apiVersion: apps/v1 kind: Deployment metadata: name: {{ template "pihole.fullname" . }} labels: app: {{ template "pihole.name" . }} chart: {{ template "pihole.chart" . }} release: {{ .Release.Name }} heritage: {{ .Release.Service }} spec: replicas: {{ .Values.replicaCount }} strategy: type: {{ .Values.strategyType }} {{- if eq .Values.strategyType "RollingUpdate" }} rollingUpdate: maxSurge: {{ .Values.maxSurge }} maxUnavailable: {{ .Values.maxUnavailable }} {{- end }} selector: matchLabels: app: {{ template "pihole.name" . }} release: {{ .Release.Name }} template: metadata: annotations: checksum.config.adlists: {{ include (print $.Template.BasePath "/configmap-adlists.yaml") . | sha256sum | trunc 63 }} checksum.config.blacklist: {{ include (print $.Template.BasePath "/configmap-blacklist.yaml") . | sha256sum | trunc 63 }} checksum.config.regex: {{ include (print $.Template.BasePath "/configmap-regex.yaml") . | sha256sum | trunc 63 }} checksum.config.whitelist: {{ include (print $.Template.BasePath "/configmap-whitelist.yaml") . | sha256sum | trunc 63 }} checksum.config.dnsmasqConfig: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }} checksum.config.staticDhcpConfig: {{ include (print $.Template.BasePath "/configmap-static-dhcp.yaml") . | sha256sum | trunc 63 }} {{- with .Values.podAnnotations }} {{ toYaml . | indent 8 }} {{- end }} labels: app: {{ template "pihole.name" . }} release: {{ .Release.Name }} spec: {{- if .Values.antiaff.enabled }} affinity: podAntiAffinity: {{- if .Values.antiaff.strict }} requiredDuringSchedulingIgnoredDuringExecution: - labelSelector: {{- else }} preferredDuringSchedulingIgnoredDuringExecution: - weight: 100 podAffinityTerm: labelSelector: {{- end }} matchExpressions: - key: release operator: In values: - {{ .Values.antiaff.avoidRelease }} {{- if .Values.antiaff.namespaces}} namespaces: {{- toYaml .Values.antiaff.namespaces | nindent 14 }} {{- end }} topologyKey: "kubernetes.io/hostname" {{- end }} {{- if .Values.podDnsConfig.enabled }} dnsPolicy: {{ .Values.podDnsConfig.policy }} dnsConfig: nameservers: {{- toYaml .Values.podDnsConfig.nameservers | nindent 8 }} {{- end }} hostname: {{ .Values.hostname }} hostNetwork: {{ .Values.hostNetwork }} {{- with .Values.extraInitContainers }} initContainers: {{- toYaml . | nindent 8 }} {{- end }} containers: {{- if .Values.extraContainers }} {{- toYaml .Values.extraContainers | nindent 8 }} {{- end }} {{- if .Values.monitoring.sidecar.enabled }} - name: exporter image: "{{ .Values.monitoring.sidecar.image.repository }}:{{ .Values.monitoring.sidecar.image.tag }}" imagePullPolicy: {{ .Values.monitoring.sidecar.image.pullPolicy }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File env: - name: PIHOLE_HOSTNAME valueFrom: fieldRef: fieldPath: status.podIP - name: PIHOLE_PORT value: "{{ .Values.webHttp }}" - name: PIHOLE_PASSWORD {{- if .Values.admin.enabled }} valueFrom: secretKeyRef: key: {{ .Values.admin.passwordKey | default "password" }} name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }} {{- else }} value: "" {{- end }} resources: {{ toYaml .Values.monitoring.sidecar.resources | indent 12 }} ports: - containerPort: {{ .Values.monitoring.sidecar.port }} name: prometheus protocol: TCP {{- end }} {{- if .Values.doh.enabled }} - name: cloudflared image: "{{ .Values.doh.repository }}:{{ .Values.doh.tag }}" imagePullPolicy: {{ .Values.doh.pullPolicy }} terminationMessagePath: /dev/termination-log terminationMessagePolicy: File resources: limits: memory: 128Mi ports: - containerPort: 5053 name: cloudflared-udp protocol: UDP - containerPort: 49312 name: cloudflared-met protocol: TCP {{- if .Values.doh.envVars }} env: {{- range $key, $value := .Values.doh.envVars }} - name: {{ $key | quote }} value: {{ $value | quote }} {{- end }} {{- end }} {{- if .Values.doh.probes.liveness.enabled }} livenessProbe: {{ toYaml .Values.doh.probes.liveness.probe | indent 12 }} initialDelaySeconds: {{ .Values.doh.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.doh.probes.liveness.failureThreshold }} timeoutSeconds: {{ .Values.doh.probes.liveness.timeoutSeconds }} {{- end }} {{- end }} - name: {{ .Chart.Name }} env: - name: 'WEB_PORT' value: "{{ .Values.webHttp }}" - name: VIRTUAL_HOST value: {{ .Values.virtualHost }} - name: WEBPASSWORD {{- if .Values.admin.enabled }} valueFrom: secretKeyRef: key: {{ .Values.admin.passwordKey | default "password" }} name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }} {{- else }} value: "" {{- end }} {{- range $key, $value := .Values.extraEnvVars }} - name: {{ $key | quote }} value: {{ $value | quote }} {{- end }} {{- range $key, $value := .Values.extraEnvVarsSecret }} - name: {{ $key | quote }} valueFrom: secretKeyRef: key: {{ $value.key | quote }} name: {{ $value.name | quote }} {{- end }} {{- if .Values.doh.enabled }} - name: 'DNS1' value: "127.0.0.1#5053" - name: DNS2 value: "127.0.0.1#5053" {{- else }} {{- if .Values.DNS1 }} - name: 'PIHOLE_DNS_' value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) | squote }}{{ else }}{{ .Values.DNS1 | squote }}{{ end }} {{- end }} {{- end }} {{- range $key, $value := .Values.ftl }} - name: 'FTLCONF_{{ $key }}' value: {{ $value | quote }} {{- end }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" imagePullPolicy: {{ .Values.image.pullPolicy }} securityContext: privileged: {{ .Values.privileged }} {{- if .Values.capabilities }} capabilities: {{- toYaml .Values.capabilities | nindent 14 }} {{- end }} ports: - containerPort: {{ .Values.webHttp }} name: http protocol: TCP - containerPort: 53 name: dns protocol: TCP {{- if .Values.dnsHostPort.enabled }} hostPort: {{ .Values.dnsHostPort.port }} {{- end }} - containerPort: 53 name: dns-udp protocol: UDP {{- if .Values.dnsHostPort.enabled }} hostPort: {{ .Values.dnsHostPort.port }} {{- end }} - containerPort: {{ .Values.webHttps }} name: https protocol: TCP - containerPort: 67 name: client-udp protocol: UDP {{- if .Values.probes.liveness.enabled }} livenessProbe: {{- if eq .Values.probes.liveness.type "command" }} exec: command: {{ .Values.probes.liveness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }} {{- else }} httpGet: path: /admin/index.php port: {{ .Values.probes.liveness.port }} scheme: {{ .Values.probes.liveness.scheme }} {{- end }} initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.liveness.failureThreshold }} timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }} {{- end }} {{- if .Values.probes.readiness.enabled }} readinessProbe: httpGet: path: /admin/index.php port: {{ .Values.probes.readiness.port }} scheme: {{ .Values.probes.readiness.scheme }} initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }} failureThreshold: {{ .Values.probes.readiness.failureThreshold }} timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }} {{- end }} volumeMounts: - mountPath: /etc/pihole name: config {{- if .Values.persistentVolumeClaim.subPath }} subPath: {{ .Values.persistentVolumeClaim.subPath }} {{- end }} - mountPath: /etc/dnsmasq.d/02-custom.conf name: custom-dnsmasq subPath: 02-custom.conf - mountPath: /etc/addn-hosts name: custom-dnsmasq subPath: addn-hosts {{- if .Values.dnsmasq.customCnameEntries }} - mountPath: /etc/dnsmasq.d/05-pihole-custom-cname.conf name: custom-dnsmasq subPath: 05-pihole-custom-cname.conf {{- end }} {{- if .Values.adlists }} - mountPath: /etc/pihole/adlists.list name: adlists subPath: adlists.list {{- end }} {{- if .Values.blacklist }} - mountPath: /etc/pihole/blacklist.txt name: blacklist subPath: blacklist.txt {{- end }} {{- if .Values.regex }} - mountPath: /etc/pihole/regex.list name: regex subPath: regex.list {{- end }} {{- if .Values.whitelist }} - mountPath: /etc/pihole/whitelist.txt name: whitelist subPath: whitelist.txt {{- end }} {{- if .Values.dnsmasq.staticDhcpEntries }} - mountPath: /etc/dnsmasq.d/04-pihole-static-dhcp.conf name: static-dhcp subPath: pihole-static-dhcp.conf {{- end }} {{- range $key, $value := .Values.extraVolumeMounts }} - name: {{ $key }} {{- toYaml $value | nindent 12 }} {{- end }} resources: {{ toYaml .Values.resources | indent 12 }} {{- with .Values.nodeSelector }} nodeSelector: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.affinity }} affinity: {{ toYaml . | indent 8 }} {{- end }} {{- with .Values.tolerations }} tolerations: {{ toYaml . | indent 8 }} {{- end }} {{- if .Values.priorityClassName }} priorityClassName: "{{ .Values.priorityClassName }}" {{- end }} {{- with .Values.topologySpreadConstraints }} topologySpreadConstraints: {{ toYaml . | indent 8 }} {{- end }} volumes: - name: config {{- if .Values.persistentVolumeClaim.enabled }} persistentVolumeClaim: claimName: {{ if .Values.persistentVolumeClaim.existingClaim }}{{ .Values.persistentVolumeClaim.existingClaim }}{{- else }}{{ template "pihole.fullname" . }}{{- end }} {{- else if .Values.customVolumes.enabled }} {{- toYaml .Values.customVolumes.config | nindent 8 }} {{- else }} emptyDir: {} {{- end }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-custom-dnsmasq name: custom-dnsmasq {{- if .Values.adlists }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-adlists name: adlists {{- end }} {{- if .Values.whitelist }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-whitelist name: whitelist {{- end }} {{- if .Values.dnsmasq.staticDhcpEntries }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-static-dhcp name: static-dhcp {{- end }} {{- if .Values.blacklist }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-blacklist name: blacklist {{- end }} {{- if .Values.regex }} - configMap: defaultMode: 420 name: {{ template "pihole.fullname" . }}-regex name: regex {{- end }} {{- range $key, $value := .Values.extraVolumes }} - name: {{ $key }} {{- toYaml $value | nindent 8 }} {{- end }}