398 lines
11 KiB
YAML
398 lines
11 KiB
YAML
# Default values for pihole.
|
|
# This is a YAML-formatted file.
|
|
# Declare variables to be passed into your templates.
|
|
|
|
# -- The number of replicas
|
|
replicaCount: 1
|
|
|
|
# -- The `spec.strategyTpye` for updates
|
|
strategyType: RollingUpdate
|
|
|
|
# -- The maximum number of Pods that can be created over the desired number of `ReplicaSet` during updating.
|
|
maxSurge: 1
|
|
|
|
# -- The maximum number of Pods that can be unavailable during updating
|
|
maxUnavailable: 1
|
|
|
|
image:
|
|
# -- the repostory to pull the image from
|
|
repository: "pihole/pihole"
|
|
# -- the docker tag, if left empty it will get it from the chart's appVersion
|
|
tag: ""
|
|
# -- the pull policy
|
|
pullPolicy: IfNotPresent
|
|
|
|
dualStack:
|
|
# -- set this to true to enable creation of DualStack services or creation of separate IPv6 services if `serviceDns.type` is set to `"LoadBalancer"`
|
|
enabled: false
|
|
|
|
dnsHostPort:
|
|
# -- set this to true to enable dnsHostPort
|
|
enabled: false
|
|
# -- default port for this pod
|
|
port: 53
|
|
|
|
# -- Configuration for the DNS service on port 53
|
|
serviceDns:
|
|
|
|
# -- deploys a mixed (TCP + UDP) Service instead of separate ones
|
|
mixedService: false
|
|
|
|
# -- `spec.type` for the DNS Service
|
|
type: LoadBalancer
|
|
|
|
# -- The port of the DNS service
|
|
port: 53
|
|
|
|
# -- Optional node port for the DNS service
|
|
nodePort: ""
|
|
|
|
# -- `spec.externalTrafficPolicy` for the DHCP Service
|
|
externalTrafficPolicy: Local
|
|
|
|
# -- A fixed `spec.loadBalancerIP` for the DNS Service
|
|
loadBalancerIP: 192.168.1.3
|
|
# -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service
|
|
loadBalancerIPv6: ""
|
|
|
|
# -- Annotations for the DNS service
|
|
annotations:
|
|
# metallb.universe.tf/address-pool: network-services
|
|
metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
|
|
# -- Configuration for the DHCP service on port 67
|
|
serviceDhcp:
|
|
|
|
# -- Generate a Service resource for DHCP traffic
|
|
enabled: false
|
|
|
|
# -- `spec.type` for the DHCP Service
|
|
type: NodePort
|
|
|
|
# -- `spec.externalTrafficPolicy` for the DHCP Service
|
|
externalTrafficPolicy: Local
|
|
|
|
# -- A fixed `spec.loadBalancerIP` for the DHCP Service
|
|
loadBalancerIP: ""
|
|
# -- A fixed `spec.loadBalancerIP` for the IPv6 DHCP Service
|
|
loadBalancerIPv6: ""
|
|
|
|
# -- Annotations for the DHCP service
|
|
annotations: {}
|
|
# metallb.universe.tf/address-pool: network-services
|
|
# metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
|
|
# -- Configuration for the web interface service
|
|
serviceWeb:
|
|
# -- Configuration for the HTTP web interface listener
|
|
http:
|
|
|
|
# -- Generate a service for HTTP traffic
|
|
enabled: true
|
|
|
|
# -- The port of the web HTTP service
|
|
port: 80
|
|
|
|
# -- Configuration for the HTTPS web interface listener
|
|
https:
|
|
# -- Generate a service for HTTPS traffic
|
|
enabled: true
|
|
|
|
# -- The port of the web HTTPS service
|
|
port: 443
|
|
|
|
# -- `spec.type` for the web interface Service
|
|
type: ClusterIP
|
|
|
|
# -- `spec.externalTrafficPolicy` for the web interface Service
|
|
externalTrafficPolicy: Local
|
|
|
|
# -- A fixed `spec.loadBalancerIP` for the web interface Service
|
|
loadBalancerIP: ""
|
|
# -- A fixed `spec.loadBalancerIP` for the IPv6 web interface Service
|
|
loadBalancerIPv6: ""
|
|
|
|
# -- Annotations for the DHCP service
|
|
annotations: {}
|
|
# metallb.universe.tf/address-pool: network-services
|
|
# metallb.universe.tf/allow-shared-ip: pihole-svc
|
|
|
|
virtualHost: pi.hole
|
|
|
|
# -- Configuration for the Ingress
|
|
ingress:
|
|
# -- Generate a Ingress resource
|
|
enabled: false # DONE EXTERNALLY
|
|
|
|
# -- Specify an ingressClassName
|
|
# ingressClassName: nginx
|
|
|
|
# -- Annotations for the ingress
|
|
annotations: {}
|
|
# kubernetes.io/ingress.class: nginx
|
|
# kubernetes.io/tls-acme: "true"
|
|
path: /
|
|
hosts:
|
|
# virtualHost (default value is pi.hole) will be appended to the hosts
|
|
- chart-example.local
|
|
tls: []
|
|
# - secretName: chart-example-tls
|
|
# hosts:
|
|
# #- virtualHost (default value is pi.hole) will be appended to the hosts
|
|
# - chart-example.local
|
|
|
|
# -- Probes configuration
|
|
probes:
|
|
# -- probes.liveness -- Configure the healthcheck for the ingress controller
|
|
liveness:
|
|
# -- Generate a liveness probe
|
|
enabled: true
|
|
initialDelaySeconds: 60
|
|
failureThreshold: 10
|
|
timeoutSeconds: 5
|
|
readiness:
