diff options
| author | Paul Buetow <paul@buetow.org> | 2026-02-07 22:25:47 +0200 |
|---|---|---|
| committer | Paul Buetow <paul@buetow.org> | 2026-02-07 22:25:47 +0200 |
| commit | f204a7c80c04fabef7aaf130c2154c0655f6e2f1 (patch) | |
| tree | 7bbbed62c60540cd3a037ccbb6361c7303235fe8 | |
| parent | 743963fb948a6a80e1db5991d02c05e4d9334c05 (diff) | |
add pihole
| -rw-r--r-- | f3s/pihole/Justfile | 31 | ||||
| -rw-r--r-- | f3s/pihole/README.md | 38 | ||||
| -rw-r--r-- | f3s/pihole/helm-chart/Chart.yaml | 6 | ||||
| -rw-r--r-- | f3s/pihole/helm-chart/templates/ingress.yaml | 46 | ||||
| -rw-r--r-- | f3s/pihole/helm-chart/templates/persistent-volumes.yaml | 55 |
5 files changed, 176 insertions, 0 deletions
diff --git a/f3s/pihole/Justfile b/f3s/pihole/Justfile new file mode 100644 index 0000000..46f40c6 --- /dev/null +++ b/f3s/pihole/Justfile @@ -0,0 +1,31 @@ +NAMESPACE := "services" +APP_NAME := "pihole" + +status: + @echo "=== Pods ===" + @kubectl get pods -n {{NAMESPACE}} -l app.kubernetes.io/name=pihole + @echo "" + @echo "=== Services ===" + @kubectl get svc -n {{NAMESPACE}} -l app.kubernetes.io/name=pihole + @echo "" + @echo "=== Ingresses ===" + @kubectl get ingress -n {{NAMESPACE}} -l app.kubernetes.io/name=pihole + @echo "" + @echo "=== PVCs ===" + @kubectl get pvc -n {{NAMESPACE}} -l app.kubernetes.io/name=pihole + @echo "" + @echo "=== ArgoCD Status ===" + @kubectl get application {{APP_NAME}} -n cicd -o jsonpath='Sync: {.status.sync.status}, Health: {.status.health.status}' 2>/dev/null && echo "" + +logs lines="100": + kubectl logs -n {{NAMESPACE}} -l app.kubernetes.io/name=pihole --tail={{lines}} -f + +sync: + @echo "Triggering ArgoCD sync..." + @kubectl annotate application {{APP_NAME}} -n cicd argocd.argoproj.io/refresh=normal --overwrite + @sleep 2 + @kubectl get application {{APP_NAME}} -n cicd -o jsonpath='Sync: {.status.sync.status}, Health: {.status.health.status}' && echo "" + +restart: + @echo "Restarting Pi-hole..." + kubectl rollout restart -n {{NAMESPACE}} deployment/pihole diff --git a/f3s/pihole/README.md b/f3s/pihole/README.md new file mode 100644 index 0000000..fca9295 --- /dev/null +++ b/f3s/pihole/README.md @@ -0,0 +1,38 @@ +# Pi-hole + +Network-wide ad blocking for the f3s cluster. + +## Deployment + +Pi-hole is deployed via ArgoCD using a combination of a local Helm chart (for PVs/PVCs/Ingress) and the official upstream chart. + +### Manual Secret Requirement + +The admin password is not stored in Git. Before deployment, create the following secret in the `services` namespace: + +```bash +kubectl create secret generic pihole-admin-password \ + -n services \ + --from-literal=password='REPLACE_WITH_YOUR_PASSWORD' +``` + +## Access + +- **External**: [https://pihole.f3s.buetow.org](https://pihole.f3s.buetow.org) +- **LAN**: [https://pihole.f3s.lan.buetow.org](https://pihole.f3s.lan.buetow.org) + +## Storage + +Configuration is persisted on NFS at: +- `/data/nfs/k3svolumes/pihole/config` +- `/data/nfs/k3svolumes/pihole/dnsmasq` + +## Management + +Use the provided `Justfile` for common operations: + +```bash +just status # Check pod and service status +just logs # Follow logs +just sync # Trigger ArgoCD refresh +``` diff --git a/f3s/pihole/helm-chart/Chart.yaml b/f3s/pihole/helm-chart/Chart.yaml new file mode 100644 index 0000000..618e1fe --- /dev/null +++ b/f3s/pihole/helm-chart/Chart.yaml @@ -0,0 +1,6 @@ +apiVersion: v2 +name: pihole-local +description: Local resources for Pi-hole (PVs, PVCs, Ingress) +type: application +version: 0.1.0 +appVersion: "1.0.0" diff --git a/f3s/pihole/helm-chart/templates/ingress.yaml b/f3s/pihole/helm-chart/templates/ingress.yaml new file mode 100644 index 0000000..20dfc25 --- /dev/null +++ b/f3s/pihole/helm-chart/templates/ingress.yaml @@ -0,0 +1,46 @@ +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pihole-ingress + namespace: services + annotations: + spec.ingressClassName: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web +spec: + rules: + - host: pihole.f3s.buetow.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pihole-web + port: + number: 80 +--- +# LAN Ingress for pihole.f3s.lan.buetow.org with TLS +apiVersion: networking.k8s.io/v1 +kind: Ingress +metadata: + name: pihole-ingress-lan + namespace: services + annotations: + spec.ingressClassName: traefik + traefik.ingress.kubernetes.io/router.entrypoints: web,websecure +spec: + tls: + - hosts: + - pihole.f3s.lan.buetow.org + secretName: f3s-lan-tls + rules: + - host: pihole.f3s.lan.buetow.org + http: + paths: + - path: / + pathType: Prefix + backend: + service: + name: pihole-web + port: + number: 80 diff --git a/f3s/pihole/helm-chart/templates/persistent-volumes.yaml b/f3s/pihole/helm-chart/templates/persistent-volumes.yaml new file mode 100644 index 0000000..2ad4c9c --- /dev/null +++ b/f3s/pihole/helm-chart/templates/persistent-volumes.yaml @@ -0,0 +1,55 @@ +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pihole-config-pv +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /data/nfs/k3svolumes/pihole/config + type: Directory +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pihole-config-pvc + namespace: services +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi +--- +apiVersion: v1 +kind: PersistentVolume +metadata: + name: pihole-dnsmasq-pv +spec: + capacity: + storage: 1Gi + volumeMode: Filesystem + accessModes: + - ReadWriteOnce + persistentVolumeReclaimPolicy: Retain + hostPath: + path: /data/nfs/k3svolumes/pihole/dnsmasq + type: Directory +--- +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + name: pihole-dnsmasq-pvc + namespace: services +spec: + storageClassName: "" + accessModes: + - ReadWriteOnce + resources: + requests: + storage: 1Gi |