diff --git a/ansible.cfg b/ansible.cfg index 74499ee..342f009 100644 --- a/ansible.cfg +++ b/ansible.cfg @@ -1,6 +1,7 @@ [defaults] inventory=./inventory remote_user="ansible" +ansible_user="ansible" roles_path=./roles collections_path=./collections host_key_checking = False diff --git a/inventory/inventory b/inventory/inventory index 47930dc..a6424d1 100644 --- a/inventory/inventory +++ b/inventory/inventory @@ -30,4 +30,4 @@ node3 node4 node5 node6 -docker0 +rhel0 diff --git a/manifests/external-dns/install.yaml b/manifests/external-dns/install.yaml index c10d3a1..959876e 100644 --- a/manifests/external-dns/install.yaml +++ b/manifests/external-dns/install.yaml @@ -68,7 +68,8 @@ spec: # the policy to upsert-only so they do not get deleted. - --policy=upsert-only - --provider=pihole + - --pihole-tls-skip-verify # Change this to the actual address of your Pi-hole web server - - --pihole-server=http://192.168.0.239 + - --pihole-server=http://pihole-web.default.svc.cluster.local securityContext: fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files diff --git a/manifests/pihole/CHANGELOG.md b/manifests/pihole/CHANGELOG.md index f7ad834..b9caece 100644 --- a/manifests/pihole/CHANGELOG.md +++ b/manifests/pihole/CHANGELOG.md @@ -1,5 +1,45 @@ # Changelog +## [2.31.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.30.0...pihole-2.31.0) (2025-05-16) + + +### Features + +* Allow specifying loadBalancerClass for LoadBalancer services ([#370](https://github.com/MoJo2600/pihole-kubernetes/issues/370)) ([d0c9f95](https://github.com/MoJo2600/pihole-kubernetes/commit/d0c9f9534d83020d5b4541f6c402912279db38d5)) + +## [2.30.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.29.1...pihole-2.30.0) (2025-04-30) + + +### Features + +* bump pihole version to 2025.04.0 ([#364](https://github.com/MoJo2600/pihole-kubernetes/issues/364)) ([b41ff7f](https://github.com/MoJo2600/pihole-kubernetes/commit/b41ff7f264ea4472a2556ed34c8d8a79eb616af0)) + +## [2.29.1](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.29.0...pihole-2.29.1) (2025-03-08) + + +### Bug Fixes + +* revert liveness and readiness probe back to http ([#357](https://github.com/MoJo2600/pihole-kubernetes/issues/357)) ([bbb557b](https://github.com/MoJo2600/pihole-kubernetes/commit/bbb557b1730c31cec5401d99c9962613e376358a)), closes [#356](https://github.com/MoJo2600/pihole-kubernetes/issues/356) +* updated pihole exporter to v1.0.0 ([#351](https://github.com/MoJo2600/pihole-kubernetes/issues/351)) ([04d4e90](https://github.com/MoJo2600/pihole-kubernetes/commit/04d4e9047e3cbe6d1d0dade813367beb6291777c)) + +## [2.29.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.28.0...pihole-2.29.0) (2025-03-07) + + +### Features + +* allow for env map values ([#339](https://github.com/MoJo2600/pihole-kubernetes/issues/339)) ([f6fcb06](https://github.com/MoJo2600/pihole-kubernetes/commit/f6fcb06d4c5d3a5fd41e08d8dbcc7e3fbba68a85)) +* bump pihole version to 2025.03.0 ([#352](https://github.com/MoJo2600/pihole-kubernetes/issues/352)) ([83dd678](https://github.com/MoJo2600/pihole-kubernetes/commit/83dd67801fe07f872a12301a96f087b8e9d0f2f1)) + +## [2.28.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.27.0...pihole-2.28.0) (2025-03-02) + + +### Features + +* add custom deployment annotation option ([#332](https://github.com/MoJo2600/pihole-kubernetes/issues/332)) ([bc8f720](https://github.com/MoJo2600/pihole-kubernetes/commit/bc8f720a9343e8b61fea68b67a2aa4f9ca56c0f4)) +* allow to override the command of the cloudflared container. ([#331](https://github.com/MoJo2600/pihole-kubernetes/issues/331)) ([02cff49](https://github.com/MoJo2600/pihole-kubernetes/commit/02cff4992313488524f0883946bb6e425be8be77)) +* PiHole v6 Support ([#343](https://github.com/MoJo2600/pihole-kubernetes/issues/343)) ([8112b80](https://github.com/MoJo2600/pihole-kubernetes/commit/8112b800b98eb6ff23aa19d074b56acd72e1066b)) +* support doh readiness and podmonitor ([#335](https://github.com/MoJo2600/pihole-kubernetes/issues/335)) ([2c5aaf5](https://github.com/MoJo2600/pihole-kubernetes/commit/2c5aaf592b10d69ce674e87833edb82ad4954110)) + ## [2.27.0](https://github.com/MoJo2600/pihole-kubernetes/compare/pihole-2.26.2...pihole-2.27.0) (2024-11-28) diff --git a/manifests/pihole/Chart.yaml