monorepo/dezendorf/homelab/k3s/pihole/pihole.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
  labels:
    app: pihole
spec:
  selector:
    matchLabels:
      octopusexport: OctopusExport
  revisionHistoryLimit: 10
  replicas: 3
  strategy:
    type: RollingUpdate
  template:
    metadata:
      labels:
        app: pihole
        octopusexport: OctopusExport
    spec:
      dnsPolicy: ClusterFirstWithHostNet
      dnsConfig:
        nameservers:
          - 8.8.8.8
        searches:
          - dezendorf.net
          - dezendorf.com
      volumes:
        - name: "pihole-custom-list"
          configMap:
            name: "pihole-custom-list"
        - name: "dnsmasq-options"
          configMap:
            name:  "dnsmasq-options"
        - name: "pihole-ftl-config"
          configMap:
            name:  "pihole-ftl-config"
      containers:
        - name: pihole
          image: 'pihole/pihole:latest'
          readinessProbe:
            httpGet:
              path: /admin/
              port: 80
            initialDelaySeconds: 20
          ports:
            - name: dns-udp
              containerPort: 53
              protocol: UDP
            - name: dns-tcp
              containerPort: 53
              protocol: TCP
            - name: web
              containerPort: 80
              protocol: TCP
          volumeMounts:
            - name: "pihole-custom-list"
              mountPath: "/etc/pihole/custom.list"
              subPath: "custom.list"
              readOnly: true
            - name: "dnsmasq-options"
              mountPath: "/etc/dnsmasq.d/01-pihole.conf"
              subPath: "01-pihole.conf"
              readOnly: true
            - name: "pihole-ftl-config"
              mountPath: "/etc/pihole/pihole-FTL.conf"
              subPath: "pihole-FTL.conf"
              readOnly: true
      affinity:
        podAntiAffinity:
          preferredDuringSchedulingIgnoredDuringExecution:
            - weight: 100
              podAffinityTerm:
                labelSelector:
                  matchExpressions:
                    - key: app
                      operator: In
                      values:
                        - web
                topologyKey: kubernetes.io/hostname
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-websecure-route
  namespace: default
spec:
  entryPoints:
    - websecure
  routes:
  - match: Host(`pihole.dezendorf.net`)
    kind: Rule
    services:
    - name: pihole-web-svc
      port: 80
  tls:
    certResolver: myresolver
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-web-svc
spec:
  type: ClusterIP
  ports:
    - name: websecure
      port: 80
      targetPort: 80
  selector:
    app: pihole
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-tcp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-tcp
      port: 53
      targetPort: 53
      protocol: TCP
---
apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-udp-svc
spec:
  type: ClusterIP
  selector:
    app: pihole
  ports:
    - name: dns-udp
      port: 53
      targetPort: 53
      protocol: UDP
---   
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
  name: pihole-web-route
  namespace: default
spec:
  entryPoints:
    - web
  routes:
  - match: Host(`pihole.dezendorf.net`)
    kind: Rule
    middlewares:
    - name: redirecthttps
    services:
    - name: pihole-web-svc
      port: 80
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteTCP
metadata:
  name: pihole-tcp-route
spec:
  entryPoints:
    - dns-tcp
  routes:
  - match: HostSNI(`*`)
    priority: 10
    services:
    - name: pihole-dns-tcp-svc
      port: 53
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRouteUDP
metadata:
  name: pihole-udp-route
spec:
  entryPoints:
    - dns-udp
  routes:
  - services:
    - name: pihole-dns-udp-svc
      port: 53

