Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0ba5e4081640155aa4a356fa279c6d6bb9e55d90 / . / charts / pihole / templates / deployment.yaml
blob: 082f7678dc3d1f7a6a067079d32ca2fa19ac0fc1 [file] [log] [blame]
Giorgi Lekveishvili0ba5e402024-03-20 15:56:30 +0400[diff] [blame^]1apiVersion: apps/v1
2kind: Deployment
3metadata:
4 name: {{ template "pihole.fullname" . }}
5 labels:
6 app: {{ template "pihole.name" . }}
7 chart: {{ template "pihole.chart" . }}
8 release: {{ .Release.Name }}
9 heritage: {{ .Release.Service }}
10spec:
11 replicas: {{ .Values.replicaCount }}
12 strategy:
13 type: {{ .Values.strategyType }}
14 {{- if eq .Values.strategyType "RollingUpdate" }}
15 rollingUpdate:
16 maxSurge: {{ .Values.maxSurge }}
17 maxUnavailable: {{ .Values.maxUnavailable }}
18 {{- end }}
19 selector:
20 matchLabels:
21 app: {{ template "pihole.name" . }}
22 release: {{ .Release.Name }}
23 template:
24 metadata:
25 annotations:
26 checksum.config.adlists: {{ include (print $.Template.BasePath "/configmap-adlists.yaml") . | sha256sum | trunc 63 }}
27 checksum.config.blacklist: {{ include (print $.Template.BasePath "/configmap-blacklist.yaml") . | sha256sum | trunc 63 }}
28 checksum.config.regex: {{ include (print $.Template.BasePath "/configmap-regex.yaml") . | sha256sum | trunc 63 }}
29 checksum.config.whitelist: {{ include (print $.Template.BasePath "/configmap-whitelist.yaml") . | sha256sum | trunc 63 }}
30 checksum.config.dnsmasqConfig: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum | trunc 63 }}
31 checksum.config.staticDhcpConfig: {{ include (print $.Template.BasePath "/configmap-static-dhcp.yaml") . | sha256sum | trunc 63 }}
32{{- with .Values.podAnnotations }}
33{{ toYaml . | indent 8 }}
34{{- end }}
35 labels:
36 app: {{ template "pihole.name" . }}
37 release: {{ .Release.Name }}
38 spec:
39 {{- if .Values.antiaff.enabled }}
40 affinity:
41 podAntiAffinity:
42 {{- if .Values.antiaff.strict }}
43 requiredDuringSchedulingIgnoredDuringExecution:
44 - labelSelector:
45 {{- else }}
46 preferredDuringSchedulingIgnoredDuringExecution:
47 - weight: 100
48 podAffinityTerm:
49 labelSelector:
50 {{- end }}
51 matchExpressions:
52 - key: release
53 operator: In
54 values:
55 - {{ .Values.antiaff.avoidRelease }}
56 {{- if .Values.antiaff.namespaces}}
57 namespaces:
58 {{- toYaml .Values.antiaff.namespaces | nindent 14 }}
59 {{- end }}
60 topologyKey: "kubernetes.io/hostname"
61 {{- end }}
62 {{- if .Values.podDnsConfig.enabled }}
63 dnsPolicy: {{ .Values.podDnsConfig.policy }}
64 dnsConfig:
65 nameservers:
66 {{- toYaml .Values.podDnsConfig.nameservers | nindent 8 }}
67 {{- end }}
68 hostname: {{ .Values.hostname }}
69 hostNetwork: {{ .Values.hostNetwork }}
70 {{- with .Values.extraInitContainers }}
71 initContainers:
72 {{- toYaml . | nindent 8 }}
73 {{- end }}
74 containers:
75 {{- if .Values.extraContainers }}
76 {{- toYaml .Values.extraContainers | nindent 8 }}
77 {{- end }}
78 {{- if .Values.monitoring.sidecar.enabled }}
79 - name: exporter
80 image: "{{ .Values.monitoring.sidecar.image.repository }}:{{ .Values.monitoring.sidecar.image.tag }}"
81 imagePullPolicy: {{ .Values.monitoring.sidecar.image.pullPolicy }}
82 terminationMessagePath: /dev/termination-log
83 terminationMessagePolicy: File
84 env:
85 - name: PIHOLE_HOSTNAME
86 valueFrom:
87 fieldRef:
88 fieldPath: status.podIP
89 - name: PIHOLE_PORT
90 value: "{{ .Values.webHttp }}"
91 - name: PIHOLE_PASSWORD
92 {{- if .Values.admin.enabled }}
93 valueFrom:
94 secretKeyRef:
95 key: {{ .Values.admin.passwordKey | default "password" }}
96 name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
97 {{- else }}
98 value: ""
99 {{- end }}
100 resources:
101{{ toYaml .Values.monitoring.sidecar.resources | indent 12 }}
102 ports:
103 - containerPort: {{ .Values.monitoring.sidecar.port }}
104 name: prometheus
105 protocol: TCP
106 {{- end }}
