added pihole chart in version v2.24.0 from mojo2600

https://github.com/MoJo2600/pihole-kubernetes

Author: heinzepreller

README.md

@@ -2,5 +2,6 @@
 my own, forked and extended helm charts
 
 - stirling pdf
+- pihole (forked from mojo2600 in v2.24.0)
 
 https://lachnerd.github.io/helm-charts/

charts/pihole/.helmignore

@@ -0,0 +1,27 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+
+# Manually added entries
+ci/
+examples/
+Makefile
+README.md.gotmpl

charts/pihole/CHANGELOG.md

@@ -0,0 +1,16 @@
+apiVersion: v1
+description: Installs pihole in kubernetes
+home: https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole
+name: pihole
+appVersion: "2024.06.0"
+# Do not touch will be updated during release
+version: 2.24.0
+sources:
+  - https://github.com/MoJo2600/pihole-kubernetes/tree/main/charts/pihole
+  - https://pi-hole.net/
+  - https://github.com/pi-hole
+  - https://github.com/pi-hole/docker-pi-hole
+icon: https://i2.wp.com/pi-hole.net/wp-content/uploads/2016/12/Vortex-R.png
+maintainers:
+  - name: MoJo2600
+    email: [email protected]

charts/pihole/Chart.yaml

@@ -0,0 +1,10 @@
+SHELL := /bin/bash
+.DEFAULT_GOAL := help
+
+.PHONY: help
+help:  ## help target to show available commands with information
+	@grep -E '^[a-zA-Z_-]+:.*?## .*$$' $(MAKEFILE_LIST) |  awk 'BEGIN {FS = ":.*?## "}; {printf "\033[36m%-30s\033[0m %s\n", $$1, $$2}'
+
+.PHONY: generate-documentation
+generate-documentation: ## Generate README.md from template
+	helm-docs

charts/pihole/Makefile

@@ -0,0 +1,6 @@
+monitoring:
+  enabled: true
+  labels:
+    testExtraLabel: fofa
+  podMonitor:
+    enabled: false

charts/pihole/README.md

@@ -0,0 +1,87 @@
+# Values
+
+## admin
+
+### admin.annotations
+
+By allowing annotations to be added to the password secret, we can use tools like [Reflector](https://github.com/emberstack/kubernetes-reflector) to synchronize secrets across namespaces. 
+
+This is interesting e.g. with the [ExternalDNS](https://github.com/kubernetes-sigs/external-dns) 0.14+'s Pi-Hole integration that can automatically expose Ingress host names to the Local DNS configuration:
+
+```yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: external-dns
+spec:
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      app: external-dns
+  template:
+    metadata:
+      labels:
+        app: external-dns
+    spec:
+      serviceAccountName: external-dns
+      containers:
+      - name: external-dns
+        image: registry.k8s.io/external-dns/external-dns:v0.14.0
+        # If authentication is disabled and/or you didn't create
+        # a secret, you can remove this block.
+        envFrom:
+          - secretRef:
+              # Change this if you gave the secret a different name
+              name: pihole-password
+        args:
+          - --source=service
+          - --source=ingress
+          # Pihole only supports A/CNAME records so there is no mechanism to track ownership.
+          # You don't need to set this flag, but if you leave it unset, you will receive warning
+          # logs when ExternalDNS attempts to create TXT records.
+          - --registry=noop
+          # IMPORTANT: If you have records that you manage manually in Pi-hole, set
+          # the policy to upsert-only so they do not get deleted.
+          - --policy=upsert-only
+          - --provider=pihole
+          # Change this to the actual address of your Pi-hole web server
+          - --pihole-server=http://pihole-web.pihole.svc.cluster.local
+        resources:
+          limits:
+            cpu: 1
+            memory: 1Gi
+          requests:
+            cpu: 100m
+            memory: 256M
+      securityContext:
+        fsGroup: 65534 # For ExternalDNS to be able to read Kubernetes token files
+```
+
+Since the Secret reference can only refer to a secret in the same namespace as ExternalDNS, using Reflector is a viable option to synchronize the two secrets. This can now be done via
+
+```yaml
+admin:
+  enabled: true
+  existingSecret: ""
+  passwordKey: "password"
+  annotations:
+    reflector.v1.k8s.emberstack.com/reflection-allowed: "true"
+    reflector.v1.k8s.emberstack.com/reflection-allowed-namespaces: "external-dns"
+```
+
+For Reflector to work we also need to create the mirror (target) secret in ExternalDNS' namespace like this:
+
+```yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  # Change this to match the secretRef used in the ExternalDNS deployment:
+  name: pihole-password
+  # Change this to ExternalDNS' namespace:
+  namespace: external-dns
+  annotations:
+    # Change this to address the pihole password secret: 'namespace/secret-name':
+    reflector.v1.k8s.emberstack.com/reflects: "pihole/pihole-password"
+data: {}  # Will be overwritten by Reflector
+```

