feat(k8s/pihole): whitelist client

2026-03-22 18:43:05 +02:00
parent a28a69df76
commit a3ccd0c430
2 changed files with 10 additions and 2 deletions
--- a/kubernetes/app/pihole/configmap-adlists.yaml
+++ b/kubernetes/app/pihole/configmap-adlists.yaml
@@ -13,3 +13,6 @@ data:
    https://raw.githubusercontent.com/braveinnovators/ukrainian-security-filter/main/lists/domains.txt
    # Phishing Army Extended
    https://phishing.army/download/phishing_army_blocklist_extended.txt
+  unfiltered-clients.txt: |
+    # Clients without ad blocking (one per line, use IP — PiHole matches by IP, not hostname)
+    10.127.0.10
--- a/kubernetes/app/pihole/deployment.yaml
+++ b/kubernetes/app/pihole/deployment.yaml
@@ -74,9 +74,14 @@ spec:
                      done
                      grep -v '^#\|^$' /etc/pihole-adlists/adlists.txt | while read -r url; do
                        curl -s -X POST "http://localhost/api/lists?type=block&sid=$SID" \
-                          -d "{\"address\":\"$url\"}" > /dev/null
+                          -d "{\"address\":\"$url\"}"
                      done
-                      curl -s -X POST "http://localhost/api/action/gravity?sid=$SID" > /dev/null
+                      grep -v '^#\|^$' /etc/pihole-adlists/unfiltered-clients.txt | while read -r client; do
+                        curl -s -X POST "http://localhost/api/clients?sid=$SID" \
+                          -d "{\"client\":\"$client\",\"groups\":[]}"
+                      done
+                      # NOTE: gravity must be last — it blocks until complete and may outlive the SID
+                      curl -s -X POST "http://localhost/api/action/gravity?sid=$SID"
                    ) &
          volumeMounts:
            - name: pihole-config