adding new pihole chart

* adding new pihole chart * updating some ci tools
drew-viles · Aug 28, 2024 · 22aa5bb · 22aa5bb
1 parent 09eb057
commit 22aa5bb
Show file tree

Hide file tree

Showing 16 changed files with 655 additions and 5 deletions.
diff --git a/.github/helm-docs.sh b/.github/helm-docs.sh
@@ -2,7 +2,7 @@
 set -euxo pipefail
 
 # renovate: datasource=github-releases depName=norwoodj/helm-docs
-HELM_DOCS_VERSION=1.12.0
+HELM_DOCS_VERSION=1.14.2
 
 # install helm-docs
 curl --silent --show-error --fail --location --output /tmp/helm-docs.tar.gz https://github.com/norwoodj/helm-docs/releases/download/v"${HELM_DOCS_VERSION}"/helm-docs_"${HELM_DOCS_VERSION}"_Linux_x86_64.tar.gz

diff --git a/.github/kubeconform.sh b/.github/kubeconform.sh
@@ -2,7 +2,7 @@
 set -euxo pipefail
 
 # renovate: datasource=github-releases depName=yannh/kubeconform
-KUBECONFORM_VERSION=0.6.4
+KUBECONFORM_VERSION=0.6.7
 
 #CHART_DIRS="$(git diff --find-renames --name-only "$(git rev-parse --abbrev-ref HEAD)" remotes/origin/main -- apps | cut -d '/' -f 2 | uniq)"
 CHART_DIRS=$(ls charts)

diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml
@@ -45,9 +45,9 @@ jobs:
       matrix:
         k8s:
           # from https://github.com/yannh/kubernetes-json-schema
-          - v1.26.9
-          - v1.27.8
-          - v1.28.4
+          - v1.29.8
+          - v1.30.4
+          - v1.31.0
     steps:
       - name: Checkout
         uses: actions/[email protected]

