mtkadmin
7bbc8b5175
- nodeSelector: rnk-wrk01 prevents RWO Multi-Attach on rollout - dnsPolicy: None + external nameservers prevents DNS loop in pod Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
66 lines
1.6 KiB
YAML
66 lines
1.6 KiB
YAML
apiVersion: apps/v1
|
|
kind: Deployment
|
|
metadata:
|
|
name: pihole
|
|
namespace: pihole
|
|
labels:
|
|
app: pihole
|
|
spec:
|
|
replicas: 1
|
|
selector:
|
|
matchLabels:
|
|
app: pihole
|
|
template:
|
|
metadata:
|
|
labels:
|
|
app: pihole
|
|
spec:
|
|
nodeSelector:
|
|
kubernetes.io/hostname: rnk-wrk01
|
|
dnsPolicy: None
|
|
dnsConfig:
|
|
nameservers:
|
|
- 1.1.1.1
|
|
- 8.8.8.8
|
|
containers:
|
|
- name: pihole
|
|
image: pihole/pihole:latest
|
|
env:
|
|
- name: TZ
|
|
value: "Europe/Berlin"
|
|
- name: WEBPASSWORD
|
|
valueFrom:
|
|
secretKeyRef:
|
|
name: pihole-secret
|
|
key: password
|
|
- name: PIHOLE_DNS_
|
|
value: "1.1.1.1;1.0.0.1"
|
|
- name: DNSMASQ_LISTENING
|
|
value: "all"
|
|
ports:
|
|
- containerPort: 80
|
|
name: web
|
|
protocol: TCP
|
|
- containerPort: 53
|
|
name: dns-tcp
|
|
protocol: TCP
|
|
- containerPort: 53
|
|
name: dns-udp
|
|
protocol: UDP
|
|
volumeMounts:
|
|
- name: pihole-data
|
|
mountPath: /etc/pihole
|
|
- name: dnsmasq-data
|
|
mountPath: /etc/dnsmasq.d
|
|
securityContext:
|
|
capabilities:
|
|
add:
|
|
- NET_ADMIN
|
|
volumes:
|
|
- name: pihole-data
|
|
persistentVolumeClaim:
|
|
claimName: pihole-data
|
|
- name: dnsmasq-data
|
|
persistentVolumeClaim:
|
|
claimName: pihole-dnsmasq
|