DNS Server
Install Pi-Hole
Introduction
Pi-hole is a powerful and highly customizable DNS service that allows you to manage domain names within your network. It’s especially useful in office environments where internal domain management is required. This guide will walk you through the steps to install and use Pi-hole on your Kubernetes cluster using Helm.
Prerequisites
Before we begin, ensure you have the following:
- A running Kubernetes cluster.
- Helm installed on your local machine.
- kubectl configured to interact with your Kubernetes cluster.
Step-by-Step Guide
Step 1: Add the Helm Repository
First, you need to add the Helm repository for Pi-hole. Run the following command:
helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
helm repo update
helm install pihole mojo2600/pihole
Step 2: Access Pi-hole
To access the Pi-hole web interface, you need to forward the Pi-hole service port to your local machine. Run the following command:
kubectl port-forward svc/pihole 80:80
Open a web browser and navigate to http://localhost/admin
. You should see the Pi-hole web interface where you can configure your DNS settings. the deault password is admin
.
Step 3: Configure Pi-hole
There are also a few configuration changes that need to be made to make the pi-hole work better.
create a file with name values.pi-hole.yaml
192.168.5.202
is the next ip that the load balance will assign.
serviceWeb:
loadBalancerIP: 192.168.5.202
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
serviceDns:
loadBalancerIP: 192.168.5.202
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
persistentVolumeClaim:
enabled: true
storageClass: "nfs-client"
accessModes:
- ReadWriteMany
subPath: "pihole"
adminPassword: "my!admin3password"
then update your helm release
helm upgrade --install pihole mojo2600/pihole -f values.pi-hole.yaml
Access pi-hole admin dashboard
http://192.168.5.202/admin/login.php
, please replace the http://192.168.5.202
with your load balancer ip, you can get the
$ kubectl get svc pihole-web -o wide
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE SELECTOR
pihole-web LoadBalancer 10.100.211.100 192.168.5.202 80:30127/TCP,443:30480/TCP 8m39s app=pihole,release=pihole
Add customize domain for you pi-hole admin portal
apply the following ingress route if you already installed TRAEFIK AS INGRESS CONTROLLER.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: redirect-http-to-https
spec:
redirectScheme:
scheme: https
permanent: true
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: pi-hole-web-http
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`pi-hole.foo-bar-local.com`)
middlewares:
- name: redirect-http-to-https
kind: Rule
services:
- name: pihole-web
port: 80
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: pi-hole-web-https
namespace: default
spec:
entryPoints:
- websecure
routes:
- match: Host(`pi-hole.foo-bar-local.com`)
kind: Rule
services:
- name: pihole-web
port: 80
tls:
certResolver: letsencrypt
Set Pi-Hole as Upstream Dns Server to CoreDns
get the external IP of pihole-dns-tcp
kubectl get svc -n default pihole-dns-tcp
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
pihole-dns-tcp LoadBalancer 10.105.21.63 192.168.5.202 53:30891/TCP 2d1h
edit your values.pi-hole.yaml
, add these
dnsmasq:
customDnsEntries:
- address=/foo-bar-local.com/192.168.5.202
then update your helm release
helm upgrade --install pihole mojo2600/pihole -f values.pi-hole.yaml
Add config for CoreDns
vi coredns-custom.yaml
edit it to
apiVersion: v1
kind: ConfigMap
metadata:
name: coredns-custom
namespace: kube-system
data:
custom.server: |
foo-bar-local.com:53 {
errors
cache 30
forward . 192.168.5.202
}
this means all requestes to domain foo-bar-local.com
will query the dns record from server 192.168.5.202
. foo-bar-local.com
can be replaced bu your customerize domian.
then try to monitor the logs
kubectl logs -n kube-system -l k8s-app=kube-dns
if coredns pods does not restart, please try to triiger manually
kubectl rollout restart deployment coredns -n kube-system
Customize your domain in cluster
Please install whoami
service in default
namespace, more details please go to Install Traefik Using Helm.
you can access your service in cluster by these names
service-name.namespace.svc.cluster.local
service-name.namespace
install netshoot
apiVersion: v1
kind: Pod
metadata:
name: netshoot
spec:
containers:
- name: netshoot
image: nicolaka/netshoot
command: ["sleep", "3600"]
Ensure internal dns works
run shell in pod
kubectl 'exec' '-it' 'netshoot' '--namespace' 'default' '--container' 'netshoot' '--' 'sh'
traceroute whoami.default
traceroute to whoami.default (10.107.156.209), 30 hops max, 46 byte packets
1 whoami.default.svc.cluster.local (10.107.156.209) 0.010 ms 0.008 ms 0.006 ms
Try external dns
go to pi-hole
admin portal, add a A record
whoami.foo-bar-local.com 192.168.5.202
then go back to busybox
traceroute whoami.foo-bar-local.com