docker-pi-hole
docker-pi-hole copied to clipboard
pi-hole
Pihole not forwarding DNS queries outside the pod
Does not resolve lookups addresses outside of pod or rke2 nodes. Resolving DNS works intermittently. Still haven't understand what's causing the issue.
Related Issues
How to reproduce the issue
Install Kube-vip cloud provider and use the deployment specified on Rke2
Environment data Operating System: ubuntu server 20.04.04 (the nodes sit in VMs under ProxmoxVE host) Hardware: HPE proliant dl20 gen10, intel xeon Docker Install Info and version: (Docker is not installed, this is running on rke2) Software source: rke2 v1.24.6+rke2r1 Supplimentary Software: rke2, kube-vip cloud provider
pihole statefulset, services and configmap:
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
name: pihole
namespace: pihole
labels:
app: pihole
spec:
selector:
matchLabels:
app: pihole
serviceName: pihole
replicas: 1
template:
metadata:
labels:
app: pihole
spec:
containers:
- name: pihole
image: pihole/pihole:latest
imagePullPolicy: Always
ports:
- name: pihole-web
containerPort: 80
protocol: TCP
- name: pihole-dns-udp
containerPort: 53
protocol: UDP
- name: pihole-dns-tcp
containerPort: 53
protocol: TCP
- name: client-udp
containerPort: 67
protocol: TCP
volumeMounts:
- name: pihole-data
mountPath: /etc/pihole
- name: pihole-dnsmasq
mountPath: /etc/dnsmasq.d
envFrom:
- configMapRef:
name: pihole-config
- secretRef:
name: webui-password
livenessProbe:
httpGet:
path: /admin.index.php
port: pihole-web
initialDelaySeconds: 60
failureThreshold: 10
timeoutSeconds: 5
readinessProbe:
httpGet:
path: /admin.index.php
port: pihole-web
initialDelaySeconds: 60
failureThreshold: 3
timeoutSeconds: 5
volumes:
- name: pihole-data
persistentVolumeClaim:
claimName: pihole-pvc
- name: pihole-dnsmasq
persistentVolumeClaim:
claimName: pihole-dnsmasq-pvc
---
apiVersion: v1
kind: Service
metadata:
name: pihole-dns-udp
namespace: pihole
spec:
selector:
app: pihole
loadBalancerIP: 10.10.10.30
ports:
- protocol: UDP
port: 53
targetPort: 53
externalTrafficPolicy: Local #Preserving the client source IP
type: LoadBalancer
---
apiVersion: v1
kind: Service
metadata:
name: pihole-web
namespace: pihole
spec:
selector:
app: pihole
ports:
- protocol: TCP
port: 80
targetPort: 80
type: LoadBalancer
---
apiVersion: v1
kind: ConfigMap
metadata:
name: pihole-config
namespace: pihole
labels:
app: pihole
data:
TZ: "Europe/London" #Set your timezone by replacing America/New_York.
VIRTUAL_HOST: "pi.hole" #Location of the admin portal
PROXY_LOCATION: "pi.hole"
ServerIP: "10.10.10.30" #Set ServerIP to the External IP address for pihole-web that we got from the above confirmation
DNSSEC: "false" #Default is false, change to true to enable DNSSEC support
PIHOLE_DNS_: "1.1.1.1;1.0.0.1" #Upstream DNS Server, seperate by semicolon ";"
WEB_PORT: "80" #container port for Web UI
DNSMASQ_LISTENING: "all"
Resolves fine within the nodes:
root@kubenode01:~# dig @10.10.10.30 google.com
; <<>> DiG 9.16.1-Ubuntu <<>> @10.10.10.30 google.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47696
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;google.com. IN A
;; ANSWER SECTION:
google.com. 143 IN A 142.250.180.14
;; Query time: 12 msec
;; SERVER: 10.10.10.30#53(10.10.10.30)
;; WHEN: Sun Oct 16 22:32:37 UTC 2022
;; MSG SIZE rcvd: 55
I have tried removing/destroying my container, and re-creating a new container I have tried fresh volume data by backing up and moving/removing the old volume data I have tried a newer or older version of Docker Pi-hole (depending what version the issue started in for me) I have tried running without my volume data mounts to eliminate volumes as the cause I have tried to start and stop the service inside the container with "service pihole-FTL start/stop/restart" I can ping from inside the container other network devices Let me know if you need any other info to be provided.
Thanks
