auth-proxy: proxies only authenticated requests to upstream, redirects to login page otherwise (#103)
* auth-proxy: inspects authenticated user
* ingress: chart and use in rpuppy
* auth-proxy: make it optional in rpuppy
* kratos: whitelist env pub/priv domains for auth return_to addr
* url-shortener: put behind auth-proxy
* pihole: replace oauth2-client with auth-proxy
* auth-proxy: fix upstream uri generation
* pihole: remove old chart using oauth2
* auth-proxy: remove temporary values file
* url-shortener: check x-user header for authentication
* auth: fix allowed_return_urls list
* auth-proxy: fix current address generation logic
---------
Co-authored-by: Giorgi Lekveishvili <lekva@gl-mbp-m1-max.local>
diff --git a/charts/pihole/templates/NOTES.txt b/charts/pihole/templates/NOTES.txt
new file mode 100644
index 0000000..e69de29
--- /dev/null
+++ b/charts/pihole/templates/NOTES.txt
diff --git a/charts/pihole/templates/_helpers.tpl b/charts/pihole/templates/_helpers.tpl
new file mode 100644
index 0000000..72aef75
--- /dev/null
+++ b/charts/pihole/templates/_helpers.tpl
@@ -0,0 +1,39 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pihole.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pihole.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pihole.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default password secret name.
+*/}}
+{{- define "pihole.password-secret" -}}
+{{- printf "%s-%s" (include "pihole.fullname" .) "password" | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
diff --git a/charts/pihole/templates/configmap-adlists.yaml b/charts/pihole/templates/configmap-adlists.yaml
new file mode 100644
index 0000000..7a496f0
--- /dev/null
+++ b/charts/pihole/templates/configmap-adlists.yaml
@@ -0,0 +1,16 @@
+{{ if .Values.adlists }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-adlists
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ adlists.list: |
+ {{- range .Values.adlists }}
+ {{ . }}
+ {{- end }}
+{{ end }}
diff --git a/charts/pihole/templates/configmap-blacklist.yaml b/charts/pihole/templates/configmap-blacklist.yaml
new file mode 100644
index 0000000..d34b964
--- /dev/null
+++ b/charts/pihole/templates/configmap-blacklist.yaml
@@ -0,0 +1,16 @@
+{{ if .Values.blacklist }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-blacklist
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ blacklist.txt: |
+ {{- range .Values.blacklist }}
+ {{ . }}
+ {{- end }}
+{{ end }}
diff --git a/charts/pihole/templates/configmap-regex.yaml b/charts/pihole/templates/configmap-regex.yaml
new file mode 100644
index 0000000..9d3bd6b
--- /dev/null
+++ b/charts/pihole/templates/configmap-regex.yaml
@@ -0,0 +1,16 @@
+{{ if .Values.regex }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-regex
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ regex.list: |
+ {{- range .Values.regex }}
+ {{ . }}
+ {{- end }}
+{{ end }}
diff --git a/charts/pihole/templates/configmap-static-dhcp.yaml b/charts/pihole/templates/configmap-static-dhcp.yaml
new file mode 100644
index 0000000..c0005f5
--- /dev/null
+++ b/charts/pihole/templates/configmap-static-dhcp.yaml
@@ -0,0 +1,16 @@
+{{ if .Values.dnsmasq.staticDhcpEntries }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-static-dhcp
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ pihole-static-dhcp.conf: |
+ {{- range .Values.dnsmasq.staticDhcpEntries }}
+ {{ . }}
+ {{- end }}
+{{ end }}
diff --git a/charts/pihole/templates/configmap-whitelist.yaml b/charts/pihole/templates/configmap-whitelist.yaml
new file mode 100644
index 0000000..ecd953d
--- /dev/null
+++ b/charts/pihole/templates/configmap-whitelist.yaml
@@ -0,0 +1,16 @@
+{{ if .Values.whitelist }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-whitelist
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ whitelist.txt: |
+ {{- range .Values.whitelist }}
+ {{ . }}
+ {{- end }}
+{{ end }}
diff --git a/charts/pihole/templates/configmap.yaml b/charts/pihole/templates/configmap.yaml
new file mode 100644
index 0000000..af63f87
--- /dev/null
+++ b/charts/pihole/templates/configmap.yaml
@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ template "pihole.fullname" . }}-custom-dnsmasq
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+data:
+ 02-custom.conf: |
+ addn-hosts=/etc/addn-hosts
