Skip to content

Instantly share code, notes, and snippets.

@tuananh

tuananh/configmap.yaml

Last active Dec 13, 2020
Embed
What would you like to do?
Pi-hole on Kubernetes
apiVersion: v1
kind: ConfigMap
metadata:
name: pihole-config
data:
WEBPASSWORD: pihole
TZ: 'Asia/Ho_Chi_Minh'
DNS1: 1.1.1.1
DNS2: 1.0.0.1
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: pihole
name: pihole
namespace: default
spec:
selector:
matchLabels:
app: pihole
template:
metadata:
labels:
app: pihole
spec:
containers:
- image: pihole/pihole:v5.0
imagePullPolicy: IfNotPresent
name: pihole
env:
- name: WEBPASSWORD
valueFrom:
secretKeyRef:
name: pihole-secret
key: WEBPASSWORD
- name: TZ
valueFrom:
configMapKeyRef:
name: pihole-config
key: TZ
- name: DNS1
valueFrom:
configMapKeyRef:
name: pihole-config
key: DNS1
- name: DNS2
valueFrom:
configMapKeyRef:
name: pihole-config
key: DNS2
volumeMounts:
- name: pihole-pvc
mountPath: '/etc/pihole'
- name: dnsmasq-pvc
mountPath: '/etc/dnsmasq.d'
restartPolicy: Always
volumes:
- name: pihole-pvc
persistentVolumeClaim:
claimName: pihole-pvc
- name: dnsmasq-pvc
persistentVolumeClaim:
claimName: dnsmasq-pvc
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: pihole-pvc
annotations:
volume.beta.kubernetes.io/storage-class: 'nfs-client'
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 1Gi
---
kind: PersistentVolumeClaim
apiVersion: v1
metadata:
name: dnsmasq-pvc
annotations:
volume.beta.kubernetes.io/storage-class: 'nfs-client'
spec:
accessModes:
- ReadWriteMany
resources:
requests:
storage: 100Mi
apiVersion: v1
kind: Secret
metadata:
name: pihole-secret
type: Opaque
data:
# echo -n 'pihole' | base64
WEBPASSWORD: cGlob2xl
apiVersion: v1
kind: Service
metadata:
name: pihole-tcp
annotations:
metallb.universe.tf/address-pool: default
metallb.universe.tf/allow-shared-ip: pihole-svc
spec:
externalTrafficPolicy: Local
loadBalancerIP: 10.0.20.3
ports:
# pihole use Ports to expose (53, 80, 67, 443), the bare minimum ports required for Pi-holes HTTP and DNS services
- port: 80
targetPort: 80
name: port80
protocol: TCP
- port: 443
targetPort: 443
name: port443
protocol: TCP
- port: 53
targetPort: 53
protocol: TCP
name: port53
selector:
app: pihole
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: pihole-udp
annotations:
metallb.universe.tf/address-pool: default
metallb.universe.tf/allow-shared-ip: pihole-svc
spec:
externalTrafficPolicy: Local
loadBalancerIP: 10.0.20.3
ports:
- port: 53
targetPort: 53
protocol: UDP
name: port53-udp
- port: 67
targetPort: 67
protocol: UDP
name: port67-udp
selector:
app: pihole
type: LoadBalancer
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment