[PIHOLE] Make everything dependent upon the namespace

2026-02-09 04:19:19 -08:00 · 2023-05-07 09:04:01 -07:00 · 2023-05-07 09:04:01 -07:00 · 05766113fd
commit 05766113fd
parent 41537f7843
6 changed files with 47 additions and 36 deletions
--- a/cluster/pihole-configmaps.tf
+++ b/cluster/pihole-configmaps.tf
@ -1,7 +1,7 @@
 resource "kubernetes_config_map" "pihole_regex_list" {
  metadata {
    name      = "regex.list"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }

  data = {
@ -13,7 +13,7 @@ resource "kubernetes_config_map" "pihole_regex_list" {
 resource "kubernetes_config_map" "pihole_adlists_list" {
  metadata {
    name      = "adlists.list"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }

  data = {
@ -28,7 +28,7 @@ https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt
 resource "kubernetes_config_map" "pihole_whitelist_list" {
  metadata {
    name      = "whitelist.txt"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }

  data = {
--- a/cluster/pihole-deployment.tf
+++ b/cluster/pihole-deployment.tf
@ -4,7 +4,7 @@ resource "kubernetes_deployment" "pihole" {
    labels = {
      app = "pihole"
    }
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }

  spec {
@ -59,6 +59,10 @@ resource "kubernetes_deployment" "pihole" {
              }
            }
          }
+          env {
+            name = "VIRTUAL_HOST"
+            value = "pihole.inskip.me"
+          }
          env {
            name  = "DNS1"
            value = "1.1.1.1"
@ -108,9 +112,11 @@ resource "kubernetes_deployment" "pihole" {
            sub_path = "whitelist.txt"
          }

+          /*
+          TODO: figure out probes
          liveness_probe {
            http_get {
-              path = "/admin.index.php"
+              path = "/admin/index.php"
              port = 80
            }
            initial_delay_seconds = 180
@ -119,16 +125,17 @@ resource "kubernetes_deployment" "pihole" {

          readiness_probe {
            http_get {
-              path = "/admin.index.php"
+              path = "/admin/index.php"
              port = 80
            }
            initial_delay_seconds = 60
            period_seconds = 15
          }
        }
+        */

        container {
-          image = "tailscale/tailscale:latest"
+          image = "ghcr.io/tailscale/tailscale:latest"
          name  = "tailscale"

          security_context {
@ -137,9 +144,34 @@ resource "kubernetes_deployment" "pihole" {
            }
          }

+          env {
+            name = "TS_HOSTNAME"
+            value = "pihole"
+          }
+
          env {
            name = "TS_KUBE_SECRET"
-            value = "tailscale-auth"
+            value = ""
+          }
+
+          env {
+            name = "TS_STATE_DIR"
+            value = "/tailscale"
+          }
+
+          env {
+            name = "TS_USERPSACE"
+            value = "false"
+          }
+
+          env {
+            name  = "TS_AUTHKEY"
+            value_from {
+              secret_key_ref {
+                name = "tailscale-auth"
+                key = "TS_AUTHKEY"
+              }
+            }
          }
          
          resources {
@ -153,11 +185,10 @@ resource "kubernetes_deployment" "pihole" {
            }
          }

-          volume_mount {
+        volume_mount {
            name = "tailscale-state-volume"
            mount_path = "/tailscale"
          }
-
        }

        volume {
@ -184,14 +215,14 @@ resource "kubernetes_deployment" "pihole" {
          config_map {
            name = "whitelist.txt"
          }
-        } 
+        }

        volume {
          name = "tailscale-state-volume"
          persistent_volume_claim {
            claim_name = "tailscale-state-volume-claim"
          }
-        }
+        } 
      }
    }
  }
--- a/cluster/pihole-ingress.tf
+++ b/cluster/pihole-ingress.tf
@ -1,20 +0,0 @@
-resource "kubernetes_ingress" "pihole_ingress" {
-  metadata {
-    name      = "pihole"
-    namespace = "pihole"
-  }
-
-  spec {
-    rule {
-      http {
-        path {
-          backend {
-            service_name = "pihole-tcp"
-            service_port = 80
-          }
-          path = "/admin"
-        }
-      }
-    }
-  }
-}
--- a/cluster/pihole-pvc.tf
+++ b/cluster/pihole-pvc.tf
@ -1,7 +1,7 @@
 resource "kubernetes_persistent_volume_claim" "pihole-volume" {
  metadata {
    name = "pihole-volume-claim"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }
  spec {
    storage_class_name = "local-path"
@ -17,7 +17,7 @@ resource "kubernetes_persistent_volume_claim" "pihole-volume" {
 resource "kubernetes_persistent_volume_claim" "tailscale-state-volume" {
  metadata {
    name = "tailscale-state-volume-claim"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }
  spec {
    storage_class_name = "local-path"
--- a/cluster/pihole-secret.tf
+++ b/cluster/pihole-secret.tf
@ -5,7 +5,7 @@ variable "pihole_secret_WEBPASSWORD" {
 resource "kubernetes_secret" "pihole-webpassword" {
  metadata {
    name = "pihole-secret-webpassword"
-    namespace = "pihole"
+    namespace = kubernetes_namespace.pihole.metadata[0].name
  }
  data = {
    WEBPASSWORD = var.pihole_secret_WEBPASSWORD
--- a/cluster/tailscale.tf
+++ b/cluster/tailscale.tf
@ -17,7 +17,7 @@ resource "tailscale_tailnet_key" "cluster_reusable" {
 resource "kubernetes_secret" "tailscale_auth" {
    metadata {
        name = "tailscale-auth"
-        namespace = "pihole"
+        namespace = kubernetes_namespace.pihole.metadata[0].name
    }
    data = {
        TS_AUTHKEY = tailscale_tailnet_key.cluster_reusable.key