+ {{- range .Values.dnsmasq.upstreamServers }}
+ {{ . }}
+ {{- end }}
+ {{- range .Values.dnsmasq.customDnsEntries }}
+ {{ . }}
+ {{- end }}
+ {{- if .Values.serviceDns.loadBalancerIP }}
+ dhcp-option=6,{{ .Values.serviceDns.loadBalancerIP }}
+ {{- end }}
+ {{- range .Values.dnsmasq.customSettings }}
+ {{ . }}
+ {{- end }}
+ addn-hosts: |
+ {{- range .Values.dnsmasq.additionalHostsEntries }}
+ {{ . }}
+ {{- end }}
+ 05-pihole-custom-cname.conf: |
+ {{- range .Values.dnsmasq.customCnameEntries }}
+ {{ . }}
+ {{- end }}
diff --git a/charts/pihole/templates/deployment.yaml b/charts/pihole/templates/deployment.yaml
new file mode 100644
index 0000000..082f767
--- /dev/null
+++ b/charts/pihole/templates/deployment.yaml
@@ -0,0 +1,349 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+ name: {{ template "pihole.fullname" . }}
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+ replicas: {{ .Values.replicaCount }}
+ strategy:
+ type: {{ .Values.strategyType }}
+ {{- if eq .Values.strategyType "RollingUpdate" }}
+ rollingUpdate:
+ maxSurge: {{ .Values.maxSurge }}
+ maxUnavailable: {{ .Values.maxUnavailable }}
+ {{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+ template:
+ metadata:
+ annotations:
+ checksum.config.adlists: {{ include (print $.Template.BasePath "/configmap-adlists.yaml") . | sha256sum | trunc 63 }}
+ checksum.config.blacklist: {{ include (print $.Template.BasePath "/configmap-blacklist.yaml") . | sha256sum | trunc 63 }}
+ checksum.config.regex: {{ include (print $.Template.BasePath "/configmap-regex.yaml") . | sha256sum | trunc 63 }}
+ checksum.config.whitelist: {{ include (print $.Template.BasePath "/configmap-whitelist.yaml") . | sha256sum | trunc 63 }}
+ checksum.config.dnsmasqConfig: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
+ checksum.config.staticDhcpConfig: {{ include (print $.Template.BasePath "/configmap-static-dhcp.yaml") . | sha256sum | trunc 63 }}
+{{- with .Values.podAnnotations }}
+{{ toYaml . | indent 8 }}
+{{- end }}
+ labels:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+ spec:
+ {{- if .Values.antiaff.enabled }}
+ affinity:
+ podAntiAffinity:
+ {{- if .Values.antiaff.strict }}
+ requiredDuringSchedulingIgnoredDuringExecution:
+ - labelSelector:
+ {{- else }}
+ preferredDuringSchedulingIgnoredDuringExecution:
+ - weight: 100
+ podAffinityTerm:
+ labelSelector:
+ {{- end }}
+ matchExpressions:
+ - key: release
+ operator: In
+ values:
+ - {{ .Values.antiaff.avoidRelease }}
+ {{- if .Values.antiaff.namespaces}}
+ namespaces:
+ {{- toYaml .Values.antiaff.namespaces | nindent 14 }}
+ {{- end }}
+ topologyKey: "kubernetes.io/hostname"
+ {{- end }}
+ {{- if .Values.podDnsConfig.enabled }}
+ dnsPolicy: {{ .Values.podDnsConfig.policy }}
+ dnsConfig:
+ nameservers:
+ {{- toYaml .Values.podDnsConfig.nameservers | nindent 8 }}
+ {{- end }}
+ hostname: {{ .Values.hostname }}
+ hostNetwork: {{ .Values.hostNetwork }}
+ {{- with .Values.extraInitContainers }}
+ initContainers:
+ {{- toYaml . | nindent 8 }}
+ {{- end }}
+ containers:
+ {{- if .Values.extraContainers }}
+ {{- toYaml .Values.extraContainers | nindent 8 }}
+ {{- end }}
+ {{- if .Values.monitoring.sidecar.enabled }}
+ - name: exporter
+ image: "{{ .Values.monitoring.sidecar.image.repository }}:{{ .Values.monitoring.sidecar.image.tag }}"
+ imagePullPolicy: {{ .Values.monitoring.sidecar.image.pullPolicy }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ env:
+ - name: PIHOLE_HOSTNAME
+ valueFrom:
+ fieldRef:
+ fieldPath: status.podIP
+ - name: PIHOLE_PORT
+ value: "{{ .Values.webHttp }}"
+ - name: PIHOLE_PASSWORD
+ {{- if .Values.admin.enabled }}
+ valueFrom:
+ secretKeyRef:
+ key: {{ .Values.admin.passwordKey | default "password" }}
+ name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
+ {{- else }}
+ value: ""
+ {{- end }}
+ resources:
+{{ toYaml .Values.monitoring.sidecar.resources | indent 12 }}
+ ports:
+ - containerPort: {{ .Values.monitoring.sidecar.port }}
+ name: prometheus
+ protocol: TCP
+ {{- end }}
+ {{- if .Values.doh.enabled }}
+ - name: cloudflared
+ image: "{{ .Values.doh.repository }}:{{ .Values.doh.tag }}"
+ imagePullPolicy: {{ .Values.doh.pullPolicy }}
+ terminationMessagePath: /dev/termination-log
+ terminationMessagePolicy: File
+ resources:
+ limits:
+ memory: 128Mi
+ ports:
+ - containerPort: 5053
+ name: cloudflared-udp