diff --git a/charts/pihole/.helmignore b/charts/pihole/.helmignore
@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
diff --git a/charts/pihole/Chart.yaml b/charts/pihole/Chart.yaml
@@ -0,0 +1,12 @@
+apiVersion: v2
+name: pihhole
+description: Deploys pihhole onto Kubernetes
+type: application
+version: 0.1.0
+appVersion: "2024.07.0"
+maintainers:
+  - name: Drew
+    email: [email protected]
+keywords:
+  - pihhole
+  - dns
diff --git a/charts/pihole/README.md b/charts/pihole/README.md
@@ -0,0 +1,81 @@
+# pihhole
+
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2024.07.0](https://img.shields.io/badge/AppVersion-2024.07.0-informational?style=flat-square)
+
+The pihhole helm chart simply exists for deploying the pihhole media server onto Kubernetes.
+
+## Add Helm Repository
+
+```shell
+helm repo add drew-viles https://drew-viles.github.io/helm-charts
+helm repo update
+```
+
+## Install Chart
+
+Using config from a file:
+
+```bash
+helm upgrade --install pihhole . --values ./values.yaml
+```
+
+## Updating the Chart
+Make sure you've run and resolved any issues using the following as failures of these will cause the pipeline/actions to fail.
+```
+ct lint charts/pihhole/values.yaml --validate-maintainers=false --config .github/ct.yaml
+
+helm-docs .
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the chart and the default values.
+
+## Values
+
+| Key | Type | Default | Description |
+|-----|------|---------|-------------|
+| affinity | object | `{}` |  |
+| autoscaling.enabled | bool | `false` |  |
+| autoscaling.maxReplicas | int | `100` |  |
+| autoscaling.minReplicas | int | `1` |  |
+| autoscaling.targetCPUUtilizationPercentage | int | `80` |  |
+| dhcpService.annotations | object | `{}` |  |
+| dhcpService.type | string | `"LoadBalancer"` |  |
+| dnsService.annotations | object | `{}` |  |
+| dnsService.type | string | `"LoadBalancer"` |  |
+| fullnameOverride | string | `""` |  |
+| image.pullPolicy | string | `"IfNotPresent"` |  |
+| image.repository | string | `"pihhole/pihhole"` |  |
+| image.tag | string | `"latest"` |  |
+| imagePullSecrets | list | `[]` |  |
+| ingress.annotations | object | `{}` |  |
+| ingress.className | string | `nil` |  |
+| ingress.enabled | bool | `false` |  |
+| ingress.hosts[0].host | string | `"chart-example.local"` |  |
+| ingress.hosts[0].paths[0].path | string | `"/"` |  |
+| ingress.hosts[0].paths[0].pathType | string | `"Prefix"` |  |
+| ingress.tls | list | `[]` |  |
+| nameOverride | string | `""` |  |
+| nodeSelector | object | `{}` |  |
+| persistentVolume.dns.size | string | `"1Gi"` |  |
+| persistentVolume.etc.size | string | `"1Gi"` |  |
+| persistentVolume.storageClassName | string | `nil` |  |
+| pihole.adminPassword.existingSecret | string | `"pihole-credentials"` |  |
+| pihole.dns | string | `"1.1.1.1;8.8.4.4"` |  |
+| pihole.enableDNSSec | string | `"true"` |  |
+| pihole.hostName | string | `nil` |  |
+| pihole.timezone | string | `"Europe/London"` |  |
+| podAnnotations | object | `{}` |  |
+| podSecurityContext | object | `{}` |  |
+| replicaCount | int | `1` |  |
+| resources | object | `{}` |  |
+| securityContext.capabilities.add[0] | string | `"NET_ADMIN"` |  |
+| securityContext.capabilities.drop[0] | string | `"ALL"` |  |
+| serviceAccount.annotations | object | `{}` |  |
+| serviceAccount.create | bool | `true` |  |
+| serviceAccount.name | string | `""` |  |
+| tolerations | list | `[]` |  |
+| webService.annotations | object | `{}` |  |
+| webService.port | int | `80` |  |
+| webService.type | string | `"ClusterIP"` |  |
diff --git a/charts/pihole/README.md.gotmpl b/charts/pihole/README.md.gotmpl
@@ -0,0 +1,35 @@
+{{ template "chart.header" . }}
+{{ template "chart.deprecationWarning" . }}
+
+{{ template "chart.versionBadge" . }}{{ template "chart.typeBadge" . }}{{ template "chart.appVersionBadge" . }}
+
+The pihhole helm chart simply exists for deploying the pihhole media server onto Kubernetes.
+
+## Add Helm Repository
+
+```shell
+helm repo add drew-viles https://drew-viles.github.io/helm-charts
+helm repo update
+```
+
+## Install Chart
+
+Using config from a file:
+
+```bash
+helm upgrade --install {{ template "chart.name" . }} . --values ./values.yaml
+```
+
+## Updating the Chart
+Make sure you've run and resolved any issues using the following as failures of these will cause the pipeline/actions to fail.
+```
+ct lint charts/{{ template "chart.name" . }}/values.yaml --validate-maintainers=false --config .github/ct.yaml
+
+helm-docs .
+```
+
+## Configuration
+
+The following table lists the configurable parameters of the chart and the default values.
+
+{{ template "chart.valuesSection" . }}
diff --git a/charts/pihole/ci/test-values.yaml b/charts/pihole/ci/test-values.yaml
@@ -0,0 +1,28 @@
+persistentVolume:
+  etc:
+    size: 1Gi
+  dns:
+    size: 1Gi
+  storageClassName: "longhorn"
+
+
+webService:
+  type: ClusterIP
+  port: 80
+  annotations: {}
+dnsService:
