Gitiles
Code Review Sign In
code.v1.dodo.cloud / pcloud / 0ba5e4081640155aa4a356fa279c6d6bb9e55d90 / . / charts / pihole / values.yaml
blob: 6a6d32e74a5a2804f5058f3a17687cfc87f8d29d [file] [log] [blame]
Giorgi Lekveishvili0ba5e402024-03-20 15:56:30 +0400[diff] [blame^]1# Default values for pihole.
2# This is a YAML-formatted file.
3# Declare variables to be passed into your templates.
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]4
Giorgi Lekveishvili0ba5e402024-03-20 15:56:30 +0400[diff] [blame^]5# -- The number of replicas
6replicaCount: 1
giolekva01b3d3b2021-11-09 17:48:28 +0400[diff] [blame]7
Giorgi Lekveishvili0ba5e402024-03-20 15:56:30 +0400[diff] [blame^]8# -- The `spec.strategyTpye` for updates
9strategyType: RollingUpdate
10
11# -- The maximum number of Pods that can be created over the desired number of `ReplicaSet` during updating.
12maxSurge: 1
13
14# -- The maximum number of Pods that can be unavailable during updating
15maxUnavailable: 1
16
17image:
18 # -- the repostory to pull the image from
19 repository: "pihole/pihole"
20 # -- the docker tag, if left empty it will get it from the chart's appVersion
21 tag: ""
22 # -- the pull policy
23 pullPolicy: IfNotPresent
24
25dualStack:
26 # -- set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"`
27 enabled: false
28
29dnsHostPort:
30 # -- set this to true to enable dnsHostPort
31 enabled: false
32 # -- default port for this pod
33 port: 53
34
35# -- Configuration for the DNS service on port 53
36serviceDns:
37 # -- deploys a mixed (TCP + UDP) Service instead of separate ones
38 mixedService: false
39
40 # -- `spec.type` for the DNS Service
41 type: NodePort
42
43 # -- The port of the DNS service
44 port: 53
45
46 # -- Optional node port for the DNS service
47 nodePort: ""
48
49 # -- `spec.externalTrafficPolicy` for the DHCP Service
50 externalTrafficPolicy: Local
51
52 # -- A fixed `spec.loadBalancerIP` for the DNS Service
53 loadBalancerIP: ""
54 # -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service
55 loadBalancerIPv6: ""
56
57 # -- Annotations for the DNS service
58 annotations:
59 {}
60 # metallb.universe.tf/address-pool: network-services
61 # metallb.universe.tf/allow-shared-ip: pihole-svc
62
63# -- Configuration for the DHCP service on port 67
64serviceDhcp:
65 # -- Generate a Service resource for DHCP traffic
66 enabled: true
67
68 # -- `spec.type` for the DHCP Service
69 type: NodePort
70
71 # -- The port of the DHCP service
72 port: 67
73
74 # -- Optional node port for the DHCP service
75 nodePort: ""
76
77 # -- `spec.externalTrafficPolicy` for the DHCP Service
78 externalTrafficPolicy: Local
79
80 # -- A fixed `spec.loadBalancerIP` for the DHCP Service
81 loadBalancerIP: ""
82 # -- A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service
83 loadBalancerIPv6: ""
84
85 # -- Annotations for the DHCP service
86 annotations:
87 {}
88 # metallb.universe.tf/address-pool: network-services
89 # metallb.universe.tf/allow-shared-ip: pihole-svc
90
91# -- Configuration for the web interface service
92serviceWeb:
93 # -- Configuration for the HTTP web interface listener
94 http:
95 # -- Generate a service for HTTP traffic
96 enabled: true
97
98 # -- The port of the web HTTP service
99 port: 80
100
101 # -- Optional node port for the web HTTP service
102 nodePort: ""
103
104 # -- Configuration for the HTTPS web interface listener
105 https:
106 # -- Generate a service for HTTPS traffic
107 enabled: true
108
109 # -- The port of the web HTTPS service
110 port: 443
111
112 # -- Optional node port for the web HTTPS service
113 nodePort: ""
114
115 # -- `spec.type` for the web interface Service
116 type: ClusterIP
117
118 # -- `spec.externalTrafficPolicy` for the web interface Service
119 externalTrafficPolicy: Local
120
121 # -- A fixed `spec.loadBalancerIP` for the web interface Service
122 loadBalancerIP: ""
123 # -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service
124 loadBalancerIPv6: ""
125
126 # -- Annotations for the DHCP service
127 annotations:
128 {}
129 # metallb.universe.tf/address-pool: network-services
130 # metallb.universe.tf/allow-shared-ip: pihole-svc
131
132virtualHost: pi.hole
133
134# -- Configuration for the Ingress
135ingress:
136 # -- Generate a Ingress resource
137 enabled: false
138
139 # -- Specify an ingressClassName
140 # ingressClassName: nginx
141
142 # -- Annotations for the ingress
143 annotations:
144 {}
145 # kubernetes.io/ingress.class: nginx
146 # kubernetes.io/tls-acme: "true"
147 path: /
148 hosts:
149 # virtualHost (default value is pi.hole) will be appended to the hosts
150 - chart-example.local
151 tls: []
152 # - secretName: chart-example-tls
153 # hosts:
154 # #- virtualHost (default value is pi.hole) will be appended to the hosts
155 # - chart-example.local
156
157# -- Probes configuration
158probes:
159 # -- probes.liveness -- Configure the healthcheck for the ingress controller
160 liveness:
161 # -- Generate a liveness probe
162 # 'type' defaults to httpGet, can be set to 'command' to use a command type liveness probe.
