PiHole++;Upgraded ArgoCD & Argus

2024-04-04 09:29:35 +11:00 · 2024-04-04 09:29:35 +11:00 · 9fb018adbe
commit 9fb018adbe
parent bbd8eed2f5
15 changed files with 193 additions and 9 deletions
--- a/services/Argus/deployment-argus.yml
+++ b/services/Argus/deployment-argus.yml
@ -18,7 +18,7 @@ spec:
      serviceAccountName: argus
      containers:
      - name: argus
-        image: releaseargus/argus:0.15.2
+        image: releaseargus/argus:0.16.0
        args:
        - -config.file=/app/config/config.yml
        ports:
--- a/services/Gitea/deployment-act-runner-dind-rootless.yaml
+++ b/services/Gitea/deployment-act-runner-dind-rootless.yaml
@ -10,7 +10,8 @@ spec:
  selector:
    matchLabels:
      app: act-runner-dind-rootless
-  strategy: {}
+  strategy:
+    type: Recreate
  template:
    metadata:
      creationTimestamp: null
@ -49,7 +50,7 @@ spec:
        - name: GITEA_INSTANCE_URL
          value: http://gitea.gitea.svc.cluster.local:3000
        - name: GITEA_RUNNER_LABELS
-          value: dind-rootless:docker://node:16-bullseye
+          value: dind-rootless:docker://node:21-bullseye
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
--- a/services/Gitea/deployment-act-runner-dind.yaml
+++ b/services/Gitea/deployment-act-runner-dind.yaml
@ -10,7 +10,8 @@ spec:
  selector:
    matchLabels:
      app: act-runner-dind
-  strategy: {}
+  strategy:
+    type: Recreate
  template:
    metadata:
      creationTimestamp: null
@ -47,7 +48,7 @@ spec:
        - name: GITEA_INSTANCE_URL
          value: http://gitea.gitea.svc.cluster.local:3000
        - name: GITEA_RUNNER_LABELS
-          value: dind:docker://node:16-bullseye
+          value: dind:docker://node:21-bullseye
        - name: GITEA_RUNNER_REGISTRATION_TOKEN
          valueFrom:
            secretKeyRef:
--- a/services/PiHole/_namespace-pihole.yaml
+++ b/services/PiHole/_namespace-pihole.yaml
@ -0,0 +1,4 @@
+apiVersion: v1
+kind: Namespace
+metadata:
+  name: pihole
--- a/services/PiHole/deployment-pihole.yaml
+++ b/services/PiHole/deployment-pihole.yaml
@ -0,0 +1,41 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: pihole
+  namespace: pihole
+  labels:
+    app: pihole
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: pihole
+  template:
+    metadata:
+      labels:
+        app: pihole
+    spec:
+      containers:
+      - name: pihole
+        image: pihole/pihole
+        ports:
+          - name: web
+            containerPort: 80
+          - name: dns-tcp
+            containerPort: 53
+            protocol: TCP
+          - name: dns-udp
+            containerPort: 53
+            protocol: UDP
+        volumeMounts:
+        - mountPath: /etc/pihole
+          name: flexvolsmb-pihole-config
+        - mountPath: /etc/dnsmasq.d
+          name: flexvolsmb-pihole-data
+      volumes:
+      - name: flexvolsmb-pihole-config
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pihole-config
+      - name: flexvolsmb-pihole-data
+        persistentVolumeClaim:
+          claimName: flexvolsmb-pihole-data
--- a/services/PiHole/ingressroute-pihole.yaml
+++ b/services/PiHole/ingressroute-pihole.yaml
@ -0,0 +1,17 @@
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: pihole
+  namespace: pihole
+spec:
+  entryPoints:
+    - websecure
+  routes:
+  - match: Host(`d.itch.fyi`)
+    kind: Rule
+    services:
+    - name: pihole
+      port: 80
+    middlewares:
+      - name: security-headers@file
+      - name: compression@file
--- a/services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml
+++ b/services/PiHole/persistentvolume-flexvolsmb-pihole-config.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pihole-config
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pihole-config
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8,nobrl
+      server: 192.168.154.225
+      share: /K3s.Volumes/pihole/config
--- a/services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml
+++ b/services/PiHole/persistentvolume-flexvolsmb-pihole-data.yaml
@ -0,0 +1,18 @@
+apiVersion: v1
+kind: PersistentVolume
+metadata:
+  name: flexvolsmb-pihole-data
+spec:
+  capacity:
+    storage: 1Gi
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pihole-data
