apiVersion: apps/v1 kind: Deployment metadata: name: pihole labels: app: pihole spec: selector: matchLabels: octopusexport: OctopusExport revisionHistoryLimit: 10 replicas: 3 strategy: type: RollingUpdate template: metadata: labels: app: pihole octopusexport: OctopusExport spec: dnsPolicy: ClusterFirstWithHostNet dnsConfig: nameservers: - 8.8.8.8 searches: - dezendorf.net - dezendorf.com volumes: - name: "pihole-custom-list" configMap: name: "pihole-custom-list" - name: "dnsmasq-options" configMap: name: "dnsmasq-options" - name: "pihole-ftl-config" configMap: name: "pihole-ftl-config" containers: - name: pihole image: 'pihole/pihole:latest' readinessProbe: httpGet: path: /admin/ port: 80 initialDelaySeconds: 20 ports: - name: dns-udp containerPort: 53 protocol: UDP - name: dns-tcp containerPort: 53 protocol: TCP - name: web containerPort: 80 protocol: TCP volumeMounts: - name: "pihole-custom-list" mountPath: "/etc/pihole/custom.list" subPath: "custom.list" readOnly: true - name: "dnsmasq-options" mountPath: "/etc/dnsmasq.d/01-pihole.conf" subPath: "01-pihole.conf" readOnly: true - name: "pihole-ftl-config" mountPath: "/etc/pihole/pihole-FTL.conf" subPath: "pihole-FTL.conf" readOnly: true affinity: podAntiAffinity: preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: matchExpressions: - key: app operator: In values: - web topologyKey: kubernetes.io/hostname --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: pihole-websecure-route namespace: default spec: entryPoints: - websecure routes: - match: Host(`pihole.dezendorf.net`) kind: Rule services: - name: pihole-web-svc port: 80 tls: certResolver: myresolver --- apiVersion: v1 kind: Service metadata: name: pihole-web-svc spec: type: ClusterIP ports: - name: websecure port: 80 targetPort: 80 selector: app: pihole --- apiVersion: v1 kind: Service metadata: name: pihole-dns-tcp-svc spec: type: ClusterIP selector: app: pihole ports: - name: dns-tcp port: 53 targetPort: 53 protocol: TCP --- apiVersion: v1 kind: Service metadata: name: pihole-dns-udp-svc spec: type: ClusterIP selector: app: pihole ports: - name: dns-udp port: 53 targetPort: 53 protocol: UDP --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRoute metadata: name: pihole-web-route namespace: default spec: entryPoints: - web routes: - match: Host(`pihole.dezendorf.net`) kind: Rule middlewares: - name: redirecthttps services: - name: pihole-web-svc port: 80 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteTCP metadata: name: pihole-tcp-route spec: entryPoints: - dns-tcp routes: - match: HostSNI(`*`) priority: 10 services: - name: pihole-dns-tcp-svc port: 53 --- apiVersion: traefik.containo.us/v1alpha1 kind: IngressRouteUDP metadata: name: pihole-udp-route spec: entryPoints: - dns-udp routes: - services: - name: pihole-dns-udp-svc port: 53 --- apiVersion: v1 kind: ConfigMap metadata: name: pihole-custom-list namespace: default data: custom.list: | 192.168.1.9 gondor 192.168.1.50 astoria 192.168.1.87 go 192.168.1.87 photos 192.168.1.87 photo 192.168.1.87 pihole 192.168.1.87 tesseract 192.168.1.87 sso 192.168.1.87 cd 192.168.1.87 argocd 192.168.1.87 docker 192.168.1.87 dockerr 192.168.1.87 longhorn 192.168.1.87 whoami 192.168.1.87 transmission 192.168.1.87 traefik 192.168.1.87 jackett 192.168.1.87 sonarr 192.168.1.87 whisparr 192.168.1.87 radarr 192.168.1.87 bazarr 192.168.1.87 prometheus 192.168.1.87 alertmanager 192.168.1.87 readarr 192.168.1.87 calibre 192.168.1.87 books 192.168.1.87 lidarr 192.168.1.87 airsonic 192.168.1.87 beets 192.168.1.87 codeserver 192.168.1.87 gogs 192.168.1.87 grafana 192.168.1.87 mysql 192.168.1.87 devport 192.168.1.87 homeassistant 192.168.1.87 homebridge 192.168.1.157 thick2 192.168.1.158 thick1 192.168.1.151 thin1 192.168.1.152 thin2 192.168.1.153 thin3 192.168.1.154 apc-pdu-01 192.168.1.155 pve1 192.168.1.159 apc-pdu-02 192.168.1.160 rpi4-0 192.168.1.161 rpi4-1 192.168.1.162 rpi4-2 192.168.1.163 rpi4-3 192.168.1.164 rpi4-4 192.168.1.165 rpi4-5 192.168.1.166 rpi4-6 192.168.1.167 rpi4-7 192.168.1.236 plex 192.168.0.10 talos-master talos 192.168.0.11 talos-master-vm-01 #192.168.0.11 talos-master-01 192.168.0.12 talos-master-vm-02 192.168.0.13 talos-master-vm-03 192.168.0.14 talos-worker-vm-01 192.168.0.15 talos-worker-vm-02 192.168.0.16 talos-worker-vm-03 192.168.0.17 talos-worker-vm-04 192.168.0.21 ceph-thin1 192.168.0.22 ceph-thin2 192.168.0.23 ceph-thin3 192.168.0.24 ceph-thin4 192.168.0.25 ceph-thin5 192.168.0.26 ceph-thin6 192.168.0.27 ceph-thin7 192.168.0.41 ceph-cache1 192.168.0.42 ceph-cache2 192.168.0.43 ceph-cache3 192.168.0.128 ceph 192.168.0.129 rados --- apiVersion: v1 kind: ConfigMap metadata: name: dnsmasq-options namespace: default data: 01-pihole.conf: | # Pi-hole: A black hole for Internet advertisements # (c) 2017 Pi-hole, LLC (https://pi-hole.net) # Network-wide ad blocking via your own hardware. # # Dnsmasq config for Pi-hole's FTLDNS # # This file is copyright under the latest version of the EUPL. # Please see LICENSE file for your rights under this license. ############################################################################### # FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE. # # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE # # # # IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN: # # /etc/pihole/setupVars.conf # # # # ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE # # WITHIN /etc/dnsmasq.d/yourname.conf # ############################################################################### addn-hosts=/etc/pihole/local.list addn-hosts=/etc/pihole/custom.list localise-queries no-resolv log-queries log-facility=/var/log/pihole/pihole.log log-async cache-size=10000 server=8.8.8.8 #domain-needed domain=dezendorf.net expand-hosts bogus-priv except-interface=nonexisting --- apiVersion: v1 kind: ConfigMap metadata: name: pihole-ftl-config namespace: default data: pihole-FTL.conf: | #; Pi-hole FTL config file #; Comments should start with #; to avoid issues with PHP and bash reading this file PRIVACYLEVEL=0 BLOCK_ICLOUD_PR=false