Skip to content

Commit

Permalink
feat(PiHole): Seperate Instance for VLAN3
Browse files Browse the repository at this point in the history
  • Loading branch information
ArthurVardevanyan committed Dec 26, 2024
1 parent 8324e0d commit 55f7ba0
Show file tree
Hide file tree
Showing 9 changed files with 212 additions and 14 deletions.
1 change: 1 addition & 0 deletions kubernetes/blackbox-exporter/components/probes.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ spec:
- https://truenas.arthurvardevanyan.com/
- https://pihole.apps.okd.arthurvardevanyan.com/admin/
- https://pihole.arthurvardevanyan.com/admin/
- https://pihole-vlan3.apps.okd.arthurvardevanyan.com/admin/
- https://arthurvardevanyan.com/
- https://www.arthurvardevanyan.com/
- https://unifi.arthurvardevanyan.com/
Expand Down
7 changes: 0 additions & 7 deletions kubernetes/pihole/base/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -20,13 +20,6 @@ spec:
app: pihole
annotations:
enable.version-checker.io/pihole: "true"
k8s.v1.cni.cncf.io/networks: |
[{
"name": "br1-vlan3",
"namespace": "default",
"mac": "10:01:01:00:30:03",
"ips": ["10.101.3.3/24"]
}]
spec:
hostname: pihole
securityContext:
Expand Down
23 changes: 23 additions & 0 deletions kubernetes/pihole/components/vlan3/ingress.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
kind: Ingress
apiVersion: networking.k8s.io/v1
metadata:
name: pihole-vlan3
namespace: pihole
labels:
app.kubernetes.io/instance: pihole
blackbox: ignore
annotations:
route.openshift.io/termination: edge
spec:
ingressClassName: openshift-default
rules:
- host: pihole-vlan3.apps.okd.arthurvardevanyan.com
http:
paths:
- path: ""
pathType: ImplementationSpecific
backend:
service:
name: pihole-vlan3
port:
number: 80
7 changes: 7 additions & 0 deletions kubernetes/pihole/components/vlan3/kustomization.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
apiVersion: kustomize.config.k8s.io/v1alpha1
kind: Component
resources:
- ./statefulset.yaml
- ./pvc.yaml
- ./ingress.yaml
- ./service.yaml
31 changes: 31 additions & 0 deletions kubernetes/pihole/components/vlan3/pvc.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: vlan3-etc-pihole
namespace: pihole
labels:
app.kubernetes.io/instance: pihole
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 5Gi
storageClassName: rook-ceph-block
volumeMode: Filesystem
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: vlan3-etc-dnsmasq
namespace: pihole
labels:
app.kubernetes.io/instance: pihole
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: rook-ceph-block
volumeMode: Filesystem
17 changes: 17 additions & 0 deletions kubernetes/pihole/components/vlan3/service.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
apiVersion: v1
kind: Service
metadata:
name: pihole-vlan3
namespace: pihole
labels:
app.kubernetes.io/instance: pihole
spec:
type: ClusterIP
clusterIP: None
ports:
- name: http
port: 80
protocol: TCP
targetPort: 80
selector:
app: pihole-vlan3
124 changes: 124 additions & 0 deletions kubernetes/pihole/components/vlan3/statefulset.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,124 @@
kind: StatefulSet
apiVersion: apps/v1
metadata:
name: pihole-vlan3
namespace: pihole
labels:
app: pihole-vlan3
app.kubernetes.io/instance: pihole
annotations:
checkov.io/skip1: CKV_K8S_40=OpenShift Injects Random UID
spec:
replicas: 1
serviceName: pihole
selector:
matchLabels:
app: pihole-vlan3
template:
metadata:
labels:
app: pihole-vlan3
annotations:
enable.version-checker.io/pihole: "true"
k8s.v1.cni.cncf.io/networks: |
[{
"name": "br1-vlan3",
"namespace": "default",
"mac": "10:01:01:00:30:03",
"ips": ["10.101.3.3/24"]
}]
spec:
hostname: pihole-vlan3
securityContext:
seccompProfile:
type: RuntimeDefault
runAsNonRoot: true
dnsConfig:
nameservers:
- 1.1.1.1
- 1.0.0.1
containers:
- image: docker.io/pihole/pihole:2024.07.0@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377
imagePullPolicy: IfNotPresent
name: pihole-vlan3
env:
- name: TZ
value: "America/Detroit"
- name: VIRTUAL_HOST
value: "pihole.arthurvardevanyan.com"
- name: DNSSEC
value: "true"
- name: DNSMASQ_LISTENING
value: all
securityContext:
runAsNonRoot: false
privileged: true
allowPrivilegeEscalation: true
readOnlyRootFilesystem: false
seccompProfile:
type: RuntimeDefault
capabilities:
drop:
- ALL
# readinessProbe:
# exec:
# command: ["dig", "@127.0.0.1", "cloudflare.com"]
# initialDelaySeconds: 15
# timeoutSeconds: 20
# periodSeconds: 30
# successThreshold: 1
# failureThreshold: 5
livenessProbe:
tcpSocket:
port: dns-tcp
initialDelaySeconds: 15
timeoutSeconds: 1
periodSeconds: 30
successThreshold: 1
failureThreshold: 5
ports:
- name: dns-tcp
containerPort: 53
protocol: TCP
- name: dns-udp
containerPort: 53
protocol: UDP
- name: web
containerPort: 80
protocol: TCP
volumeMounts:
- name: etc-pihole
mountPath: /etc/pihole
- name: etc-dnsmasq
mountPath: /etc/dnsmasq.d
# - name: wildcard-dns
# mountPath: "/etc/dnsmasq.d/02-my-wildcard-dns.conf"
# subPath: "02-my-wildcard-dns.conf"
- name: wildcard-dns
mountPath: "/etc/dnsmasq.d/02-custom-settings.conf"
subPath: "02-my-wildcard-dns.conf"
- mountPath: /dev/shm
name: dshm
resources:
limits:
cpu: 250m
memory: 1Gi
requests:
cpu: 25m
memory: 512Mi
automountServiceAccountToken: false
serviceAccountName: pihole
volumes:
- name: etc-pihole
persistentVolumeClaim:
claimName: vlan3-etc-pihole
- name: etc-dnsmasq
persistentVolumeClaim:
claimName: vlan3-etc-dnsmasq
- name: wildcard-dns
configMap:
name: wildcard-dns
- name: dshm
emptyDir:
medium: Memory
sizeLimit: 256Mi
14 changes: 7 additions & 7 deletions kubernetes/pihole/overlays/microshift/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,10 @@ resources:
- ingress.yaml
- service.yaml
- certificate.yaml
patches:
- target:
kind: StatefulSet
name: pihole
patch: |-
- op: remove
path: /spec/template/metadata/annotations/k8s.v1.cni.cncf.io~1networks
# patches:
# - target:
# kind: StatefulSet
# name: pihole
# patch: |-
# - op: remove
# path: /spec/template/metadata/annotations/k8s.v1.cni.cncf.io~1networks
2 changes: 2 additions & 0 deletions kubernetes/pihole/overlays/okd/kustomization.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,8 @@ resources:
- ./service.yaml
- ./dns.yaml
- ./egress-firewall.yaml
components:
- ../../components/vlan3
patches:
- target:
kind: StatefulSet
Expand Down

0 comments on commit 55f7ba0

Please sign in to comment.