+  flexVolume:
+    driver: mount/smb
+    secretRef:
+      name: flexvolsmb-credentials
+    options:
+      opts: file_mode=0777,dir_mode=0777,iocharset=utf8
+      server: 192.168.154.225
+      share: /K3s.Volumes/pihole/data
--- a/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml
+++ b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-config.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pihole-config
+  namespace: pihole
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pihole-config
+  resources:
+    requests:
+      storage: 1Gi
--- a/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml
+++ b/services/PiHole/persistentvolumeclaim-flexvolsmb-pihole-data.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: flexvolsmb-pihole-data
+  namespace: pihole
+spec:
+  accessModes:
+    - ReadWriteMany
+  storageClassName: flexvolsmb-pihole-data
+  resources:
+    requests:
+      storage: 1Gi
--- a/services/PiHole/sealedsecret-flexvolsmb-credentials.yaml
+++ b/services/PiHole/sealedsecret-flexvolsmb-credentials.yaml
@ -0,0 +1,17 @@
+apiVersion: bitnami.com/v1alpha1
+kind: SealedSecret
+metadata:
+  creationTimestamp: null
+  name: flexvolsmb-credentials
+  namespace: pihole
+spec:
+  encryptedData:
+    password: AgCoyz6o9upiAQ5xyiwZuUTTk/bbYD8DxNN1JtiV2lNsh7UMiuresBzrNIEEQvcqGkncNIudHaUIQZrJT8bSZA3bkH9usHPOXlaB8tptun/4Q4QyBDInHi6RSyh4q6Zch7pBPZ5wJpAFTf6ncqC5PaTpdujtrhjQ4AMcuyjtcCXTVoZJDybe+8cizT9ISVLVwYaq06eiCvTDZj397M+v/cWt0fpPwS1/60K5hNJm5/QfLWloE+SqBKZBRUgWIxEbY/CbUfjJHrELPirYJtGcK22EW62bQ7mA0jEUGQOW50aKQrMyyqGTZRfuoFfZ613XCrmiinb7YWgW+V5cUn6xYONUya24J46WfqvqT/Xuc0EVJP+jdUdRpPj60ZuDTbQ3/QjcXZu2wR/3BSc66ETAVnBUSqI78elCvLYhrV44W1C40MX2jFskBygwjR+CClWh9/lW+qaKbVlvTZ2SoKmHP5+QzIlhnQBELnG7Ymhg9SbJ4kIgAqFPuSpx8KVQfhdKGXSL8HWzx6LaYbF5+E+ulUVBbZcWCn8bTR0X1D1CWTs0Jl89fzrwqG50GFXpZy3LSCvPpXwlBllvG7bd/KTJmAcazPacweopfhQrE4DdfgpZpjXda+0RludztWL0OBnRsDlmDOZdyOU7QHUeIokCdfP6+BrRbXmZ1UyP0ZqUutxtjemC21jIC3NhDfCmQQnUl3oKCOKpUQcUjFIOEJkhyFJb
+    username: AgAvastUnBdsnCNtUqjVPo/zb/fV+Zac/oRNSx5kjM4XeCZ/o70VCYQUiQKrpnHOG3oo3E/RXjjcDynQJzFxixW+wZ2/aIFeOO6an/9zjNvtzOmoOepWqt6M68XV/4GUDds/2qDzHkvunc2PhpkzMQ1r0jyeIJAM/ZZxtjofnUmPbPtQ9eLILWeLdIEPSr3m2vf4Y0tmjqQUZkAVhvz0Vdo6+uqIyd6bVGU5k8W6jx0iUUYrixCTLbpGdHpsYRSMCpW8A0uqi9hHYhWbURYXql3ADgR6AfnCI0JyFC7RU9lIl7mLb+EvJ+UMH02xdm5URKWO8PokfeKcBlFMCIjHoeb1WB8S3kajBwWuZwWyHkheEqSFUk2yFekmqDgzLtOKBgmt88gq7bbTHBMUQiggL8BPft83MvyRSEFAEDafkluvwcMuwPQJQIAfFr4QliIBlJA+HO617Frf51HNi5RiH5GfPE81QqyXhkd9+VPNcedxuFS3AugXIWFUSwJOhC8fVDpd08lsANj8dIh5/Gcqr1pRLPwr9SPBffuClUwNZdHmJFFI6gngsJoNZhjNCFYILzvq2GsOKySCBrBiCSfmA7RaexQByf4fZWnfIrSrwa51DbsLhF3zmpIMR5n/LUreMNLMxkd+vyr7QuTPfTpPJggRq1G8ts6Bi2gf5AQhyT5G5OT7rknhEyZuUX0kh4pZAvGKO2Ab1HA=
+  template:
+    data: null
+    metadata:
+      creationTimestamp: null
+      name: flexvolsmb-credentials
+      namespace: pihole
+    type: mount/smb
--- a/services/PiHole/service-pihole-tcp.yaml
+++ b/services/PiHole/service-pihole-tcp.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pihole-tcp
+  namespace: pihole
+spec:
+  loadBalancerIP: 192.168.154.240
+  externalTrafficPolicy: Local
+  type: LoadBalancer
+  ports:
+    - protocol: TCP
+      name: dns-tcp
+      port: 53
+  selector:
+    app: pihole
--- a/services/PiHole/service-pihole-udp.yaml
+++ b/services/PiHole/service-pihole-udp.yaml
@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pihole-udp
+  namespace: pihole
+spec:
+  loadBalancerIP: 192.168.154.240
+  externalTrafficPolicy: Local
+  type: LoadBalancer
+  ports:
+    - protocol: UDP
+      name: dns-udp
+      port: 53
+  selector:
+    app: pihole
--- a/services/PiHole/service-pihole.yaml
+++ b/services/PiHole/service-pihole.yaml
@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: pihole
+  namespace: pihole
+spec:
+  ports:
+    - protocol: TCP
+      name: web
+      port: 80
+  selector:
+    app: pihole
--- a/system/ArgoCD/chart-values.yml
+++ b/system/ArgoCD/chart-values.yml
@ -1,7 +1,8 @@
+configs:
+  params:
+    server.insecure: true
+global:
+  domain: gitops.spamasaurus.com
 server:
-  extraArgs:
-    - --insecure
  ingress:
    enabled: true
-    hosts:
-      - gitops.spamasaurus.com