admin/homelab-manifests
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
homelab-manifests/helm/pihole/values.yaml
T
admin 9e020af94d pihole: bump image to 2026.05.0 (dnsmasq CVE security release) 
Pi-hole 2026.05.0 bundles FTL v6.6.2 which imports six upstream dnsmasq
security fixes, covering all publicly disclosed CVEs against the
dnsmasq 2.92/2.93 line. Per the upstream release notes the fixes are
"minimal, self-contained changes to the embedded dnsmasq sources. No
FTL-side configuration or API changes; users should see no observable
behavior change beyond the closed vulnerabilities."

Override the chart's default image.tag in helm/pihole/values.yaml (no
chart version bump). The pihole ArgoCD app is intentionally MANUAL
sync per Viktor's call -- after merge, sync the pihole app from the
ArgoCD UI to roll the pod over.

https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-06-06 12:55:58 +02:00

67 lines
2.4 KiB
YAML
Executable File
Raw Permalink Blame History

---
# Image tag override: bumps pihole/pihole to 2026.05.0 without changing
# the chart version. The 2026.05.0 release bundles FTL v6.6.2 which
# imports 6 upstream dnsmasq CVE fixes (covering the dnsmasq 2.92/2.93
# disclosures). No FTL-side config or API changes per the release notes.
# https://github.com/pi-hole/docker-pi-hole/releases/tag/2026.05.0
image:
tag: "2026.05.0"
DNS1: "1.1.1.1" # Cloudflare
DNS2: "8.8.8.8" # Google
DNS3: "9.9.9.9" #Quad9
DNS4: "208.67.222.222" #OpenDNS
admin:
enabled: false
extraEnvVars:
TZ: Europe/Budapest
persistentVolumeClaim:
enabled: true
size: 2Gi
ingress:
ingressClassName: nginx-internal
annotations:
cert-manager.io/cluster-issuer: letsencrypt-prod
external-dns.alpha.kubernetes.io/hostname: pihole.home,pihole.dooplex.hu
nginx.ingress.kubernetes.io/ssl-redirect: "true"
nginx.ingress.kubernetes.io/proxy-body-size: "12m"
nginx.ingress.kubernetes.io/auth-url: http://ak-outpost-pihole-outpost.auth-system.svc.cluster.local:9000/outpost.goauthentik.io/auth/nginx
nginx.ingress.kubernetes.io/auth-signin: https://pihole.dooplex.hu/outpost.goauthentik.io/start?rd=$escaped_request_uri
nginx.ingress.kubernetes.io/auth-response-headers: Set-Cookie,X-authentik-username,X-authentik-groups,X-authentik-email
nginx.ingress.kubernetes.io/auth-snippet: |
proxy_set_header X-Forwarded-Host $http_host;
nginx.ingress.kubernetes.io/proxy-buffer-size: "16k"
nginx.ingress.kubernetes.io/proxy-buffers-number: "4"
nginx.ingress.kubernetes.io/proxy-busy-buffers-size: "32k"
tls:
- secretName: pihole-tls
hosts:
- "pihole.dooplex.hu"
enabled: true
path: /
pathType: Prefix
hosts:
- "pihole.dooplex.hu"
- "pihole.home"
serviceWeb:
loadBalancerIP: 192.168.0.250
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
serviceDns:
loadBalancerIP: 192.168.0.250
annotations:
metallb.universe.tf/allow-shared-ip: pihole-svc
type: LoadBalancer
dnsmasq:
customDnsEntries:
- address=/demo-felhom.eu/192.168.0.162
replicaCount: 1
dns:
adlist:
- https://raw.githubusercontent.com/StevenBlack/hosts/master/hosts
- https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/adblock/pro.txt
- https://blocklistproject.github.io/Lists/ads.txt
- https://adaway.org/hosts.txt
- https://v.firebog.net/hosts/AdguardDNS.txt
- https://v.firebog.net/hosts/Admiral.txt
- https://v.firebog.net/hosts/Easylist.txt
Reference in New Issue View Git Blame Copy Permalink