From 55f7ba0103dfb8f58d63e982603646b585957d27 Mon Sep 17 00:00:00 2001 From: Arthur Date: Thu, 26 Dec 2024 18:23:20 +0000 Subject: [PATCH] feat(PiHole): Seperate Instance for VLAN3 --- .../blackbox-exporter/components/probes.yaml | 1 + kubernetes/pihole/base/statefulset.yaml | 7 - .../pihole/components/vlan3/ingress.yaml | 23 ++++ .../components/vlan3/kustomization.yaml | 7 + kubernetes/pihole/components/vlan3/pvc.yaml | 31 +++++ .../pihole/components/vlan3/service.yaml | 17 +++ .../pihole/components/vlan3/statefulset.yaml | 124 ++++++++++++++++++ .../overlays/microshift/kustomization.yaml | 14 +- .../pihole/overlays/okd/kustomization.yaml | 2 + 9 files changed, 212 insertions(+), 14 deletions(-) create mode 100644 kubernetes/pihole/components/vlan3/ingress.yaml create mode 100644 kubernetes/pihole/components/vlan3/kustomization.yaml create mode 100644 kubernetes/pihole/components/vlan3/pvc.yaml create mode 100644 kubernetes/pihole/components/vlan3/service.yaml create mode 100644 kubernetes/pihole/components/vlan3/statefulset.yaml diff --git a/kubernetes/blackbox-exporter/components/probes.yaml b/kubernetes/blackbox-exporter/components/probes.yaml index b03a1058..792f9113 100644 --- a/kubernetes/blackbox-exporter/components/probes.yaml +++ b/kubernetes/blackbox-exporter/components/probes.yaml @@ -44,6 +44,7 @@ spec: - https://truenas.arthurvardevanyan.com/ - https://pihole.apps.okd.arthurvardevanyan.com/admin/ - https://pihole.arthurvardevanyan.com/admin/ + - https://pihole-vlan3.apps.okd.arthurvardevanyan.com/admin/ - https://arthurvardevanyan.com/ - https://www.arthurvardevanyan.com/ - https://unifi.arthurvardevanyan.com/ diff --git a/kubernetes/pihole/base/statefulset.yaml b/kubernetes/pihole/base/statefulset.yaml index e1b2a055..f33086f5 100644 --- a/kubernetes/pihole/base/statefulset.yaml +++ b/kubernetes/pihole/base/statefulset.yaml @@ -20,13 +20,6 @@ spec: app: pihole annotations: enable.version-checker.io/pihole: "true" - k8s.v1.cni.cncf.io/networks: | - [{ - "name": "br1-vlan3", - "namespace": "default", - "mac": "10:01:01:00:30:03", - "ips": ["10.101.3.3/24"] - }] spec: hostname: pihole securityContext: diff --git a/kubernetes/pihole/components/vlan3/ingress.yaml b/kubernetes/pihole/components/vlan3/ingress.yaml new file mode 100644 index 00000000..50c8528f --- /dev/null +++ b/kubernetes/pihole/components/vlan3/ingress.yaml @@ -0,0 +1,23 @@ +kind: Ingress +apiVersion: networking.k8s.io/v1 +metadata: + name: pihole-vlan3 + namespace: pihole + labels: + app.kubernetes.io/instance: pihole + blackbox: ignore + annotations: + route.openshift.io/termination: edge +spec: + ingressClassName: openshift-default + rules: + - host: pihole-vlan3.apps.okd.arthurvardevanyan.com + http: + paths: + - path: "" + pathType: ImplementationSpecific + backend: + service: + name: pihole-vlan3 + port: + number: 80 diff --git a/kubernetes/pihole/components/vlan3/kustomization.yaml b/kubernetes/pihole/components/vlan3/kustomization.yaml new file mode 100644 index 00000000..f0e6d775 --- /dev/null +++ b/kubernetes/pihole/components/vlan3/kustomization.yaml @@ -0,0 +1,7 @@ +apiVersion: kustomize.config.k8s.io/v1alpha1 +kind: Component +resources: + - ./statefulset.yaml + - ./pvc.yaml + - ./ingress.yaml + - ./service.yaml diff --git a/kubernetes/pihole/components/vlan3/pvc.yaml b/kubernetes/pihole/components/vlan3/pvc.yaml new file mode 100644 index 00000000..57317b3c --- /dev/null +++ b/kubernetes/pihole/components/vlan3/pvc.yaml @@ -0,0 +1,31 @@ +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: vlan3-etc-pihole + namespace: pihole + labels: + app.kubernetes.io/instance: pihole +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 5Gi + storageClassName: rook-ceph-block + volumeMode: Filesystem +--- +kind: PersistentVolumeClaim +apiVersion: v1 +metadata: + name: vlan3-etc-dnsmasq + namespace: pihole + labels: + app.kubernetes.io/instance: pihole +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi + storageClassName: rook-ceph-block + volumeMode: Filesystem diff --git a/kubernetes/pihole/components/vlan3/service.yaml b/kubernetes/pihole/components/vlan3/service.yaml new file mode 100644 index 00000000..50072048 --- /dev/null +++ b/kubernetes/pihole/components/vlan3/service.yaml @@ -0,0 +1,17 @@ +apiVersion: v1 +kind: Service +metadata: + name: pihole-vlan3 + namespace: pihole + labels: + app.kubernetes.io/instance: pihole +spec: + type: ClusterIP + clusterIP: None + ports: + - name: http + port: 80 + protocol: TCP + targetPort: 80 + selector: + app: pihole-vlan3 diff --git a/kubernetes/pihole/components/vlan3/statefulset.yaml b/kubernetes/pihole/components/vlan3/statefulset.yaml new file mode 100644 index 00000000..6c9d4710 --- /dev/null +++ b/kubernetes/pihole/components/vlan3/statefulset.yaml @@ -0,0 +1,124 @@ +kind: StatefulSet +apiVersion: apps/v1 +metadata: + name: pihole-vlan3 + namespace: pihole + labels: + app: pihole-vlan3 + app.kubernetes.io/instance: pihole + annotations: + checkov.io/skip1: CKV_K8S_40=OpenShift Injects Random UID +spec: + replicas: 1 + serviceName: pihole + selector: + matchLabels: + app: pihole-vlan3 + template: + metadata: + labels: + app: pihole-vlan3 + annotations: + enable.version-checker.io/pihole: "true" + k8s.v1.cni.cncf.io/networks: | + [{ + "name": "br1-vlan3", + "namespace": "default", + "mac": "10:01:01:00:30:03", + "ips": ["10.101.3.3/24"] + }] + spec: + hostname: pihole-vlan3 + securityContext: + seccompProfile: + type: RuntimeDefault + runAsNonRoot: true + dnsConfig: + nameservers: + - 1.1.1.1 + - 1.0.0.1 + containers: + - image: docker.io/pihole/pihole:2024.07.0@sha256:0def896a596e8d45780b6359dbf82fc8c75ef05b97e095452e67a0a4ccc95377 + imagePullPolicy: IfNotPresent + name: pihole-vlan3 + env: + - name: TZ + value: "America/Detroit" + - name: VIRTUAL_HOST + value: "pihole.arthurvardevanyan.com" + - name: DNSSEC + value: "true" + - name: DNSMASQ_LISTENING + value: all + securityContext: + runAsNonRoot: false + privileged: true + allowPrivilegeEscalation: true + readOnlyRootFilesystem: false + seccompProfile: + type: RuntimeDefault + capabilities: + drop: + - ALL + # readinessProbe: + # exec: + # command: ["dig", "@127.0.0.1", "cloudflare.com"] + # initialDelaySeconds: 15 + # timeoutSeconds: 20 + # periodSeconds: 30 + # successThreshold: 1 + # failureThreshold: 5 + livenessProbe: + tcpSocket: + port: dns-tcp + initialDelaySeconds: 15 + timeoutSeconds: 1 + periodSeconds: 30 + successThreshold: 1 + failureThreshold: 5 + ports: + - name: dns-tcp + containerPort: 53 + protocol: TCP + - name: dns-udp + containerPort: 53 + protocol: UDP + - name: web + containerPort: 80 + protocol: TCP + volumeMounts: + - name: etc-pihole + mountPath: /etc/pihole + - name: etc-dnsmasq + mountPath: /etc/dnsmasq.d + # - name: wildcard-dns + # mountPath: "/etc/dnsmasq.d/02-my-wildcard-dns.conf" + # subPath: "02-my-wildcard-dns.conf" + - name: wildcard-dns + mountPath: "/etc/dnsmasq.d/02-custom-settings.conf" + subPath: "02-my-wildcard-dns.conf" + - mountPath: /dev/shm + name: dshm + resources: + limits: + cpu: 250m + memory: 1Gi + requests: + cpu: 25m + memory: 512Mi + automountServiceAccountToken: false + serviceAccountName: pihole + volumes: + - name: etc-pihole + persistentVolumeClaim: + claimName: vlan3-etc-pihole + - name: etc-dnsmasq + persistentVolumeClaim: + claimName: vlan3-etc-dnsmasq + - name: wildcard-dns + configMap: + name: wildcard-dns + - name: dshm + emptyDir: + medium: Memory + sizeLimit: 256Mi diff --git a/kubernetes/pihole/overlays/microshift/kustomization.yaml b/kubernetes/pihole/overlays/microshift/kustomization.yaml index f9d82714..fca3e742 100644 --- a/kubernetes/pihole/overlays/microshift/kustomization.yaml +++ b/kubernetes/pihole/overlays/microshift/kustomization.yaml @@ -5,10 +5,10 @@ resources: - ingress.yaml - service.yaml - certificate.yaml -patches: - - target: - kind: StatefulSet - name: pihole - patch: |- - - op: remove - path: /spec/template/metadata/annotations/k8s.v1.cni.cncf.io~1networks +# patches: +# - target: +# kind: StatefulSet +# name: pihole +# patch: |- +# - op: remove +# path: /spec/template/metadata/annotations/k8s.v1.cni.cncf.io~1networks diff --git a/kubernetes/pihole/overlays/okd/kustomization.yaml b/kubernetes/pihole/overlays/okd/kustomization.yaml index 3461617b..43f896b7 100644 --- a/kubernetes/pihole/overlays/okd/kustomization.yaml +++ b/kubernetes/pihole/overlays/okd/kustomization.yaml @@ -6,6 +6,8 @@ resources: - ./service.yaml - ./dns.yaml - ./egress-firewall.yaml +components: + - ../../components/vlan3 patches: - target: kind: StatefulSet