+ protocol: UDP
+ - containerPort: 49312
+ name: cloudflared-met
+ protocol: TCP
+ {{- if .Values.doh.envVars }}
+ env:
+ {{- range $key, $value := .Values.doh.envVars }}
+ - name: {{ $key | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- end }}
+ {{- if .Values.doh.probes.liveness.enabled }}
+ livenessProbe:
+{{ toYaml .Values.doh.probes.liveness.probe | indent 12 }}
+ initialDelaySeconds: {{ .Values.doh.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.doh.probes.liveness.failureThreshold }}
+ timeoutSeconds: {{ .Values.doh.probes.liveness.timeoutSeconds }}
+ {{- end }}
+ {{- end }}
+ - name: {{ .Chart.Name }}
+ env:
+ - name: 'WEB_PORT'
+ value: "{{ .Values.webHttp }}"
+ - name: VIRTUAL_HOST
+ value: {{ .Values.virtualHost }}
+ - name: WEBPASSWORD
+ {{- if .Values.admin.enabled }}
+ valueFrom:
+ secretKeyRef:
+ key: {{ .Values.admin.passwordKey | default "password" }}
+ name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
+ {{- else }}
+ value: ""
+ {{- end }}
+ {{- range $key, $value := .Values.extraEnvVars }}
+ - name: {{ $key | quote }}
+ value: {{ $value | quote }}
+ {{- end }}
+ {{- range $key, $value := .Values.extraEnvVarsSecret }}
+ - name: {{ $key | quote }}
+ valueFrom:
+ secretKeyRef:
+ key: {{ $value.key | quote }}
+ name: {{ $value.name | quote }}
+ {{- end }}
+ {{- if .Values.doh.enabled }}
+ - name: 'DNS1'
+ value: "127.0.0.1#5053"
+ - name: DNS2
+ value: "127.0.0.1#5053"
+ {{- else }}
+ {{- if .Values.DNS1 }}
+ - name: 'PIHOLE_DNS_'
+ value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) | squote }}{{ else }}{{ .Values.DNS1 | squote }}{{ end }}
+ {{- end }}
+ {{- end }}
+ {{- range $key, $value := .Values.ftl }}
+ - name: 'FTLCONF_{{ $key }}'
+ value: {{ $value | quote }}
+ {{- end }}
+ image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+ imagePullPolicy: {{ .Values.image.pullPolicy }}
+ securityContext:
+ privileged: {{ .Values.privileged }}
+ {{- if .Values.capabilities }}
+ capabilities:
+ {{- toYaml .Values.capabilities | nindent 14 }}
+ {{- end }}
+ ports:
+ - containerPort: {{ .Values.webHttp }}
+ name: http
+ protocol: TCP
+ - containerPort: 53
+ name: dns
+ protocol: TCP
+ {{- if .Values.dnsHostPort.enabled }}
+ hostPort: {{ .Values.dnsHostPort.port }}
+ {{- end }}
+ - containerPort: 53
+ name: dns-udp
+ protocol: UDP
+ {{- if .Values.dnsHostPort.enabled }}
+ hostPort: {{ .Values.dnsHostPort.port }}
+ {{- end }}
+ - containerPort: {{ .Values.webHttps }}
+ name: https
+ protocol: TCP
+ - containerPort: 67
+ name: client-udp
+ protocol: UDP
+ {{- if .Values.probes.liveness.enabled }}
+ livenessProbe:
+ {{- if eq .Values.probes.liveness.type "command" }}
+ exec:
+ command: {{ .Values.probes.liveness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }}
+ {{- else }}
+ httpGet:
+ path: /admin/index.php
+ port: {{ .Values.probes.liveness.port }}
+ scheme: {{ .Values.probes.liveness.scheme }}
+ {{- end }}
+ initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
+ timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
+
+ {{- end }}
+ {{- if .Values.probes.readiness.enabled }}
+ readinessProbe:
+ httpGet:
+ path: /admin/index.php
+ port: {{ .Values.probes.readiness.port }}
+ scheme: {{ .Values.probes.readiness.scheme }}
+ initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
+ failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
+ timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
+ {{- end }}
+ volumeMounts:
+ - mountPath: /etc/pihole
+ name: config
+ {{- if .Values.persistentVolumeClaim.subPath }}
+ subPath: {{ .Values.persistentVolumeClaim.subPath }}
+ {{- end }}
+ - mountPath: /etc/dnsmasq.d/02-custom.conf
+ name: custom-dnsmasq
+ subPath: 02-custom.conf
+ - mountPath: /etc/addn-hosts
+ name: custom-dnsmasq
+ subPath: addn-hosts
+ {{- if .Values.dnsmasq.customCnameEntries }}
+ - mountPath: /etc/dnsmasq.d/05-pihole-custom-cname.conf
+ name: custom-dnsmasq
+ subPath: 05-pihole-custom-cname.conf
+ {{- end }}
+ {{- if .Values.adlists }}
+ - mountPath: /etc/pihole/adlists.list
+ name: adlists
+ subPath: adlists.list
+ {{- end }}
+ {{- if .Values.blacklist }}
+ - mountPath: /etc/pihole/blacklist.txt
+ name: blacklist
+ subPath: blacklist.txt
+ {{- end }}
+ {{- if .Values.regex }}
+ - mountPath: /etc/pihole/regex.list
+ name: regex
+ subPath: regex.list
+ {{- end }}