107 {{- if .Values.doh.enabled }}
108 - name: cloudflared
109 image: "{{ .Values.doh.repository }}:{{ .Values.doh.tag }}"
110 imagePullPolicy: {{ .Values.doh.pullPolicy }}
111 terminationMessagePath: /dev/termination-log
112 terminationMessagePolicy: File
113 resources:
114 limits:
115 memory: 128Mi
116 ports:
117 - containerPort: 5053
118 name: cloudflared-udp
119 protocol: UDP
120 - containerPort: 49312
121 name: cloudflared-met
122 protocol: TCP
123 {{- if .Values.doh.envVars }}
124 env:
125 {{- range $key, $value := .Values.doh.envVars }}
126 - name: {{ $key | quote }}
127 value: {{ $value | quote }}
128 {{- end }}
129 {{- end }}
130 {{- if .Values.doh.probes.liveness.enabled }}
131 livenessProbe:
132{{ toYaml .Values.doh.probes.liveness.probe | indent 12 }}
133 initialDelaySeconds: {{ .Values.doh.probes.liveness.initialDelaySeconds }}
134 failureThreshold: {{ .Values.doh.probes.liveness.failureThreshold }}
135 timeoutSeconds: {{ .Values.doh.probes.liveness.timeoutSeconds }}
136 {{- end }}
137 {{- end }}
138 - name: {{ .Chart.Name }}
139 env:
140 - name: 'WEB_PORT'
141 value: "{{ .Values.webHttp }}"
142 - name: VIRTUAL_HOST
143 value: {{ .Values.virtualHost }}
144 - name: WEBPASSWORD
145 {{- if .Values.admin.enabled }}
146 valueFrom:
147 secretKeyRef:
148 key: {{ .Values.admin.passwordKey | default "password" }}
149 name: {{ .Values.admin.existingSecret | default (include "pihole.password-secret" .) }}
150 {{- else }}
151 value: ""
152 {{- end }}
153 {{- range $key, $value := .Values.extraEnvVars }}
154 - name: {{ $key | quote }}
155 value: {{ $value | quote }}
156 {{- end }}
157 {{- range $key, $value := .Values.extraEnvVarsSecret }}
158 - name: {{ $key | quote }}
159 valueFrom:
160 secretKeyRef:
161 key: {{ $value.key | quote }}
162 name: {{ $value.name | quote }}
163 {{- end }}
164 {{- if .Values.doh.enabled }}
165 - name: 'DNS1'
166 value: "127.0.0.1#5053"
167 - name: DNS2
168 value: "127.0.0.1#5053"
169 {{- else }}
170 {{- if .Values.DNS1 }}
171 - name: 'PIHOLE_DNS_'
172 value: {{ if .Values.DNS2 }}{{ ( printf "%v;%v" .Values.DNS1 .Values.DNS2 ) | squote }}{{ else }}{{ .Values.DNS1 | squote }}{{ end }}
173 {{- end }}
174 {{- end }}
175 {{- range $key, $value := .Values.ftl }}
176 - name: 'FTLCONF_{{ $key }}'
177 value: {{ $value | quote }}
178 {{- end }}
179 image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
180 imagePullPolicy: {{ .Values.image.pullPolicy }}
181 securityContext:
182 privileged: {{ .Values.privileged }}
183 {{- if .Values.capabilities }}
184 capabilities:
185 {{- toYaml .Values.capabilities | nindent 14 }}
186 {{- end }}
187 ports:
188 - containerPort: {{ .Values.webHttp }}
189 name: http
190 protocol: TCP
191 - containerPort: 53
192 name: dns
193 protocol: TCP
194 {{- if .Values.dnsHostPort.enabled }}
195 hostPort: {{ .Values.dnsHostPort.port }}
196 {{- end }}
197 - containerPort: 53
198 name: dns-udp
199 protocol: UDP
200 {{- if .Values.dnsHostPort.enabled }}
201 hostPort: {{ .Values.dnsHostPort.port }}
202 {{- end }}
203 - containerPort: {{ .Values.webHttps }}
204 name: https
205 protocol: TCP
206 - containerPort: 67
207 name: client-udp
208 protocol: UDP
209 {{- if .Values.probes.liveness.enabled }}
210 livenessProbe:
211 {{- if eq .Values.probes.liveness.type "command" }}
212 exec:
213 command: {{ .Values.probes.liveness.command | required "An array of command(s) is required if 'type' is set to 'command'." | toYaml | nindent 16 }}
214 {{- else }}
215 httpGet:
216 path: /admin/index.php
217 port: {{ .Values.probes.liveness.port }}
218 scheme: {{ .Values.probes.liveness.scheme }}
219 {{- end }}
220 initialDelaySeconds: {{ .Values.probes.liveness.initialDelaySeconds }}
221 failureThreshold: {{ .Values.probes.liveness.failureThreshold }}
222 timeoutSeconds: {{ .Values.probes.liveness.timeoutSeconds }}
223
224 {{- end }}
225 {{- if .Values.probes.readiness.enabled }}