|
|
# -- Generate a readiness probe
|
|
enabled: true
|
|
initialDelaySeconds: 60
|
|
failureThreshold: 3
|
|
timeoutSeconds: 5
|
|
|
|
# -- We usually recommend not to specify default resources and to leave this as a conscious
|
|
# -- choice for the user. This also increases chances charts run on environments with little
|
|
# -- resources, such as Minikube. If you do want to specify resources, uncomment the following
|
|
# -- lines, adjust them as necessary, and remove the curly braces after 'resources:'.
|
|
resources: {}
|
|
# limits:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
# -- `spec.PersitentVolumeClaim` configuration
|
|
persistentVolumeClaim:
|
|
# -- set to true to use pvc
|
|
enabled: true
|
|
|
|
# -- specify an existing `PersistentVolumeClaim` to use
|
|
existingClaim: "pihole-nfs"
|
|
|
|
# -- Annotations for the `PersitentVolumeClaim`
|
|
annotations: {}
|
|
|
|
accessModes:
|
|
- ReadWriteOnce
|
|
|
|
size: "500Mi"
|
|
|
|
## If defined, storageClassName: <storageClass>
|
|
## If set to "-", storageClassName: "", which disables dynamic provisioning
|
|
## If undefined (the default) or set to null, no storageClassName spec is
|
|
## set, choosing the default provisioner. (gp2 on AWS, standard on
|
|
## GKE, AWS & OpenStack)
|
|
##
|
|
# storageClass: "-"
|
|
|
|
## If subPath is set mount a sub folder of a volume instead of the root of the volume.
|
|
## This is especially handy for volume plugins that don't natively support sub mounting (like glusterfs).
|
|
|
|
## subPath: "pihole"
|
|
|
|
nodeSelector: {}
|
|
|
|
tolerations: []
|
|
|
|
# -- Specify a priorityClassName
|
|
# priorityClassName: ""
|
|
|
|
# Reference: https://kubernetes.io/docs/concepts/workloads/pods/pod-topology-spread-constraints/
|
|
topologySpreadConstraints: []
|
|
# - maxSkew: <integer>
|
|
# topologyKey: <string>
|
|
# whenUnsatisfiable: <string>
|
|
# labelSelector: <object>
|
|
|
|
affinity: {}
|
|
|
|
# -- Administrator password when not using an existing secret (see below)
|
|
adminPassword: "admin"
|
|
|
|
# -- Use an existing secret for the admin password.
|
|
admin:
|
|
# -- Specify an existing secret to use as admin password
|
|
existingSecret: ""
|
|
# -- Specify the key inside the secret to use
|
|
passwordKey: ""
|
|
|
|
# -- extraEnvironmentVars is a list of extra enviroment variables to set for pihole to use
|
|
extraEnvVars: {}
|
|
# TZ: UTC
|
|
|
|
# -- extraEnvVarsSecret is a list of secrets to load in as environment variables.
|
|
extraEnvVarsSecret: {}
|
|
# env_var:
|
|
# name: secret-name
|
|
# key: secret-key
|
|
|
|
# -- default upstream DNS 1 server to use
|
|
DNS1: "8.8.8.8"
|
|
# -- default upstream DNS 2 server to use
|
|
DNS2: "8.8.4.4"
|
|
|
|
antiaff:
|
|
# -- set to true to enable antiaffinity (example: 2 pihole DNS in the same cluster)
|
|
enabled: false
|
|
# -- Here you can set the pihole release (you set in `helm install <releasename> ...`)
|
|
# you want to avoid
|
|
avoidRelease: pihole1
|
|
# -- Here you can choose between preferred or required
|
|
strict: true
|
|
|
|
doh:
|
|
# -- set to true to enabled DNS over HTTPs via cloudflared
|
|
enabled: false
|
|
name: "cloudflared"
|
|
repository: "crazymax/cloudflared"
|
|
tag: latest
|
|
pullPolicy: IfNotPresent
|
|
# -- Here you can pass environment variables to the DoH container, for example:
|
|
envVars: {}
|
|
# TUNNEL_DNS_UPSTREAM: "https://1.1.1.2/dns-query,https://1.0.0.2/dns-query"
|
|
|
|
# -- Probes configuration
|
|
probes:
|
|
# -- Configure the healthcheck for the doh container
|
|
liveness:
|
|
# -- set to true to enable liveness probe
|
|
enabled: true
|
|
# -- defines the initial delay for the liveness probe
|
|
initialDelaySeconds: 60
|
|
# -- defines the failure threshold for the liveness probe
|
|
failureThreshold: 10
|
|
# -- defines the timeout in secondes for the liveness probe
|
|
timeoutSeconds: 5
|
|
|
|
dnsmasq:
|
|
# -- Add upstream dns servers. All lines will be added to the pihole dnsmasq configuration
|
|
upstreamServers: []
