pihole

.github/workflows/pihole.yml

@@ -0,0 +1,51 @@
+name: Deploy pihole
+
+on:
+  push:
+    branches:
+      - main
+    tags:
+      - "*"
+
+env:
+  MANIFEST_PATH: "pihole/pihole.yml"
+
+jobs:
+  deploy:
+    runs-on: mealcraft-runners
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v4
+
+      # Install kubectl
+      - name: Install kubectl
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y curl ca-certificates
+          curl -LO "https://dl.k8s.io/release/$(curl -sL https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl"
+          sudo install -m 0755 kubectl /usr/local/bin/kubectl
+
+      # Install envsubst
+      - name: Install envsubst
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y gettext
+
+      # Configure kubeconfig (ARC service account)
+      - name: Configure kubeconfig
+        run: |
+          KUBE_HOST="https://$KUBERNETES_SERVICE_HOST:$KUBERNETES_SERVICE_PORT"
+          SA_TOKEN=$(cat /var/run/secrets/kubernetes.io/serviceaccount/token)
+          CA_CERT=/var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+          NAMESPACE=$(cat /var/run/secrets/kubernetes.io/serviceaccount/namespace)
+
+          kubectl config set-cluster microk8s --server="$KUBE_HOST" --certificate-authority="$CA_CERT"
+          kubectl config set-credentials runner --token="$SA_TOKEN"
+          kubectl config set-context runner-context --cluster=microk8s --user=runner --namespace="$NAMESPACE"
+          kubectl config use-context runner-context
+
+      - name: Deploy Pi-hole to Kubernetes
+        run: |
+          echo "Deploying Pi-hole"
+          envsubst < $MANIFEST_PATH | kubectl apply -f -

pihole/pihole.yml

@@ -0,0 +1,159 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pihole
+  namespace: default
+spec:
+  type: NodePort
+  selector:
+    app: pihole
+  ports:
+    - name: web
+      port: 80
+      targetPort: 80
+      nodePort: 30080
+      protocol: TCP
+
+    - name: dns-udp
+      port: 53
+      targetPort: 53
+      nodePort: 30053
+      protocol: UDP
+
+    - name: dns-tcp
+      port: 53
+      targetPort: 53
+      nodePort: 30054
+      protocol: TCP
+
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pihole
+  namespace: default
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pihole
+  template:
+    metadata:
+      labels:
+        app: pihole
+    spec:
+      containers:
+        - name: pihole
+          image: pihole/pihole:latest
+          env:
+            - name: TZ
+              value: "Europe/London"
+
+            - name: WEBPASSWORD
+              value: "changeme"
+
+            - name: DNSMASQ_LISTENING
+              value: "single"
+
+            # Upstream DNS servers
+            - name: PIHOLE_DNS_
+              value: "1.1.1.1;1.0.0.1"
+
+          ports:
+            - containerPort: 80
+            - containerPort: 53
+              protocol: TCP
+            - containerPort: 53
+              protocol: UDP
+
+          volumeMounts:
+            - name: pihole-etc
+              mountPath: /etc/pihole
+            - name: dnsmasq-etc
+              mountPath: /etc/dnsmasq.d
+
+      volumes:
+        - name: pihole-etc
+          persistentVolumeClaim:
+            claimName: pihole-etc-pvc
+
+        - name: dnsmasq-etc
+          persistentVolumeClaim:
+            claimName: dnsmasq-etc-pvc
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pihole-etc-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: pihole-local-storage
+  resources:
+    requests:
+      storage: 2Gi
+
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: dnsmasq-etc-pvc
+  namespace: default
+spec:
+  accessModes:
+    - ReadWriteOnce
+  storageClassName: pihole-local-storage
+  resources:
+    requests:
+      storage: 1Gi
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: pihole-etc-pv
+spec:
+  capacity:
+    storage: 2Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: pihole-local-storage
+  local:
+    path: /home/kimjunte/k8s_storage/pihole/etc
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - mist
+
+---
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: dnsmasq-etc-pv
+spec:
+  capacity:
+    storage: 1Gi
+  volumeMode: Filesystem
+  accessModes:
+    - ReadWriteOnce
+  persistentVolumeReclaimPolicy: Retain
+  storageClassName: pihole-local-storage
+  local:
+    path: /home/kimjunte/k8s_storage/pihole/dnsmasq
+  nodeAffinity:
+    required:
+      nodeSelectorTerms:
+        - matchExpressions:
+            - key: kubernetes.io/hostname
+              operator: In
+              values:
+                - mist