Tag: pihole

Posted on

PiHole en VM

suite au pb de config pour le dhcp dans kubernetes , je suprime le pod pihole et j’intalle pihole sur une vm ubuntu dans proxmox

Resultat immediat avec 100% de reussite

Posted on

Pihole pour dhcp

pour utilise le dhcp de pihole il faut le port 67 et 547 pour ipv6

apiVersion: v1
kind: Service
metadata:
  name: pihole-dns-dhcp-service
  namespace: pihole-ns  
spec:
  selector:
    app: pihole
  ports:
    - name: dhcp
      protocol: UDP
      port: 67
      targetPort: 67
    - name: dhcpv6
      protocol: UDP
      port: 547
      targetPort: 547
    - name: dns
      protocol: UDP
      port: 53
      targetPort: 53
  type: LoadBalancer

https://github.com/MoJo2600/pihole-kubernetes/issues/18

pour que le pod pihole puisse fonctionner sur le LAn et pas sur le reseau interne kubernetes

apiVersion: apps/v1
kind: Deployment
metadata:
  name: piholeserver 
  namespace: pihole-ns
  labels:
    app: pihole
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pihole
  template:
    metadata:
      labels:
        run: piholeserver 
        app: pihole
    spec:
      containers:
      - name: piholeserver 
        image: pihole/pihole:latest

        hostNetwork: true
        securityContext.privileged: true
        env:
          - name: "DNS1"
            value: "9.9.9.9"
          - name: "DNS2"
            value: "149.112.112.112"
        volumeMounts:
        - mountPath: /etc/pihole/
          name: pihole-config
        - mountPath: /etc/dnsmasq.d/
          name: pihole-dnsmasq
      volumes:
      - name: pihole-config
        hostPath:
          type: DirectoryOrCreate
          path: /usr/kubedata/piholeserver/pihole
      - name: pihole-dnsmasq
        hostPath:
          type: DirectoryOrCreate
          path: /usr/kubedata/piholeserver/dnsmasq.d
Posted on

Organisation reseau

Je fais 3 groupes pour mon 192.168.1.*

Dans l’avenir je decouperais en 2 sous reseau (technique / fonctionel et autre)

Technique : 1-99

Gateway Orange (DHCP desactivé)1
Tv Orange2
Proxmox10
Kubernetes20
TrueNas40
pihole Dns/dhcp Udp 53/67/54750

Fonctionel : 100-199

Kubernetes Plage IP Service100-149
-Kubernetes Dashborad100

Autre/Pc/IoT : 200-254

sudo nano /etc/netplan/*.yaml
sudo netplan apply

cle rsa

ajouter la cle public a chaque serveur pour la connection ssh


cat id_rsa_ubuntu.pub >> ~/.ssh/authorized_keys
sudo systemctl restart ssh
Posted on

Ajout pod pihole-node

deployement

La commande docker-compose avec le filesystem preparé

version: "3"

# More info at https://github.com/pi-hole/docker-pi-hole/ and https://docs.pi-hole.net/
services:
  pihole:
    container_name: pihole
    image: pihole/pihole:latest
    ports:
      - "53:53/tcp"
      - "53:53/udp"
      - "67:67/udp"
      - "80:80/tcp"
    environment:
      TZ: 'America/Chicago'
      # WEBPASSWORD: 'set a secure password here or it will be random'
    # Volumes store your data between container upgrades
    volumes:
      - './etc-pihole/:/etc/pihole/'
      - './etc-dnsmasq.d/:/etc/dnsmasq.d/'
    # Recommended but not required (DHCP needs NET_ADMIN)
    #   https://github.com/pi-hole/docker-pi-hole#note-on-capabilities
    cap_add:
      - NET_ADMIN
    restart: unless-stopped

traduction en kubernetes deploy :

apiVersion: apps/v1
kind: Deployment
metadata:
  name: piholeserver 
  namespace: default
  labels:
    app: pihole
spec:
  replicas: 1
  selector:
    matchLabels:
      app: pihole
  template:
    metadata:
      labels:
        run: piholeserver 
        app: pihole
    spec:
      containers:
      - name: piholeserver 
        image: pihole/pihole:latest
        env:
          - name: "DNS1"
            value: "9.9.9.9"
          - name: "DNS2"
            value: "149.112.112.112"
        ports:
        - protocol: TCP
          containerPort: 53
          name: pihole-http53t
        - protocol: UDP
          containerPort: 53
          name: pihole-http53u
        - containerPort: 67
          name: pihole-http67
        - containerPort: 80
          name: pihole-http
        volumeMounts:
        - mountPath: /etc/pihole/
          name: pihole-config
        - mountPath: /etc/dnsmasq.d/
          name: pihole-dnsmasq
      volumes:
      - name: pihole-config
        hostPath:
          type: DirectoryOrCreate
          path: /usr/kubedata/piholeserver/pihole
      - name: pihole-dnsmasq
        hostPath:
          type: DirectoryOrCreate
          path: /usr/kubedata/piholeserver/dnsmasq.d
---		  
apiVersion: v1
kind: Service
metadata:
  name: pihole-svc
spec:
  selector:
    app: pihole
  ports:
    - name: "http53u"
      protocol: UDP
      port: 53
      targetPort: 53
    - name: "http53t"
      protocol: TCP
      port: 53
      targetPort: 53
    - name: "http67"
      port: 67
      targetPort: 67
    - name: "http"
      port: 80
      targetPort: 80
      nodePort: 30499
  type: NodePort

puis on recupere le port d’exposition

kubectl get all --all-namespaces | grep heimdall

resultat le dashboard est accecible https://<master-ip>:31541

Le password de l’admin est dans la log du pod

ou on peut definir un password en ligne de commande dans le pod

sudo pihole -a -p