|
|
# - server=/foo.bar/192.168.178.10
|
|
# - server=/bar.foo/192.168.178.11
|
|
|
|
# -- Add custom dns entries to override the dns resolution. All lines will be added to the pihole dnsmasq configuration.
|
|
customDnsEntries: []
|
|
# - address=/foo.bar/192.168.178.10
|
|
# - address=/bar.foo/192.168.178.11
|
|
|
|
# -- Dnsmasq reads the /etc/hosts file to resolve ips. You can add additional entries if you like
|
|
additionalHostsEntries: []
|
|
# - 192.168.0.3 host4
|
|
# - 192.168.0.4 host5
|
|
|
|
# -- Static DHCP config
|
|
staticDhcpEntries: []
|
|
# staticDhcpEntries:
|
|
# - dhcp-host=MAC_ADDRESS,IP_ADDRESS,HOSTNAME
|
|
|
|
# -- Other options
|
|
customSettings:
|
|
# otherSettings:
|
|
# - rebind-domain-ok=/plex.direct/
|
|
|
|
# -- Here we specify custom cname entries that should point to `A` records or
|
|
# elements in customDnsEntries array.
|
|
# The format should be:
|
|
# - cname=cname.foo.bar,foo.bar
|
|
# - cname=cname.bar.foo,bar.foo
|
|
# - cname=cname record,dns record
|
|
customCnameEntries: []
|
|
# Here we specify custom cname entries that should point to `A` records or
|
|
# elements in customDnsEntries array.
|
|
# The format should be:
|
|
# - cname=cname.foo.bar,foo.bar
|
|
# - cname=cname.bar.foo,bar.foo
|
|
# - cname=cname record,dns record
|
|
|
|
# -- list of adlists to import during initial start of the container
|
|
adlists: {}
|
|
# If you want to provide blocklists, add them here.
|
|
# - https://hosts-file.net/grm.txt
|
|
# - https://reddestdream.github.io/Projects/MinimalHosts/etc/MinimalHostsBlocker/minimalhosts
|
|
|
|
# -- list of whitelisted domains to import during initial start of the container
|
|
whitelist: {}
|
|
# If you want to provide whitelisted domains, add them here.
|
|
# - clients4.google.com
|
|
|
|
# -- list of blacklisted domains to import during initial start of the container
|
|
blacklist: {}
|
|
# If you want to have special domains blacklisted, add them here
|
|
# - *.blackist.com
|
|
|
|
# -- list of blacklisted regex expressions to import during initial start of the container
|
|
regex: {}
|
|
# Add regular expression blacklist items
|
|
# - (^|\.)facebook\.com$
|
|
|
|
# -- values that should be added to pihole-FTL.conf
|
|
ftl: {}
|
|
# Add values for pihole-FTL.conf
|
|
# MAXDBDAYS: 14
|
|
|
|
# -- port the container should use to expose HTTP traffic
|
|
webHttp: "80"
|
|
|
|
# -- port the container should use to expose HTTPS traffic
|
|
webHttps: "443"
|
|
|
|
# -- hostname of pod
|
|
hostname: ""
|
|
|
|
# -- should the container use host network
|
|
hostNetwork: "false"
|
|
|
|
# -- should container run in privileged mode
|
|
privileged: "false"
|
|
|
|
customVolumes:
|
|
# -- set this to true to enable custom volumes
|
|
enabled: false
|
|
# -- any volume type can be used here
|
|
config: {}
|
|
# hostPath:
|
|
# path: "/mnt/data"
|
|
|
|
# -- Additional annotations for pods
|
|
podAnnotations: {}
|
|
# Example below allows Prometheus to scape on metric port (requires pihole-exporter sidecar enabled)
|
|
# prometheus.io/port: '9617'
|
|
# prometheus.io/scrape: 'true'
|
|
|
|
monitoring:
|
|
# -- Preferably adding prometheus scrape annotations rather than enabling podMonitor.
|
|
podMonitor:
|
|
# -- set this to true to enable podMonitor
|
|
enabled: false
|
|
# -- Sidecar configuration
|
|
sidecar:
|
|
# -- set this to true to enable podMonitor as sidecar
|
|
enabled: false
|
|
port: 9617
|
|
image:
|
|
repository: ekofr/pihole-exporter
|
|
tag: 0.0.10
|
|
pullPolicy: IfNotPresent
|
|
resources:
|
|
limits:
|
|
memory: 128Mi
|
|
# requests:
|
|
# cpu: 100m
|
|
# memory: 128Mi
|
|
|
|
podDnsConfig:
|
|
enabled: true
|
|
policy: "None"
|
|
nameservers:
|
|
- 127.0.0.1
|
|
- 8.8.8.8
|
|
|