b/manifests/pihole/Chart.yaml index 3cdba5a..4f2d834 100644 --- a/manifests/pihole/Chart.yaml +++ b/manifests/pihole/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 -appVersion: 2024.07.0 +appVersion: 2025.04.0 description: Installs pihole in kubernetes home: https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole -icon: https://i2.wp.com/pi-hole.net/wp-content/uploads/2016/12/Vortex-R.png +icon: https://wp-cdn.pi-hole.net/wp-content/uploads/2016/12/Vortex-R.png maintainers: - email: christian.erhardt@mojo2k.de name: MoJo2600 @@ -12,4 +12,4 @@ sources: - https://pi-hole.net/ - https://github.com/pi-hole - https://github.com/pi-hole/docker-pi-hole -version: 2.27.0 +version: 2.31.0 diff --git a/manifests/pihole/README.md b/manifests/pihole/README.md index 4cbde0f..e4c4936 100644 --- a/manifests/pihole/README.md +++ b/manifests/pihole/README.md @@ -2,7 +2,9 @@ Installs pihole in kubernetes -![Version: 2.27.0](https://img.shields.io/badge/Version-2.27.0-informational?style=flat-square) ![AppVersion: 2024.07.0](https://img.shields.io/badge/AppVersion-2024.07.0-informational?style=flat-square) [![All Contributors](https://img.shields.io/badge/all_contributors-27-blue.svg?style=flat-square)](#contributors-) +![Version: 2.31.0](https://img.shields.io/badge/Version-2.31.0-informational?style=flat-square) ![AppVersion: 2025.04.0](https://img.shields.io/badge/AppVersion-2025.04.0-informational?style=flat-square) +[![All Contributors](https://img.shields.io/badge/all_contributors-27-blue.svg?style=flat-square)](#contributors-) + ## Source Code @@ -179,37 +181,46 @@ The following table lists the configurable parameters of the pihole chart and th | capabilities | object | `{}` | | | customVolumes.config | object | `{}` | any volume type can be used here | | customVolumes.enabled | bool | `false` | set this to true to enable custom volumes | +| deploymentAnnotations | object | `{}` | Additional annotations for the deployment | | dnsHostPort.enabled | bool | `false` | set this to true to enable dnsHostPort | | dnsHostPort.port | int | `53` | default port for this pod | -| dnsmasq | object | `{"additionalHostsEntries":[],"customCnameEntries":[],"customDnsEntries":[],"customSettings":null,"staticDhcpEntries":[],"upstreamServers":[]}` | DNS MASQ settings | +| dnsmasq | object | `{"additionalHostsEntries":[],"customCnameEntries":[],"customDnsEntries":[],"customSettings":null,"enableCustomDnsMasq":true,"staticDhcpEntries":[],"upstreamServers":[]}` | DNS MASQ settings | | dnsmasq.additionalHostsEntries | list | `[]` | Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like | | dnsmasq.customCnameEntries | list | `[]` | Here we specify custom cname entries that should point to `A` records or elements in customDnsEntries array. The format should be: - cname=cname.foo.bar,foo.bar - cname=cname.bar.foo,bar.foo - cname=cname record,dns record | | dnsmasq.customDnsEntries | list | `[]` | Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration. | | dnsmasq.customSettings | string | `nil` | Other options | +| dnsmasq.enableCustomDnsMasq | bool | `true` | Load custom user configuration files from /etc/dnsmasq.d | | dnsmasq.staticDhcpEntries | list | `[]` | Static DHCP config | | dnsmasq.upstreamServers | list | `[]` | Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration | +| doh.command | list | `[]` | Custom command to the DoH container | | doh.enabled | bool | `false` | set to true to enabled DNS over HTTPs via cloudflared | | doh.envVars | object | `{}` | Here you can pass environment variables to the DoH container, for example: | +| doh.monitoring.podMonitor.enabled | bool | `false` | | | doh.name | string | `"cloudflared"` | name | -| doh.probes | object | `{"liveness":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5}}` | Probes configuration | +| doh.probes | object | `{"liveness":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5},"readiness":{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5}}` | Probes configuration | | doh.probes.liveness | object | `{"enabled":true,"failureThreshold":10,"initialDelaySeconds":60,"probe":{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}},"timeoutSeconds":5}` | Configure the healthcheck for the doh container | | doh.probes.liveness.enabled | bool | `true` | set to true to enable liveness probe | | doh.probes.liveness.failureThreshold | int | `10` | defines the failure threshold for the liveness probe | | doh.probes.liveness.initialDelaySeconds | int | `60` | defines the initial delay for the liveness probe | | doh.probes.liveness.probe | object | `{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}}` | customize the liveness probe | | doh.probes.liveness.timeoutSeconds | int | `5` | defines the timeout in secondes for the liveness probe | +| doh.probes.readiness.enabled | bool | `true` | set to true to enable readiness probe | +| doh.probes.readiness.failureThreshold | int | `10` | defines the failure threshold for the readiness probe | +| doh.probes.readiness.initialDelaySeconds | int | `60` | defines the initial delay for the readiness probe | +| doh.probes.readiness.probe | object | `{"exec":{"command":["nslookup","-po=5053","cloudflare.com","127.0.0.1"]}}` | customize the readiness probe | +| doh.probes.readiness.timeoutSeconds | int | `5` | defines the timeout in secondes for the readiness probe | | doh.pullPolicy | string | `"IfNotPresent"` | Pull policy | | doh.repository | string | `"crazymax/cloudflared"` | repository | | doh.tag | string | `"latest"` | | | dualStack.enabled | bool | `false` | set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"` | | extraContainers | list | `[]` | | -| extraEnvVars | object | `{}` | extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use | +| extraEnvVars | object | `{}` | extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use. You can use either scalars or project cm, secrets or pod fields via valueFrom | | extraEnvVarsSecret | object | `{}` | extraEnvVarsSecret is a list of secrets to load in as environment variables. | | extraInitContainers | list | `[]` | any initContainers you might want to run before starting pihole | | extraObjects | list | `[]` | any extra kubernetes manifests you might want | | extraVolumeMounts | object | `{}` | any extra volume mounts you might want | | extraVolumes | object | `{}` | any extra volumes you might want | -| ftl | object | `{}` | values that should be added to pihole-FTL.conf | +| ftl | object | `{}` | values that should be added to pihole-FTL.conf. You can use either scalars or project cm, secrets or pod fields via valueFrom | | hostNetwork | string | `"false"` | should the container use host network | | hostname | string | `""` | hostname of pod | | image.pullPolicy | string | `"IfNotPresent"` | the pull policy | @@ -222,7 +233,7 @@ The following table lists the configurable parameters of the pihole chart and th | maxUnavailable | int | `1` | The maximum number of Pods that can be unavailable during updating | | monitoring.podMonitor | object | `{"enabled":false}` | Preferably adding prometheus scrape annotations rather than enabling podMonitor. | | monitoring.podMonitor.enabled | bool | `false` | set this to true to enable podMonitor | -| monitoring.sidecar | object | `{"enabled":false,"image":{"pullPolicy":"IfNotPresent","repository":"ekofr/pihole-exporter","tag":"v0.3.0"},"port":9617,"resources":{"limits":{"memory":"128Mi"}}}` | Sidecar configuration | +| monitoring.sidecar | object | `{"enabled":false,"image":{"pullPolicy":"IfNotPresent","repository":"ekofr/pihole-exporter","tag":"v1.0.0"},"port":9617,"resources":{"limits":{"memory":"128Mi"}}}` | Sidecar configuration | | monitoring.sidecar.enabled | bool | `false` | set this to true to enable podMonitor as sidecar | | monitoring.sidecar.image.repository | string | `"ekofr/pihole-exporter"` | the repository to use | | nodeSelector | object | `{}` | Node selector values | @@ -251,27 +262,29 @@ The following table lists the configurable parameters of the pihole chart and th | regex | object | `{}` | list of blacklisted regex expressions to import during initial start of the container | | replicaCount | int | `1` | The number of replicas | | resources | object | `{}` | lines, adjust them as necessary, and remove the curly braces after 'resources:'. | -| serviceDhcp | object | `{"annotations":{},"enabled":true,"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerIP":"","loadBalancerIPv6":"","nodePort":"","port":67,"type":"NodePort"}` | Configuration for the DHCP service on port 67 | +| serviceDhcp | object | `{"annotations":{},"enabled":true,"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerClass":"","loadBalancerIP":"","loadBalancerIPv6":"","nodePort":"","port":67,"type":"NodePort"}` | Configuration for the DHCP service on port 67 | | serviceDhcp.annotations | object | `{}` | Annotations for the DHCP service | | serviceDhcp.enabled | bool | `true` | Generate a Service resource for DHCP traffic | | serviceDhcp.