mirror of
https://github.com/kittywitch/nixfiles.git
synced 2026-02-09 12:29:19 -08:00
229 lines
No EOL
4.9 KiB
HCL
229 lines
No EOL
4.9 KiB
HCL
resource "kubernetes_deployment" "pihole" {
|
|
metadata {
|
|
name = "pihole"
|
|
labels = {
|
|
app = "pihole"
|
|
}
|
|
namespace = kubernetes_namespace.pihole.metadata[0].name
|
|
}
|
|
|
|
spec {
|
|
replicas = 1
|
|
selector {
|
|
match_labels = {
|
|
app = "pihole"
|
|
}
|
|
}
|
|
template {
|
|
metadata {
|
|
labels = {
|
|
app = "pihole"
|
|
}
|
|
}
|
|
spec {
|
|
container {
|
|
image = "pihole/pihole:latest"
|
|
name = "pihole"
|
|
|
|
port {
|
|
container_port = 80
|
|
name = "http"
|
|
protocol = "TCP"
|
|
}
|
|
port {
|
|
container_port = 443
|
|
name = "https"
|
|
protocol = "TCP"
|
|
}
|
|
port {
|
|
container_port = 53
|
|
name = "dns-udp"
|
|
protocol = "UDP"
|
|
}
|
|
port {
|
|
container_port = 67
|
|
name = "dns67"
|
|
protocol = "UDP"
|
|
}
|
|
|
|
env {
|
|
name = "TZ"
|
|
value = "America/Vancouver"
|
|
}
|
|
env {
|
|
name = "WEBPASSWORD"
|
|
value_from {
|
|
secret_key_ref {
|
|
name = "pihole-secret-webpassword"
|
|
key = "WEBPASSWORD"
|
|
}
|
|
}
|
|
}
|
|
env {
|
|
name = "VIRTUAL_HOST"
|
|
value = "pihole.inskip.me"
|
|
}
|
|
env {
|
|
name = "DNS1"
|
|
value = "1.1.1.1"
|
|
}
|
|
env {
|
|
name = "DNS2"
|
|
value = "1.0.0.1"
|
|
}
|
|
env {
|
|
name = "DNSMASQ_LISTENING"
|
|
value = "all"
|
|
}
|
|
env {
|
|
name = "PIHOLE_BASE"
|
|
value = "/opt/pihole-volume"
|
|
}
|
|
|
|
resources {
|
|
limits = {
|
|
cpu = "250m"
|
|
memory = "896Mi"
|
|
}
|
|
requests = {
|
|
cpu = "20m"
|
|
memory = "512Mi"
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
name = "pihole-volume"
|
|
mount_path = "/opt/pihole-volume"
|
|
}
|
|
|
|
volume_mount {
|
|
name = "regex"
|
|
mount_path = "/etc/pihole/regex.list"
|
|
sub_path = "regex.list"
|
|
}
|
|
volume_mount {
|
|
name = "adlists"
|
|
mount_path = "/etc/pihole/adlists.list"
|
|
sub_path = "adlists.list"
|
|
}
|
|
volume_mount {
|
|
name = "whitelist"
|
|
mount_path = "/etc/pihole/whitelist.txt"
|
|
sub_path = "whitelist.txt"
|
|
}
|
|
|
|
/*
|
|
TODO: figure out probes
|
|
liveness_probe {
|
|
http_get {
|
|
path = "/admin/index.php"
|
|
port = 80
|
|
}
|
|
initial_delay_seconds = 180
|
|
period_seconds = 15
|
|
}
|
|
|
|
readiness_probe {
|
|
http_get {
|
|
path = "/admin/index.php"
|
|
port = 80
|
|
}
|
|
initial_delay_seconds = 60
|
|
period_seconds = 15
|
|
}
|
|
}
|
|
*/
|
|
|
|
container {
|
|
image = "ghcr.io/tailscale/tailscale:latest"
|
|
name = "tailscale"
|
|
|
|
security_context {
|
|
capabilities {
|
|
add = ["NET_ADMIN"]
|
|
}
|
|
}
|
|
|
|
env {
|
|
name = "TS_HOSTNAME"
|
|
value = "pihole"
|
|
}
|
|
|
|
env {
|
|
name = "TS_KUBE_SECRET"
|
|
value = ""
|
|
}
|
|
|
|
env {
|
|
name = "TS_STATE_DIR"
|
|
value = "/tailscale"
|
|
}
|
|
|
|
env {
|
|
name = "TS_USERPSACE"
|
|
value = "false"
|
|
}
|
|
|
|
env {
|
|
name = "TS_AUTHKEY"
|
|
value_from {
|
|
secret_key_ref {
|
|
name = "tailscale-auth"
|
|
key = "TS_AUTHKEY"
|
|
}
|
|
}
|
|
}
|
|
|
|
resources {
|
|
limits = {
|
|
cpu = "250m"
|
|
memory = "512Mi"
|
|
}
|
|
requests = {
|
|
cpu = "20m"
|
|
memory = "64Mi"
|
|
}
|
|
}
|
|
|
|
volume_mount {
|
|
name = "tailscale-state-volume"
|
|
mount_path = "/tailscale"
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "pihole-volume"
|
|
persistent_volume_claim {
|
|
claim_name = "pihole-volume-claim"
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "regex"
|
|
config_map {
|
|
name = "regex.list"
|
|
}
|
|
}
|
|
volume {
|
|
name = "adlists"
|
|
config_map {
|
|
name = "adlists.list"
|
|
}
|
|
}
|
|
volume {
|
|
name = "whitelist"
|
|
config_map {
|
|
name = "whitelist.txt"
|
|
}
|
|
}
|
|
|
|
volume {
|
|
name = "tailscale-state-volume"
|
|
persistent_volume_claim {
|
|
claim_name = "tailscale-state-volume-claim"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
} |