+  type: LoadBalancer
+  port: 53
+  annotations: {}
+dhcpService:
+  type: LoadBalancer
+  port: 69
+  annotations: {}
+
+pihole:
+  adminPassword:
+    existingSecret: "pihole-credentials"  # Must contain the key "password"
+  timezone: "Europe/London"
+  hostName: ~  # Set this to the same as your ingress
+  enableDNSSec: "true"
+  dns: "1.1.1.1;8.8.4.4"
diff --git a/charts/pihole/templates/_helpers.tpl b/charts/pihole/templates/_helpers.tpl
@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "pihhole.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "pihhole.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "pihhole.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "pihhole.labels" -}}
+helm.sh/chart: {{ include "pihhole.chart" . }}
+{{ include "pihhole.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "pihhole.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "pihhole.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "pihhole.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "pihhole.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}
diff --git a/charts/pihole/templates/deployment.yaml b/charts/pihole/templates/deployment.yaml
@@ -0,0 +1,119 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "pihhole.fullname" . }}
+  labels:
+    {{- include "pihhole.labels" . | nindent 4 }}
+spec:
+  {{- if not .Values.autoscaling.enabled }}
+  replicas: {{ .Values.replicaCount }}
+  {{- end }}
+  strategy:
+    type: Recreate
+  selector:
+    matchLabels:
+      {{- include "pihhole.selectorLabels" . | nindent 6 }}
+  template:
+    metadata:
+      {{- with .Values.podAnnotations }}
+      annotations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      labels:
+        {{- include "pihhole.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      serviceAccountName: {{ include "pihhole.serviceAccountName" . }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}"
+          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          env:
+            - name: TZ
+              value: "{{ .Values.pihole.timezone }}"
+            - name: VIRTUAL_HOST
+              value: "pi.hole"
+            - name: DNSSEC
+              value: "{{ .Values.pihole.enableDNSSec }}"
+            - name: DNSMASQ_LISTENING
+              value: all
+            #- name: FTLCONF_RATE_LIMIT
+            #  value: 0/0
+            #- name: FTLCONF_LOCAL_IPV4
+            #  value: {{ .Values.pihole.ftlConfLocalIPV4 }}
+            - name: PIHOLE_DNS_
+              value: "{{ .Values.pihole.dns }}"
+            - name: WEB_PORT
+              value: "{{ .Values.webService.port }}"
+            #- name: FTLCONF_MAXDBDAYS
+            #  value: '90'
+            #- name: REV_SERVER
+            #  value: 'true'
+            #- name: REV_SERVER_DOMAIN
+            #  value: local.lan
+            #- name: REV_SERVER_TARGET
+            #  value: 172.16.0.1
+            #- name: REV_SERVER_CIDR
+            #  value: 172.16.0.0/12
+            - name: WEBPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.pihole.adminPassword.existingSecret }}
+                  key: password
+          ports:
+            - name: dns-tcp
+              containerPort: 53
+              protocol: TCP
+            - name: dns-udp
+              containerPort: 53
+              protocol: UDP
+            - name: dhcp-udp
+              containerPort: 67
+              protocol: UDP
+            - name: http
+              containerPort: {{ .Values.webService.port }}
+              protocol: TCP
+          readinessProbe:
+            exec:
+              command: ['dig', '@127.0.0.1', 'cloudflare.com']
+            timeoutSeconds: 20
+            initialDelaySeconds: 5
+            periodSeconds: 60
+          livenessProbe:
+            tcpSocket:
+              port: dns-tcp
+            initialDelaySeconds: 15
+            periodSeconds: 30
+          resources:
+            {{- toYaml .Values.resources | nindent 12 }}
+          volumeMounts:
+            - name: pihole-etc
+              mountPath: /etc/pihole
+            - name: pihole-dnsm
+              mountPath: /etc/dnsmasq.d
+      {{- with .Values.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      volumes:
+        - name: pihole-etc
+          persistentVolumeClaim:
+            claimName: {{ include "pihhole.fullname" . }}-etc
+        - name: pihole-dnsm
+          persistentVolumeClaim:
+            claimName: {{ include "pihhole.fullname" . }}-dnsm
-Original file line number
+Diff line change
@@ Expand Up / @@ -45,9 +45,9 @@ jobs: @@
           matrix:
             k8s:
               # from https://github.com/yannh/kubernetes-json-schema
-              - v1.26.9
-              - v1.27.8
-              - v1.28.4
+              - v1.29.8
+              - v1.30.4
+              - v1.31.0
         steps:
           - name: Checkout
             uses: actions/[email protected]
@@ Expand Down @@