apiVersion: apps/v1
kind: Deployment
metadata:
  name: pihole
  namespace: pihole
  labels:
    app: pihole
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pihole
  template:
    metadata:
      labels:
        app: pihole
    spec:
      containers:
        - name: pihole
          image: pihole/pihole:latest
          env:
            - name: TZ
              value: "Europe/Berlin"
            - name: WEBPASSWORD
              valueFrom:
                secretKeyRef:
                  name: pihole-secret
                  key: password
            - name: PIHOLE_DNS_
              value: "1.1.1.1;1.0.0.1"
            - name: DNSMASQ_LISTENING
              value: "all"
          ports:
            - containerPort: 80
              name: web
              protocol: TCP
            - containerPort: 53
              name: dns-tcp
              protocol: TCP
            - containerPort: 53
              name: dns-udp
              protocol: UDP
          volumeMounts:
            - name: pihole-data
              mountPath: /etc/pihole
            - name: dnsmasq-data
              mountPath: /etc/dnsmasq.d
          securityContext:
            capabilities:
              add:
                - NET_ADMIN
      volumes:
        - name: pihole-data
          persistentVolumeClaim:
            claimName: pihole-data
        - name: dnsmasq-data
          persistentVolumeClaim:
            claimName: pihole-dnsmasq