163 type: httpGet
164 # command:
165 # - /bin/bash
166 # - -c
167 # - /bin/true
168 enabled: true
169 initialDelaySeconds: 60
170 failureThreshold: 10
171 timeoutSeconds: 5
172 port: http
173 scheme: HTTP
174 readiness:
175 # -- Generate a readiness probe
176 enabled: true
177 initialDelaySeconds: 60
178 failureThreshold: 3
179 timeoutSeconds: 5
180 port: http
181 scheme: HTTP
182
183# -- We usually recommend not to specify default resources and to leave this as a conscious
184# -- choice for the user. This also increases chances charts run on environments with little
185# -- resources, such as Minikube. If you do want to specify resources, uncomment the following
186# -- lines, adjust them as necessary, and remove the curly braces after 'resources:'.
187resources:
188 {}
189 # limits:
190 # cpu: 100m
191 # memory: 128Mi
192 # requests:
193 # cpu: 100m
194 # memory: 128Mi
195
196# -- `spec.PersitentVolumeClaim` configuration
197persistentVolumeClaim:
198 # -- set to true to use pvc
199 enabled: false
200
201 # -- specify an existing `PersistentVolumeClaim` to use
202 # existingClaim: ""
203
204 # -- Annotations for the `PersitentVolumeClaim`
205 annotations: {}
206
207 accessModes:
208 - ReadWriteOnce
209
210 size: "500Mi"
211
212 ## If defined, storageClassName: <storageClass>
213 ## If set to "-", storageClassName: "", which disables dynamic provisioning
214 ## If undefined (the default) or set to null, no storageClassName spec is
215 ## set, choosing the default provisioner. (gp2 on AWS, standard on
216 ## GKE, AWS & OpenStack)
217 ##
218 # storageClass: "-"
219
220 ## If subPath is set mount a sub folder of a volume instead of the root of the volume.
221 ## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
222
223 ## subPath: "pihole"
224
225nodeSelector: {}
226
227tolerations: []
228
229# -- Specify a priorityClassName
230# priorityClassName: ""
231
232# Reference: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
233topologySpreadConstraints: []
234# - maxSkew: <integer>
235# topologyKey: <string>
236# whenUnsatisfiable: <string>
237# labelSelector: <object>
238
239affinity: {}
240
241# -- Administrator password when not using an existing secret (see below)
242adminPassword: "admin"
243
244# -- Use an existing secret for the admin password.
245admin:
246 # -- If set to false admin password will be disabled, adminPassword specified above and the pre-existing secret (if specified) will be ignored.
247 enabled: true
248 # -- Specify an existing secret to use as admin password
249 existingSecret: ""
250 # -- Specify the key inside the secret to use
251 passwordKey: "password"
252
253# -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use
254extraEnvVars:
255 {}
256 # TZ: UTC
257
258# -- extraEnvVarsSecret is a list of secrets to load in as environment variables.
