diff --git a/cluster/pihole-configmaps.tf b/cluster/pihole-configmaps.tf index faca9775..19a11a5d 100644 --- a/cluster/pihole-configmaps.tf +++ b/cluster/pihole-configmaps.tf @@ -1,7 +1,7 @@ resource "kubernetes_config_map" "pihole_regex_list" { metadata { name = "regex.list" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } data = { @@ -13,7 +13,7 @@ resource "kubernetes_config_map" "pihole_regex_list" { resource "kubernetes_config_map" "pihole_adlists_list" { metadata { name = "adlists.list" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } data = { @@ -28,7 +28,7 @@ https://gitlab.com/quidsup/notrack-blocklists/raw/master/notrack-blocklist.txt resource "kubernetes_config_map" "pihole_whitelist_list" { metadata { name = "whitelist.txt" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } data = { diff --git a/cluster/pihole-deployment.tf b/cluster/pihole-deployment.tf index 3734ac4c..a9508c25 100644 --- a/cluster/pihole-deployment.tf +++ b/cluster/pihole-deployment.tf @@ -4,7 +4,7 @@ resource "kubernetes_deployment" "pihole" { labels = { app = "pihole" } - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } spec { @@ -59,6 +59,10 @@ resource "kubernetes_deployment" "pihole" { } } } + env { + name = "VIRTUAL_HOST" + value = "pihole.inskip.me" + } env { name = "DNS1" value = "1.1.1.1" @@ -108,9 +112,11 @@ resource "kubernetes_deployment" "pihole" { sub_path = "whitelist.txt" } + /* + TODO: figure out probes liveness_probe { http_get { - path = "/admin.index.php" + path = "/admin/index.php" port = 80 } initial_delay_seconds = 180 @@ -119,16 +125,17 @@ resource "kubernetes_deployment" "pihole" { readiness_probe { http_get { - path = "/admin.index.php" + path = "/admin/index.php" port = 80 } initial_delay_seconds = 60 period_seconds = 15 } } + */ container { - image = "tailscale/tailscale:latest" + image = "ghcr.io/tailscale/tailscale:latest" name = "tailscale" security_context { @@ -137,9 +144,34 @@ resource "kubernetes_deployment" "pihole" { } } + env { + name = "TS_HOSTNAME" + value = "pihole" + } + env { name = "TS_KUBE_SECRET" - value = "tailscale-auth" + value = "" + } + + env { + name = "TS_STATE_DIR" + value = "/tailscale" + } + + env { + name = "TS_USERPSACE" + value = "false" + } + + env { + name = "TS_AUTHKEY" + value_from { + secret_key_ref { + name = "tailscale-auth" + key = "TS_AUTHKEY" + } + } } resources { @@ -153,11 +185,10 @@ resource "kubernetes_deployment" "pihole" { } } - volume_mount { + volume_mount { name = "tailscale-state-volume" mount_path = "/tailscale" } - } volume { @@ -184,14 +215,14 @@ resource "kubernetes_deployment" "pihole" { config_map { name = "whitelist.txt" } - } + } volume { name = "tailscale-state-volume" persistent_volume_claim { claim_name = "tailscale-state-volume-claim" } - } + } } } } diff --git a/cluster/pihole-ingress.tf b/cluster/pihole-ingress.tf deleted file mode 100644 index 6f36bc00..00000000 --- a/cluster/pihole-ingress.tf +++ /dev/null @@ -1,20 +0,0 @@ -resource "kubernetes_ingress" "pihole_ingress" { - metadata { - name = "pihole" - namespace = "pihole" - } - - spec { - rule { - http { - path { - backend { - service_name = "pihole-tcp" - service_port = 80 - } - path = "/admin" - } - } - } - } -} \ No newline at end of file diff --git a/cluster/pihole-pvc.tf b/cluster/pihole-pvc.tf index 885a2280..e8078476 100644 --- a/cluster/pihole-pvc.tf +++ b/cluster/pihole-pvc.tf @@ -1,7 +1,7 @@ resource "kubernetes_persistent_volume_claim" "pihole-volume" { metadata { name = "pihole-volume-claim" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } spec { storage_class_name = "local-path" @@ -17,7 +17,7 @@ resource "kubernetes_persistent_volume_claim" "pihole-volume" { resource "kubernetes_persistent_volume_claim" "tailscale-state-volume" { metadata { name = "tailscale-state-volume-claim" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } spec { storage_class_name = "local-path" diff --git a/cluster/pihole-secret.tf b/cluster/pihole-secret.tf index 2c6e4469..0e71f708 100644 --- a/cluster/pihole-secret.tf +++ b/cluster/pihole-secret.tf @@ -5,7 +5,7 @@ variable "pihole_secret_WEBPASSWORD" { resource "kubernetes_secret" "pihole-webpassword" { metadata { name = "pihole-secret-webpassword" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } data = { WEBPASSWORD = var.pihole_secret_WEBPASSWORD diff --git a/cluster/tailscale.tf b/cluster/tailscale.tf index 7ed3c7b6..71418c7f 100644 --- a/cluster/tailscale.tf +++ b/cluster/tailscale.tf @@ -17,7 +17,7 @@ resource "tailscale_tailnet_key" "cluster_reusable" { resource "kubernetes_secret" "tailscale_auth" { metadata { name = "tailscale-auth" - namespace = "pihole" + namespace = kubernetes_namespace.pihole.metadata[0].name } data = { TS_AUTHKEY = tailscale_tailnet_key.cluster_reusable.key