Helm/Pi-Hole
|
Helm |
|---|
helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes
helm repo update && helm repo list
kubectl config get-contexts
|
Helm » Context
|
Helm » Context | |
|---|---|
export KUBECONFIG="${HOME}/.kube/aws-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/dev-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/gcp-kubeconfig.yaml"
export KUBECONFIG="${HOME}/.kube/config"
|
cat <<'EXE'| sudo bash
mkdir -p /var/minikube/pvc/pihole/data-pihole-0/
chown -R 0:0 /var/minikube/pvc/pihole/
EXE
|
Helm » Install
|
Helm » Install | |
|---|---|
helm show values mojo2600/pihole --version=2.31.0|less
helm show values mojo2600/pihole --version=2.34.0|less
| |
kubectl get ns|grep pihole
kubectl delete ns pihole || true
kubectl get ns|grep pihole
kubectl create ns pihole || true
|
cat <<ENV | \
kubectl -n=pihole create secret generic pihole --from-env-file=/dev/stdin
password=1EY3QexQoNg3nKMS
ENV
|
|
| |
cat <<'YML'| \
kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolume
metadata:
name: pihole-data-pihole-0
spec:
capacity:
storage: 1Gi
accessModes:
- ReadWriteOnce
persistentVolumeReclaimPolicy: Retain
storageClassName: hostpath
hostPath:
path: /var/hostpath_pv/pihole/data-pihole-0
type: DirectoryOrCreate
YML
|
cat << YML | \
kubectl apply -f -
---
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
labels:
app.kubernetes.io/name: pihole
name: data-pihole-0
namespace: pihole
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: 1Gi
storageClassName: hostpath
volumeName: pihole-data-pihole-0
YML
|
cat <<'YML' | \
helm -n=pihole upgrade -i pihole mojo2600/pihole --version=2.34.0 -f -
---
serviceWeb:
type: LoadBalancer
loadBalancerIP: 192.168.49.110
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
metallb.io/ip-allocated-from-pool: metallb-ip-pool
serviceDns:
type: LoadBalancer
loadBalancerIP: 192.168.49.110
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
metallb.io/ip-allocated-from-pool: metallb-ip-pool
DNS1: 1.1.1.1
DNS2: 8.8.8.8
dnsmasq:
upstreamServers: []
# - 1.1.1.1
# - 8.8.8.8
customDnsEntries:
- address=/biz.ops/192.168.49.2
- address=/k8s.ops/192.168.49.2
- address=/dev.shahed.biz/10.19.83.100
additionalHostsEntries:
- 192.168.49.109 harbor.k8s.ops
- 192.168.49.110 pihole.k8s.ops
customCnameEntries:
- cname=k8s.ops,pihole.k8s.ops
- cname=harbor.k8s.ops,pihole.k8s.ops
admin:
enabled: true
existingSecret: pihole
passwordKey: password
persistentVolumeClaim:
enabled: true
size: 1Gi
accessModes:
- ReadWriteOnce
storageClass: hostpath
existingClaim: data-pihole-0
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
extraEnvVars:
TZ: UTC-8
virtualHost: pihole.k8s.ops
ingress:
enabled: true
ingressClassName: nginx
annotations:
kubernetes.io/tls-acme: "false"
kubernetes.io/ingress.class: nginx
pathType: ImplementationSpecific
path: /
hosts:
- pihole.k8s.ops
YML
| |
telnet 192.168.49.110 53
|
setsid open http://192.168.49.110 >/dev/null 2>&1 &
|
Helm » Ingress
|
Pi-Hole » Ingress | |
|---|---|
cat <<'YML' | \
kubectl -n pihole apply -f -
---
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: pihole-cert
namespace: pihole
spec:
secretName: pihole-cert
commonName: pihole.shahed.biz.ops
dnsNames:
- pihole.shahed.biz.ops
- pihole.shahed.biz
- pihole.k8s.ops
ipAddresses:
- 192.168.49.110
- 127.0.0.1
duration: 8760h
renewBefore: 720h
privateKey:
size: 256
encoding: PKCS8
algorithm: ECDSA
rotationPolicy: Always
usages:
- digital signature
- key encipherment
- server auth
- client auth
subject:
countries: ["BD"]
provinces: ["Dhaka"]
postalCodes: ["1500"]
localities: ["Munshiganj"]
organizations: ["Shahed, Inc."]