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the DHCP Service | | serviceDhcp.extraLabels | object | `{}` | Labels for the DHCP service | +| serviceDhcp.loadBalancerClass | string | `""` | `spec.loadBalancerClass` for the DHCP Service. Only used if type is LoadBalancer. | | serviceDhcp.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the DHCP Service | | serviceDhcp.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service | | serviceDhcp.nodePort | string | `""` | Optional node port for the DHCP service | | serviceDhcp.port | int | `67` | The port of the DHCP service | | serviceDhcp.type | string | `"NodePort"` | `spec.type` for the DHCP Service | -| serviceDns | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerIP":"","loadBalancerIPv6":"","mixedService":false,"nodePort":"","port":53,"type":"NodePort"}` | Configuration for the DNS service on port 53 | +| serviceDns | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"loadBalancerClass":"","loadBalancerIP":"","loadBalancerIPv6":"","mixedService":false,"nodePort":"","port":53,"type":"NodePort"}` | Configuration for the DNS service on port 53 | | serviceDns.annotations | object | `{}` | Annotations for the DNS service | | serviceDns.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the DHCP Service | | serviceDns.extraLabels | object | `{}` | Labels for the DNS service | +| serviceDns.loadBalancerClass | string | `""` | `spec.loadBalancerClass` for the DNS Service. Only used if type is LoadBalancer. | | serviceDns.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the DNS Service | | serviceDns.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 DNS Service | | serviceDns.mixedService | bool | `false` | deploys a mixed (TCP + UDP) Service instead of separate ones | | serviceDns.nodePort | string | `""` | Optional node port for the DNS service | | serviceDns.port | int | `53` | The port of the DNS service | | serviceDns.type | string | `"NodePort"` | `spec.type` for the DNS Service | -| serviceWeb | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"http":{"enabled":true,"nodePort":"","port":80},"https":{"enabled":true,"nodePort":"","port":443},"loadBalancerIP":"","loadBalancerIPv6":"","type":"ClusterIP"}` | Configuration for the web interface service | +| serviceWeb | object | `{"annotations":{},"externalTrafficPolicy":"Local","extraLabels":{},"http":{"enabled":true,"nodePort":"","port":80},"https":{"enabled":true,"nodePort":"","port":443},"loadBalancerClass":"","loadBalancerIP":"","loadBalancerIPv6":"","type":"ClusterIP"}` | Configuration for the web interface service | | serviceWeb.annotations | object | `{}` | Annotations for the DHCP service | | serviceWeb.externalTrafficPolicy | string | `"Local"` | `spec.externalTrafficPolicy` for the web interface Service | | serviceWeb.extraLabels | object | `{}` | Labels for the web interface service | @@ -283,6 +296,7 @@ The following table lists the configurable parameters of the pihole chart and th | serviceWeb.https.enabled | bool | `true` | Generate a service for HTTPS traffic | | serviceWeb.https.nodePort | string | `""` | Optional node port for the web HTTPS service | | serviceWeb.https.port | int | `443` | The port of the web HTTPS service | +| serviceWeb.loadBalancerClass | string | `""` | `spec.loadBalancerClass` for the web interface Service. Only used if type is LoadBalancer. | | serviceWeb.loadBalancerIP | string | `""` | A fixed `spec.loadBalancerIP` for the web interface Service | | serviceWeb.loadBalancerIPv6 | string | `""` | A fixed `spec.loadBalancerIP` for the IPv6 web interface Service | | serviceWeb.type | string | `"ClusterIP"` | `spec.type` for the web interface Service | @@ -397,25 +411,41 @@ Thanks goes to these wonderful people:
Theo REY
Watteel Pascal
simon -
Eric
Vincent
Clint +
Philipp B. -
Philipp B.
