feat(pihole): k8s

kubernetes/longhorn/README.md

@@ -0,0 +1,9 @@
+# longhorn
+
+Mounting an external drive
+
+```bash
+mkfs.ext4 <device>
+sudo mkdir /mnt/longhorn
+sudo mount <device> /mnt/longhorn
+```

kubernetes/pihole/configmap.yaml

@@ -4,14 +4,14 @@ metadata:
   name: pihole-configmap # https://docs.pi-hole.net/ftldns/dnsmasq_warn/
   namespace: pihole # changes to /etc/pihole/pihole.toml within pod
 data:
-  TZ: "America/New_York"
+  TZ: "America/Detroit"
   PIHOLE_DNS_: "8.8.8.8;8.8.4.4"
   pihole.toml: |
     [dns]
     listen_addresses = ["0.0.0.0"]
     listening_mode = "SINGLE"
 ---
-apiVersion: v1 # https://www.reddit.com/r/pihole/comments/1it1k2x/pihole_6_wildcard_dns_matches_no_longer_working/
+apiVersion: v1
 kind: ConfigMap
 metadata:
   name: pihole-wildcard-configmap

kubernetes/pihole/kustomization.yaml

@@ -3,13 +3,12 @@ kind: Kustomization
 metadata:
   namespace: pihole
 resources:
-  - certificate.yaml
   - configmap.yaml
   - dns-service.yaml
   - headless-service.yaml
   - ingress.yaml
   - namespace.yaml
-  - orbital-sync.yaml
+  # - orbital-sync.yaml # https://github.com/mattwebbio/orbital-sync/pull/567
   - pv.yaml
   - statefulset.yaml
   - web-service.yaml

kubernetes/pihole/orbital-sync.yaml

@@ -0,0 +1,32 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: orbital-sync
+  namespace: pihole
+spec:
+  selector:
+    matchLabels:
+      app: orbital-sync
+  template:
+    metadata:
+      labels:
+        app: orbital-sync
+    spec:
+      containers:
+      - name: orbital-sync
+        image: ghcr.io/mattwebbio/orbital-sync:sha-b7c105d-distroless@sha256:1a7e1963b457185337665204db1c1e553338d43a59b4ee2aeff4d070213b0289 #https://github.com/mattwebbio/orbital-sync/issues/190
+        envFrom:
+          - configMapRef:
+              name: orbital-sync-config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: orbital-sync-config
+  namespace: pihole
+data:
+  PRIMARY_HOST_BASE_URL: "http://pihole-0.pihole.pihole.svc.cluster.local"
+  PRIMARY_HOST_PASSWORD: ""
+  SECONDARY_HOST_1_BASE_URL: "http://pihole-1.pihole.pihole.svc.cluster.local"
+  SECONDARY_HOSTS_1_PASSWORD: ""
+  INTERVAL_MINUTES: "1"

kubernetes/pihole/statefulset.yaml

@@ -8,15 +8,15 @@ spec:
     matchLabels:
       app: pihole
   serviceName: pihole
-  replicas: 3
+  replicas: 1
   template:
     metadata:
       labels:
         app: pihole
     spec:
       containers:
         - name: pihole
-          image: pihole/pihole@sha256:6c872c3f8f1954423dbd1c7db661719b447e7b890e231489ada2a6a2904342ff
+          image: pihole/pihole:2025.03.0@sha256:6c872c3f8f1954423dbd1c7db661719b447e7b890e231489ada2a6a2904342ff
           lifecycle:
             postStart:
               exec:
@@ -36,7 +36,7 @@ spec:
             - name: svc-53-tcp-dns
               containerPort: 53
               protocol: TCP
-          # TODO: fix probes; works on 2022.12.01 image; fails with 403 in pihole v6
+          # TODO: create probes; fails with 403 in pihole v6
           # https://www.reddit.com/r/pihole/comments/1ivj7q0/dns_stopped_working_entirely_after_v6_upgrade/
           # livenessProbe:
           #   httpGet:

kubernetes/pihole/web-service.yaml

@@ -6,7 +6,7 @@ metadata:
 spec:
   selector:
     app: pihole
-    statefulset.kubernetes.io/pod-name: pihole-0
+    statefulset.kubernetes.io/pod-name: pihole-0 # direct web interface traffic to primary instance; secondaries would be overwritten with orbital-sync
   type: ClusterIP
   ports:
     - name: svc-80-tcp-web