organizationalUnits: ["pihole.shahed.biz.ops"]
streetAddresses: ["256 Khal East, Passport Office"]
issuerRef:
name: shahed-ecc-sub-ca-2025-k8s
kind: ClusterIssuer
YML
|
|
cat <<'YML' | \
kubectl -n pihole patch ingress/pihole --patch-file=/dev/stdin
---
metadata:
annotations:
cert-manager.io/cluster-issuer: shahed-ecc-sub-ca-2025-k8s
spec:
tls:
- hosts:
- pihole.shahed.biz.ops
- pihole.shahed.biz
- pihole.k8s.ops
- 192.168.49.110
- 127.0.0.1
secretName: pihole-cert
YML
|
cat <<'YML' | \
kubectl -n pihole patch ingress/pihole --patch-file=/dev/stdin
---
metadata:
annotations:
cert-manager.io/cluster-issuer: null
spec:
tls: null
YML
|
sudo systemctl restart systemd-resolved
resolvectl status
|
setsid open http://192.168.49.110 >/dev/null 2>&1 &
setsid open htts://pihole.k8s.ops >/dev/null 2>&1 &
|
Helm » Config
|
Pi-Hole » Config |
Pi-Hole » Revert |
|---|---|
cat <<'YML'| \
kubectl -n pihole patch configmap \
pihole-custom-dnsmasq --type merge --patch-file=/dev/stdin
---
data:
02-custom.conf: |
addn-hosts=/etc/addn-hosts
address=/bd.ops/192.168.49.2
address=/io.ops/192.168.49.2
address=/my.ops/192.168.49.2
address=/biz.ops/192.168.49.2
address=/com.ops/192.168.49.2
address=/k8s.ops/192.168.49.2
address=/org.ops/192.168.49.2
address=/group.ops/192.168.49.2
address=/dev.shahed.biz/10.19.83.100
dhcp-option=6,192.168.49.110
05-pihole-custom-cname.conf: |
cname=bd.ops,pihole.k8s.ops
cname=io.ops,pihole.k8s.ops
cname=my.ops,pihole.k8s.ops
cname=biz.ops,pihole.k8s.ops
cname=com.ops,pihole.k8s.ops
cname=k8s.ops,pihole.k8s.ops
cname=org.ops,pihole.k8s.ops
cname=group.ops,pihole.k8s.ops
cname=harbor.k8s.ops,pihole.k8s.ops
addn-hosts: |
192.168.49.109 harbor.k8s.ops
192.168.49.110 pihole.k8s.ops
YML
|
cat <<'YML'| \
kubectl -n pihole patch configmap \
pihole-custom-dnsmasq --type merge --patch-file=/dev/stdin
---
data:
02-custom.conf: |
addn-hosts=/etc/addn-hosts
address=/biz.ops/192.168.49.2
address=/k8s.ops/192.168.49.2
address=/dev.shahed.biz/10.19.83.100
dhcp-option=6,192.168.49.110
05-pihole-custom-cname.conf: |
cname=k8s.ops,pihole.k8s.ops
cname=harbor.k8s.ops,pihole.k8s.ops
addn-hosts: |
192.168.49.109 harbor.k8s.ops
192.168.49.110 pihole.k8s.ops
YML
|
cat <<'YML' | \
kubectl -n pihole patch deploy/pihole --patch-file=/dev/stdin
---
spec:
replicas: 0
YML
|
cat <<'YML' | \
kubectl -n pihole patch deploy/pihole --patch-file=/dev/stdin
---
spec:
replicas: 1
YML
|
sudo vim /etc/systemd/resolved.conf
:'
[Resolve]
DNS=192.168.49.110 192.168.49.2 10.19.83.100 1.1.1.1 8.8.8.8
FallbackDNS=1.1.1.1 8.8.8.8
DNSStubListener=yes
Domains=~.
