From 9d72cdfbf27ead821dec4ffa6604841b69f81d9b Mon Sep 17 00:00:00 2001 From: Michael Thomson Date: Mon, 15 Jul 2024 21:51:55 -0400 Subject: [PATCH] pihole --- .../helmrepository-weave-gitops.yaml | 17 - .../kustomization-weave-gitops.yaml | 18 - .../namespaces/namespace-weave-gitops.yaml | 4 - pihole/helmrelease-pihole.yaml | 470 +----------------- weave-gitops/dns-endpoint-weave-gitops.yaml | 12 - weave-gitops/helmrelease-weave-gitops.yaml | 37 -- 6 files changed, 1 insertion(+), 557 deletions(-) delete mode 100644 bootstrap/helmrepositories/helmrepository-weave-gitops.yaml delete mode 100644 bootstrap/kustomizations/kustomization-weave-gitops.yaml delete mode 100644 bootstrap/namespaces/namespace-weave-gitops.yaml delete mode 100644 weave-gitops/dns-endpoint-weave-gitops.yaml delete mode 100644 weave-gitops/helmrelease-weave-gitops.yaml diff --git a/bootstrap/helmrepositories/helmrepository-weave-gitops.yaml b/bootstrap/helmrepositories/helmrepository-weave-gitops.yaml deleted file mode 100644 index cfa09d2..0000000 --- a/bootstrap/helmrepositories/helmrepository-weave-gitops.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: source.toolkit.fluxcd.io/v1beta2 -kind: HelmRepository -metadata: - annotations: - metadata.weave.works/description: This is the source location for the Weave GitOps - Dashboard's helm chart. - labels: - app.kubernetes.io/component: ui - app.kubernetes.io/created-by: weave-gitops-cli - app.kubernetes.io/name: weave-gitops-dashboard - app.kubernetes.io/part-of: weave-gitops - name: weave-gitops - namespace: flux-system -spec: - interval: 1h0m0s - type: oci - url: oci://ghcr.io/weaveworks/charts diff --git a/bootstrap/kustomizations/kustomization-weave-gitops.yaml b/bootstrap/kustomizations/kustomization-weave-gitops.yaml deleted file mode 100644 index a53b7bb..0000000 --- a/bootstrap/kustomizations/kustomization-weave-gitops.yaml +++ /dev/null @@ -1,18 +0,0 @@ -apiVersion: kustomize.toolkit.fluxcd.io/v1 -kind: Kustomization -metadata: - name: weave-gitops - namespace: flux-system -spec: - interval: 15m - path: ./weave-gitops - prune: true # remove any elements later removed from the above path - timeout: 2m # if not set, this defaults to interval duration, which is 1h - sourceRef: - kind: GitRepository - name: flux-system - healthChecks: - - apiVersion: helm.toolkit.fluxcd.io/v2beta1 - kind: HelmRelease - name: weave-gitops - namespace: weave-gitops diff --git a/bootstrap/namespaces/namespace-weave-gitops.yaml b/bootstrap/namespaces/namespace-weave-gitops.yaml deleted file mode 100644 index 4319604..0000000 --- a/bootstrap/namespaces/namespace-weave-gitops.yaml +++ /dev/null @@ -1,4 +0,0 @@ -apiVersion: v1 -kind: Namespace -metadata: - name: weave-gitops diff --git a/pihole/helmrelease-pihole.yaml b/pihole/helmrelease-pihole.yaml index a3bd3da..3f4c65f 100644 --- a/pihole/helmrelease-pihole.yaml +++ b/pihole/helmrelease-pihole.yaml @@ -7,7 +7,7 @@ spec: chart: spec: chart: pihole - version: 2.19.x + version: 2.x sourceRef: kind: HelmRepository name: mojo2600 @@ -16,137 +16,12 @@ spec: timeout: 5m releaseName: pihole values: - # Default values for pihole. - # This is a YAML-formatted file. - # Declare variables to be passed into your templates. - - # -- The number of replicas - replicaCount: 1 - - # -- The `spec.strategyTpye` for updates - strategyType: RollingUpdate - - # -- The maximum number of Pods that can be created over the desired number of `ReplicaSet` during updating. - maxSurge: 1 - - # -- The maximum number of Pods that can be unavailable during updating - maxUnavailable: 1 - - image: - # -- the repostory to pull the image from - repository: "pihole/pihole" - # -- the docker