226 readinessProbe:
227 httpGet:
228 path: /admin/index.php
229 port: {{ .Values.probes.readiness.port }}
230 scheme: {{ .Values.probes.readiness.scheme }}
231 initialDelaySeconds: {{ .Values.probes.readiness.initialDelaySeconds }}
232 failureThreshold: {{ .Values.probes.readiness.failureThreshold }}
233 timeoutSeconds: {{ .Values.probes.readiness.timeoutSeconds }}
234 {{- end }}
235 volumeMounts:
236 - mountPath: /etc/pihole
237 name: config
238 {{- if .Values.persistentVolumeClaim.subPath }}
239 subPath: {{ .Values.persistentVolumeClaim.subPath }}
240 {{- end }}
241 - mountPath: /etc/dnsmasq.d/02-custom.conf
242 name: custom-dnsmasq
243 subPath: 02-custom.conf
244 - mountPath: /etc/addn-hosts
245 name: custom-dnsmasq
246 subPath: addn-hosts
247 {{- if .Values.dnsmasq.customCnameEntries }}
248 - mountPath: /etc/dnsmasq.d/05-pihole-custom-cname.conf
249 name: custom-dnsmasq
250 subPath: 05-pihole-custom-cname.conf
251 {{- end }}
252 {{- if .Values.adlists }}
253 - mountPath: /etc/pihole/adlists.list
254 name: adlists
255 subPath: adlists.list
256 {{- end }}
257 {{- if .Values.blacklist }}
258 - mountPath: /etc/pihole/blacklist.txt
259 name: blacklist
260 subPath: blacklist.txt
261 {{- end }}
262 {{- if .Values.regex }}
263 - mountPath: /etc/pihole/regex.list
264 name: regex
265 subPath: regex.list
266 {{- end }}
267 {{- if .Values.whitelist }}
268 - mountPath: /etc/pihole/whitelist.txt
269 name: whitelist
270 subPath: whitelist.txt
271 {{- end }}
272 {{- if .Values.dnsmasq.staticDhcpEntries }}
273 - mountPath: /etc/dnsmasq.d/04-pihole-static-dhcp.conf
274 name: static-dhcp
275 subPath: pihole-static-dhcp.conf
276 {{- end }}
277 {{- range $key, $value := .Values.extraVolumeMounts }}
278 - name: {{ $key }}
279{{- toYaml $value | nindent 12 }}
280 {{- end }}
281 resources:
282{{ toYaml .Values.resources | indent 12 }}
283 {{- with .Values.nodeSelector }}
284 nodeSelector:
285{{ toYaml . | indent 8 }}
286 {{- end }}
287 {{- with .Values.affinity }}
288 affinity:
289{{ toYaml . | indent 8 }}
290 {{- end }}
291 {{- with .Values.tolerations }}
292 tolerations:
293{{ toYaml . | indent 8 }}
294 {{- end }}
295 {{- if .Values.priorityClassName }}
296 priorityClassName: "{{ .Values.priorityClassName }}"
297 {{- end }}
298 {{- with .Values.topologySpreadConstraints }}
299 topologySpreadConstraints:
300{{ toYaml . | indent 8 }}
301 {{- end }}
302 volumes:
303 - name: config
304 {{- if .Values.persistentVolumeClaim.enabled }}
305 persistentVolumeClaim:
306 claimName: {{ if .Values.persistentVolumeClaim.existingClaim }}{{ .Values.persistentVolumeClaim.existingClaim }}{{- else }}{{ template "pihole.fullname" . }}{{- end }}
307 {{- else if .Values.customVolumes.enabled }}
308{{- toYaml .Values.customVolumes.config | nindent 8 }}
309 {{- else }}
310 emptyDir: {}
311 {{- end }}
312 - configMap:
313 defaultMode: 420
314 name: {{ template "pihole.fullname" . }}-custom-dnsmasq
315 name: custom-dnsmasq
316 {{- if .Values.adlists }}
317 - configMap:
318 defaultMode: 420
319 name: {{ template "pihole.fullname" . }}-adlists
320 name: adlists
321 {{- end }}
322 {{- if .Values.whitelist }}
323 - configMap:
324 defaultMode: 420
325 name: {{ template "pihole.fullname" . }}-whitelist
326 name: whitelist
327 {{- end }}
328 {{- if .Values.dnsmasq.staticDhcpEntries }}
329 - configMap:
330 defaultMode: 420
331 name: {{ template "pihole.fullname" . }}-static-dhcp
332 name: static-dhcp
333 {{- end }}
334 {{- if .Values.blacklist }}
335 - configMap:
336 defaultMode: 420
337 name: {{ template "pihole.fullname" . }}-blacklist
338 name: blacklist
339 {{- end }}
340 {{- if .Values.regex }}
341 - configMap:
342 defaultMode: 420
343 name: {{ template "pihole.fullname" . }}-regex
344 name: regex
345 {{- end }}
346 {{- range $key, $value := .Values.extraVolumes }}
347 - name: {{ $key }}
348{{- toYaml $value | nindent 8 }}
349 {{- end }}