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pihole-custom-list
  namespace: default
data:
  custom.list: |
    192.168.1.9 gondor
    192.168.1.50 astoria
    192.168.1.87 go
    192.168.1.87 photos
    192.168.1.87 photo
    192.168.1.87 pihole
    192.168.1.87 tesseract
    192.168.1.87 sso
    192.168.1.87 cd
    192.168.1.87 argocd
    192.168.1.87 docker
    192.168.1.87 dockerr
    192.168.1.87 longhorn
    192.168.1.87 whoami
    192.168.1.87 transmission
    192.168.1.87 traefik
    192.168.1.87 jackett
    192.168.1.87 sonarr
    192.168.1.87 whisparr
    192.168.1.87 radarr
    192.168.1.87 bazarr
    192.168.1.87 prometheus
    192.168.1.87 alertmanager
    192.168.1.87 readarr
    192.168.1.87 calibre
    192.168.1.87 books
    192.168.1.87 lidarr
    192.168.1.87 airsonic
    192.168.1.87 beets
    192.168.1.87 codeserver
    192.168.1.87 gogs
    192.168.1.87 grafana
    192.168.1.87 mysql
    192.168.1.87 devport
    192.168.1.87 homeassistant
    192.168.1.87 homebridge
    192.168.1.157 thick2
    192.168.1.158 thick1
    192.168.1.151 thin1
    192.168.1.152 thin2
    192.168.1.153 thin3
    192.168.1.154 apc-pdu-01
    192.168.1.155 pve1
    192.168.1.159 apc-pdu-02
    192.168.1.160 rpi4-0
    192.168.1.161 rpi4-1
    192.168.1.162 rpi4-2
    192.168.1.163 rpi4-3
    192.168.1.164 rpi4-4
    192.168.1.165 rpi4-5
    192.168.1.166 rpi4-6
    192.168.1.167 rpi4-7
    192.168.1.236 plex

    192.168.0.10 talos-master talos
    192.168.0.11 talos-master-01
    192.168.0.12 talos-master-vm-02
    192.168.0.13 talos-master-vm-03
    192.168.0.14 talos-worker-vm-01
    192.168.0.15 talos-worker-vm-02
    192.168.0.16 talos-worker-vm-03
    192.168.0.17 talos-worker-vm-04
    192.168.0.21 ceph-thin1
    192.168.0.22 ceph-thin2
    192.168.0.23 ceph-thin3
    192.168.0.24 ceph-thin4
    192.168.0.25 ceph-thin5
    192.168.0.26 ceph-thin6
    192.168.0.27 ceph-thin7
    192.168.0.128 ceph
    192.168.0.129 rados

---
apiVersion: v1
kind: ConfigMap
metadata:
  name: dnsmasq-options
  namespace: default
data:
  01-pihole.conf: |
    # Pi-hole: A black hole for Internet advertisements
    # (c) 2017 Pi-hole, LLC (https://pi-hole.net)
    # Network-wide ad blocking via your own hardware.
    #
    # Dnsmasq config for Pi-hole's FTLDNS
    #
    # This file is copyright under the latest version of the EUPL.
    # Please see LICENSE file for your rights under this license.
    
    ###############################################################################
    #      FILE AUTOMATICALLY POPULATED BY PI-HOLE INSTALL/UPDATE PROCEDURE.      #
    # ANY CHANGES MADE TO THIS FILE AFTER INSTALL WILL BE LOST ON THE NEXT UPDATE #
    #                                                                             #
    #        IF YOU WISH TO CHANGE THE UPSTREAM SERVERS, CHANGE THEM IN:          #
    #                      /etc/pihole/setupVars.conf                             #
    #                                                                             #
    #        ANY OTHER CHANGES SHOULD BE MADE IN A SEPARATE CONFIG FILE           #
    #                    WITHIN /etc/dnsmasq.d/yourname.conf                      #
    ###############################################################################
    
    addn-hosts=/etc/pihole/local.list
    addn-hosts=/etc/pihole/custom.list
    
    
    localise-queries
    
    
    no-resolv
    
    log-queries
    log-facility=/var/log/pihole/pihole.log
    
    log-async
    cache-size=10000
    server=8.8.8.8
    #domain-needed
    domain=dezendorf.net
    expand-hosts
    bogus-priv
    except-interface=nonexisting
     
---
apiVersion: v1
kind: ConfigMap
metadata:
  name: pihole-ftl-config
  namespace: default
data:
  pihole-FTL.conf: |
    #; Pi-hole FTL config file
    #; Comments should start with #; to avoid issues with PHP and bash reading this file
    PRIVACYLEVEL=0
    BLOCK_ICLOUD_PR=false