tag, if left empty it will get it from the chart's appVersion - tag: "" - # -- the pull policy - pullPolicy: IfNotPresent - - dualStack: - # -- set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"` - enabled: false - - dnsHostPort: - # -- set this to true to enable dnsHostPort - enabled: false - # -- default port for this pod - port: 53 - # -- Configuration for the DNS service on port 53 serviceDns: - # -- deploys a mixed (TCP + UDP) Service instead of separate ones - mixedService: false - - # -- `spec.type` for the DNS Service - type: LoadBalancer - - # -- The port of the DNS service - port: 53 - - # -- Optional node port for the DNS service - nodePort: "" - - # -- `spec.externalTrafficPolicy` for the DHCP Service - externalTrafficPolicy: Local - - # -- A fixed `spec.loadBalancerIP` for the DNS Service - loadBalancerIP: "" - # -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service - loadBalancerIPv6: "" - - # -- Annotations for the DNS service annotations: metallb.universe.tf/loadBalancerIPs: 192.168.2.250 metallb.universe.tf/allow-shared-ip: pihole-svc - # -- Configuration for the DHCP service on port 67 - serviceDhcp: - # -- Generate a Service resource for DHCP traffic - enabled: true - - # -- `spec.type` for the DHCP Service - type: NodePort - - # -- The port of the DHCP service - port: 67 - - # -- Optional node port for the DHCP service - nodePort: "" - - # -- `spec.externalTrafficPolicy` for the DHCP Service - externalTrafficPolicy: Local - - # -- A fixed `spec.loadBalancerIP` for the DHCP Service - loadBalancerIP: "" - # -- A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service - loadBalancerIPv6: "" - - # -- Annotations for the DHCP service - annotations: - {} - # metallb.universe.tf/address-pool: network-services - # metallb.universe.tf/allow-shared-ip: pihole-svc - - # -- Configuration for the web interface service - serviceWeb: - # -- Configuration for the HTTP web interface listener - http: - # -- Generate a service for HTTP traffic - enabled: true - - # -- The port of the web HTTP service - port: 80 - - # -- Optional node port for the web HTTP service - nodePort: "" - - # -- Configuration for the HTTPS web interface listener - https: - # -- Generate a service for HTTPS traffic - enabled: true - - # -- The port of the web HTTPS service - port: 443 - - # -- Optional node port for the web HTTPS service - nodePort: "" - - # -- `spec.type` for the web interface Service - type: LoadBalancer - - # -- `spec.externalTrafficPolicy` for the web interface Service - externalTrafficPolicy: Local - - # -- A fixed `spec.loadBalancerIP` for the web interface Service - loadBalancerIP: "" - # -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service - loadBalancerIPv6: "" - - # -- Annotations for the DHCP service - annotations: - metallb.universe.tf/loadBalancerIPs: 192.168.2.250 - metallb.universe.tf/allow-shared-ip: pihole-svc - - virtualHost: pi.hole - # -- Configuration for the Ingress ingress: # -- Generate a Ingress resource @@ -158,102 +33,21 @@ spec: # -- Annotations for the ingress annotations: traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd traefik.ingress.kubernetes.io/router.tls: "true" path: / hosts: - # virtualHost (default value is pi.hole) will be appended to the hosts - pihole.michaelthomson.dev tls: - hosts: - # virtualHost (default value is pi.hole) will be appended to the hosts - pihole.michaelthomson.dev secretName: letsencrypt-wildcard-cert-michaelthomson.dev - # -- Probes configuration - probes: - # -- probes.liveness -- Configure the healthcheck for the ingress controller - liveness: - # -- Generate a liveness probe - # 'type' defaults to httpGet, can be set to 