add pihole deployment, service, PVC, and sealed secret configurations

2025-10-15 07:02:12 +05:30
parent afc51f3766
commit c45f238ce7
4 changed files with 97 additions and 0 deletions
--- a/clusters/default/tools/pihole/pihole-pvc.yml
+++ b/clusters/default/tools/pihole/pihole-pvc.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: pihole-longhorn
+  namespace: tools
+spec:
+  accessModes:
+    - ReadWriteOnce
+  volumeMode: Filesystem
+  resources:
+    requests:
+      storage: 1Gi
+  storageClassName: longhorn
--- a/clusters/default/tools/pihole/pihole-secret.yml
+++ b/clusters/default/tools/pihole/pihole-secret.yml
@@ -0,0 +1,14 @@
+---
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  name: pihole-secrets
+  namespace: tools
+spec:
+  encryptedData:
+    api_password: AgAwJyTFaLV8e3esoQTbXHR+aFfuS4NGcFRC4R+YkHUcQYPBJwUxWcA0KzPdfuYGYmXAxfC+Z6orWCSyUpM9uY9MKvSWHAS09xa5pevf+GLWw7K6707oSbXM6XWB2wT+srVkB8MfJDiXbqvI+BgAgYREYGRqgZfcr7bGXoaRzZPd06yMh9AMO7ABMzsv1VPr0YWF5de8eRXjw1xqc64ZweAk9bdwBYwx5eFetn3kUxjQG7sNSIwYMC1YL4Z/NfEhV1GplEqLz0Ag5ZiEjFBSiQhXGC5t+vCtrA8+BFLeBFZw56BseCBm9ZsNwzKP8I0qnrjZlvs1+vxFMkv4qzRnLkK3/0TUJCs9rD5NqAvSHyy/URiLFKcMbHmjPDDo9Y6/5jSB2G+gltU/5nOy/wYorwVc8fk7ix5bYbQi2r8O9sRdH8/liTobs5Sv0Edw5aiISc/vgBHaE8FmicY33HTFELQyAMDuClA86+GPcV9AeibTlBdypvv2L5jQOyiaf32xTetN5qkO/KzOjA/W99rMLTU4y0JxPUuNWMBqggafSWNwyshcRP6oALPKsHxgjBzO/L7Rdq9bk6B9OSNxVA0wxUzTuZcv0/2SGQD2iqWFHv/qBlQk4HijtkRDNtHkxcM3sNqfq3bUxyNVQrHvzxw1ng5TWZDSZPNMWbh/eSzV5xqZIAU8KNP3VbRqY6S0TGwSPPvI/z7VrzQRIgDP5Q==
+  template:
+    metadata:
+      name: pihole-secrets
+      namespace: tools
+    type: Opaque
--- a/clusters/default/tools/pihole/pihole-svc.yml
+++ b/clusters/default/tools/pihole/pihole-svc.yml
@@ -0,0 +1,15 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: pihole-tcp-service
+  namespace: tools
+spec:
+  type: LoadBalancer
+  selector:
+    app: pihole
+  ports:
+  - port: 8585
+    targetPort: 80
+    protocol: TCP
+    name: web
--- a/clusters/default/tools/pihole/pihole.yml
+++ b/clusters/default/tools/pihole/pihole.yml
@@ -0,0 +1,54 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pihole
+  namespace: tools
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: pihole
+  template:
+    metadata:
+      labels:
+        app: pihole
+    spec:
+      hostNetwork: true
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/hostname
+                operator: In
+                values:
+                - kube-02
+                - kube-03
+                - kube-04
+                - kube-05
+      containers:
+      - name: pihole
+        image: pihole/pihole@sha256:90a1412b3d3037d1c22131402bde19180d898255b584d685c84d943cf9c14821
+        securityContext:
+          capabilities:
+            add:
+            - NET_ADMIN
+        env:
+        - name: TZ
+          value: "Asia/Kolkata"
+        - name: FTLCONF_dns_listeningMode
+          value: "all"
+        - name: FTLCONF_webserver_api_password
+          valueFrom:
+            secretKeyRef:
+              name: pihole-secrets
+              key: api_password
+        volumeMounts:
+        - name: pihole-data
+          mountPath: /etc/pihole
+      volumes:
+      - name: pihole-data
+        persistentVolumeClaim:
+          claimName: pihole-longhorn