ebCrypto
Ken Lasko
Mark Bundschuh
Max Rosin
Yang
dwarf-king-hreidmar +
s94santos -
s94santos
Adam David
Ben Konicek
Gabisonfire
Giorgi Lekveishvili +
Paimon Sorornejad +
Jean-Kevin KPADEY +
Alessandro Ogier + + +
Luuk v/d Maagdenberg +
Markus Mayer +
Paulo Jesus +
Lindemberg Barbosa +
Ricardo Baltazar Chaves +
Thomas Andrade +
Alexandre Chappaz + + +
Cristian Klein +
JP Flouret +
Eric diff --git a/manifests/pihole/templates/deployment.yaml b/manifests/pihole/templates/deployment.yaml index 6e0368c..4765eaf 100644 --- a/manifests/pihole/templates/deployment.yaml +++ b/manifests/pihole/templates/deployment.yaml @@ -8,6 +8,10 @@ metadata: chart: {{ template "pihole.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} + {{- with .Values.deploymentAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} spec: replicas: {{ .Values.replicaCount }} strategy: @@ -112,6 +116,12 @@ spec: imagePullPolicy: {{ .Values.doh.pullPolicy }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File + {{- if .Values.doh.command }} + command: + {{- range $key, $value := .Values.doh.command }} + - {{ $value }} + {{- end }} + {{- end }} resources: limits: memory: 128Mi @@ -136,14 +146,23 @@ spec: failureThreshold: {{ .Values.doh.probes.liveness.failureThreshold }} timeoutSeconds: {{ .Values.doh.probes.liveness.timeoutSeconds }} {{- end }} + {{- if .Values.doh.probes.readiness.enabled }} + readinessProbe: +{{ toYaml .Values.doh.probes.readiness.probe | indent 12 }} + initialDelaySeconds: {{ .Values.doh.probes.readiness.initialDelaySeconds }} + failureThreshold: {{ .Values.doh.probes.readiness.failureThreshold }} + timeoutSeconds: {{ .Values.doh.probes.readiness.timeoutSeconds }} + {{- end }} {{- end }} - name: {{ .Chart.Name }} env: - - name: 'WEB_PORT' + - name: 'FTLCONF_webserver_port' value: "{{ .Values.webHttp }}" - name: VIRTUAL_HOST value: {{ .Values.virtualHost }} - - name: WEBPASSWORD + - name: FTLCONF_misc_etc_dnsmasq_d + value: {{ ne .Values.dnsmasq.enableCustomDnsMasq false | quote }} + - name: FTLCONF_webserver_api_password {{- if .Values.admin.enabled }} valueFrom: secretKeyRef: @@ -154,7 +173,11 @@ spec: {{- end }} {{- range $key, $value := .Values.extraEnvVars }} - name: {{ $key | quote }} + {{- if kindIs "map" $value }} + {{- toYaml $value | nindent 12 }} + {{- else }} value: {{ $value | quote }} + {{- end }} {{- end }} {{- range $key, $value := .Values.extraEnvVarsSecret }} - name: {{ $key | quote }} @@ -164,19 +187,21 @@ spec: name: {{ $value.name | quote }} {{- end }} {{- if .Values.doh.enabled }} - - name: 'DNS1' - value: "127.0.0.1#5053" - - name: DNS2 + - name: 'FTLCONF_dns_upstreams' value: "127.0.0.1#5053" {{- else }} {{- if .Values.DNS1 }} - - name: 'PIHOLE_DNS_' - value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) | squote }}{{ else }}{{ .Values.DNS1 | squote }}{{ end }} + - name: 'FTLCONF_dns_upstreams' + value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) }}{{ else }}{{ .Values.DNS1 }}{{ end }} {{- end }} {{- end }} {{- range $key, $value := .Values.ftl }} - name: 'FTLCONF_{{ $key }}' + {{- if kindIs "map" $value }} + {{- toYaml $value | nindent 12 }} + {{- else }} value: {{ $value | quote }} + {{- end }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} @@ -215,14 +240,14 @@ spec: command: {{ .Values.probes.liveness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }} {{- else }} httpGet: - path: /admin/index.php + path: /admin port: {{ .Values.probes.liveness.port }} scheme: {{ .Values.probes.liveness.scheme }} {{- end }} initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} - + {{- end }} {{- if .Values.probes.readiness.enabled }} readinessProbe: @@ -231,7 +256,7 @@ spec: command: {{ .Values.probes.readiness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }} {{- else }} httpGet: - path: /admin/index.php + path: /admin port: {{ .Values.probes.readiness.port }} scheme: {{ .Values.probes.readiness.scheme }} {{- end }} diff --git a/manifests/pihole/templates/podmonitor.yaml b/manifests/pihole/templates/podmonitor.yaml