'command' to use a command type liveness probe. - type: httpGet - # command: - # - /bin/bash - # - -c - # - /bin/true - enabled: true - initialDelaySeconds: 60 - failureThreshold: 10 - timeoutSeconds: 5 - port: http - scheme: HTTP - readiness: - # -- Generate a readiness probe - enabled: true - initialDelaySeconds: 60 - failureThreshold: 3 - timeoutSeconds: 5 - port: http - scheme: HTTP - - # -- We usually recommend not to specify default resources and to leave this as a conscious - # -- choice for the user. This also increases chances charts run on environments with little - # -- resources, such as Minikube. If you do want to specify resources, uncomment the following - # -- lines, adjust them as necessary, and remove the curly braces after 'resources:'. - resources: - {} - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - # -- `spec.PersitentVolumeClaim` configuration persistentVolumeClaim: # -- set to true to use pvc enabled: true - - # -- specify an existing `PersistentVolumeClaim` to use - # existingClaim: "" - - # -- Annotations for the `PersitentVolumeClaim` - annotations: {} - - accessModes: - - ReadWriteOnce - - size: "500Mi" - - ## If defined, storageClassName: - ## If set to "-", storageClassName: "", which disables dynamic provisioning - ## If undefined (the default) or set to null, no storageClassName spec is - ## set, choosing the default provisioner. (gp2 on AWS, standard on - ## GKE, AWS & OpenStack) - ## storageClass: longhorn - ## If subPath is set mount a sub folder of a volume instead of the root of the volume. - ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs). - - ## subPath: "pihole" - - nodeSelector: {} - - tolerations: [] - - # -- Specify a priorityClassName - # priorityClassName: "" - - # Reference: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/ - topologySpreadConstraints: [] - # - maxSkew: - # topologyKey: - # whenUnsatisfiable: - # labelSelector: - - affinity: {} - # -- Administrator password when not using an existing secret (see below) adminPassword: "admin" @@ -264,108 +58,6 @@ spec: # -- Specify the key inside the secret to use passwordKey: "password" - # -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use - extraEnvVars: - {} - # TZ: UTC - - # -- extraEnvVarsSecret is a list of secrets to load in as environment variables. - extraEnvVarsSecret: - {} - # env_var: - # name: secret-name - # key: secret-key - - # -- default upstream DNS 1 server to use - DNS1: "8.8.8.8" - # -- default upstream DNS 2 server to use - DNS2: "8.8.4.4" - - antiaff: - # -- set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster) - enabled: false - # -- Here you can set the pihole release (you set in `helm install ...`) - # you want to avoid - avoidRelease: pihole1 - # -- Here you can choose between preferred or required - strict: true - # -- Here you can pass namespaces to be part of those inclueded in anti-affinity - namespaces: [] - - doh: - # -- set to true to enabled DNS over HTTPs via cloudflared - enabled: false - name: "cloudflared" - repository: "crazymax/cloudflared" - tag: latest - pullPolicy: IfNotPresent - # -- Here you can pass environment variables to the DoH container, for example: - envVars: - {} - # TUNNEL_DNS_UPSTREAM: "https://1.1.1.2/dns-query,https://1.0.0.2/dns-query" - - # -- Probes configuration - probes: - # -- Configure the healthcheck for the doh container - liveness: - # -- set to true to enable liveness probe - enabled: true - # -- customize the liveness probe - probe: - exec: - command: - - nslookup - - -po=5053 - - cloudflare.com - - "127.0.0.1" - # -- defines the initial delay for the liveness probe - initialDelaySeconds: 60 - # -- defines the failure