+ {{- if .Values.whitelist }}
+ - mountPath: /etc/pihole/whitelist.txt
+ name: whitelist
+ subPath: whitelist.txt
+ {{- end }}
+ {{- if .Values.dnsmasq.staticDhcpEntries }}
+ - mountPath: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
+ name: static-dhcp
+ subPath: pihole-static-dhcp.conf
+ {{- end }}
+ {{- range $key, $value := .Values.extraVolumeMounts }}
+ - name: {{ $key }}
+{{- toYaml $value | nindent 12 }}
+ {{- end }}
+ resources:
+{{ toYaml .Values.resources | indent 12 }}
+ {{- with .Values.nodeSelector }}
+ nodeSelector:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.affinity }}
+ affinity:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- with .Values.tolerations }}
+ tolerations:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ {{- if .Values.priorityClassName }}
+ priorityClassName: "{{ .Values.priorityClassName }}"
+ {{- end }}
+ {{- with .Values.topologySpreadConstraints }}
+ topologySpreadConstraints:
+{{ toYaml . | indent 8 }}
+ {{- end }}
+ volumes:
+ - name: config
+ {{- if .Values.persistentVolumeClaim.enabled }}
+ persistentVolumeClaim:
+ claimName: {{ if .Values.persistentVolumeClaim.existingClaim }}{{ .Values.persistentVolumeClaim.existingClaim }}{{- else }}{{ template "pihole.fullname" . }}{{- end }}
+ {{- else if .Values.customVolumes.enabled }}
+{{- toYaml .Values.customVolumes.config | nindent 8 }}
+ {{- else }}
+ emptyDir: {}
+ {{- end }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-custom-dnsmasq
+ name: custom-dnsmasq
+ {{- if .Values.adlists }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-adlists
+ name: adlists
+ {{- end }}
+ {{- if .Values.whitelist }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-whitelist
+ name: whitelist
+ {{- end }}
+ {{- if .Values.dnsmasq.staticDhcpEntries }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-static-dhcp
+ name: static-dhcp
+ {{- end }}
+ {{- if .Values.blacklist }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-blacklist
+ name: blacklist
+ {{- end }}
+ {{- if .Values.regex }}
+ - configMap:
+ defaultMode: 420
+ name: {{ template "pihole.fullname" . }}-regex
+ name: regex
+ {{- end }}
+ {{- range $key, $value := .Values.extraVolumes }}
+ - name: {{ $key }}
+{{- toYaml $value | nindent 8 }}
+ {{- end }}
diff --git a/charts/pihole/templates/extra-manifests.yaml b/charts/pihole/templates/extra-manifests.yaml
new file mode 100644
index 0000000..a9bb3b6
--- /dev/null
+++ b/charts/pihole/templates/extra-manifests.yaml
@@ -0,0 +1,4 @@
+{{ range .Values.extraObjects }}
+---
+{{ tpl (toYaml .) $ }}
+{{ end }}
diff --git a/charts/pihole/templates/ingress.yaml b/charts/pihole/templates/ingress.yaml
new file mode 100644
index 0000000..fb5a081
--- /dev/null
+++ b/charts/pihole/templates/ingress.yaml
@@ -0,0 +1,38 @@
+{{- if .Values.ingress.enabled -}}
+{{- $serviceName := printf "%s-%s" (include "pihole.fullname" .) "web" -}}
+{{- $ingressPath := .Values.ingress.path -}}
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+ name: {{ template "pihole.fullname" . }}
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- with .Values.ingress.annotations }}
+ annotations:
+ {{- toYaml . | nindent 4 }}
+ {{- end }}
+spec:
+{{- if .Values.ingress.ingressClassName }}
+ ingressClassName: {{ .Values.ingress.ingressClassName }}
+{{- end }}
+{{- if .Values.ingress.tls }}
+ tls:
+{{ toYaml .Values.ingress.tls | indent 4 }}
+{{- end }}
+ rules:
+ {{- range .Values.ingress.hosts }}
+ - host: {{ . | quote }}
+ http:
+ paths:
+ - path: {{ $ingressPath }}
+ pathType: ImplementationSpecific
+ backend:
+ service:
+ name: {{ $serviceName }}
+ port:
+ name: http
+ {{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/oauth2-proxy-config.yaml b/charts/pihole/templates/oauth2-proxy-config.yaml
deleted file mode 100644
index 5aebbb0..0000000
--- a/charts/pihole/templates/oauth2-proxy-config.yaml
+++ /dev/null
@@ -1,58 +0,0 @@
-apiVersion: dodo.cloud.dodo.cloud/v1
-kind: ResourceRenderer
-metadata:
- name: config-renderer
- namespace: {{ .Release.Namespace }}
-spec:
- secretName: {{ .Values.oauth2.secretName }}
- resourceTemplate: |
- apiVersion: v1
- kind: ConfigMap
- metadata:
- name: {{ .Values.configName }}
- namespace: {{ .Release.Namespace }}
- data:
- oauth2-proxy.cfg: |
- http_address = "0.0.0.0:8080"
-
- reverse_proxy = true
-
- ## the OAuth Redirect URL.
