migrate pi-hole here
This commit is contained in:
parent
47ca40eb34
commit
e34aee61f4
7
apps/camper/pi-hole/configmap.yaml
Normal file
7
apps/camper/pi-hole/configmap.yaml
Normal file
|
@ -0,0 +1,7 @@
|
|||
apiVersion: v1
|
||||
kind: ConfigMap
|
||||
metadata:
|
||||
name: pihole
|
||||
data:
|
||||
02-custom.conf: |
|
||||
address=/foo.bar/192.168.1.101
|
74
apps/camper/pi-hole/deployment.yaml
Normal file
74
apps/camper/pi-hole/deployment.yaml
Normal file
|
@ -0,0 +1,74 @@
|
|||
apiVersion: apps/v1
|
||||
kind: Deployment
|
||||
metadata:
|
||||
labels:
|
||||
app: pihole
|
||||
name: pihole
|
||||
spec:
|
||||
progressDeadlineSeconds: 600
|
||||
replicas: 1
|
||||
revisionHistoryLimit: 10
|
||||
selector:
|
||||
matchLabels:
|
||||
app: pihole
|
||||
strategy:
|
||||
rollingUpdate:
|
||||
maxSurge: 1
|
||||
maxUnavailable: 1
|
||||
type: RollingUpdate
|
||||
template:
|
||||
metadata:
|
||||
labels:
|
||||
app: pihole
|
||||
spec:
|
||||
containers:
|
||||
- env:
|
||||
- name: FTLCONF_LOCAL_IPV4
|
||||
value: 192.168.3.3
|
||||
- name: VIRTUAL_HOST
|
||||
value: pihole.camper.tobru.ch
|
||||
- name: TZ
|
||||
value: Europe/Zurich
|
||||
- name: WEBPASSWORD
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
key: password
|
||||
name: pihole
|
||||
image: docker.io/pihole/pihole:2024.02.0
|
||||
imagePullPolicy: IfNotPresent
|
||||
name: pihole
|
||||
ports:
|
||||
- name: dns-tcp
|
||||
protocol: TCP
|
||||
containerPort: 53
|
||||
hostPort: 53
|
||||
- name: dns-udp
|
||||
protocol: UDP
|
||||
containerPort: 53
|
||||
hostPort: 53
|
||||
- containerPort: 80
|
||||
name: pihole-http
|
||||
protocol: TCP
|
||||
- containerPort: 443
|
||||
name: pihole-ssl
|
||||
protocol: TCP
|
||||
- containerPort: 67
|
||||
name: client-udp
|
||||
protocol: UDP
|
||||
volumeMounts:
|
||||
- mountPath: /etc/pihole
|
||||
name: config
|
||||
- mountPath: /etc/dnsmasq.d/02-custom.conf
|
||||
name: custom-dnsmasq
|
||||
subPath: 02-custom.conf
|
||||
resources: {}
|
||||
dnsPolicy: ClusterFirst
|
||||
restartPolicy: Always
|
||||
volumes:
|
||||
- name: config
|
||||
persistentVolumeClaim:
|
||||
claimName: pihole
|
||||
- configMap:
|
||||
defaultMode: 420
|
||||
name: pihole
|
||||
name: custom-dnsmasq
|
23
apps/camper/pi-hole/ingress.yaml
Normal file
23
apps/camper/pi-hole/ingress.yaml
Normal file
|
@ -0,0 +1,23 @@
|
|||
apiVersion: networking.k8s.io/v1
|
||||
kind: Ingress
|
||||
metadata:
|
||||
name: pihole
|
||||
annotations:
|
||||
cert-manager.io/cluster-issuer: letsencrypt-prod-desec
|
||||
traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
|
||||
spec:
|
||||
tls:
|
||||
- hosts:
|
||||
- pihole.camper.tobru.ch
|
||||
secretName: ingress-cert
|
||||
rules:
|
||||
- host: pihole.camper.tobru.ch
|
||||
http:
|
||||
paths:
|
||||
- path: /
|
||||
pathType: Prefix
|
||||
backend:
|
||||
service:
|
||||
name: pihole-http
|
||||
port:
|
||||
number: 8080
|
11
apps/camper/pi-hole/kustomization.yaml
Normal file
11
apps/camper/pi-hole/kustomization.yaml
Normal file
|
@ -0,0 +1,11 @@
|
|||
apiVersion: kustomize.config.k8s.io/v1beta1
|
||||
