breandan
/
monorepo


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274
							apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
  labels:
    app: pihole
spec:
  selector:
    matchLabels:
      octopusexport: OctopusExport
  revisionHistoryLimit: 10
  replicas: 3
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: pihole
        octopusexport: OctopusExport
    spec:
      dnsPolicy: ClusterFirstWithHostNet
      dnsConfig:
        nameservers:
          - 8.8.8.8
        searches:
          - dezendorf.net
          - dezendorf.com
      volumes:
        - name: "pihole-custom-list"
          configMap:
            name: "pihole-custom-list"
        - name: "dnsmasq-options"
          configMap:
            name:  "dnsmasq-options"
      containers:
        - name: pihole
          image: 'pihole/pihole:latest'
          readinessProbe:
            httpGet:
              path: /admin/
              port: 80
            initialDelaySeconds: 20
          livenessProbe:
            tcpSocket:
              port: 53
            initialDelaySeconds: 20
          ports:
            - name: dns-udp
              containerPort: 53
              protocol: UDP
            - name: dns-tcp
              containerPort: 53
              protocol: TCP
            - name: web
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: "pihole-custom-list"
              mountPath: "/etc/pihole/custom.list"
              subPath: "custom.list"
              readOnly: true
            - name: "dnsmasq-options"
              mountPath: "/etc/dnsmasq.d/01-pihole.conf"
              subPath: "01-pihole.conf"
              readOnly: true
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - web
                topologyKey: kubernetes.io/hostname
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-websecure-route
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`pihole.dezendorf.net`)
    kind: Rule
    services:
    - name: pihole-web-svc
      port: 80
  tls:
    certResolver: myresolver
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-web-svc
spec:
  type: ClusterIP
  ports:
    - name: websecure
      port: 80
      targetPort: 80
  selector:
    app: pihole
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-tcp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-udp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP
---   
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-web-route
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`pihole.dezendorf.net`) 
    kind: Rule
    middlewares:
    - name: redirecthttps
    services:
    - name: pihole-web-svc
      port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: pihole-tcp-route
spec:
  entryPoints:
    - dns-tcp
  routes:
  - match: HostSNI(`*`)
    priority: 10
    services:
    - name: pihole-dns-tcp-svc
      port: 53
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: pihole-udp-route
spec:
  entryPoints:
    - dns-udp
  routes:
  - services:
    - name: pihole-dns-udp-svc
      port: 53

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pihole-custom-list
  namespace: default
data:
  custom.list: |
    192.168.1.9 gondor.dezendorf.net
    192.168.1.50 astoria.dezendorf.net
    192.168.1.87 go.dezendorf.net
    192.168.1.87 pihole.dezendorf.net
    192.168.1.87 tesseract.dezendorf.net
    192.168.1.87 sso.dezendorf.net
    192.168.1.87 argocd.dezendorf.net
    192.168.1.87 auth.dezendorf.net
    192.168.1.87 longhorn.dezendorf.net
    192.168.1.87 whoami.dezendorf.net
    192.168.1.87 transmission.dezendorf.net
    192.168.1.87 traefik.dezendorf.net
    192.168.1.87 jackett.dezendorf.net
    192.168.1.87 sonarr.dezendorf.net
    192.168.1.87 whisparr.dezendorf.net
    192.168.1.87 radarr.dezendorf.net
    192.168.1.87 bazarr.dezendorf.net
    192.168.1.87 prometheus.dezendorf.net
    192.168.1.87 alertmanager.dezendorf.net
    192.168.1.87 readarr.dezendorf.net
    192.168.1.87 calibre.dezendorf.net
    192.168.1.87 books.dezendorf.net
    192.168.1.87 lidarr.dezendorf.net
    192.168.1.87 airsonic.dezendorf.net
    192.168.1.87 beets.dezendorf.net
    192.168.1.87 codeserver.dezendorf.net
    192.168.1.87 gogs.dezendorf.net
    192.168.1.87 grafana.dezendorf.net
    192.168.1.87 mysql.dezendorf.net
    192.168.1.157 thick2.dezendorf.net
    192.168.1.158 thick1.dezendorf.net
    192.168.1.151 thin1.dezendorf.net
    192.168.1.152 thin2.dezendorf.net
    192.168.1.153 thin3.dezendorf.net
    192.168.1.154 apc-pdu-01.dezendorf.net
    192.168.1.155 pve1.dezendorf.net
    192.168.1.159 apc-pdu-02.dezendorf.net
    192.168.1.236 plex.dezendorf.net

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: dnsmasq-options
  namespace: default
data:
  01-pihole.conf: |
    # Pi-hole: A black hole for Internet advertisements
    # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
    # Network-wide ad blocking via your own hardware.
    #
    # Dnsmasq config for Pi-hole's FTLDNS
    #
    # This file is copyright under the latest version of the EUPL.
    # Please see LICENSE file for your rights under this license.
    
    ###############################################################################
    #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
    # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
    #                                                                             #
    #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
    #                      /etc/pihole/setupVars.conf                             #
    #                                                                             #
    #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
    #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
    ###############################################################################
    
    addn-hosts=/etc/pihole/local.list
    addn-hosts=/etc/pihole/custom.list
    
    
    localise-queries
    
    
    no-resolv
    
    log-queries
    log-facility=/var/log/pihole/pihole.log
    
    log-async
    cache-size=10000
    server=8.8.8.8
    domain-needed
    expand-hosts
    bogus-priv
    except-interface=nonexisting