- # defaults to the "https://" + requested host header + "/oauth2/callback"
- # redirect_url = "http://pihole.pcloud/oauth2/callback"
-
- upstreams = [
- "http://pihole-web.{{ .Release.Namespace}}.svc"
- ]
-
- email_domains = [
- "*"
- ]
-
- standard_logging = false
- request_logging = false
- auth_logging = false
-
- pass_basic_auth = true
- pass_user_headers = true
- pass_host_header = true
-
- ## The OAuth Client ID, Secret
- client_id = "{{`{{ .client_id }}`}}"
- client_secret = "{{`{{ .client_secret }}`}}"
-
- ## Pass OAuth Access token to upstream via "X-Forwarded-Access-Token"
- pass_access_token = false
-
- cookie_name = "_oauth2_proxy_pihole"
- cookie_secret = "{{ .Values.oauth2.cookieSecret }}"
- cookie_domains = "{{ .Values.domain }}"
- cookie_expire = "168h"
- cookie_refresh = "100h"
- cookie_secure = true
- cookie_httponly = true
-
- provider = "oidc"
- oidc_issuer_url = "{{ .Values.oauth2.issuer }}"
- provider_display_name = "PCloud"
- profile_url = "{{ .Values.profileUrl }}"
diff --git a/charts/pihole/templates/oauth2-proxy.yaml b/charts/pihole/templates/oauth2-proxy.yaml
deleted file mode 100644
index 2d62f7b..0000000
--- a/charts/pihole/templates/oauth2-proxy.yaml
+++ /dev/null
@@ -1,84 +0,0 @@
----
-apiVersion: v1
-kind: Service
-metadata:
- name: pihole-oauth2-proxy
- namespace: {{ .Release.Namespace }}
-spec:
- type: ClusterIP
- selector:
- app: pihole-oauth2-proxy
- ports:
- - name: http
- port: 80
- targetPort: http
- protocol: TCP
----
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: ingress
- namespace: {{ .Release.Namespace }}
-spec:
- ingressClassName: {{ .Values.ingressClassName }}
- tls:
- - hosts:
- - {{ .Values.domain }}
- rules:
- - host: {{ .Values.domain }}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: pihole-oauth2-proxy
- port:
- name: http
----
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: pihole-oauth2-proxy
- namespace: {{ .Release.Namespace }}
-spec:
- selector:
- matchLabels:
- app: pihole-oauth2-proxy
- replicas: 1
- template:
- metadata:
- labels:
- app: pihole-oauth2-proxy
- spec:
- volumes:
- - name: config
- configMap:
- name: {{ .Values.configName }}
- containers:
- - name: pihole-oauth2-proxy
- image: quay.io/oauth2-proxy/oauth2-proxy:v7.2.0
- imagePullPolicy: Always
- ports:
- - name: http
- containerPort: 8080
- protocol: TCP
- command:
- - oauth2-proxy
- - --config=/etc/oauth2-proxy/oauth2-proxy.cfg
- volumeMounts:
- - name: config
- mountPath: /etc/oauth2-proxy
- readOnly: true
- resources:
- requests:
- memory: "10Mi"
- cpu: "10m"
- limits:
- memory: "20Mi"
- cpu: "100m"
- tolerations:
- - key: "pcloud"
- operator: "Equal"
- value: "role"
- effect: "NoSchedule"
diff --git a/charts/pihole/templates/pdb.yaml b/charts/pihole/templates/pdb.yaml
new file mode 100644
index 0000000..5103178
--- /dev/null
+++ b/charts/pihole/templates/pdb.yaml
@@ -0,0 +1,21 @@
+{{- if .Values.podDisruptionBudget.enabled -}}
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+ name: {{ template "pihole.fullname" . }}-pdb
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+spec:
+{{- if .Values.podDisruptionBudget.minAvailable }}
+ minAvailable: {{ .Values.podDisruptionBudget.minAvailable }}
+{{- end }}
+{{- if .Values.podDisruptionBudget.maxUnavailable }}
+ maxUnavailable: {{ .Values.podDisruptionBudget.maxUnavailable }}
+{{- end }}
+ selector:
+ matchLabels:
+ app: {{ template "pihole.name" . }}
+{{- end }}
diff --git a/charts/pihole/templates/podmonitor.yaml b/charts/pihole/templates/podmonitor.yaml
new file mode 100644
index 0000000..bb3be7d
--- /dev/null
+++ b/charts/pihole/templates/podmonitor.yaml
@@ -0,0 +1,43 @@
+{{- if .Values.monitoring.podMonitor.enabled }}
+apiVersion: monitoring.coreos.com/v1
+kind: PodMonitor
+metadata:
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+ {{- with .Values.monitoring.podMonitor.labels }}
+ {{- . | toYaml | nindent 4 }}
+ {{- end }}
+ name: {{ template "pihole.fullname" . }}-prometheus-exporter
+{{- if .Values.monitoring.podMonitor.namespace }}
+ namespace: {{ .Values.monitoring.podMonitor.namespace }}
+{{- end }}
+spec:
+ podMetricsEndpoints:
+ - port: prometheus
+ path: /metrics
+{{- if .Values.monitoring.podMonitor.interval }}