index bb3be7d..2797b06 100644 --- a/manifests/pihole/templates/podmonitor.yaml +++ b/manifests/pihole/templates/podmonitor.yaml @@ -1,4 +1,4 @@ -{{- if .Values.monitoring.podMonitor.enabled }} +{{- if or .Values.monitoring.podMonitor.enabled .Values.doh.monitoring.podMonitor.enabled }} apiVersion: monitoring.coreos.com/v1 kind: PodMonitor metadata: @@ -16,6 +16,7 @@ metadata: {{- end }} spec: podMetricsEndpoints: +{{- if .Values.monitoring.podMonitor.enabled }} - port: prometheus path: /metrics {{- if .Values.monitoring.podMonitor.interval }} @@ -31,6 +32,11 @@ spec: {{- if .Values.monitoring.podMonitor.bearerTokenSecret.optional }} optional: {{ .Values.monitoring.podMonitor.bearerTokenSecret.optional }} {{- end }} +{{- end }} +{{- end }} +{{- if .Values.doh.monitoring.podMonitor.enabled }} + - port: cloudflared-met + path: /metrics {{- end }} jobLabel: {{ template "pihole.fullname" . }}-prometheus-exporter namespaceSelector: diff --git a/manifests/pihole/templates/service-dhcp.yaml b/manifests/pihole/templates/service-dhcp.yaml index 253bef7..bd7943a 100644 --- a/manifests/pihole/templates/service-dhcp.yaml +++ b/manifests/pihole/templates/service-dhcp.yaml @@ -27,6 +27,9 @@ spec: {{- if .Values.serviceDhcp.loadBalancerIP }} loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIP }} {{- end }} + {{- if and (eq .Values.serviceDhcp.type "LoadBalancer") .Values.serviceDhcp.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDhcp.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }} {{- end }} @@ -65,6 +68,9 @@ spec: {{- if .Values.serviceDhcp.loadBalancerIPv6 }} loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIPv6 }} {{- end }} + {{- if and (eq .Values.serviceDhcp.type "LoadBalancer") .Values.serviceDhcp.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDhcp.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }} {{- end }} diff --git a/manifests/pihole/templates/service-dns-tcp.yaml b/manifests/pihole/templates/service-dns-tcp.yaml index 3b415b5..3d50553 100644 --- a/manifests/pihole/templates/service-dns-tcp.yaml +++ b/manifests/pihole/templates/service-dns-tcp.yaml @@ -27,6 +27,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIP }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} @@ -71,6 +74,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIPv6 }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} diff --git a/manifests/pihole/templates/service-dns-udp.yaml b/manifests/pihole/templates/service-dns-udp.yaml index 4dc96c2..2156b6f 100644 --- a/manifests/pihole/templates/service-dns-udp.yaml +++ b/manifests/pihole/templates/service-dns-udp.yaml @@ -27,6 +27,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIP }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} @@ -65,6 +68,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIPv6 }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} diff --git a/manifests/pihole/templates/service-dns.yaml b/manifests/pihole/templates/service-dns.yaml index 75de245..6d6857d 100644 --- a/manifests/pihole/templates/service-dns.yaml +++ b/manifests/pihole/templates/service-dns.yaml @@ -21,6 +21,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIP }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} @@ -72,6 +75,9 @@ spec: {{- if .Values.serviceDns.loadBalancerIPv6 }} loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }} {{- end }} + {{- if and (eq .Values.serviceDns.type "LoadBalancer") .Values.serviceDns.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceDns.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }} {{- end }} diff --git a/manifests/pihole/templates/service-web.yaml b/manifests/pihole/templates/service-web.yaml index c401a2b..afc14b0 100644 --- a/manifests/pihole/templates/service-web.yaml +++ b/manifests/pihole/templates/service-web.yaml @@ -27,6 +27,9 @@ spec: {{- if .Values.serviceWeb.loadBalancerIP }} loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIP }} {{- end }} + {{- if and (eq .Values.serviceWeb.type "LoadBalancer") .Values.serviceWeb.