breandan
/
monorepo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293
							apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
  labels:
    app: pihole
spec:
  selector:
    matchLabels:
      octopusexport: OctopusExport
  revisionHistoryLimit: 10
  replicas: 5
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: pihole
        octopusexport: OctopusExport
    spec:
      dnsPolicy: ClusterFirstWithHostNet
      dnsConfig:
        nameservers:
          - 8.8.8.8
        searches:
          - dezendorf.net
          - dezendorf.com
      volumes:
        - name: "pihole-custom-list"
          configMap:
            name: "pihole-custom-list"
        - name: "dnsmasq-options"
          configMap:
            name:  "dnsmasq-options"
      containers:
        - name: pihole
          image: 'pihole/pihole:latest'
          readinessProbe:
            httpGet:
              path: /admin/
              port: 80
            initialDelaySeconds: 20
          ports:
            - name: dns-udp
              containerPort: 53
              protocol: UDP
            - name: dns-tcp
              containerPort: 53
              protocol: TCP
            - name: web
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: "pihole-custom-list"
              mountPath: "/etc/pihole/custom.list"
              subPath: "custom.list"
              readOnly: true
            - name: "dnsmasq-options"
              mountPath: "/etc/dnsmasq.d/01-pihole.conf"
              subPath: "01-pihole.conf"
              readOnly: true
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - web
                topologyKey: kubernetes.io/hostname
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-websecure-route
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - match: (Host(`pihole.dezendorf.net`)||Host(`dns.dezendorf.net`))
    kind: Rule
    services:
    - name: pihole-web-svc
      port: 80
  tls:
    certResolver: myresolver
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-web-svc
spec:
  type: ClusterIP
  ports:
    - name: websecure
      port: 80
      targetPort: 80
  selector:
    app: pihole
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-tcp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-udp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP
---   
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-web-route
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: (Host(`pihole.dezendorf.net`)||Host(`dns.dezendorf.net`)) 
    kind: Rule
    middlewares:
    - name: redirecthttps
    services:
    - name: pihole-web-svc
      port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: pihole-tcp-route
spec:
  entryPoints:
    - dns-tcp
  routes:
  - match: HostSNI(`*`)
    priority: 10
    services:
    - name: pihole-dns-tcp-svc
      port: 53
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: pihole-udp-route
spec:
  entryPoints:
    - dns-udp
  routes:
  - services:
    - name: pihole-dns-udp-svc
      port: 53

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pihole-custom-list
  namespace: default
data:
  custom.list: |
    192.168.1.9 gondor
    192.168.1.50 astoria
    192.168.1.87 go
    192.168.1.87 photos
    192.168.1.87 dns
    192.168.1.87 pihole
    192.168.1.87 tesseract
    192.168.1.87 sso
    192.168.1.87 cd
    192.168.1.87 argocd
    192.168.1.87 argocdr
    192.168.1.87 auth
    192.168.1.87 longhorn
    192.168.1.87 longhornr
    192.168.1.87 whoami
    192.168.1.87 whoamir
    192.168.1.87 transmission
    192.168.1.87 traefik
    192.168.1.87 jackett
    192.168.1.87 sonarr
    192.168.1.87 whisparr
    192.168.1.87 radarr
    192.168.1.87 bazarr
    192.168.1.87 bazarrr
    192.168.1.87 prometheus
    192.168.1.87 alertmanager
    192.168.1.87 readarr
    192.168.1.87 calibrer
    192.168.1.87 calibre
    192.168.1.87 books
    192.168.1.87 lidarr
    192.168.1.87 lidarrr
    192.168.1.87 airsonic
    192.168.1.87 beets
    192.168.1.87 codeserver
    192.168.1.87 codeserverr
    192.168.1.87 gogs
    192.168.1.87 gogsr
    192.168.1.87 git
    192.168.1.87 grafana
    192.168.1.87 mysqlr
    192.168.1.87 mysql
    192.168.1.87 gopy
    192.168.1.87 devport
    192.168.1.87 devportr
    192.168.1.157 thick2
    192.168.1.158 thick1
    192.168.1.151 thin1
    192.168.1.152 thin2
    192.168.1.153 thin3
    192.168.1.154 apc-pdu-01
    192.168.1.155 pve1
    192.168.1.159 apc-pdu-02
    192.168.1.160 rpi4-0
    192.168.1.161 rpi4-1
    192.168.1.162 rpi4-2
    192.168.1.163 rpi4-3
    192.168.1.164 rpi4-4
    192.168.1.165 rpi4-5
    192.168.1.236 plex

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: dnsmasq-options
  namespace: default
data:
  01-pihole.conf: |
    # Pi-hole: A black hole for Internet advertisements
    # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
    # Network-wide ad blocking via your own hardware.
    #
    # Dnsmasq config for Pi-hole's FTLDNS
    #
    # This file is copyright under the latest version of the EUPL.
    # Please see LICENSE file for your rights under this license.
    
    ###############################################################################
    #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
    # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
    #                                                                             #
    #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
    #                      /etc/pihole/setupVars.conf                             #
    #                                                                             #
    #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
    #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
    ###############################################################################
    
    addn-hosts=/etc/pihole/local.list
    addn-hosts=/etc/pihole/custom.list
    
    
    localise-queries
    
    
    no-resolv
    
    log-queries
    log-facility=/var/log/pihole/pihole.log
    
    log-async
    cache-size=10000
    server=8.8.8.8
    #domain-needed
    domain=dezendorf.net
    expand-hosts
    bogus-priv
    except-interface=nonexisting