259extraEnvVarsSecret:
260 {}
261 # env_var:
262 # name: secret-name
263 # key: secret-key
264
265# -- default upstream DNS 1 server to use
266DNS1: "8.8.8.8"
267# -- default upstream DNS 2 server to use
268DNS2: "8.8.4.4"
269
270antiaff:
271 # -- set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster)
272 enabled: false
273 # -- Here you can set the pihole release (you set in `helm install <releasename> ...`)
274 # you want to avoid
275 avoidRelease: pihole1
276 # -- Here you can choose between preferred or required
277 strict: true
278 # -- Here you can pass namespaces to be part of those inclueded in anti-affinity
279 namespaces: []
280
281doh:
282 # -- set to true to enabled DNS over HTTPs via cloudflared
283 enabled: false
284 name: "cloudflared"
285 repository: "crazymax/cloudflared"
286 tag: latest
287 pullPolicy: IfNotPresent
288 # -- Here you can pass environment variables to the DoH container, for example:
289 envVars:
290 {}
291 # TUNNEL_DNS_UPSTREAM: "https://1.1.1.2/dns-query,https://1.0.0.2/dns-query"
292
293 # -- Probes configuration
294 probes:
295 # -- Configure the healthcheck for the doh container
296 liveness:
297 # -- set to true to enable liveness probe
298 enabled: true
299 # -- customize the liveness probe
300 probe:
301 exec:
302 command:
303 - nslookup
304 - -po=5053
305 - cloudflare.com
306 - "127.0.0.1"
307 # -- defines the initial delay for the liveness probe
308 initialDelaySeconds: 60
309 # -- defines the failure threshold for the liveness probe
310 failureThreshold: 10
311 # -- defines the timeout in secondes for the liveness probe
312 timeoutSeconds: 5
313
314dnsmasq:
315 # -- Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration
316 upstreamServers: []
317 # - server=/foo.bar/192.168.178.10
318 # - server=/bar.foo/192.168.178.11
319
320 # -- Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration.
321 customDnsEntries: []
322 # - address=/foo.bar/192.168.178.10
323 # - address=/bar.foo/192.168.178.11
324
325 # -- Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like
326 additionalHostsEntries: []
327 # - 192.168.0.3 host4
328 # - 192.168.0.4 host5
329
330 # -- Static DHCP config
331 staticDhcpEntries: []
332 # staticDhcpEntries:
333 # - dhcp-host=MAC_ADDRESS,IP_ADDRESS,HOSTNAME
334
335 # -- Other options
336 customSettings:
337 # otherSettings:
338 # - rebind-domain-ok=/plex.direct/
339
340 # -- Here we specify custom cname entries that should point to `A` records or
341 # elements in customDnsEntries array.
342 # The format should be:
343 # - cname=cname.foo.bar,foo.bar
344 # - cname=cname.bar.foo,bar.foo
345 # - cname=cname record,dns record
346 customCnameEntries: []
347 # Here we specify custom cname entries that should point to `A` records or
348 # elements in customDnsEntries array.
349 # The format should be:
350 # - cname=cname.foo.bar,foo.bar
351 # - cname=cname.bar.foo,bar.foo
352 # - cname=cname record,dns record
353
354# -- list of adlists to import during initial start of the container
355adlists:
356 {}
357 # If you want to provide blocklists, add them here.
358 # - https://hosts-file.net/grm.txt
359 # - https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
360
361# -- list of whitelisted domains to import during initial start of the container
362whitelist:
363 {}
364 # If you want to provide whitelisted domains, add them here.