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceWeb.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }} {{- end }} @@ -81,6 +84,9 @@ spec: {{- if .Values.serviceWeb.loadBalancerIPv6 }} loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIPv6 }} {{- end }} + {{- if and (eq .Values.serviceWeb.type "LoadBalancer") .Values.serviceWeb.loadBalancerClass }} + loadBalancerClass: {{ .Values.serviceWeb.loadBalancerClass }} + {{- end }} {{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }} externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }} {{- end }} diff --git a/manifests/pihole/values.yaml b/manifests/pihole/values.yaml index f5c6eb1..032c924 100644 --- a/manifests/pihole/values.yaml +++ b/manifests/pihole/values.yaml @@ -35,7 +35,7 @@ dnsHostPort: # -- Configuration for the DNS service on port 53 serviceDns: # -- deploys a mixed (TCP + UDP) Service instead of separate ones - mixedService: true + mixedService: false # -- `spec.type` for the DNS Service type: LoadBalancer @@ -53,6 +53,8 @@ serviceDns: loadBalancerIP: "192.168.0.234" # -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service loadBalancerIPv6: "" + # -- `spec.loadBalancerClass` for the DNS Service. Only used if type is LoadBalancer. + loadBalancerClass: "" # -- Annotations for the DNS service annotations: {} @@ -84,6 +86,8 @@ serviceDhcp: loadBalancerIP: "" # -- A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service loadBalancerIPv6: "" + # -- `spec.loadBalancerClass` for the DHCP Service. Only used if type is LoadBalancer. + loadBalancerClass: "" # -- Annotations for the DHCP service annotations: {} @@ -127,6 +131,8 @@ serviceWeb: loadBalancerIP: "192.168.0.239" # -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service loadBalancerIPv6: "" + # -- `spec.loadBalancerClass` for the web interface Service. Only used if type is LoadBalancer. + loadBalancerClass: "" # -- Annotations for the DHCP service annotations: @@ -153,6 +159,7 @@ ingress: # kubernetes.io/ingress.class: nginx # kubernetes.io/tls-acme: "true" path: / + pathType: ImplementationSpecific hosts: # virtualHost (default value is pi.hole) will be appended to the hosts - chart-example.local @@ -184,14 +191,19 @@ probes: scheme: HTTP readiness: # -- Generate a readiness probe + # 'type' defaults to httpGet, can be set to 'command' to use a command type readiness probe. + type: httpGet + # command: + # - /bin/bash + # - -c + # - /bin/true enabled: true - # -- Initial delay to wait for readiness check + # -- wait time before trying the readiness probe initialDelaySeconds: 60 - # -- The failure threshold - failureThreshold: 3 - # -- The timeout in seconds + # -- threshold until the probe is considered failing + failureThreshold: 10 + # -- timeout in seconds timeoutSeconds: 5 - # -- The port port: http scheme: HTTP @@ -256,7 +268,6 @@ topologySpreadConstraints: [] affinity: {} # -- Administrator password when not using an existing secret (see below) -# -- Change the admin password prior to installing adminPassword: "admin" # -- Use an existing secret for the admin password. @@ -266,15 +277,21 @@ admin: # -- Specify an existing secret to use as admin password existingSecret: "" # -- Specify the key inside the secret to use - passwordKey: "" + passwordKey: "password" # -- Specify [annotations](docs/Values.md#admin.annotations) to be added to the secret annotations: # reflector.v1.k8s.emberstack.com/reflection-allowed: "true" # reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "external-dns" -# -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use +# -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use. You can use either scalars or project cm, secrets or pod fields via valueFrom extraEnvVars: {} # TZ: UTC + # Project a variable + # SOME_VAR: + # valueFrom: + # configMapKeyRef: + # key: some-var + # name: my-config-map # -- extraEnvVarsSecret is a list of secrets to load in as environment variables. extraEnvVarsSecret: {} @@ -283,9 +300,9 @@ extraEnvVarsSecret: {} # key: secret-key # -- default upstream DNS 1 server to use -DNS1: "8.8.8.8" +DNS1: "1.1.1.1" # -- default upstream DNS 2 server to use -DNS2: "8.8.4.4" +DNS2: "8.8.8.8" antiaff: # -- set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster) @@ -311,7 +328,8 @@ doh: # -- Here you can pass environment variables to the DoH container, for example: envVars: {} # TUNNEL_DNS_UPSTREAM: "https://1.1.1.2/dns-query,https://1.0.0.2/dns-query" - + # -- Custom command to the DoH container + command: [] # -- Probes configuration probes: # -- Configure the healthcheck for the doh container @@ -332,9 +350,31 @@ doh: failureThreshold: 10 # -- defines the timeout in secondes for the liveness probe timeoutSeconds: 5 - + readiness: + # -- set to true to enable readiness probe + enabled: true + # -- customize the readiness probe + probe: + exec: + command: + - nslookup + - -po=5053 + - cloudflare.com + - "127.0.0.1" + # -- defines the initial delay for the readiness probe + initialDelaySeconds: 60 + # -- defines the failure threshold for the readiness probe + failureThreshold: 10 + # -- defines the timeout in secondes for the readiness probe + timeoutSeconds: 5 + monitoring: + podMonitor: + enabled: false # -- DNS MASQ settings dnsmasq: + # -- Load custom user configuration files from /etc/dnsmasq.d + enableCustomDnsMasq: true + # -- Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration upstreamServers: [] # - server=/foo.bar/192.168.178.10 @@ -347,16 +387,20 @@ dnsmasq: # -- Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like additionalHostsEntries: - - 192.168.0.117 baxter2 - - 192.168.0.106 baxter - - 192.168.0.109 docker0 omada - - 192.168.0.102 node1 - - 192.168.0.111 node2 - - 192.168.0.110 node3 - - 192.168.0.113 node4 - - 192.168.0.114 node5 - - 192.168.0.115 node6 - - 192.168.0.103 rhel0 + - 192.168.0.102 baxter + - 192.168.0.104 docker0 + - 192.168.0.101 node0 + - 192.168.0.103 node1 + - 192.168.0.105 node2 + - 192.168.0.106 node3 + - 192.168.0.107 node4 + - 192.168.0.108 node5 + - 192.168.0.109 rhel0 + - 192.168.0.110 omada + - 192.168.0.100 pve + + # - 192.168.0.3 host4 + # - 192.168.0.4 host5 # -- Static DHCP config staticDhcpEntries: [] @@ -403,11 +447,15 @@ regex: {} # Add regular expression blacklist items # - (^|\.)facebook\.com$ -# -- values that should be added to pihole-FTL.conf +# -- values that should be added to pihole-FTL.conf. You can use either scalars or project cm, secrets or pod fields via valueFrom ftl: {} # Add values for pihole-FTL.conf # MAXDBDAYS: 14 - #StartLimitBurst: 25 + # Project a variable + # LOCAL_IPV4: + # valueFrom: + # fieldRef: + # fieldPath: status.podIP # -- port the container should use to expose HTTP traffic webHttp: "80" @@ -497,6 +545,10 @@ extraObjects: [] # } # } +# -- Additional annotations for the deployment +deploymentAnnotations: {} + # reloader.stakater.com/auto: "true" + # -- Additional annotations for pods podAnnotations: {} # Example below allows Prometheus to scape on metric port (requires pihole-exporter sidecar enabled) @@ -532,7 +584,7 @@ monitoring: image: # -- the repository to use repository: ekofr/pihole-exporter - tag: v0.3.0 + tag: v1.0.0 pullPolicy: IfNotPresent resources: limits: diff --git a/playbooks/hashicorp/install.yml b/playbooks/hashicorp/install.yml index 2bb701e..22fc98e 100644 --- a/playbooks/hashicorp/install.yml +++ b/playbooks/hashicorp/install.yml @@ -46,3 +46,12 @@ ansible.builtin.command: cmd: terraform -help +# - name: Install aws-cli (A terraform prerequisite) + #ansible.builtin.shell: | + #curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" + #unzip awscliv2.zip + #./aws/install + #args: + #chdir: /tmp + + diff --git a/playbooks/k8s/install_k8s_tools.yml b/playbooks/k8s/install_k8s_tools.yml index de9aa38..5f27ca9 100644 --- a/playbooks/k8s/install_k8s_tools.yml +++ b/playbooks/k8s/install_k8s_tools.yml @@ -1,6 +1,6 @@ --- - name: adds the kubernetes repo and installs kubectl - hosts: localhost + hosts: docker become: true tasks: ########## KUBECTL INSTALL ##########