'
sudo systemctl restart systemd-resolved
resolvectl status
|
kubectl -n pihole run -i --tty --rm pihole-cli \
--image=alpine --restart=Never --command -- ash
apk --update add curl bind-tools inetutils-telnet
ping pihole.k8s.ops
dig +short pihole.k8s.ops
dig +short host.k8s.ops
nslookup www.k8s.ops
ping www.k8s.ops
|
docker run --rm alpine cat /etc/resolv.conf
docker run --rm alpine cat /etc/hosts
|
docker run --rm alpine ping www.k8s.ops
docker run --rm alpine ping google.com
|
Helm » Rollout
|
Pi-Hole » Rollout | |
|---|---|
kubectl -n pihole annotate deploy/pihole --overwrite \
kubernetes.io/change-cause="CKI-1| Initial Deployment"
|
kubectl -n pihole rollout history deploy/pihole
kubectl -n pihole rollout pause deploy/pihole
|
|
Pi-Hole » Rollout |
Pi-Hole » Revert |
cat <<'YML' | \
kubectl -n pihole patch deploy/pihole --patch-file=/dev/stdin
---
spec:
template:
spec:
containers:
- name: pihole
resources:
requests:
cpu: 100m
memory: 128Mi
limits:
cpu: 200m
memory: 256Mi
YML
|
cat <<'YML' | \
kubectl -n pihole patch deploy/pihole --patch-file=/dev/stdin
---
spec:
template:
spec:
containers:
- name: pihole
resources:
requests:
cpu: 100m
memory: 256Mi
limits:
cpu: 500m
memory: 512Mi
YML
|
kubectl -n pihole annotate deploy/pihole --overwrite \
kubernetes.io/change-cause="CKI-2| Resources Updated"
|
kubectl -n pihole rollout resume deploy/pihole
kubectl -n pihole rollout history deploy/pihole
|
kubectl -n pihole rollout undo deploy/pihole --to-revision=1
kubectl -n pihole rollout history deploy/pihole
|
kubectl -n pihole annotate deploy/pihole --overwrite \
kubernetes.io/change-cause="CKI-3| Revert Back to CKI-1"
|
kubectl -n pihole get deploy pihole -o yaml \
| yq -P '.spec.template.spec.containers[]|select(.name == "pihole")|.resources'
|
kubectl -n pihole get deploy pihole \
-o jsonpath='{.spec.template.spec.containers[?(@.name=="pihole")].resources}' | yq -P
|
Helm » Uninstall
|
Helm » Uninstall |
|---|
kubectl delete ns pihole
helm -n pihole status pihole
helm -n pihole get all pihole
helm -n pihole uninstall pihole
kubectl -n pihole delete pvc --all
kubectl delete pv pihole-data-pihole-0
|
Playground
|
Playground | |
|---|---|
helm -n pihole install pihole mojo2600/pihole --version=2.33.0
helm -n pihole upgrade -i pihole mojo2600/pihole --version=2.34.0
helm show values mojo2600/pihole --version=2.34.0|less
| |
kubectl -n pihole get secret pihole -o json|jq -r '.data.password'|base64 -d;echo
kubectl -n pihole exec -it svc/pihole-web -c pihole -- ash
kubectl -n pihole logs -f svc/pihole-web -c pihole
kubectl -n pihole logs -f svc/pihole-web
| |
kubectl config --kubeconfig=${HOME}/.kube/aws-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/dev-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/gcp-kubeconfig.yaml view --flatten
kubectl config --kubeconfig=${HOME}/.kube/config view --flatten
| |
kubectl -n pihole delete all --all
kubectl -n pihole delete ing --all
kubectl -n pihole delete sts --all
|
kubectl delete pv pihole-data-pihole-0
kubectl -n pihole delete svc --all
kubectl -n pihole delete pvc --all
|
kubectl -n pihole rollout history deploy pihole
kubectl -n pihole rollout restart deploy pihole
kubectl -n pihole rollout status deploy pihole
|
<syntaxhighlight lang="bash">
kubectl -n pihole exec -it svc/pihole-web -c pihole -- ash
kubectl -n pihole logs -f svc/pihole-web -c pihole
kubectl -n pihole logs -f svc/pihole-web
|
References
|
References | ||
|---|---|---|