threshold for the liveness probe - failureThreshold: 10 - # -- defines the timeout in secondes for the liveness probe - timeoutSeconds: 5 - - dnsmasq: - # -- Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration - upstreamServers: [] - # - server=/foo.bar/192.168.178.10 - # - server=/bar.foo/192.168.178.11 - - # -- Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration. - customDnsEntries: [] - # - address=/foo.bar/192.168.178.10 - # - address=/bar.foo/192.168.178.11 - - # -- Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like - additionalHostsEntries: [] - # - 192.168.0.3 host4 - # - 192.168.0.4 host5 - - # -- Static DHCP config - staticDhcpEntries: [] - # staticDhcpEntries: - # - dhcp-host=MAC_ADDRESS,IP_ADDRESS,HOSTNAME - - # -- Other options - customSettings: - # otherSettings: - # - rebind-domain-ok=/plex.direct/ - - # -- Here we specify custom cname entries that should point to `A` records or - # elements in customDnsEntries array. - # The format should be: - # - cname=cname.foo.bar,foo.bar - # - cname=cname.bar.foo,bar.foo - # - cname=cname record,dns record - customCnameEntries: [] - # Here we specify custom cname entries that should point to `A` records or - # elements in customDnsEntries array. - # The format should be: - # - cname=cname.foo.bar,foo.bar - # - cname=cname.bar.foo,bar.foo - # - cname=cname record,dns record - - # -- list of adlists to import during initial start of the container adlists: {} # If you want to provide blocklists, add them here. @@ -384,169 +76,9 @@ spec: # If you want to have special domains blacklisted, add them here # - *.blackist.com - # -- list of blacklisted regex expressions to import during initial start of the container - regex: - {} - # Add regular expression blacklist items - # - (^|\.)facebook\.com$ - - # -- values that should be added to pihole-FTL.conf - ftl: - {} - # Add values for pihole-FTL.conf - # MAXDBDAYS: 14 - - # -- port the container should use to expose HTTP traffic - webHttp: "80" - - # -- port the container should use to expose HTTPS traffic - webHttps: "443" - - # -- hostname of pod - hostname: "" - - # -- should the container use host network - hostNetwork: "false" - - # -- should container run in privileged mode - privileged: "false" - - # linux capabilities container should run with - capabilities: - {} - # add: - # - NET_ADMIN - - customVolumes: - # -- set this to true to enable custom volumes - enabled: false - # -- any volume type can be used here - config: - {} - # hostPath: - # path: "/mnt/data" - - # -- any extra volumes you might want - extraVolumes: - {} - # external-conf: - # configMap: - # name: pi-hole-lighttpd-external-conf - - # -- any extra volume mounts you might want - extraVolumeMounts: - {} - # external-conf: - # mountPath: /etc/lighttpd/external.conf - # subPath: external.conf - - extraContainers: - [] - # - name: pihole-logwatcher - # image: your-registry/pihole-logwatcher - # imagePullPolicy: Always - # resources: - # requests: - # cpu: 100m - # memory: 5Mi - # limits: - # cpu: 100m - # memory: 5Mi - # volumeMounts: - # - name: pihole-logs - # mountPath: /var/log/pihole - - # -- any extra kubernetes manifests you might want - extraObjects: - [] - # - apiVersion: v1 - # kind: ConfigMap - # metadata: - # name: pi-hole-lighttpd-external-conf - # data: - # external.conf: | - # $HTTP["host"] =~ "example.foo" { - # # If we're using a non-standard host for pihole, ensure the Pi-hole - # # Block Page knows that this is not a blocked domain - # setenv.add-environment = ("fqdn" => "true") - # - # # Enable the SSL engine with a cert, only for this specific host - # $SERVER["socket"] == ":443" { - # ssl.engine = "enable" - # ssl.pemfile = "/etc/ssl/lighttpd-private/tls.crt" - # ssl.privkey = "/etc/ssl/lighttpd-private/tls.key" - # ssl.ca-file = "/etc/ssl/lighttpd-private/ca.crt" - # ssl.honor-cipher-order = "enable" - # ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH" - # ssl.use-sslv2 = "disable" - # ssl.use-sslv3 = "disable" - # } - # } - # - # # Redirect HTTP to HTTPS - # $HTTP["scheme"] == "http" { - # $HTTP["host"] =~ ".