+ interval: {{ .Values.monitoring.podMonitor.interval }}
+{{- end }}
+{{- if .Values.monitoring.podMonitor.bearerTokenFile }}
+ bearerTokenFile: {{ .Values.monitoring.podMonitor.bearerTokenFile }}
+{{- end }}
+{{- if .Values.monitoring.podMonitor.bearerTokenSecret }}
+ bearerTokenSecret:
+ name: {{ .Values.monitoring.podMonitor.bearerTokenSecret.name }}
+ key: {{ .Values.monitoring.podMonitor.bearerTokenSecret.key }}
+ {{- if .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
+ optional: {{ .Values.monitoring.podMonitor.bearerTokenSecret.optional }}
+ {{- end }}
+{{- end }}
+ jobLabel: {{ template "pihole.fullname" . }}-prometheus-exporter
+ namespaceSelector:
+ matchNames:
+ - {{ .Release.Namespace }}
+ selector:
+ matchLabels:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/pihole/templates/secret.yaml b/charts/pihole/templates/secret.yaml
new file mode 100644
index 0000000..e603cbb
--- /dev/null
+++ b/charts/pihole/templates/secret.yaml
@@ -0,0 +1,18 @@
+{{- if and .Values.admin.enabled (not .Values.admin.existingSecret) }}
+apiVersion: v1
+kind: Secret
+metadata:
+ name: {{ template "pihole.password-secret" . }}
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+type: Opaque
+data:
+ {{- if .Values.adminPassword }}
+ password: {{ .Values.adminPassword | b64enc | quote }}
+ {{- else }}
+ password: {{ randAlphaNum 40 | b64enc | quote }}
+ {{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/service-dhcp.yaml b/charts/pihole/templates/service-dhcp.yaml
new file mode 100644
index 0000000..3df2ad9
--- /dev/null
+++ b/charts/pihole/templates/service-dhcp.yaml
@@ -0,0 +1,75 @@
+{{- if .Values.serviceDhcp.enabled }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dhcp
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDhcp.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDhcp.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDhcp.type }}
+ {{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDhcp.type "LoadBalancer")) }}
+ ipFamilies:
+ - IPv4
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ {{- end }}
+ {{- if .Values.serviceDhcp.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIP }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDhcp.port }}
+ targetPort: client-udp
+ {{- if and (.Values.serviceDhcp.nodePort) (eq .Values.serviceDhcp.type "NodePort") }}
+ nodePort: {{ .Values.serviceDhcp.nodePort }}
+ {{- end }}
+ protocol: UDP
+ name: client-udp
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+---
+{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDhcp.type "LoadBalancer") -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dhcp-ivp6
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDhcp.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDhcp.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDhcp.type }}
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ {{- if .Values.serviceDhcp.loadBalancerIPv6 }}
+ loadBalancerIP: {{ .Values.serviceDhcp.loadBalancerIPv6 }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDhcp.type "NodePort") (eq .Values.serviceDhcp.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDhcp.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: 67
+ targetPort: client-udp
+ protocol: UDP
+ name: client-udp
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/service-dns-tcp.yaml b/charts/pihole/templates/service-dns-tcp.yaml
new file mode 100644
index 0000000..9206260
--- /dev/null
+++ b/charts/pihole/templates/service-dns-tcp.yaml
@@ -0,0 +1,87 @@
+{{- if not .Values.serviceDns.mixedService }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns-tcp
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ {{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDns.type "LoadBalancer")) }}
+ ipFamilies:
+ - IPv4
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ {{- end }}
+ {{- if .Values.serviceDns.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns
+ {{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
+ nodePort: {{ .Values.serviceDns.nodePort }}
+ {{- end }}
+ protocol: TCP
+ name: dns
+ {{- if .Values.monitoring.sidecar.enabled }}
+ - port: {{ .Values.monitoring.sidecar.port }}
+ targetPort: prometheus
+ protocol: TCP
+ name: prometheus
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+---
