Skip to content

Instantly share code, notes, and snippets.

@ceaser

ceaser/deployment.yaml

Created April 29, 2020 15:09
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save ceaser/161f564dd55a1375e4b741168d9caf3f to your computer and use it in GitHub Desktop.
Save ceaser/161f564dd55a1375e4b741168d9caf3f to your computer and use it in GitHub Desktop.
Download ZIP
Kubernetes Pi-Hole
Raw
deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: pi-hole
labels:
app: pi-hole
spec:
replicas: 1
selector:
matchLabels:
app: pi-hole
template:
metadata:
labels:
app: pi-hole
spec:
affinity:
nodeAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 1
preference:
matchExpressions:
- key: kubernetes.io/hostname
operator: In
values:
- node1
containers:
- name: pi-hole
image: pihole/pihole:latest
imagePullPolicy: Always
ports:
- name: pi-hole-admin
containerPort: 80
protocol: TCP
- name: dns-tcp
containerPort: 53
protocol: TCP
- name: dns-udp
containerPort: 53
protocol: UDP
readinessProbe:
httpGet:
path: /admin
port: pi-hole-admin
initialDelaySeconds: 30
timeoutSeconds: 30
failureThreshold: 6
livenessProbe:
httpGet:
path: /admin
port: pi-hole-admin
initialDelaySeconds: 30
timeoutSeconds: 30
failureThreshold: 6
resources:
requests:
cpu: 100m
memory: "512Mi"
env:
- name: TZ
value: "America/Denver"
- name: WEBPASSWORD
valueFrom:
secretKeyRef:
name: pi-hole
key: WEBPASSWORD
- name: DNS1
value: "192.168.1.1"
- name: DNS2
value: "192.168.1.1"
- name: CONDITIONAL_FORWARDING
value: "true"
- name: CONDITIONAL_FORWARDING_IP
value: "192.168.1.1"
- name: CONDITIONAL_FORWARDING_DOMAIN
value: "home.example.com"
- name: CONDITIONAL_FORWARDING_REVERSE
value: "1.168.192.in-addr.arpa"
volumeMounts:
- name: pi-hole-etc
mountPath: "/etc/pihole"
- name: pi-hole-dnsmasq
mountPath: "/etc/dnsmasq.d"
volumes:
- name: pi-hole-etc
persistentVolumeClaim:
claimName: pi-hole-etc
- name: pi-hole-dnsmasq
persistentVolumeClaim:
claimName: pi-hole-dnsmasq
- name: secret
secret:
secretName: pi-hole
defaultMode: 0400
Raw
pdb.yaml
apiVersion: policy/v1beta1
kind: PodDisruptionBudget
metadata:
labels:
app: pi-hole
name: pi-hole
namespace: default
spec:
minAvailable: 1
selector:
matchLabels:
app: pi-hole
Raw
pv.yaml
apiVersion: v1
kind: PersistentVolume
metadata:
name: pi-hole-etc
labels:
volume: pi-hole-etc
spec:
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: ""
mountOptions:
- hard
- nfsvers=3
- noexec
- nosuid
- rsize=131072
- wsize=131072
capacity:
storage: 1Gi
nfs:
server: 192.168.1.22
path: /srv/nfs/pi-hole/etc
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pi-hole-dnsmasq
labels:
volume: pi-hole-dnsmasq
spec:
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: ""
mountOptions:
- hard
- nfsvers=3
- noexec
- nosuid
- rsize=131072
- wsize=131072
capacity:
storage: 1Gi
nfs:
server: 192.168.1.22
path: /srv/nfs/pi-hole/dnsmasq.d
Raw
pvc.yaml
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pi-hole-etc
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
selector:
matchLabels:
volume: pi-hole-etc
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pi-hole-dnsmasq
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
selector:
matchLabels:
volume: pi-hole-dnsmasq
Raw
secret.yaml
apiVersion: v1
kind: Secret
metadata:
name: pi-hole
type: Opaque
stringData:
WEBPASSWORD: MyPasswordIsSecret
Raw
service.yaml
apiVersion: v1
kind: Service
metadata:
name: pi-hole
spec:
type: NodePort
selector:
app: pi-hole
ports:
- port: 8000
targetPort: 80
name: pi-hole-admin
- port: 53
targetPort: 53
protocol: TCP
name: dns-tcp
- port: 53
targetPort: 53
protocol: UDP
name: dns-udp
externalIPs:
- 192.168.1.51
- 192.168.1.52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment