diff --git a/.github/workflows/lint-test.yaml b/.github/workflows/lint-test.yaml index 2869a6f..4d990ad 100644 --- a/.github/workflows/lint-test.yaml +++ b/.github/workflows/lint-test.yaml @@ -1,6 +1,10 @@ name: Lint and Test Charts -on: pull_request +on: + pull_request: + push: + branches: + - development jobs: lint-test: @@ -12,31 +16,33 @@ jobs: fetch-depth: 0 - name: Set up Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v3 with: - version: v3.8.1 + version: v3.12.0 - - uses: actions/setup-python@v2 + - uses: actions/setup-python@v4 with: - python-version: 3.7 + python-version: "3.9" - name: Set up chart-testing - uses: helm/chart-testing-action@v2.2.1 + uses: helm/chart-testing-action@v2 - name: Run chart-testing (list-changed) id: list-changed run: | - changed=$(ct list-changed --target-branch ${{ github.event.repository.default_branch }}) + changed=$(ct list-changed --target-branch development) if [[ -n "$changed" ]]; then - echo "::set-output name=changed::true" + echo "changed=true" >> "$GITHUB_OUTPUT" fi - name: Run chart-testing (lint) - run: ct lint + if: steps.list-changed.outputs.changed == 'true' + run: ct lint --target-branch development - name: Create kind cluster - uses: helm/kind-action@v1.2.0 if: steps.list-changed.outputs.changed == 'true' + uses: helm/kind-action@v1 - name: Run chart-testing (install) - run: ct install + if: steps.list-changed.outputs.changed == 'true' + run: ct install --target-branch development diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index f6ac1bc..0264cea 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -10,7 +10,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: fetch-depth: 0 @@ -20,17 +20,24 @@ jobs: git config user.email "$GITHUB_ACTOR@users.noreply.github.com" - name: Install Helm - uses: azure/setup-helm@v1 + uses: azure/setup-helm@v3 with: - version: v3.8.1 + version: v3.12.0 - name: Add dependency repos run: | helm repo add bitnami https://charts.bitnami.com/bitnami - name: Run chart-releaser - uses: helm/chart-releaser-action@v1.4.0 + uses: helm/chart-releaser-action@v1 env: CR_TOKEN: "${{ secrets.GITHUB_TOKEN }}" with: charts_dir: savepointsam + + - name: Merge main -> gh-pages + uses: devmasx/merge-branch@master + with: + type: now + from_branch: main + target_branch: gh-pages diff --git a/README.md b/README.md index 3e0fc9b..e8cf3c8 100644 --- a/README.md +++ b/README.md @@ -63,6 +63,6 @@ Useful Helm Client Commands: ## Available Charts -Charts contained in this repo can by found [here](./savepointsam). Charts can +Charts contained in this repo can by found [here](https://github.com/SavePointSam/charts/tree/main/savepointsam). Charts can also be browsed on [Artifact Hub](https://artifacthub.io/packages/search?repo=savepointsam). diff --git a/savepointsam/pihole/Chart.yaml b/savepointsam/pihole/Chart.yaml index c943f97..124af3f 100644 --- a/savepointsam/pihole/Chart.yaml +++ b/savepointsam/pihole/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: pihole -version: 0.1.0 +version: 0.2.0 description: A Helm chart to deploy pi-hole on Kubernetes type: application keywords: @@ -23,4 +23,4 @@ maintainers: email: savepointsam@gmail.com url: https://github.com/SavePointSam icon: https://upload.wikimedia.org/wikipedia/commons/0/00/Pi-hole_Logo.png -appVersion: "2022.05" +appVersion: "2023.05.0" diff --git a/savepointsam/pihole/README.md b/savepointsam/pihole/README.md index 8863db9..49fd935 100644 --- a/savepointsam/pihole/README.md +++ b/savepointsam/pihole/README.md @@ -1,6 +1,7 @@ # Pi-hole -[Pi-holeĀ®](https://pi-hole.net/) is a DNS sinkhole that protects your devices from unwanted content without installing any client-side software. +[Pi-holeĀ®](https://pi-hole.net/) is a DNS sinkhole that protects your devices +from unwanted content without installing any client-side software. ## TL;DR @@ -101,6 +102,8 @@ deletes the release. | Name | Description | Value | | ----------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- | | `pihole.advanced.webPort` | This will break the 'webpage blocked' functionality of Pi-hole however it may help advanced setups. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc | `""` | + +| `pihole.advanced.webBindAddress` | Lighttpd's bind address. If left unset lighttpd will bind to every interface, except when running in host networking mode where it will use `FTLCONF_LOCAL_IPV4` instead. | `""` | | `pihole.advanced.skipGravityOnBoot` | Use this option to skip updating the Gravity Database when booting up the container | `false` | | `pihole.advanced.corsHosts` | List of domains/subdomains on which CORS is allowed. Wildcards are not supported | `[]` | | `pihole.advanced.customCacheSize` | Set the cache size for dnsmasq. When pihole.dnssec.enabled is "true", then this setting is ignored | `10000` | @@ -254,13 +257,13 @@ Specify each parameter using the `--set key=value[,key=value]` argument to ```console helm install my-release \ - --set port=5335 \ - --set numThreads=2 \ + --set pihole.webui.admin.email="myemail@provider.com" \ + --set pihole.dnssec.enabled=true \ savepointsam/pihole ``` -The above command sets the unbound port to `5335` and the number of threads -unbound uses to `2`. +The above command sets the Pi-hole web UI admin email as `myemail@provider.com` +and enables DNSSEC. Alternatively, a YAML file that specifies the values for the above parameters can be provided while installing the chart. For example, diff --git a/savepointsam/pihole/templates/deployment.yaml b/savepointsam/pihole/templates/deployment.yaml index 94ede4d..994b254 100644 --- a/savepointsam/pihole/templates/deployment.yaml +++ b/savepointsam/pihole/templates/deployment.yaml @@ -88,9 +88,15 @@ spec: args: {{- include "common.tplvalues.render" (dict "value" .Values.pihole.args "context" $) | nindent 12 }} {{- end }} env: - {{- /* GENERAL */}} + {{- /* Recommended Variables */}} - name: TZ value: {{ .Values.pihole.timezone | quote }} + - name: WEBPASSWORD_FILE + valueFrom: + secretKeyRef: + name: {{ include "pihole.secrets.webui.password.name" . }} + key: webpassword + {{- /* Optional Variables */}} - name: PIHOLE_DNS_ value: {{ join ";" .Values.pihole.upstream | quote }} - name: DNSSEC @@ -104,13 +110,7 @@ spec: {{- end }} - name: DNS_FQDN_REQUIRED value: {{ .Values.pihole.requireFqdn | quote }} - - name: VIRTUAL_HOST - value: {{ .Values.pihole.virtualHost | quote }} - - name: IPv6 - value: {{ .Values.pihole.ipv6Support | quote }} - - name: TEMPERATUREUNIT - value: {{ .Values.pihole.temperatureUnit }} - {{- /* REVERSE SERVER */}} + {{- /* Optional - Reverse Server */}} - name: REV_SERVER value: {{ .Values.pihole.reverseServer.enabled | quote }} {{- if .Values.pihole.reverseServer.enabled }} @@ -121,8 +121,7 @@ spec: - name: REV_SERVER_CIDR value: {{ .Values.pihole.reverseServer.cidr | quote }} {{- end }} - {{- /* DHCP SERVER */}} - {{- /* TODO: support DHCP */}} + {{- /* Optional - DHCP Server */}} {{- /* - name: DHCP_ACTIVE value: {{ .Values.pihole.dhcp.enabled }} @@ -143,9 +142,12 @@ spec: value: {{ .Values.pihole.dhcp.rapidCommit }} {{- end }} */}} - {{- /* WEB UI */}} - - name: ADMIN_EMAIL - value: {{ .Values.pihole.webui.admin.email | quote }} + - name: VIRTUAL_HOST + value: {{ .Values.pihole.virtualHost | quote }} + - name: IPv6 + value: {{ .Values.pihole.ipv6Support | quote }} + - name: TEMPERATUREUNIT + value: {{ .Values.pihole.temperatureUnit }} {{- if .Values.pihole.webui.boxedLayout }} - name: WEBUIBOXEDLAYOUT value: boxed @@ -157,16 +159,15 @@ spec: value: {{ .Values.pihole.webui.queryLogging | quote }} - name: WEBTHEME value: {{ .Values.pihole.webui.theme }} - - name: WEBPASSWORD_FILE - valueFrom: - secretKeyRef: - name: {{ include "pihole.secrets.webui.password.name" . }} - key: webpassword - {{- /* ADVANCED */}} + {{- /* Advanced Variables */}} {{- if .Values.pihole.advanced.webPort | quote }} - name: WEB_PORT value: {{ .Values.pihole.advanced.webPort | quote }} {{- end }} + {{- if .Values.pihole.advanced.webBindAddress | quote }} + - name: WEB_BIND_ADDR + value: {{ .Values.pihole.advanced.webBindAddress | quote }} + {{- end }} {{- if .Values.pihole.advanced.skipGravityOnBoot }} - name: SKIPGRAVITYONBOOT value: 1 @@ -187,7 +188,7 @@ spec: - name: "FTLCONF_{{ $key }}" value: {{ $value | quote }} {{- end }} - {{- /* EXPERIMENTAL */}} + {{- /* Experimental Variables */}} {{- if .Values.pihole.experimental.dnsmasqUser }} - name: DNSMASQ_USER value: {{ .Values.pihole.experimental.dnsmasqUser }} @@ -212,7 +213,10 @@ spec: - name: WEBLOGS_STDOUT value: 1 {{- end }} - {{- /* EXTRA */}} + {{- /* Deprecated Variables */}} + - name: ADMIN_EMAIL + value: {{ .Values.pihole.webui.admin.email | quote }} + {{- /* Extra Variables */}} {{- if .Values.pihole.extraEnvVars }} {{- include "common.tplvalues.render" (dict "value" .Values.pihole.extraEnvVars "context" $) | nindent 12 }} {{- end }} diff --git a/savepointsam/pihole/values.yaml b/savepointsam/pihole/values.yaml index 8dde4f0..9f22d57 100644 --- a/savepointsam/pihole/values.yaml +++ b/savepointsam/pihole/values.yaml @@ -152,6 +152,7 @@ pihole: ## Pi-hole advanced configuration ## ref: https://github.com/pi-hole/docker-pi-hole#advanced-variables ## @param pihole.advanced.webPort This will break the 'webpage blocked' functionality of Pi-hole however it may help advanced setups. This guide explains how to restore webpage blocked functionality using a linux router DNAT rule: https://discourse.pi-hole.net/t/alternative-synology-installation-method/5454?u=diginc + ## @param pihole.advanced.webBindAddress Lighttpd's bind address. If left unset lighttpd will bind to every interface, except when running in host networking mode where it will use FTLCONF_LOCAL_IPV4 instead. ## @param pihole.advanced.skipGravityOnBoot Use this option to skip updating the Gravity Database when booting up the container ## @param pihole.advanced.corsHosts List of domains/subdomains on which CORS is allowed. Wildcards are not supported ## @param pihole.advanced.customCacheSize Set the cache size for dnsmasq. When pihole.dnssec.enabled is "true", then this setting is ignored @@ -160,6 +161,7 @@ pihole: ## advanced: webPort: "" + webBindAddress: "" skipGravityOnBoot: false corsHosts: [] customCacheSize: 10000 @@ -211,7 +213,7 @@ pihole: image: registry: docker.io repository: pihole/pihole - tag: "2022.05" + tag: "2023.05.0" ## Specify a imagePullPolicy ## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent' ## ref: http://kubernetes.io/docs/user-guide/images/#pre-pulling-images