*" { - # url.redirect = (".*" => "https://%0$0") - # } - # } - - # -- Additional annotations for pods - podAnnotations: - {} - # Example below allows Prometheus to scape on metric port (requires pihole-exporter sidecar enabled) - # prometheus.io/port: '9617' - # prometheus.io/scrape: 'true' - - # -- any initContainers you might want to run before starting pihole - extraInitContainers: - [] - # - name: copy-config - # image: busybox - # args: - # - sh - # - -c - # - | - # cp /etc/lighttpd-cm/external.conf /etc/lighttpd/ - # ls -l /etc/lighttpd/ - # volumeMounts: - # - name: external-conf-cm - # mountPath: /etc/lighttpd-cm/ - # - name: external-conf - # mountPath: /etc/lighttpd/ - - monitoring: - # -- Preferably adding prometheus scrape annotations rather than enabling podMonitor. - podMonitor: - # -- set this to true to enable podMonitor - enabled: false - # -- Sidecar configuration - sidecar: - # -- set this to true to enable podMonitor as sidecar - enabled: false - port: 9617 - image: - repository: ekofr/pihole-exporter - tag: v0.3.0 - pullPolicy: IfNotPresent - resources: - limits: - memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - podDnsConfig: enabled: true policy: "None" nameservers: - 127.0.0.1 - 8.8.8.8 - - # -- configure a Pod Disruption Budget - podDisruptionBudget: - # -- set to true to enable creating the PDB - enabled: false - # -- minimum number of pods Kubernetes should try to have running at all times - minAvailable: 1 - # -- maximum number of pods Kubernetes will allow to be unavailable. Cannot set both `minAvailable` and `maxAvailable` - # maxUnavailable: 1 diff --git a/weave-gitops/dns-endpoint-weave-gitops.yaml b/weave-gitops/dns-endpoint-weave-gitops.yaml deleted file mode 100644 index 0f48e16..0000000 --- a/weave-gitops/dns-endpoint-weave-gitops.yaml +++ /dev/null @@ -1,12 +0,0 @@ -apiVersion: externaldns.k8s.io/v1alpha1 -kind: DNSEndpoint -metadata: - name: weave-gitops.michaelthomson.dev - namespace: weave-gitops -spec: - endpoints: - - dnsName: weave-gitops.michaelthomson.dev - recordTTL: 180 - recordType: CNAME - targets: - - server.michaelthomson.dev diff --git a/weave-gitops/helmrelease-weave-gitops.yaml b/weave-gitops/helmrelease-weave-gitops.yaml deleted file mode 100644 index e98522a..0000000 --- a/weave-gitops/helmrelease-weave-gitops.yaml +++ /dev/null @@ -1,37 +0,0 @@ -apiVersion: helm.toolkit.fluxcd.io/v2beta1 -kind: HelmRelease -metadata: - name: weave-gitops - namespace: weave-gitops -spec: - chart: - spec: - chart: weave-gitops - version: 4.x - sourceRef: - kind: HelmRepository - name: weave-gitops - namespace: flux-system - interval: 15m - timeout: 5m - values: - adminUser: - create: true - passwordHash: $2a$10$UbI.iTSJlbmim9A/FYGcHOSWdWnSd0Wwzdv5YXW4eGsPupA1nVW/y - username: admin - ingress: - enabled: true - className: traefik - annotations: - traefik.ingress.kubernetes.io/router.tls: "true" - traefik.ingress.kubernetes.io/router.entrypoints: websecure - # traefik.ingress.kubernetes.io/router.middlewares: traefik-authentik@kubernetescrd - hosts: - - host: weave-gitops.michaelthomson.dev - paths: - - path: "/" - pathType: ImplementationSpecific - tls: - - secretName: letsencrypt-wildcard-cert-michaelthomson.dev - hosts: - - weave-gitops.michaelthomson.dev