search

MoJo2600 / pihole-kubernetes

PiHole on kubernetes
498 stars 173 forks source link

PiHole has Incorrect IP for itself #221

Closed Apollorion closed 2 years ago

Apollorion commented 2 years ago

Im installing PiHole with Metallb. It works great, I can hit the IP of my pihole and get to the admin interface. I cannot, however, use the pi.hole dns to access pihole.

I have DNS working, because I can hit custom dns entries I've setup (like service.lan) but not pi.hole.

I noticed if I run nslookup pi.hole its returning a response of 0.0.0.0 which is not correct. PiHole is accessible on http://192.168.85.0/.

The values Im using are here:

    persistentVolumeClaim:
      enabled: true
      storageClass: "local-storage-pihole"

    serviceWeb:
      annotations:
          metallb.universe.tf/address-pool: default
      type: LoadBalancer

    serviceDns:
      annotations:
        metallb.universe.tf/allow-shared-ip: default
      type: LoadBalancer

    serviceDhcp:
      annotations:
        metallb.universe.tf/allow-shared-ip: default
      type: LoadBalancer

    privileged: "true"
matrumz commented 2 years ago

I'm not able to access the admin interface either, even with the following envvars applied to the pihole container (verified in helm get manifest)

- name: "FTLCONF_REPLY_ADDR4"
  value: "REDACTED"
- name: "ServerIP" # note that this is deprecated in favor of FTLCONF_REPLY_ADDR4
  value: "REDACTED-same as previous"

Conditional forwarding, as well as blocking in general, has been confirmed to be functioning properly.

My values:

  # instance config
  image:
    tag: "2022.02.1"
  adminPassword: REDACTED
  DNS1: "8.8.8.8"
  DNS2: "1.1.1.1"
  extraEnvVars:
    FTLCONF_REPLY_ADDR4: REDACTED
    ServerIP: REDACTED
    REV_SERVER: true
    REV_SERVER_TARGET: REDACTED
    REV_SERVER_DOMAIN: REDACTED
    REV_SERVER_CIDR: REDACTED
  adlists:
    - https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
    - https://mirror1.malwaredomains.com/files/justdomains
    - https://s3.amazonaws.com/lists.disconnect.me/simple_tracking.txt
    - https://s3.amazonaws.com/lists.disconnect.me/simple_ad.txt
  # networking config
  serviceDns:
    type: LoadBalancer
  ingress:
    enabled: true
    annotations:
      kubernetes.io/ingress.class: nginx
    path: /
    hosts:
      - pi.hole
MoJo2600 commented 2 years ago

That's interesting. I never tried pi.hole myself. @matrumz are you using metallb as well? Could you show your pihole services?

Apollorion commented 2 years ago

That's interesting. I never tried pi.hole myself. @matrumz are you using metallb as well? Could you show your pihole services?

I've recently changed my values in an effort to fix this problem. Current values are:

    # set as undefined so we can use
    # Pihole config itself in the pvc
    DNS1: ~
    DNS2: ~

    podDnsConfig:
      enabled: false

    persistentVolumeClaim:
      enabled: true
      storageClass: "local-storage-pihole"

    serviceWeb:
      annotations:
          metallb.universe.tf/address-pool: default
          metallb.universe.tf/loadBalancerIPs: "192.168.86.240"
      type: LoadBalancer

    serviceDns:
      annotations:
        metallb.universe.tf/address-pool: default
        metallb.universe.tf/allow-shared-ip: "serviceDns"
        metallb.universe.tf/loadBalancerIPs: "192.168.86.250"
      type: LoadBalancer

    privileged: "true"

Here are the services that get generated.

NAME             TYPE           CLUSTER-IP       EXTERNAL-IP      PORT(S)                      AGE
pihole-dhcp      NodePort       10.101.253.83    <none>           67:32766/UDP                 4d10h
pihole-dns-tcp   LoadBalancer   10.110.237.148   192.168.86.250   53:30868/TCP                 3d19h
pihole-dns-udp   LoadBalancer   10.96.192.6      192.168.86.250   53:32471/UDP                 3d19h
pihole-web       LoadBalancer   10.105.178.238   192.168.86.240   80:31991/TCP,443:31729/TCP   3d19h

I can still hit the web interface via 192.168.86.240 but pi.hole still resolves as 0.0.0.0.

I also tried what @matrumz did:

  extraEnvVars:
    FTLCONF_REPLY_ADDR4: 192.168.86.240

But that lead to another problem that I cant remember off the top of my head what it was. It did make pi.hole resolve correctly but I think that makes the dns services only listen on that IP and I struggled getting metallb to put the dns svc and the web svc on the same ip address.

Apollorion commented 2 years ago

Sike, I lied to you. I just tried it again with 

  extraEnvVars:
    FTLCONF_REPLY_ADDR4: 192.168.86.240

and everything works properly now. IDK what I was running into the other day, but I just gave it a shot again since I've been messing with it a lot and now pi.hole resolves correctly and dns seems to be working.

Full working values are:

    # set as undefined so we can use
    # Pihole config itself in pvc
    DNS1: ~
    DNS2: ~

    podDnsConfig:
      enabled: false

    persistentVolumeClaim:
      enabled: true
      storageClass: "local-storage-pihole"

    serviceWeb:
      annotations:
          metallb.universe.tf/address-pool: default
          metallb.universe.tf/loadBalancerIPs: "192.168.86.240"
      type: LoadBalancer

    serviceDns:
      annotations:
        metallb.universe.tf/address-pool: default
        metallb.universe.tf/allow-shared-ip: "serviceDns"
        metallb.universe.tf/loadBalancerIPs: "192.168.86.250"
      type: LoadBalancer

    privileged: "true"

    extraEnvVars:
      FTLCONF_REPLY_ADDR4: 192.168.86.240

Feel free to close this issue, I left it open incase you wanted to use it to track any changes if thats how you roll 😄

matrumz commented 2 years ago

Yeah, this might be a case of "cache strikes again". Apparently the bad address wasn't getting cleared on my test device because this is working on all my devices now with the FTLCONF_REPLY_ADDR4 addition.

FWIW, I use nginx ingress, @MoJo2600 .

MoJo2600 commented 2 years ago

Glad it is working now. Reopen if there is something else.