diff --git a/library/ix-dev/charts/pihole/Chart.lock b/library/ix-dev/charts/pihole/Chart.lock index cad56646fb..689110964a 100644 --- a/library/ix-dev/charts/pihole/Chart.lock +++ b/library/ix-dev/charts/pihole/Chart.lock @@ -1,6 +1,6 @@ dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 -digest: sha256:1ed155c6760e1166e2cb75b52bc5e81c6bdf0252c16ff5ede001157077c41670 -generated: "2023-04-24T13:41:05.966111097+03:00" + repository: file://../../../common + version: 1.2.9 +digest: sha256:af1a9a1f87e3e48453c9f25f909f5ebcd7fa6e25162b7b425448ba752bcdbc5c +generated: "2024-02-08T16:30:19.001779605+02:00" diff --git a/library/ix-dev/charts/pihole/Chart.yaml b/library/ix-dev/charts/pihole/Chart.yaml index cc6f5f4026..fa98d6969c 100644 --- a/library/ix-dev/charts/pihole/Chart.yaml +++ b/library/ix-dev/charts/pihole/Chart.yaml @@ -3,7 +3,7 @@ description: DNS and Ad-filtering for your network. annotations: title: Pi-hole type: application -version: 1.0.25 +version: 2.0.0 apiVersion: v2 appVersion: 2023.11.0 kubeVersion: '>=1.16.0-0' @@ -13,8 +13,8 @@ maintainers: email: dev@ixsystems.com dependencies: - name: common - repository: file://../../../common/2304.0.1 - version: 2304.0.1 + repository: file://../../../common + version: 1.2.9 home: https://pi-hole.net/ icon: https://media.sys.truenas.net/apps/pihole/icons/icon.png sources: diff --git a/library/ix-dev/charts/pihole/README.md b/library/ix-dev/charts/pihole/README.md index 98d1bcdb3b..7bd26b05b7 100644 --- a/library/ix-dev/charts/pihole/README.md +++ b/library/ix-dev/charts/pihole/README.md @@ -1,3 +1,3 @@ -# Pihole +# Pi-hole -DNS and Ad-filtering for your network. +[Pi-hole](https://pi-hole.net/) is a black hole for Internet advertisements diff --git a/library/ix-dev/charts/pihole/app-readme.md b/library/ix-dev/charts/pihole/app-readme.md index 98d1bcdb3b..7bd26b05b7 100644 --- a/library/ix-dev/charts/pihole/app-readme.md +++ b/library/ix-dev/charts/pihole/app-readme.md @@ -1,3 +1,3 @@ -# Pihole +# Pi-hole -DNS and Ad-filtering for your network. +[Pi-hole](https://pi-hole.net/) is a black hole for Internet advertisements diff --git a/library/ix-dev/charts/pihole/charts/common-1.2.9.tgz b/library/ix-dev/charts/pihole/charts/common-1.2.9.tgz new file mode 100644 index 0000000000..f177ca9496 Binary files /dev/null and b/library/ix-dev/charts/pihole/charts/common-1.2.9.tgz differ diff --git a/library/ix-dev/charts/pihole/charts/common-2304.0.1.tgz b/library/ix-dev/charts/pihole/charts/common-2304.0.1.tgz deleted file mode 100644 index 5d8a94a17e..0000000000 Binary files a/library/ix-dev/charts/pihole/charts/common-2304.0.1.tgz and /dev/null differ diff --git a/library/ix-dev/charts/pihole/ci/basic-values.yaml b/library/ix-dev/charts/pihole/ci/basic-values.yaml new file mode 100644 index 0000000000..d800ff9dd4 --- /dev/null +++ b/library/ix-dev/charts/pihole/ci/basic-values.yaml @@ -0,0 +1,16 @@ +piholeConfig: + webPassword: somepassword + +piholeNetwork: + webPort: 32000 + dhcp: + enabled: true + start: '192.168.1.1' + end: '192.168.1.2' + gateway: '192.168.1.0' + +piholeStorage: + config: + type: pvc + dnsmasq: + type: pvc diff --git a/library/ix-dev/charts/pihole/ci/hostnet-values.yaml b/library/ix-dev/charts/pihole/ci/hostnet-values.yaml deleted file mode 100644 index 110f705716..0000000000 --- a/library/ix-dev/charts/pihole/ci/hostnet-values.yaml +++ /dev/null @@ -1,22 +0,0 @@ -appVolumeMounts: - config: - emptyDir: true - mountPath: /etc/pihole - dnsmasq: - emptyDir: true - mountPath: /etc/dnsmasq.d -dhcp: true -dhcp_start: 192.168.10.2 -dhcp_end: 192.168.10.254 -dhcp_gateway: 192.168.10.1 -dnsConfig: - options: [] -emptyDirVolumes: true -environmentVariables: [] -extraAppVolumeMounts: [] -hostNetwork: true -ownerGID: 568 -ownerUID: 568 -password: admin123 -timezone: America/Los_Angeles -web_port: 32000 diff --git a/library/ix-dev/charts/pihole/ci/nodhcp-values.yaml b/library/ix-dev/charts/pihole/ci/nodhcp-values.yaml new file mode 100644 index 0000000000..843efc4520 --- /dev/null +++ b/library/ix-dev/charts/pihole/ci/nodhcp-values.yaml @@ -0,0 +1,13 @@ +piholeConfig: + webPassword: somepassword + +piholeNetwork: + webPort: 32000 + dhcp: + enabled: false + +piholeStorage: + config: + type: pvc + dnsmasq: + type: pvc diff --git a/library/ix-dev/charts/pihole/ci/test-values.yaml b/library/ix-dev/charts/pihole/ci/test-values.yaml deleted file mode 100644 index 941105ba4d..0000000000 --- a/library/ix-dev/charts/pihole/ci/test-values.yaml +++ /dev/null @@ -1,20 +0,0 @@ -appVolumeMounts: - config: - emptyDir: true - mountPath: /etc/pihole - dnsmasq: - emptyDir: true - mountPath: /etc/dnsmasq.d -dhcp: true -dnsConfig: - options: [] -dns_tcp_port: 32001 -dns_udp_port: 32002 -emptyDirVolumes: true -environmentVariables: [] -extraAppVolumeMounts: [] -ownerGID: 568 -ownerUID: 568 -password: admin123 -timezone: America/Los_Angeles -web_port: 32000 diff --git a/library/ix-dev/charts/pihole/metadata.yaml b/library/ix-dev/charts/pihole/metadata.yaml index 6e9a68e0d1..f24c69667b 100644 --- a/library/ix-dev/charts/pihole/metadata.yaml +++ b/library/ix-dev/charts/pihole/metadata.yaml @@ -9,30 +9,16 @@ capabilities: description: Pi-hole is able to chown files. - name: FOWNER description: Pi-hole is able to bypass permission checks for it's sub-processes. - - name: SYS_CHROOT - description: Pi-hole is able to use chroot. - - name: MKNOD - description: Pi-hole is able to create device nodes. - name: DAC_OVERRIDE description: Pi-hole is able to bypass permission checks. - - name: FSETID - description: Pi-hole is able to set file capabilities. - - name: KILL - description: Pi-hole is able to kill processes. - name: SETGID description: Pi-hole is able to set group ID for it's sub-processes. - name: SETUID description: Pi-hole is able to set user ID for it's sub-processes. - - name: SETPCAP - description: Pi-hole is able to set process capabilities. - - name: NET_BIND_SERVICE - description: Pi-hole is able to bind to privileged ports. - name: SETFCAP description: Pi-hole is able to set file capabilities. - - name: NET_RAW - description: Pi-hole is able to use raw sockets. - name: NET_ADMIN description: Pi-hole is able to perform various network-related operations. - - name: AUDIT_WRITE - description: Pi-hole is able to write to audit log. + - name: KILL + description: Pi-hole is able to kill processes. hostMounts: [] diff --git a/library/ix-dev/charts/pihole/migrations/migrate b/library/ix-dev/charts/pihole/migrations/migrate new file mode 100755 index 0000000000..24afaf26a4 --- /dev/null +++ b/library/ix-dev/charts/pihole/migrations/migrate @@ -0,0 +1,95 @@ +#!/usr/bin/python3 +import json +import os +import sys + +def migrate_volume(volume): + return { + 'type': 'hostPath', + 'hostPathConfig': { + 'hostPath': volume['hostPath'] + }, + } if volume.get('hostPathEnabled', False) else { + 'type': 'ixVolume', + 'ixVolumeConfig': { + 'datasetName': volume['datasetName'], + }, + } + +def migrate_common_lib(values): + delete_keys = [ + 'enableResourceLimits', 'memLimit', 'cpuLimit', 'dnsConfig', + 'web_port', 'environmentVariables', 'timezone', 'password', + 'extraAppVolumeMounts', 'appVolumeMounts', 'dhcp', 'dhcp_start', + 'dhcp_end', 'dhcp_gateway', 'ownerUID', 'ownerGID', + ] + + values.update({ + # Migrate Network + 'piholeNetwork': { + 'webPort': values['web_port'], + 'dhcp': { + 'enabled': values['dhcp'], + 'start': values.get('dhcp_start', ''), + 'end': values.get('dhcp_end', ''), + 'gateway': values.get('dhcp_gateway', ''), + } + }, + # Migrate Resources + 'resources': { + 'limits': { + 'cpu': values.get('cpuLimit', '4000m'), + 'memory': values.get('memLimit', '8Gi'), + } + }, + # Migrate DNS + 'podOptions': { + 'dnsConfig': { + 'options': [ + {'name': opt['name'], 'value': opt['value']} + for opt in values.get('dnsConfig', {}).get('options', []) + ] + } + }, + # Migrate Config + 'TZ': values['timezone'], + 'piholeConfig': { + 'webPassword': values['password'], + 'additionalEnvs': values.get('environmentVariables', []), + }, + # Migrate Storage + 'piholeStorage': { + 'config': migrate_volume(values['appVolumeMounts']['config']), + 'cache': migrate_volume(values['appVolumeMounts']['dnsmasq']), + 'additionalStorages': [ + { + 'type': 'hostPath', + 'hostPathConfig': {'hostPath': e['hostPath']}, + 'mountPath': e['mountPath'], + 'readOnly': e.get('readOnly', False), + } + for e in values.get('extraAppVolumeMounts', []) + ], + }, + }) + + for k in delete_keys: + values.pop(k, None) + + return values + +def migrate(values): + # If this missing, we have already migrated + if not 'appVolumeMounts' in values.keys(): + return values + + return migrate_common_lib(values) + + +if __name__ == '__main__': + if len(sys.argv) != 2: + exit(1) + + if os.path.exists(sys.argv[1]): + with open(sys.argv[1], 'r') as f: + print(json.dumps(migrate(json.loads(f.read())))) diff --git