+{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns-tcp-ipv6
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ {{- if .Values.serviceDns.loadBalancerIPv6 }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns
+ protocol: TCP
+ name: dns
+ {{- if .Values.monitoring.sidecar.enabled }}
+ - port: {{ .Values.monitoring.sidecar.port }}
+ targetPort: prometheus
+ protocol: TCP
+ name: prometheus
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/service-dns-udp.yaml b/charts/pihole/templates/service-dns-udp.yaml
new file mode 100644
index 0000000..34835d4
--- /dev/null
+++ b/charts/pihole/templates/service-dns-udp.yaml
@@ -0,0 +1,75 @@
+{{- if not .Values.serviceDns.mixedService }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns-udp
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ {{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceDns.type "LoadBalancer")) }}
+ ipFamilies:
+ - IPv4
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ {{- end }}
+ {{- if .Values.serviceDns.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns-udp
+ {{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
+ nodePort: {{ .Values.serviceDns.nodePort }}
+ {{- end }}
+ protocol: UDP
+ name: dns-udp
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+---
+{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns-udp-ipv6
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ {{- if .Values.serviceDns.loadBalancerIPv6 }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns-udp
+ protocol: UDP
+ name: dns-udp
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/service-dns.yaml b/charts/pihole/templates/service-dns.yaml
new file mode 100644
index 0000000..0772138
--- /dev/null
+++ b/charts/pihole/templates/service-dns.yaml
@@ -0,0 +1,92 @@
+{{- if .Values.serviceDns.mixedService }}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ {{- if .Values.serviceDns.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIP }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns
+ {{- if .Values.serviceDns.nodePort }}
+ nodePort: {{ .Values.serviceDns.nodePort }}
+ {{- end }}
+ protocol: TCP
+ name: dns
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns-udp
+ {{- if and (.Values.serviceDns.nodePort) (eq .Values.serviceDns.type "NodePort") }}
+ nodePort: {{ .Values.serviceDns.nodePort }}
+ {{- end }}
+ protocol: UDP
+ name: dns-udp
+ {{- if .Values.monitoring.sidecar.enabled }}
+ - port: {{ .Values.monitoring.sidecar.port }}
+ targetPort: prometheus
+ protocol: TCP
+ name: prometheus
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+---
+{{- if and (.Values.dualStack.enabled) (eq .Values.serviceDns.type "LoadBalancer") -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-dns-ipv6
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceDns.annotations }}
+ annotations:
+{{ toYaml .Values.serviceDns.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceDns.type }}
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ {{- if .Values.serviceDns.loadBalancerIPv6 }}
+ loadBalancerIP: {{ .Values.serviceDns.loadBalancerIPv6 }}
+ {{- end }}
+ {{- if or (eq .Values.serviceDns.type "NodePort") (eq .Values.serviceDns.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceDns.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns
+ protocol: TCP
+ name: dns
+ - port: {{ .Values.serviceDns.port }}
+ targetPort: dns-udp
+ protocol: UDP
+ name: dns-udp
+ {{- if .Values.monitoring.sidecar.enabled }}
+ - port: {{ .Values.monitoring.sidecar.port }}
+ targetPort: prometheus
+ protocol: TCP
+ name: prometheus
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/service-web.yaml b/charts/pihole/templates/service-web.yaml
new file mode 100644
index 0000000..ace4603
--- /dev/null
+++ b/charts/pihole/templates/service-web.yaml
@@ -0,0 +1,102 @@
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-web
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceWeb.annotations }}
+ annotations:
+{{ toYaml .Values.serviceWeb.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceWeb.type }}
+ {{- if and (.Values.dualStack.enabled) (not (eq .Values.serviceWeb.type "LoadBalancer")) }}
+ ipFamilies:
+ - IPv4
+ - IPv6
+ ipFamilyPolicy: PreferDualStack
