search

MoJo2600 / pihole-kubernetes

PiHole on kubernetes
498 stars 173 forks source link

K3S with MetalLB - unable to access dns server #201

Closed krafty1010 closed 2 years ago

krafty1010 commented 2 years ago

Hi,

With reference to this page: https://greg.jeanmart.me/2020/04/13/self-host-pi-hole-on-kubernetes-and-block-ad/. Setup single node K3S cluster (RPI4) and metallb. Installed mojo2600/pihole with helm. Customised values to use Loadbalancer (as shown below). Problem is that port 10.10.0.13:53 is not accessible from local network.

 # -- `spec.type` for the DNS Service
  #type: NodePort
  type: LoadBalancer

  # -- The port of the DNS service
  port: 53

  # -- Optional node port for the DNS service
  nodePort: ""

  # -- `spec.externalTrafficPolicy` for the DHCP Service
  externalTrafficPolicy: Local

  # -- A fixed `spec.loadBalancerIP` for the DNS Service
  loadBalancerIP: "10.10.0.13"
  # -- A fixed `spec.loadBalancerIP` for the IPv6 DNS Service
  loadBalancerIPv6: ""

  # -- Annotations for the DNS service
  annotations: {
    # metallb.universe.tf/address-pool: network-services
    metallb.universe.tf/allow-shared-ip: pihole-svc
kubectl get all -n pihole
NAME                          READY   STATUS    RESTARTS   AGE
pod/pihole-6bdf8d9959-wz689   1/1     Running   0          115m

NAME                     TYPE           CLUSTER-IP     EXTERNAL-IP   PORT(S)                      AGE
service/pihole-dns-tcp   LoadBalancer   10.43.208.52   10.10.0.13    53:30737/TCP                 115m
service/pihole-dns-udp   LoadBalancer   10.43.177.19   10.10.0.13    53:31084/UDP                 115m
service/pihole-web       LoadBalancer   10.43.23.174   10.10.0.12    80:30886/TCP,443:30996/TCP   115m

NAME                     READY   UP-TO-DATE   AVAILABLE   AGE
deployment.apps/pihole   1/1     1            1           115m

NAME                                DESIRED   CURRENT   READY   AGE
replicaset.apps/pihole-6bdf8d9959   1         1         1       115m
% kubectl describe service pihole-dns-udp -n pihole
Name:                     pihole-dns-udp
Namespace:                pihole
Labels:                   app=pihole
                          app.kubernetes.io/managed-by=Helm
                          chart=pihole-2.5.3
                          heritage=Helm
                          release=pihole
Annotations:              meta.helm.sh/release-name: pihole
                          meta.helm.sh/release-namespace: pihole
                          metallb.universe.tf/allow-shared-ip: pihole-svc
Selector:                 app=pihole,release=pihole
Type:                     LoadBalancer
IP Family Policy:         SingleStack
IP Families:              IPv4
IP:                       10.43.177.19
IPs:                      10.43.177.19
IP:                       10.10.0.13
LoadBalancer Ingress:     10.10.0.13
Port:                     dns-udp  53/UDP
TargetPort:               dns-udp/UDP
NodePort:                 dns-udp  31084/UDP
Endpoints:                10.42.0.10:53
Session Affinity:         None
External Traffic Policy:  Local
HealthCheck NodePort:     31262
Events:                   <none>

I read somewhere that I should set Pihole settings Interface listening behavior to 'Listen on all interfaces, permit all origins' - made no difference. Web UI is accessible via an ingress to nginx load balancer. Also able to access dns resolver from whihin the pod.

Would really appreciate any suggestions. Bear with me though as I'm a newbie.

MoJo2600 commented 2 years ago

Hi, thank you for the link to the tutorial I will linkt to it in the README.

It's a good question why your setup is not working, because everything looks good. Here is the networking part from mine for reference:

serviceWeb:
  loadBalancerIP: 192.168.178.252
  annotations:
    metallb.universe.tf/allow-shared-ip: pihole-svc
  type: LoadBalancer

serviceDns:
  loadBalancerIP: 192.168.178.252
  annotations:
    metallb.universe.tf/allow-shared-ip: pihole-svc
  type: LoadBalancer

Which version of metallb are you using? I had the issue where i needed to restart the metallb-speaker-* pods in kube-system namespace. Otherwise the service would not react. But since the web interface is working. Is it possible that the 10. address is somehow colliding with the docker network?

krafty1010 commented 2 years ago

Hi @MoJo2600 thanks very much for your response and good work.

Previously I had restarted the metallb pods. Running metallb-0.11.0.

For lack of a better idea; I deleted pihole and metallb, then reinstalled both with a different LoadBalancer IP and now the service is reachable.

I suppose Metallb is temperamental, the maintainers advise to treat it as beta.