a/library/ix-dev/charts/pihole/questions.yaml b/library/ix-dev/charts/pihole/questions.yaml index 190c73c38c..ed7f35e2b5 100644 --- a/library/ix-dev/charts/pihole/questions.yaml +++ b/library/ix-dev/charts/pihole/questions.yaml @@ -1,277 +1,499 @@ groups: - - name: "Configuration" - description: "Pihole application configuration" - - name: "Storage" - description: "Configure storage for pihole" - - name: "Networking" - description: "Networking Configuration for pihole" - - name: "Advanced DNS Settings" - description: "Configure DNS settings" - - name: "Resource Limits" - description: "Set CPU/memory limits for Kubernetes Pod" - + - name: Pi-Hole Configuration + description: Configure Pi-Hole + - name: Advanced Pod Configuration + description: Configure Advanced Pod Options for Pi-Hole + - name: Network Configuration + description: Configure Network for Pi-Hole + - name: Storage Configuration + description: Configure Storage for Pi-Hole + - name: Resources Configuration + description: Configure Resources for Pi-Hole portals: web_portal: protocols: - - "http" + - "$kubernetes-resource_configmap_portal_protocol" host: - - "$node_ip" + - "$kubernetes-resource_configmap_portal_host" ports: - - "$variable-web_port" - path: "/admin/" + - "$kubernetes-resource_configmap_portal_port" + path: "$kubernetes-resource_configmap_portal_path" questions: - - variable: web_port - label: "Web Port for pihole" - group: Networking + - variable: TZ + group: Pi-Hole Configuration + label: Timezone schema: - type: int - min: 8000 - max: 65535 - default: 20720 + type: string + default: Etc/UTC required: true + $ref: + - definitions/timezone - - variable: dhcp - label: "Enable DHCP" - group: "Networking" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: dhcp_start - label: "DHCP Start Address" - group: Networking - schema: - type: ipaddr - cidr: false - required: true - - variable: dhcp_end - label: "DHCP End Address" - group: Networking - schema: - type: ipaddr - cidr: false - required: true - - variable: dhcp_gateway - label: "Gateway" - group: Networking - schema: - type: ipaddr - cidr: false - required: true - - - variable: dnsConfig - label: "DNS Configuration" - group: "Advanced DNS Settings" + - variable: piholeConfig + label: "" + group: Pi-Hole Configuration schema: type: dict attrs: - - variable: options - label: "DNS Options" + - variable: webPassword + label: Web Password + description: The password for the Pi-Hole Web UI. + schema: + type: string + required: true + private: true + - variable: additionalEnvs + label: Additional Environment Variables + description: Configure additional environment variables for Pi-Hole. schema: type: list + default: [] items: - - variable: optionsEntry - label: "Option Entry Configuration" + - variable: env + label: Environment Variable schema: type: dict attrs: - variable: name - label: "Option Name" + label: Name schema: type: string required: true - variable: value - label: "Option Value" + label: Value schema: type: string required: true - - variable: ownerUID - label: "Storage User ID" - description: "User ID of the dnsmasq volume being used (application will chown the volume path with specified UID)" - group: Configuration + - variable: podOptions + label: "" + group: Advanced Pod Configuration schema: - type: int - default: 568 - min: 1 - max: 65535 - - - variable: ownerGID - label: "Storage Group ID" - description: "Group ID of the dnsmasq volume being used (application will chown the volume path with specified GID)" - group: Configuration - schema: - type: int - default: 568 - min: 1 - max: 65535 - - - variable: password - label: "Admin password" - group: "Configuration" - schema: - type: string - private: true - required: true - empty: false - immutable: true - - - variable: timezone - label: "Configure timezone" - group: "Configuration" - description: "Configure timezone for pihole" - schema: - type: string - $ref: - - "definitions/timezone" - - - variable: environmentVariables - label: "Pihole environment" - group: "Configuration" - schema: - type: list - default: [] - items: - - variable: environmentVariable - label: "Environment Variable" + type: dict + attrs: + - variable: dnsConfig + label: Advanced DNS Configuration schema: type: dict attrs: - - variable: name - label: "Name" + - variable: options + label: DNS Options schema: - type: string - - variable: value - label: "Value" - schema: - type: string + type: list + items: + - variable: optionsEntry + label: DNS Option Entry + schema: + type: dict + attrs: + - variable: name + label: Option Name + schema: + type: string + required: true + - variable: value + label: Option Value + schema: + type: string + required: true - - variable: appVolumeMounts - label: "Pihole Storage" - group: "Storage" + - variable: piholeNetwork + label: "" + group: Network Configuration + schema: + type: dict + attrs: + - variable: webPort + label: Web Port + description: The port for the Pi-Hole Web UI. + schema: + type: int + default: 20720 + min: 9000 + max: 65535 + required: true + - variable: dhcp + label: DHCP Configuration + schema: + type: dict + attrs: + - variable: enabled + label: Enable DHCP + description: Enable DHCP for Pi-Hole. + schema: + type: boolean + default: false + - variable: start + label: DHCP Start + description: The start of the DHCP range. + schema: + type: ipaddr + cidr: false + show_if: [["enabled", "=", true]] + required: true + - variable: end + label: DHCP End + description: The end of the DHCP range. + schema: + type: ipaddr + cidr: false + show_if: [["enabled", "=", true]] + required: true + - variable: gateway + label: DHCP Gateway + description: The gateway for the DHCP range. + schema: + type: ipaddr + cidr: false + show_if: [["enabled", "=", true]] + required: true + + - variable: piholeStorage + label: "" + group: Storage Configuration schema: type: dict attrs: - variable: config - label: "Configuration Volume" + label: Pi-Hole Config Storage + description: The path to store Pi-Hole Configuration. schema: type: dict attrs: - - variable: datasetName - label: "Configuration Volume Dataset Name" + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. schema: type: string - hidden: true + required: true + immutable: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] $ref: - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "ix-pihole_config" - editable: false - - variable: mountPath - label: "Configuration Mount Path" - description: "Path where the volume will be mounted inside the pod" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "config" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Config schema: - type: path - hidden: true - editable: true - default: "/etc/pihole" - - variable: hostPathEnabled - label: "Enable Custom Host Path for Pihole Configuration Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" - variable: hostPath - label: "Host Path for Pihole Configuration Volume" + label: Host Path + description: The host path to use for storage. schema: type: hostpath + show_if: [["aclEnable", "=", false]] required: true - variable: dnsmasq - label: "DNSMASQ Volume for pihole" + label: Pi-Hole DNSmasq Storage + description: The path to store Pi-Hole DNSmasq. schema: type: dict attrs: - - variable: datasetName - label: "DNSMASQ Volume Dataset Name" + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system. schema: type: string - hidden: true + required: true + immutable: true + default: "ixVolume" + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] $ref: - "normalize/ixVolume" - show_if: [["hostPathEnabled", "=", false]] - default: "ix-pihole_dnsmasq" - editable: false - - variable: mountPath - label: "DNSMASQ Mount Path" - description: "Path where the volume will be mounted inside the pod" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + hidden: true + default: "dnsmasq" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: hostPathConfig + label: Host Path Config schema: - type: path - hidden: true - editable: true - default: "/etc/dnsmasq.d" - - variable: hostPathEnabled - label: "Enable Custom Host Path for Pihole DNSMASQ Volume" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" - variable: hostPath - label: "Host Path for Pihole DNSMASQ Volume" + label: Host Path + description: The host path to use for storage. schema: type: hostpath + show_if: [["aclEnable", "=", false]] required: true - - variable: extraAppVolumeMounts - label: "Extra Host Path Volumes" - group: "Storage" + - variable: additionalStorages + label: Additional Storage + description: Additional storage for Pi-Hole. + schema: + type: list + default: [] + items: + - variable: storageEntry + label: Storage Entry + schema: + type: dict + attrs: + - variable: type + label: Type + description: | + ixVolume: Is dataset created automatically by the system.
+ Host Path: Is a path that already exists on the system.