kind: Kustomization
|
||||
resources:
|
||||
- configmap.yaml
|
||||
- secret.yaml
|
||||
- pvc.yaml
|
||||
- deployment.yaml
|
||||
- ingress.yaml
|
||||
- service.yaml
|
||||
generators:
|
||||
- secret-generator.yaml
|
13
apps/camper/pi-hole/pvc.yaml
Normal file
13
apps/camper/pi-hole/pvc.yaml
Normal file
|
@ -0,0 +1,13 @@
|
|||
apiVersion: v1
|
||||
kind: PersistentVolumeClaim
|
||||
metadata:
|
||||
labels:
|
||||
app: pihole
|
||||
name: pihole
|
||||
spec:
|
||||
accessModes:
|
||||
- ReadWriteOnce
|
||||
resources:
|
||||
requests:
|
||||
storage: 500Mi
|
||||
storageClassName: local-path
|
6
apps/camper/pi-hole/secret-generator.yaml
Normal file
6
apps/camper/pi-hole/secret-generator.yaml
Normal file
|
@ -0,0 +1,6 @@
|
|||
apiVersion: viaduct.ai/v1
|
||||
kind: ksops
|
||||
metadata:
|
||||
name: secret-generator
|
||||
files:
|
||||
- secret.sops.yaml
|
27
apps/camper/pi-hole/secret.sops.yaml
Normal file
27
apps/camper/pi-hole/secret.sops.yaml
Normal file
|
@ -0,0 +1,27 @@
|
|||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: pihole
|
||||
type: Opaque
|
||||
stringData:
|
||||
password: ENC[AES256_GCM,data:3AUvj0JDwYcfFg==,iv:Ep9lU40kuSa8jvmhE9nlTVOl9zL/bp8HLqOruKWncjU=,tag:ZnfkumtoZjJ4AY6KGc7Hqg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REZ0RFA3Y3BMbHYwODNi
|
||||
dTRJZW8wL2NWaDh4Ykl0MWRzRWtFcTZhMDNJCldZSnQzeWc1UkJ1QUI4Q1NLbkVa
|
||||
SW1hT21SamdiR1F4TFYxRU11OExTalUKLS0tIFBhSncxNTBNRUlGM1hqZEsyOG5R
|
||||
U0E5QzJuM0RkZElTbUY4MDhzbjh4VHcKEJFmkRlaFeK2yP213rD8e8IRFW9JPu1J
|
||||
ckwimwpYtvCIUM5yA4802bF5sxf7bkwGArWXsBb4CUdn6BfItSf3bg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2024-02-25T19:20:27Z"
|
||||
mac: ENC[AES256_GCM,data:sN6huHA8oFJo48hDJLOGulDf53cd8qKP1xu34W1JEes0NqT3j2xOqJoRPLHLqcUK99fZR+u7zn2hXFBjpO+5Jui5f1G/RdRiPIuknIu6J22k9Ev1vxmFIuXXUSC2Q3VSOQ1nCEie3QDuP/uD6DFJmDOQztpgp26RkdWNrhHil5I=,iv:jqBnu7bC9kEAfe7uYn8Yrf4Vab9v5Vxft7prgUHIew4=,tag:+dC7u1F7jPEzlLnAtp6eeA==,type:str]
|
||||
pgp: []
|
||||
encrypted_regex: ^(data|stringData)$
|
||||
version: 3.8.1
|
16
apps/camper/pi-hole/service.yaml
Normal file
16
apps/camper/pi-hole/service.yaml
Normal file
|
@ -0,0 +1,16 @@
|
|||
apiVersion: v1
|
||||
kind: Service
|
||||
metadata:
|
||||
labels:
|
||||
app: pihole
|
||||
name: pihole-http
|
||||
spec:
|
||||
ports:
|
||||
- name: pihole-http
|
||||
port: 8080
|
||||
protocol: TCP
|
||||
targetPort: pihole-http
|
||||
selector:
|
||||
app: pihole
|
||||
sessionAffinity: None
|
||||
type: ClusterIP
|
18
argoapps/camper/pi-hole.yaml
Normal file
18
argoapps/camper/pi-hole.yaml
Normal file
|
@ -0,0 +1,18 @@
|
|||
apiVersion: argoproj.io/v1alpha1
|
||||
kind: Application
|
||||
metadata:
|
||||
name: camper-pi-hole
|
||||
namespace: argocd
|
||||
spec:
|
||||
project: apps-camper
|
||||
source:
|
||||
path: apps/camper/pi-hole
|
||||
repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
|
||||
targetRevision: HEAD
|
||||
destination:
|
||||
name: camper
|
||||
namespace: pi-hole
|
||||
syncPolicy:
|
||||
syncOptions:
|
||||
- ServerSideApply=true
|
||||
- CreateNamespace=true
|
Loading…
Reference in a new issue