charts/pihole/README.md.gotmpl

@@ -0,0 +1,50 @@
+# This is the values.yaml I used on my k3s raspberrypi cluster
+
+# if you have a problem with serviceWeb Pods not building you might need to checkout this issue:
+# https://github.com/MoJo2600/pihole-kubernetes/issues/230
+
+ingress:
+  enabled: true
+
+persistentVolumeClaim:
+  enabled: true
+
+serviceWeb:
+  loadBalancerIP: 192.168.178.201
+  annotations:
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+  type: LoadBalancer
+
+serviceDns:
+  loadBalancerIP: 192.168.178.201
+  annotations:
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+  type: LoadBalancer
+
+serviceDhcp:
+  loadBalancerIP: 192.168.178.201
+  annotations:
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+  type: LoadBalancer
+
+podDnsConfig:
+  enabled: true
+  policy: "None"
+  nameservers:
+  - 127.0.0.1
+  - 8.8.8.8
+
+#! use an existing secret in a prod env
+adminPassword: "0n4BQ2l7Dbu3ViYgd4wu"
+
+resources:
+  limits:
+    cpu: 200m
+    memory: 256Mi
+  requests:
+    cpu: 100m
+    memory: 128Mi
+
+extraEnvVars: {
+  DNSMASQ_USER: "root"
+}

charts/pihole/ci/monitoring-values.yaml

@@ -0,0 +1,19 @@
+dnsmasq:
+  customDnsEntries:
+    - address=/nas/192.168.178.10
+
+persistentVolumeClaim:
+  enabled: true
+
+serviceTCP:
+  loadBalancerIP: 192.168.178.253
+  annotations:
+    metallb.universe.tf/address-pool: network-services
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+
+serviceUDP:
+  loadBalancerIP: 192.168.178.253
+  annotations:
+    metallb.universe.tf/address-pool: network-services
+    metallb.universe.tf/allow-shared-ip: pihole-svc
+

charts/pihole/docs/Values.md

@@ -0,0 +1 @@
+test test asdfas

charts/pihole/examples/k3s-values.yaml

@@ -0,0 +1,39 @@
+{{/* vim: set filetype=mustache: */}}
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pihole.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pihole.fullname" -}}
+{{- if .Values.fullnameOverride -}}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- $name := default .Chart.Name .Values.nameOverride -}}
+{{- if contains $name .Release.Name -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- else -}}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pihole.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}
+
+{{/*
+Default password secret name.
+*/}}
+{{- define "pihole.password-secret" -}}
+{{- printf "%s-%s" (include "pihole.fullname" .) "password" | replace "+" "_" | trunc 63 | trimSuffix "-" -}}
+{{- end -}}

charts/pihole/examples/metallb-values.yaml

@@ -0,0 +1,16 @@
+{{ if .Values.adlists }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-adlists
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  adlists.list: |
+  {{- range .Values.adlists }}
+    {{ . }}
+  {{- end }}
+{{ end }}

charts/pihole/templates/NOTES.txt

@@ -0,0 +1,16 @@
+{{ if .Values.blacklist }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-blacklist
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  blacklist.txt: |
+  {{- range .Values.blacklist }}
+    {{ . }}
+  {{- end }}
+{{ end }}

charts/pihole/templates/_helpers.tpl

@@ -0,0 +1,16 @@
+{{ if .Values.regex }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-regex
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  regex.list: |
+  {{- range .Values.regex }}
+    {{ . }}
+  {{- end }}
+{{ end }}

charts/pihole/templates/configmap-adlists.yaml

@@ -0,0 +1,16 @@
+{{ if .Values.dnsmasq.staticDhcpEntries }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-static-dhcp
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  pihole-static-dhcp.conf: |
+  {{- range .Values.dnsmasq.staticDhcpEntries }}
+    {{ . }}
+  {{- end }}
+{{ end }}

charts/pihole/templates/configmap-blacklist.yaml

@@ -0,0 +1,16 @@
+{{ if .Values.whitelist }}
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-whitelist
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  whitelist.txt: |
+  {{- range .Values.whitelist }}
+    {{ . }}
+  {{- end }}
+{{ end }}

charts/pihole/templates/configmap-regex.yaml

@@ -0,0 +1,32 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ template "pihole.fullname" . }}-custom-dnsmasq
+  labels:
+    app: {{ template "pihole.name" . }}
+    chart: {{ template "pihole.chart" . }}
+    release: {{ .Release.Name }}
+    heritage: {{ .Release.Service }}
+data:
+  02-custom.conf: |
+    addn-hosts=/etc/addn-hosts
+  {{- range .Values.dnsmasq.upstreamServers }}
+    {{ . }}
+  {{- end }}
+  {{- range .Values.dnsmasq.customDnsEntries }}
+    {{ . }}
+  {{- end }}
+  {{- if .Values.serviceDns.loadBalancerIP }}
+    dhcp-option=6,{{ .Values.serviceDns.loadBalancerIP }}
+  {{- end }}
+  {{- range .Values.dnsmasq.customSettings }}
+    {{ . }}
+  {{- end }}
+  addn-hosts: |
+  {{- range .Values.dnsmasq.additionalHostsEntries }}
+    {{ . }}
+  {{- end }}
+  05-pihole-custom-cname.conf: |
+  {{- range .Values.dnsmasq.customCnameEntries }}
+    {{ . }}
+  {{- end }}