+ {{- end }}
+ {{- if .Values.serviceWeb.loadBalancerIP }}
+ loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIP }}
+ {{- end }}
+ {{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ {{- if .Values.serviceWeb.http.enabled }}
+ - port: {{ .Values.serviceWeb.http.port }}
+ targetPort: http
+ {{- if and (.Values.serviceWeb.http.nodePort) (eq .Values.serviceWeb.type "NodePort") }}
+ nodePort: {{ .Values.serviceWeb.http.nodePort }}
+ {{- end }}
+ protocol: TCP
+ name: http
+ {{- end }}
+ {{- if .Values.serviceWeb.https.enabled }}
+ - port: {{ .Values.serviceWeb.https.port }}
+ targetPort: https
+ {{- if and (.Values.serviceWeb.https.nodePort) (eq .Values.serviceWeb.type "NodePort") }}
+ nodePort: {{ .Values.serviceWeb.https.nodePort }}
+ {{- end }}
+ protocol: TCP
+ name: https
+ {{- end }}
+ {{- if .Values.doh.enabled }}
+ - port: 49312
+ protocol: TCP
+ name: cloudflared-met
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+---
+{{- if and (.Values.dualStack.enabled) (eq .Values.serviceWeb.type "LoadBalancer") -}}
+apiVersion: v1
+kind: Service
+metadata:
+ name: {{ template "pihole.fullname" . }}-web-ipv6
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ template "pihole.chart" . }}
+ release: {{ .Release.Name }}
+ heritage: {{ .Release.Service }}
+{{- if .Values.serviceWeb.annotations }}
+ annotations:
+{{ toYaml .Values.serviceWeb.annotations | indent 4 }}
+{{- end }}
+spec:
+ type: {{ .Values.serviceWeb.type }}
+ ipFamilies:
+ - IPv6
+ ipFamilyPolicy: SingleStack
+ {{- if .Values.serviceWeb.loadBalancerIPv6 }}
+ loadBalancerIP: {{ .Values.serviceWeb.loadBalancerIPv6 }}
+ {{- end }}
+ {{- if or (eq .Values.serviceWeb.type "NodePort") (eq .Values.serviceWeb.type "LoadBalancer") }}
+ externalTrafficPolicy: {{ .Values.serviceWeb.externalTrafficPolicy }}
+ {{- end }}
+ ports:
+ {{- if .Values.serviceWeb.http.enabled }}
+ - port: {{ .Values.serviceWeb.http.port }}
+ targetPort: http
+ protocol: TCP
+ name: http
+ {{- end }}
+ {{- if .Values.serviceWeb.https.enabled }}
+ - port: {{ .Values.serviceWeb.https.port }}
+ targetPort: https
+ protocol: TCP
+ name: https
+ {{- end }}
+ {{- if .Values.doh.enabled }}
+ - port: 49312
+ protocol: TCP
+ name: cloudflared-met
+ {{- end }}
+ selector:
+ app: {{ template "pihole.name" . }}
+ release: {{ .Release.Name }}
+{{- end }}
diff --git a/charts/pihole/templates/tests/test-pihole-endpoint.yml b/charts/pihole/templates/tests/test-pihole-endpoint.yml
new file mode 100644
index 0000000..dd50c04
--- /dev/null
+++ b/charts/pihole/templates/tests/test-pihole-endpoint.yml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Pod
+metadata:
+ name: "{{ .Release.Name }}-smoke-test"
+ annotations:
+ "helm.sh/hook": test
+spec:
+ containers:
+ - name: hook1-container
+ image: curlimages/curl
+ imagePullPolicy: IfNotPresent
+ command: ['sh', '-c', 'curl http://{{ template "pihole.fullname" . }}-web:80/']
+ restartPolicy: Never
+ terminationGracePeriodSeconds: 0
diff --git a/charts/pihole/templates/volume-claim.yaml b/charts/pihole/templates/volume-claim.yaml
new file mode 100644
index 0000000..3b140be
--- /dev/null
+++ b/charts/pihole/templates/volume-claim.yaml
@@ -0,0 +1,31 @@
+{{- if .Values.persistentVolumeClaim.enabled -}}
+{{- if not .Values.persistentVolumeClaim.existingClaim -}}
+apiVersion: "v1"
+kind: "PersistentVolumeClaim"
+metadata:
+{{- if .Values.persistentVolumeClaim.annotations }}
+ annotations:
+{{ toYaml .Values.persistentVolumeClaim.annotations | indent 4 }}
+{{- end }}
+ labels:
+ app: {{ template "pihole.name" . }}
+ chart: {{ .Chart.Name }}-{{ .Chart.Version }}
+ component: "{{ .Values.persistentVolumeClaim.name }}"
+ heritage: {{ .Release.Service }}
+ release: {{ .Release.Name }}
+ name: {{ template "pihole.fullname" . }}
+spec:
+ accessModes:
+{{ toYaml .Values.persistentVolumeClaim.accessModes | indent 4 }}
+{{- if .Values.persistentVolumeClaim.storageClass }}
+{{- if (eq "-" .Values.persistentVolumeClaim.storageClass) }}
+ storageClassName: ""
+{{- else }}
+ storageClassName: "{{ .Values.persistentVolumeClaim.storageClass }}"
+{{- end }}
+{{- end }}
+ resources:
+ requests:
+ storage: "{{ .Values.persistentVolumeClaim.size }}"
+{{- end -}}
+{{- end -}}
\ No newline at end of file