Setup: K3s v1.24.8+k3s1 on Ubuntu 20.04 (AMD64). Disabled servicelb and traefik. Installed metalLB and traefik after the initial installation. Using local-path storage class. It is not a cluster solution. I.e., you cannot scale this setup - replicas: above 1 will not work. A ReadWriteOnce volume can only be mounted to a single pod (unless the pods are running on the same node).
Pihole environment variables: TZ (time zone), PIHOLE_DNS (Upstream DNS server(s)) and FTLCONF_REPLY_ADDR4 (server's LAN IP - recommended by Pihole). https://github.com/pi-hole/docker-pi-hole#readme. Pihole admin password is stored as a secret.
Parts I am not really happy about: Needed two different persistent volumes. Did not figure out how to just use one single bucket. Adding certificates to Pihole. Only port 80 for now.
Download files from Github: https://github.com/lars-c/k3s-Pihole
This is NOT written by an Pihole/Kubernetes expert. I just needed to move a Pihole setup from Docker to K3s. I may have (unknowingly) done something stupid.
metalLB is configured with a IP pool of 192.168.1.150-192.168.1.159. Pool is called 'first-pool'.
Default docker-compose.yaml file (edited) (https://github.com/pi-hole/docker-pi-hole#readme)
As I use the same docker image, I will need to handle the following values:
Image: pihole/pihole:latest: Good for anything but Windows.
Ports: Pihole container/pod need to accept traffic on port 53 TCP/UDP and port 80 (web interface)
Environment variables: Time zone and password.
Volumes: Need to persist two volumes from the docker image: /etc/pihole and /etc/dnsmasq.d
Restart: K3s default restart policy is "always".
I only have one address-pool defined, so the annotation is not necessary. 'first-pool' will be the default value. The chosen load balancer IP (192.168.1.158) is somewhere inside the defined 'first-pool' of IP addresses. It could be any of the 10 IP's. The ports are described in the Pihole documentation.
Only use TZ, PIHOLE_DNS and FTLCONF_REPLY_ADDR4 as mentioned above.
Picking the load balancer IP for server IP.
Upstream DNS server: Cloudflare and quad9 (use whoever you fell most comfortable with)
Perhaps not really necessary as Pihole handle setting a random password just fine.
Password must be base64 encoded. From a Ubuntu/WSL terminal:
Two (Pihole) directories I need to persist: "/etc/pihole" and "/etc/dnsmasq.d". The simplest solution was to create two PersistentVolumeClaim and leave it at that.
Two separate volume claims: "pihole-pv-claim" and "dnsmasq-pv-claim" (Storage: 500Mi. Not sure this does anything when using local-path storage class)
Image: latest from the official Pi-hole Docker image from pi-hole.net. Linux only. 386/amd64. armv6-7 and arm64.
All environment variables are documented on https://github.com/pi-hole/docker-pi-hole#readme
WEBPASSWORD. Using webui-password secret and key: password.
TZ. Using configMap (pihole) and key: TZ
FTLCONF_REPLY_ADDR4. Using configMap (pihole) and key: FTLCONF_REPLY_ADDR4
PIHOLE_DNS. Using configMap (pihole) and key: PIHOLE_DNS
Ports: Pihole container use port 53 TCP/UDP and 80 (443).
volumeMounts: Added two volumeMounts for path "/etc/pihole" and "pihole-dnsmasq-storage" and finially created vloumes for both.
Test access to Pihole webUI (http://<LoadBalancerIP>/admin). If webUI do not respond, test Pihole service.
If external IP and port are OK, try looking at the deployment. First get the Pihole deployment:
Notice 1) environment variables and 2) the status at the end (Available: True).
Next have a look at the Pihole log. Get the pod name
Log will clearly show Pihole have been successfully installed.