365 # - clients4.google.com
366
367# -- list of blacklisted domains to import during initial start of the container
368blacklist:
369 {}
370 # If you want to have special domains blacklisted, add them here
371 # - *.blackist.com
372
373# -- list of blacklisted regex expressions to import during initial start of the container
374regex:
375 {}
376 # Add regular expression blacklist items
377 # - (^|\.)facebook\.com$
378
379# -- values that should be added to pihole-FTL.conf
380ftl:
381 {}
382 # Add values for pihole-FTL.conf
383 # MAXDBDAYS: 14
384
385# -- port the container should use to expose HTTP traffic
386webHttp: "80"
387
388# -- port the container should use to expose HTTPS traffic
389webHttps: "443"
390
391# -- hostname of pod
392hostname: ""
393
394# -- should the container use host network
395hostNetwork: "false"
396
397# -- should container run in privileged mode
398privileged: "false"
399
400# linux capabilities container should run with
401capabilities:
402 {}
403 # add:
404 # - NET_ADMIN
405
406customVolumes:
407 # -- set this to true to enable custom volumes
408 enabled: false
409 # -- any volume type can be used here
410 config:
411 {}
412 # hostPath:
413 # path: "/mnt/data"
414
415# -- any extra volumes you might want
416extraVolumes:
417 {}
418 # external-conf:
419 # configMap:
420 # name: pi-hole-lighttpd-external-conf
421
422# -- any extra volume mounts you might want
423extraVolumeMounts:
424 {}
425 # external-conf:
426 # mountPath: /etc/lighttpd/external.conf
427 # subPath: external.conf
428
429extraContainers:
430 []
431 # - name: pihole-logwatcher
432 # image: your-registry/pihole-logwatcher
433 # imagePullPolicy: Always
434 # resources:
435 # requests:
436 # cpu: 100m
437 # memory: 5Mi
438 # limits:
439 # cpu: 100m
440 # memory: 5Mi
441 # volumeMounts:
442 # - name: pihole-logs
443 # mountPath: /var/log/pihole
444
445# -- any extra kubernetes manifests you might want
446extraObjects:
447 []
448 # - apiVersion: v1
449 # kind: ConfigMap
450 # metadata:
451 # name: pi-hole-lighttpd-external-conf
452 # data:
453 # external.conf: |
454 # $HTTP["host"] =~ "example.foo" {
455 # # If we're using a non-standard host for pihole, ensure the Pi-hole
456 # # Block Page knows that this is not a blocked domain
457 # setenv.add-environment = ("fqdn" => "true")
458 #
459 # # Enable the SSL engine with a cert, only for this specific host
460 # $SERVER["socket"] == ":443" {
461 # ssl.engine = "enable"
462 # ssl.pemfile = "/etc/ssl/lighttpd-private/tls.crt"
463 # ssl.privkey = "/etc/ssl/lighttpd-private/tls.key"
464 # ssl.ca-file = "/etc/ssl/lighttpd-private/ca.crt"
465 # ssl.honor-cipher-order = "enable"
466 # ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
467 # ssl.use-sslv2 = "disable"
468 # ssl.use-sslv3 = "disable"
469 # }
470 # }
471 #
472 # # Redirect HTTP to HTTPS
473 # $HTTP["scheme"] == "http" {
474 # $HTTP["host"] =~ ".*" {
475 # url.redirect = (".*" => "https://%0$0")
476 # }
477 # }
478
479# -- Additional annotations for pods
480podAnnotations:
481 {}
482 # Example below allows Prometheus to scape on metric port (requires pihole-exporter sidecar enabled)
483 # prometheus.io/port: '9617'
484 # prometheus.io/scrape: 'true'
485
486# -- any initContainers you might want to run before starting pihole
487extraInitContainers:
488 []
489 # - name: copy-config
490 # image: busybox
491 # args:
492 # - sh
493 # - -c
494 # - |
495 # cp /etc/lighttpd-cm/external.conf /etc/lighttpd/
496 # ls -l /etc/lighttpd/
497 # volumeMounts:
498 # - name: external-conf-cm
499 # mountPath: /etc/lighttpd-cm/
500 # - name: external-conf
501 # mountPath: /etc/lighttpd/
502
503monitoring:
504 # -- Preferably adding prometheus scrape annotations rather than enabling podMonitor.
505 podMonitor:
506 # -- set this to true to enable podMonitor
507 enabled: false
508 # -- Sidecar configuration
509 sidecar:
510 # -- set this to true to enable podMonitor as sidecar
511 enabled: false
512 port: 9617
513 image:
514 repository: ekofr/pihole-exporter
515 tag: v0.3.0
516 pullPolicy: IfNotPresent
517 resources:
518 limits:
519 memory: 128Mi
520 # requests:
521 # cpu: 100m
522 # memory: 128Mi
523
524podDnsConfig:
525 enabled: true
526 policy: "None"
527 nameservers:
528 - 127.0.0.1
529 - 8.8.8.8
530
531# -- configure a Pod Disruption Budget
532podDisruptionBudget:
533 # -- set to true to enable creating the PDB
534 enabled: false
535 # -- minimum number of pods Kubernetes should try to have running at all times
536 minAvailable: 1
537 # -- maximum number of pods Kubernetes will allow to be unavailable. Cannot set both `minAvailable` and `maxAvailable`
538 # maxUnavailable: 1