The first service I installed that had actually some impact outside the Kubernetes cluster, was Pi-Hole. It blocks ads on DNS level. With Pi-Hole you may get rid of installing ad blocker to all your computers and browsers, but I trust in defence in depth strategy. Even after deploying Pi-Hole, I still use uBlock Origin in all of my Firefox installations. Old habits die hard.

There is a ready-made Helm chart in MoJo2600 repository, which helps with the installation. There is also a great video by Jeff Geerling. All you need to do is:

helm repo add mojo2600 https://mojo2600.github.io/pihole-kubernetes/
helm repo update
kubectl create namespace pihole
helm install --version '1.8.34' --namespace pihole --values pihole.yaml pihole mojo2600/pihole

The file pihole.yaml contains the values for the Helm chart. Here is the default values file, which you can use as a starting point. The important thing is that both serviceDNS and serviceWeb have their type set to LoadBalancer. Both services should also have the following annotation enabled, so that MetalLB gives both of them the same IP address:

metallb.universe.tf/allow-shared-ip: pihole-svc

After installation you can check, which IP address the MetalLB gave you, by typing:

kubectl get service -n pihole

Under EXTERNAL-IP there is an IP address, that MetalLB gave to your service.

Last thing to do is making sure that the clients user your Pi-Hole as a DNS server. Usually this is done by modifying your DHCP server’s option 6.

When the DHCP has been configured, you can renew the DHCP lease (or reboot you computer. I’m looking at you, Windows) and start browsing the web or do whatever you want. After a while, visit the IP address of the Pi-Hole service with your browser and see the blocking stats. It was enlightening for me to visit the admin panel and have a look at the most visited sites. It revealed many Microsoft sites, which the applications use to phone home.