+ SMB Share: Is a SMB share that is mounted to a persistent volume claim. + schema: + type: string + required: true + default: "ixVolume" + immutable: true + enum: + - value: "hostPath" + description: Host Path (Path that already exists on the system) + - value: "ixVolume" + description: ixVolume (Dataset created automatically by the system) + - value: "smb-pv-pvc" + description: SMB Share (Mounts a persistent volume claim to a SMB share) + - variable: readOnly + label: Read Only + description: Mount the volume as read only. + schema: + type: boolean + default: false + - variable: mountPath + label: Mount Path + description: The path inside the container to mount the storage. + schema: + type: path + required: true + - variable: hostPathConfig + label: Host Path Config + schema: + type: dict + show_if: [["type", "=", "hostPath"]] + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: acl + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + $ref: + - "normalize/acl" + - variable: hostPath + label: Host Path + description: The host path to use for storage. + schema: + type: hostpath + show_if: [["aclEnable", "=", false]] + required: true + - variable: ixVolumeConfig + label: ixVolume Configuration + description: The configuration for the ixVolume dataset. + schema: + type: dict + show_if: [["type", "=", "ixVolume"]] + $ref: + - "normalize/ixVolume" + attrs: + - variable: aclEnable + label: Enable ACL + description: Enable ACL for the dataset. + schema: + type: boolean + default: false + - variable: datasetName + label: Dataset Name + description: The name of the dataset to use for storage. + schema: + type: string + required: true + immutable: true + default: "storage_entry" + - variable: aclEntries + label: ACL Configuration + schema: + type: dict + show_if: [["aclEnable", "=", true]] + attrs: [] + - variable: smbConfig + label: SMB Share Configuration + description: The configuration for the SMB Share. + schema: + type: dict + show_if: [["type", "=", "smb-pv-pvc"]] + attrs: + - variable: server + label: Server + description: The server for the SMB share. + schema: + type: string + required: true + - variable: share + label: Share + description: The share name for the SMB share. + schema: + type: string + required: true + - variable: domain + label: Domain (Optional) + description: The domain for the SMB share. + schema: + type: string + - variable: username + label: Username + description: The username for the SMB share. + schema: + type: string + required: true + - variable: password + label: Password + description: The password for the SMB share. + schema: + type: string + required: true + private: true + - variable: size + label: Size (in Gi) + description: The size of the volume quota. + schema: + type: int + required: true + min: 1 + default: 1 + + - variable: resources + group: Resources Configuration + label: "" schema: - type: list - items: - - variable: extraAppVolume - label: "Host Path Volume" - description: "Add an extra host path volume for Pihole application" + type: dict + attrs: + - variable: limits + label: Limits schema: type: dict attrs: - - variable: mountPath - label: "Mount Path in Pod" - description: "Path where the volume will be mounted inside the pod" + - variable: cpu + label: CPU + description: CPU limit for Pi-Hole. schema: - type: path + type: string + max_length: 6 + valid_chars: '^(0\.[1-9]|[1-9][0-9]*)(\.[0-9]|m?)$' + valid_chars_error: | + Valid CPU limit formats are
+ - Plain Integer - eg. 1
+ - Float - eg. 0.5
+ - Milicpu - eg. 500m + default: "4000m" required: true - - variable: hostPath - label: "Host Path" - description: "Host path" + - variable: memory + label: Memory + description: Memory limit for Pi-Hole. schema: - type: hostpath + type: string + max_length: 12 + valid_chars: '^[1-9][0-9]*([EPTGMK]i?|e[0-9]+)?$' + valid_chars_error: | + Valid Memory limit formats are
+ - Suffixed with E/P/T/G/M/K - eg. 1G
+ - Suffixed with Ei/Pi/Ti/Gi/Mi/Ki - eg. 1Gi
+ - Plain Integer in bytes - eg. 1024
+ - Exponent - eg. 134e6 + default: "8Gi" required: true - - - variable: enableResourceLimits - label: "Enable Pod resource limits" - group: "Resource Limits" - schema: - type: boolean - default: false - - variable: cpuLimit - label: "CPU Limit" - description: "CPU resource limit allow plain integer values with suffix m(milli) e.g 1000m, 100." - group: "Resource Limits" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^\\d+(?:\\.\\d+(?!.*m$)|m?$)" - default: "4000m" - - variable: memLimit - label: "Memory Limit" - group: "Resource Limits" - description: "Memory limits is specified by number of bytes. Followed by quantity suffix like E,P,T,G,M,k and Ei,Pi,Ti,Mi,Gi,Ki can also be used. e.g 129e6, 129M, 128974848000m, 123Mi" - schema: - type: string - show_if: [["enableResourceLimits", "=", true]] - valid_chars: "^([+-]?[0-9.]+)([eEinumkKMGTP]*[-+]?[0-9]*)$" - default: "8Gi" diff --git a/library/ix-dev/charts/pihole/templates/NOTES.txt b/library/ix-dev/charts/pihole/templates/NOTES.txt new file mode 100644 index 0000000000..ba4e01146c --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/NOTES.txt @@ -0,0 +1 @@ +{{ include "ix.v1.common.lib.chart.notes" $ }} diff --git a/library/ix-dev/charts/pihole/templates/_migration.tpl b/library/ix-dev/charts/pihole/templates/_migration.tpl new file mode 100644 index 0000000000..c5cb9b435e --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/_migration.tpl @@ -0,0 +1,35 @@ +{{- define "pihole.get-versions" -}} + {{- $oldChartVersion := "" -}} + {{- $newChartVersion := "" -}} + + {{/* Safely access the context, so it wont block CI */}} + {{- if hasKey .Values.global "ixChartContext" -}} + {{- if .Values.global.ixChartContext.upgradeMetadata -}} + + {{- $oldChartVersion = .Values.global.ixChartContext.upgradeMetadata.oldChartVersion -}} + {{- $newChartVersion = .Values.global.ixChartContext.upgradeMetadata.newChartVersion -}} + {{- if and (not $oldChartVersion) (not $newChartVersion) -}} + {{- fail "Upgrade Metadata is missing. Cannot proceed" -}} + {{- end -}} + {{- end -}} + {{- end -}} + + {{- toYaml (dict "old" $oldChartVersion "new" $newChartVersion) -}} +{{- end -}} + +{{- define "pihole.migration" -}} + {{- $versions := (fromYaml (include "pihole.get-versions" $)) -}} + {{- if and $versions.old $versions.new -}} + {{- $oldV := semver $versions.old -}} + {{- $newV := semver $versions.new -}} + + {{/* If new is v2.x.x */}} + {{- if eq ($newV.Major | int) 2 -}} + {{/* And old is v1.x.x, but lower than .25 */}} + {{- if and (eq $oldV.Major 1) (lt ($oldV.Patch | int) 25) -}} + {{/* Block the upgrade */}} + {{- fail "Migration to 2.x.x is only allowed from 1.0.25 or higher" -}} + {{- end -}} + {{- end -}} + {{- end -}} +{{- end -}} diff --git a/library/ix-dev/charts/pihole/templates/_persistence.tpl b/library/ix-dev/charts/pihole/templates/_persistence.tpl new file mode 100644 index 0000000000..7b939b8492 --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/_persistence.tpl @@ -0,0 +1,33 @@ +{{- define "pihole.persistence" -}} +persistence: + config: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.piholeStorage.config) | nindent 4 }} + targetSelector: + pihole: + pihole: + mountPath: /etc/pihole + dnsmasq: + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" .Values.piholeStorage.dnsmasq) | nindent 4 }} + targetSelector: + pihole: + pihole: + mountPath: /etc/dnsmasq.d + tmp: + enabled: true + type: emptyDir + targetSelector: + pihole: + pihole: + mountPath: /tmp + {{- range $idx, $storage := .Values.piholeStorage.additionalStorages }} + {{ printf "pihole-%v:" (int $idx) }} + enabled: true + {{- include "ix.v1.common.app.storageOptions" (dict "storage" $storage) | nindent 4 }} + targetSelector: + pihole: + pihole: + mountPath: {{ $storage.mountPath }} + {{- end }} +{{- end -}} diff --git a/library/ix-dev/charts/pihole/templates/_pihole.tpl b/library/ix-dev/charts/pihole/templates/_pihole.tpl new file mode 100644 index 0000000000..b46fafa8ae --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/_pihole.tpl @@ -0,0 +1,61 @@ +{{- define "pihole.workload" -}} +workload: + pihole: + enabled: true + primary: true + type: Deployment + podSpec: + hostNetwork: true + containers: + pihole: + enabled: true + primary: true + imageSelector: image + securityContext: + runAsUser: 0 + runAsGroup: 0 + runAsNonRoot: false + readOnlyRootFilesystem: false + capabilities: + add: + - NET_ADMIN + - CHOWN + - DAC_OVERRIDE + - FOWNER + - SETGID + - SETUID + - SETFCAP + - KILL + env: + WEB_PORT: {{ .Values.piholeNetwork.webPort }} + WEBPASSWORD: {{ .Values.piholeConfig.webPassword }} + {{- if .Values.piholeNetwork.dhcp.enabled }} + DHCP_ACTIVE: "true" + DHCP_START: {{ .Values.piholeNetwork.dhcp.start }} + DHCP_END: {{ .Values.piholeNetwork.dhcp.end }} + DHCP_ROUTER: {{ .Values.piholeNetwork.dhcp.gateway }} + {{- end }} + {{ with .Values.piholeConfig.additionalEnvs }} + envList: + {{ range $env := . }} + - name: {{ $env.name }} + value: {{ $env.value }} + {{ end }} + {{ end }} + probes: + liveness: + enabled: true + type: http + path: /admin/login.php + port: {{ .Values.piholeNetwork.webPort }} + readiness: + enabled: true + type: http + path: /admin/login.php + port: {{ .Values.piholeNetwork.webPort }} + startup: + enabled: true + type: http + path: /admin/login.php + port: {{ .Values.piholeNetwork.webPort }} +{{- end -}} diff --git a/library/ix-dev/charts/pihole/templates/_portal.tpl b/library/ix-dev/charts/pihole/templates/_portal.tpl new file mode 100644 index 0000000000..3c0fa210ef --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/_portal.tpl @@ -0,0 +1,12 @@ +{{- define "pihole.portal" -}} +--- +apiVersion: v1 +kind: ConfigMap +metadata: + name: portal +data: + port: {{ .Values.piholeNetwork.webPort | quote }} + path: "/admin/" + protocol: "http" + host: $node_ip +{{- end -}} diff --git a/library/ix-dev/charts/pihole/templates/_service.tpl b/library/ix-dev/charts/pihole/templates/_service.tpl new file mode 100644 index 0000000000..9ba8c80aba --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/_service.tpl @@ -0,0 +1,33 @@ +{{- define "pihole.service" -}} +service: + pihole: + enabled: true + primary: true + type: ClusterIP + targetSelector: pihole + ports: + webui: + enabled: true + primary: true + port: {{ .Values.piholeNetwork.webPort }} + targetSelector: pihole + dns-udp: + enabled: true + port: 53 + targetPort: 53 + protocol: udp + targetSelector: pihole + dns-tcp: + enabled: true + port: 53 + targetPort: 53 + targetSelector: pihole + {{- if .Values.piholeNetwork.dhcpEnabled }} + dhcp: + enabled: true + port: 67 + targetPort: 67 + protocol: udp + targetSelector: pihole + {{- end }} +{{- end -}} diff --git a/library/ix-dev/charts/pihole/templates/common.yaml b/library/ix-dev/charts/pihole/templates/common.yaml new file mode 100644 index 0000000000..7c0e18bb59 --- /dev/null +++ b/library/ix-dev/charts/pihole/templates/common.yaml @@ -0,0 +1,13 @@ +{{- include "ix.v1.common.loader.init" . -}} + +{{- include "pihole.migration" $ -}} + +{{/* Merge the templates with Values */}} +{{- $_ := mustMergeOverwrite .Values (include "pihole.workload" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "pihole.service" $ | fromYaml) -}} +{{- $_ := mustMergeOverwrite .Values (include "pihole.persistence" $ | fromYaml) -}} + +{{/* Create the configmap for portal manually*/}} +{{- include "pihole.portal" $ -}} + +{{- include "ix.v1.common.loader.apply" . -}} diff --git a/library/ix-dev/charts/pihole/templates/deployment.yaml b/library/ix-dev/charts/pihole/templates/deployment.yaml deleted file mode 100644 index 09635f83d8..0000000000 --- a/library/ix-dev/charts/pihole/templates/deployment.yaml +++ /dev/null @@ -1,110 +0,0 @@ -{{ include "common.storage.hostPathValidate" .Values }} -apiVersion: {{ template "common.capabilities.deployment.apiVersion" . }} -kind: Deployment -metadata: - name: {{ template "common.names.fullname" . }}-pihole - labels: - app: {{ template "common.names.name" . }} - chart: {{ template "common.names.chart" . }} - release: {{ .Release.Name }} - heritage: {{ .Release.Service }} - annotations: - rollme: {{ randAlphaNum 5 | quote }} -spec: - replicas: {{ (default 1 .Values.replicas) }} - strategy: - type: "Recreate" - selector: - matchLabels: - app: {{ template "common.names.name" . }} - release: {{ .Release.Name }} - template: - metadata: - name: {{ template "common.names.fullname" . }} - labels: - app: {{ template "common.names.name" . }} - release: {{ .Release.Name }} - {{- include "common.labels.selectorLabels" . | nindent 8 }} - annotations: {{ include "common.annotations" . | nindent 8 }} - spec: - {{/* - Host network is pretty much a requirement for apps like this. - Because NodePort can't bind ports like 53(DNS) or 67(DHCP) - and the majority of devices do not have option to change the port. - */}} - hostNetwork: true - dnsPolicy: ClusterFirstWithHostNet - containers: - - name: {{ .Chart.Name }} - {{ include "common.resources.limitation" . | nindent 10 }} - {{ include "common.containers.imageConfig" .Values.image | nindent 10 }} - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - - name: extrappvolume-{{ $index }} - mountPath: {{ $hostPathConfiguration.mountPath }} - {{ end }} - securityContext: - capabilities: - {{/* This is needed to be able to bind 53(DNS) and 67(DHCP) ports */}} - add: ["NET_ADMIN"] - ports: - - name: web - containerPort: {{ .Values.web_port }} - - name: dns-tcp - containerPort: 53 - protocol: TCP - - name: dns-udp - containerPort: 53 - protocol: UDP - {{ if .Values.dhcp }} - - name: dhcp - containerPort: 67 - protocol: UDP - {{ end }} - readinessProbe: - httpGet: - path: /admin/login.php - port: {{ .Values.web_port }} - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 2 - livenessProbe: - httpGet: - path: /admin/login.php - port: {{ .Values.web_port }} - initialDelaySeconds: 10 - periodSeconds: 10 - timeoutSeconds: 5 - failureThreshold: 5 - successThreshold: 1 - startupProbe: - httpGet: - path: /admin/login.php - port: {{ .Values.web_port }} - initialDelaySeconds: 10 - periodSeconds: 5 - timeoutSeconds: 2 - failureThreshold: 60 - successThreshold: 1 - env: - {{ $secretName := (include "common.names.fullname" .) }} - {{ $envList := (default list .Values.environmentVariables) }} - {{ $envList = mustAppend $envList (dict "name" "WEBPASSWORD" "valueFromSecret" true "secretName" $secretName "secretKey" "password") }} - {{ $envList = mustAppend $envList (dict "name" "TZ" "value" (printf "%s" .Values.timezone)) }} - {{ $envList = mustAppend $envList (dict "name" "WEB_PORT" "value" .Values.web_port) }} - {{ if .Values.dhcp }} - {{ $envList = mustAppend $envList (dict "name" "DHCP_ACTIVE" "value" "true") }} - {{ $envList = mustAppend $envList (dict "name" "DHCP_START" "value" .Values.dhcp_start) }} - {{ $envList = mustAppend $envList (dict "name" "DHCP_END" "value" .Values.dhcp_end) }} - {{ $envList = mustAppend $envList (dict "name" "DHCP_ROUTER" "value" .Values.dhcp_gateway) }} - {{ end }} - {{ include "common.containers.environmentVariables" (dict "environmentVariables" $envList) | nindent 12 }} -{{ include "common.networking.dnsConfiguration" .Values | nindent 6 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} - {{ range $index, $hostPathConfiguration := .Values.extraAppVolumeMounts }} - - name: extrappvolume-{{ $index }} - hostPath: - path: {{ $hostPathConfiguration.hostPath }} - {{ end }} diff --git a/library/ix-dev/charts/pihole/templates/pre-install-job.yaml b/library/ix-dev/charts/pihole/templates/pre-install-job.yaml deleted file mode 100644 index 8ef9ea0f26..0000000000 --- a/library/ix-dev/charts/pihole/templates/pre-install-job.yaml +++ /dev/null @@ -1,32 +0,0 @@ -apiVersion: batch/v1 -kind: Job -metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-job" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} - helm.sh/chart: {{ template "common.names.chart" . }} - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: "{{ template "common.names.fullname" . }}-preinstall-hook" - labels: - app.kubernetes.io/managed-by: {{ .Release.Service | quote }} - app.kubernetes.io/instance: {{ .Release.Name | quote }} - helm.sh/chart: {{ template "common.names.chart" . }} - spec: - restartPolicy: Never - containers: - - name: pre-install-job - image: "alpine:latest" - command: - - "chown" - - "-R" - - "{{ .Values.ownerUID }}:{{ .Values.ownerGID }}" - - "{{ .Values.appVolumeMounts.dnsmasq.mountPath }}" - volumeMounts: {{ include "common.storage.configureAppVolumeMountsInContainer" .Values | nindent 12 }} - volumes: {{ include "common.storage.configureAppVolumes" .Values | nindent 8 }} diff --git a/library/ix-dev/charts/pihole/templates/secret.yaml b/library/ix-dev/charts/pihole/templates/secret.yaml deleted file mode 100644 index e531b6015e..0000000000 --- a/library/ix-dev/charts/pihole/templates/secret.yaml +++ /dev/null @@ -1,8 +0,0 @@ -apiVersion: v1 -kind: Secret -metadata: - name: {{ template "common.names.fullname" . }} - labels: {{ include "common.labels" . | nindent 4 }} -type: Opaque -data: - password: {{ .Values.password | b64enc | quote }} diff --git a/library/ix-dev/charts/pihole/to_keep_versions.md b/library/ix-dev/charts/pihole/to_keep_versions.md new file mode 100644 index 0000000000..d8831326d9 --- /dev/null +++ b/library/ix-dev/charts/pihole/to_keep_versions.md @@ -0,0 +1,4 @@ +# 1.0.25 + +This version is kept because it contains a fix that is needed for migration to v2.x.x +It should be safe to remove few months after v2.x.x is released. diff --git a/library/ix-dev/charts/pihole/to_keep_versions.yaml b/library/ix-dev/charts/pihole/to_keep_versions.yaml new file mode 100644 index 0000000000..6d1b2f844c --- /dev/null +++ b/library/ix-dev/charts/pihole/to_keep_versions.yaml @@ -0,0 +1 @@ +- 1.0.25 diff --git a/library/ix-dev/charts/pihole/values.yaml b/library/ix-dev/charts/pihole/values.yaml index 4ffa5ba800..65724508f7 100644 --- a/library/ix-dev/charts/pihole/values.yaml +++ b/library/ix-dev/charts/pihole/values.yaml @@ -2,3 +2,35 @@ image: pullPolicy: IfNotPresent repository: pihole/pihole tag: 2023.11.0 + +resources: + limits: + cpu: 4000m + memory: 8Gi + +podOptions: + dnsConfig: + options: [] + +piholeConfig: + webPassword: '' + additionalEnvs: [] + +piholeNetwork: + webPort: 20489 + dhcp: + enabled: false + start: '' + end: '' + gateway: '' + +piholeStorage: + config: + type: ixVolume + ixVolumeConfig: + datasetName: config + dnsmasq: + type: ixVolume + ixVolumeConfig: + datasetName: dnsmasq + additionalStorages: []