Nik Afiq
dc86a961be
- Create .env.example for API credentials - Update .gitignore to include .env file - Add cluster issuer configurations for internal CA and Let's Encrypt - Implement porkbun-secret.sh for creating Kubernetes secrets - Define Helm values for cert-manager, Gitea, and Pihole with TLS settings
75 lines
1.5 KiB
YAML
75 lines
1.5 KiB
YAML
# Pihole Helm values
|
|
# Chart: mojo2600/pihole
|
|
# Deploy:
|
|
# helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
|
|
# helm repo update
|
|
# helm upgrade --install pihole mojo2600/pihole \
|
|
# --namespace pihole --create-namespace \
|
|
# -f values/pihole.yaml
|
|
|
|
replicaCount: 1
|
|
|
|
image:
|
|
tag: "2024.07.0"
|
|
|
|
serviceDns:
|
|
type: LoadBalancer
|
|
port: 53
|
|
|
|
serviceWeb:
|
|
type: ClusterIP
|
|
http:
|
|
enabled: true
|
|
port: 80
|
|
|
|
ingress:
|
|
enabled: true
|
|
ingressClassName: traefik
|
|
annotations:
|
|
traefik.ingress.kubernetes.io/router.entrypoints: websecure
|
|
traefik.ingress.kubernetes.io/router.tls: "true"
|
|
cert-manager.io/cluster-issuer: internal-ca-issuer
|
|
hosts:
|
|
- pihole.home.arpa
|
|
path: /admin
|
|
tls:
|
|
- secretName: pihole-tls
|
|
hosts:
|
|
- pihole.home.arpa
|
|
|
|
adminPassword: password
|
|
|
|
probes:
|
|
liveness:
|
|
enabled: false
|
|
readiness:
|
|
enabled: false
|
|
|
|
persistentVolumeClaim:
|
|
enabled: true
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
size: 1Gi
|
|
annotations:
|
|
helm.sh/resource-policy: keep
|
|
|
|
affinity:
|
|
nodeAffinity:
|
|
requiredDuringSchedulingIgnoredDuringExecution:
|
|
nodeSelectorTerms:
|
|
- matchExpressions:
|
|
- key: node-role
|
|
operator: In
|
|
values:
|
|
- primary
|
|
|
|
extraEnvVars:
|
|
PIHOLE_DNS_1: "8.8.8.8"
|
|
PIHOLE_DNS_2: "8.8.4.4"
|
|
|
|
dnsmasq:
|
|
customDnsEntries:
|
|
- address=/gitea.home.arpa/192.168.7.77
|
|
- address=/pihole.home.arpa/192.168.7.77
|
|
- address=/home.arpa/192.168.7.77
|
|
- address=/nik4nao.home.arpa/192.168.7.183 |