migrate pi-hole here

apps/camper/pi-hole/configmap.yaml

@@ -0,0 +1,7 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: pihole
+data:
+  02-custom.conf: |
+    address=/foo.bar/192.168.1.101

apps/camper/pi-hole/deployment.yaml

@@ -0,0 +1,74 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  labels:
+    app: pihole
+  name: pihole
+spec:
+  progressDeadlineSeconds: 600
+  replicas: 1
+  revisionHistoryLimit: 10
+  selector:
+    matchLabels:
+      app: pihole
+  strategy:
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 1
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        app: pihole
+    spec:
+      containers:
+        - env:
+            - name: FTLCONF_LOCAL_IPV4
+              value: 192.168.3.3
+            - name: VIRTUAL_HOST
+              value: pihole.camper.tobru.ch
+            - name: TZ
+              value: Europe/Zurich
+            - name: WEBPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  key: password
+                  name: pihole
+          image: docker.io/pihole/pihole:2024.02.0
+          imagePullPolicy: IfNotPresent
+          name: pihole
+          ports:
+            - name: dns-tcp
+              protocol: TCP
+              containerPort: 53
+              hostPort: 53
+            - name: dns-udp
+              protocol: UDP
+              containerPort: 53
+              hostPort: 53
+            - containerPort: 80
+              name: pihole-http
+              protocol: TCP
+            - containerPort: 443
+              name: pihole-ssl
+              protocol: TCP
+            - containerPort: 67
+              name: client-udp
+              protocol: UDP
+          volumeMounts:
+            - mountPath: /etc/pihole
+              name: config
+            - mountPath: /etc/dnsmasq.d/02-custom.conf
+              name: custom-dnsmasq
+              subPath: 02-custom.conf
+          resources: {}
+      dnsPolicy: ClusterFirst
+      restartPolicy: Always
+      volumes:
+        - name: config
+          persistentVolumeClaim:
+            claimName: pihole
+        - configMap:
+            defaultMode: 420
+            name: pihole
+          name: custom-dnsmasq

apps/camper/pi-hole/ingress.yaml

@@ -0,0 +1,23 @@
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: pihole
+  annotations:
+    cert-manager.io/cluster-issuer: letsencrypt-prod-desec
+    traefik.ingress.kubernetes.io/router.middlewares: default-redirect-https@kubernetescrd
+spec:
+  tls:
+    - hosts:
+      - pihole.camper.tobru.ch
+      secretName: ingress-cert
+  rules:
+    - host: pihole.camper.tobru.ch
+      http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: pihole-http
+                port:
+                  number: 8080

apps/camper/pi-hole/kustomization.yaml

@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+resources:
+- configmap.yaml
+- secret.yaml
+- pvc.yaml
+- deployment.yaml
+- ingress.yaml
+- service.yaml
+generators:
+  - secret-generator.yaml

apps/camper/pi-hole/pvc.yaml

@@ -0,0 +1,13 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  labels:
+    app: pihole
+  name: pihole
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 500Mi
+  storageClassName: local-path

apps/camper/pi-hole/secret-generator.yaml

@@ -0,0 +1,6 @@
+apiVersion: viaduct.ai/v1
+kind: ksops
+metadata:
+  name: secret-generator
+files:
+  - secret.sops.yaml

apps/camper/pi-hole/secret.sops.yaml

@@ -0,0 +1,27 @@
+apiVersion: v1
+kind: Secret
+metadata:
+    name: pihole
+type: Opaque
+stringData:
+    password: ENC[AES256_GCM,data:3AUvj0JDwYcfFg==,iv:Ep9lU40kuSa8jvmhE9nlTVOl9zL/bp8HLqOruKWncjU=,tag:ZnfkumtoZjJ4AY6KGc7Hqg==,type:str]
+sops:
+    kms: []
+    gcp_kms: []
+    azure_kv: []
+    hc_vault: []
+    age:
+        - recipient: age1dfk8euu7afvw7ge5l2qek45z23hdq5anjd56cy4d7kcsf0e0e5pqfjylx8
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB5REZ0RFA3Y3BMbHYwODNi
+            dTRJZW8wL2NWaDh4Ykl0MWRzRWtFcTZhMDNJCldZSnQzeWc1UkJ1QUI4Q1NLbkVa
+            SW1hT21SamdiR1F4TFYxRU11OExTalUKLS0tIFBhSncxNTBNRUlGM1hqZEsyOG5R
+            U0E5QzJuM0RkZElTbUY4MDhzbjh4VHcKEJFmkRlaFeK2yP213rD8e8IRFW9JPu1J
+            ckwimwpYtvCIUM5yA4802bF5sxf7bkwGArWXsBb4CUdn6BfItSf3bg==
+            -----END AGE ENCRYPTED FILE-----
+    lastmodified: "2024-02-25T19:20:27Z"
+    mac: ENC[AES256_GCM,data:sN6huHA8oFJo48hDJLOGulDf53cd8qKP1xu34W1JEes0NqT3j2xOqJoRPLHLqcUK99fZR+u7zn2hXFBjpO+5Jui5f1G/RdRiPIuknIu6J22k9Ev1vxmFIuXXUSC2Q3VSOQ1nCEie3QDuP/uD6DFJmDOQztpgp26RkdWNrhHil5I=,iv:jqBnu7bC9kEAfe7uYn8Yrf4Vab9v5Vxft7prgUHIew4=,tag:+dC7u1F7jPEzlLnAtp6eeA==,type:str]
+    pgp: []
+    encrypted_regex: ^(data|stringData)$
+    version: 3.8.1

apps/camper/pi-hole/service.yaml

@@ -0,0 +1,16 @@
+apiVersion: v1
+kind: Service
+metadata:
+  labels:
+    app: pihole
+  name: pihole-http
+spec:
+  ports:
+    - name: pihole-http
+      port: 8080
+      protocol: TCP
+      targetPort: pihole-http
+  selector:
+    app: pihole
+  sessionAffinity: None
+  type: ClusterIP

argoapps/camper/pi-hole.yaml

@@ -0,0 +1,18 @@
+apiVersion: argoproj.io/v1alpha1
+kind: Application
+metadata:
+  name: camper-pi-hole
+  namespace: argocd
+spec:
+  project: apps-camper
+  source:
+    path: apps/camper/pi-hole
+    repoURL: https://git.tbrnt.ch/tobru/gitops-zurrli.git
+    targetRevision: HEAD
+  destination:
+    name: camper
+    namespace: pi-hole
+  syncPolicy:
+    syncOptions:
+      - ServerSideApply=true
+      - CreateNamespace=true