertmanager.dezendorf.net 192.168.1.87 readarr.dezendorf.net 192.168.1.87 calibre.dezendorf.net 192.168.1.87 books.dezendorf.net 192.168.1.87 lidarr.dezendorf.net 192.168.1.87 airsonic.dezendorf.net 192.168.1.87 beets.dezendorf.net 192.168.1.87 codeserver.dezendorf.net 192.168.1.87 gogs.dezendorf.net 192.168.1.87 grafana.dezendorf.net 192.168.1.87 mysql.dezendorf.net 192.168.1.157 thick2.dezendorf.net 192.168.1.158 thick1.dezendorf.net 192.168.1.151 thin1.dezendorf.net 192.168.1.152 thin2.dezendorf.net 192.168.1.153 thin3.dezendorf.net 192.168.1.154 apc-pdu-01.dezendorf.net 192.168.1.155 pve1.dezendorf.net 192.168.1.159 apc-pdu-02.dezendorf.net 192.168.1.236 plex.dezendorf.net --- apiVersion: v1 kind: ConfigMap metadata: name: dnsmasq-options namespace: default data: 01-pihole.conf: | # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # # Dnsmasq config for Pi-hole's FTLDNS # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. ############################################################################### # FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # # # # IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: # # /etc/pihole/setupVars.conf # # # # ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # # WITHIN /etc/dnsmasq.d/yourname.conf # ############################################################################### addn-hosts=/etc/pihole/local.list addn-hosts=/etc/pihole/custom.list localise-queries no-resolv log-queries log-facility=/var/log/pihole/pihole.log log-async cache-size=10000 server=8.8.8.8 domain-needed expand-hosts bogus-priv except-interface=nonexisting