I also created a post on the pi-hole discourse

Even with your post on the discourse channel, more information would be helpful.
Your post there mentions:

"But the problem is that no device can now obtain an IP address from my router."

I'm assuming you meant "can't obtain an IP address from pihole", since you've turned off dhcp in your router.

Chart specific issues
I know the black and whitelist settings couldn't be changed from the webinterface at one point. The DHCP option may also not be manageable from the web interface in this chart. Try kubectl exec into the pod and run sudo pihole -a enabledhcp (you may need to play with this command a bit, I'm not sure of the parameters) and see if dhcp works once it's been enabled inside the pod's container. If it works, you'll need to redo this anytime the pod dies, but it will narrow down the issue a bit.

Questions (in no particular order)
Have you tried the kubernetes.io debugging dns guide?
How sure are you that your router is no longer acting as a DHCP server? Client dhcp leases could still be active.
Can another pod in the cluster get a dhcp offer from pihole?
Can another machine on your LAN?
Do you see the same results with netcat both inside and outside the cluster?

Some things that might give us more information:

dhclient -rv to see the dhcpoffer and dhcpack requests
kubectl logs -l app=pihole (or metallb) to see if anything funny is going on there
journalctl/systemctl status k3s (or k3s-agent) as appropriate

Thanks for your message but I've actually been able to fix my problem a few days ago and haven't fount the time yet to describe the solution.

First of all, I had no issue installing pi-hole on my Kubernetes infra, the web application was working like a charm and I could manually set Pi-hole LoadBalancer IP as DNS on any device. Obviously, the "manually" was a bit of a problem, I definitely don't want or even can configure manually the DNS on all my devices and my router doesn't allow me to override the default DNS.
So the solution is to disable DHCP on my router and enable it on Pi-hole so all devices gets an IP from Pi-hole as well as a DNS. But this didn't work, no device were able to connect to WIFI or by Ethernet.

After reading this post, I actually just changed the chart with the following properties:

• hostNetwork: true so the pod/container runs on the LAN network and not on the k8s network
• securityContext.privileged: true root access
• change the http/https port to 55080/55443 in order to prevent clash with my ingress (port 80/443) and route the 55080 to the ingress (pihole.home.lan)

With those three changes, any devices is now able to connect to grab an IP from Pi-hole DHCP server.

I do agree this isn't the state of the art in terms of security and configuration but it works for me. I think the problem is due to metallb virtual IP but not sure why...

Thanks, let me know if you have any clue how I could make DHCP work without hostNetwork and securityContext.privileged.

When I enable

hostNetwork: true

@gjeanmart Container Start outputting

pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found

When I enable

hostNetwork: true

@gjeanmart Container Start outputting

pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found
pihole/pihole-664dc8b549-dzrd5[pihole]: Stopping pihole-FTL
pihole/pihole-664dc8b549-dzrd5[pihole]: pihole-FTL: no process found

I bumped into this too. It seems to have been caused by systemd-resolved's DNS stub listening on port 53 and not letting Pi-Hole listen on port 53. I solved this by following these instructions: https://unix.stackexchange.com/a/676977

Update 2h later

tl;dr

Symptoms

• hostNetwork did not allow DNS nor DHCP queries, but HTTP were OK
  • this led me to believe that there was a problem with the UDP packets getting blocked and not the TCP ones

Resolution steps

• Deploy with hostNetwork = true
• The UI interface showed a warning interface eth0 does not exist.
• Checking ip addr show showed another name for the network interface

Solution

• Solution is to add the environment variable DNSMASQ_LISTENING to all.

Sorry to comment back on this closed issue, but I was wondering if anyone had anymore info on how you unblocked the issue?

I'm currently setting up pi-hole manually on my k3s cluster, meaning I'm not using this chart, but it has been an amazing source for help & debugging.

My setup

• 2 k3s-server hosts on the same cluster (192.168.1.25 and 192.168.1.18)
• testing DHCP by disabling on my home router and running nmap --script broadcast-dhcp-discover
• testing DNS by using dig @192.168.1.X <domain_name> with X being 18 or 25 to match the k3s hosts, and any domain
• testing UI by vising 192.168.1.X:8088/admin (8088 is my chosen http port in this case)

Otherwise, as K8S goes, I only have the pi-hole Deployment with some basic env vars (including DHCP enabled/start/end/router) and depending on the test a k3s Service.

What I've managed so far

Config 1

• hostNetwork = false
• privileged is false but capabilities have NET_ADMIN to enable DHCP. UI shows DHCP as OK and logs too.
• kubernetes LoadBalancer service exposing 53 TCP/UDP, 67 UDP, 547 UDP and 8088 TCP

Result:

• UI works ✅
• DNS works ✅ (on the network, does not work on the k3s host itself (127.0.0.1))
• DHCP does not work ❌ (expected because of bridged network)

Host:

• netstat -tuln does not display any of these ports
  • Suprised me since I can perform a dig dns query on the server using port 53 and it clearly works

Config 2

• hostNetwork = true
• privileged is false but capabilities have NET_ADMIN to enable DHCP. UI shows DHCP as OK and logs too.
• no kubernetes service at all

Result:

• UI works ✅
• DNS does not work ❌ (funnily enough this time it works on the k3s host itself 127.0.0.1 but not on the network)
• DHCP does not work ❌

Host:

• netstat -tuln displas all of these ports
  • But only 8088 (my chosen web ui port) works on the network

Extra:

• privileged = true. Does not change anything

Config 3

• hostNetwork = true
• privileged is false but capabilities have NET_ADMIN to enable DHCP. UI shows DHCP as OK and logs too.
• • kubernetes NodePort Service exposing 53 TCP/UDP, 67 UDP, 547 UDP and 8088 TCP

Result:

• Same as Solution 2

I'm at a loss on how to debug this since I haven't trained my network skills in a very long time.
Some questions I have (not expecting answers for these, just expliciting my thought process)

• 1/ why does netstat -tuln does not show port 53 on the "Service" solution, but I can clearly access it?
• 2/ why can't I access the DNS port on the pi-hole host over the network using hostNetwork=true but netstat clearly shows both TCP and UDP active?

Unexplored solutions

• @gjeanmart if I understand correctly you configured your HELM Chart with hostNetwork true but without changing anything else? In this case, didn't you get conflicts in the ports between the service and the pod ? When I tried enabling the Service as LoadBalancer and the pod as hostNetwork, the pod could not start because of ports conflicts.
  Would it be possible for you to provide an overview of the final configuration (the deployment + services) you ended up with?

• I'm wondering if the service somehow bypasses any filtering/firewalls? meaning that in hostNetwork mode something might be blocking my udp requests

• I have not yet explored this dhcp-helper solution since it uses a container for dhcp-helper with host-network. I don't see why it would work better than the default pi-hole container with host-network

Any help would be greatly appreciated, thanks in advance!

Edit: Removed link to my setup since it does not bring any value

@jsmrcaga Does this help? https://github.com/cristiklein/pihole-kubernetes/blob/main/charts/pihole/examples/dhcp-values.yaml

TL;DR:

• Ubuntu systems feature a DNS resolver on localhost, which needs to be disabled before Pi Hole can listen to DNS requests on hostNetwork.
• You have to specify the network interface. I prefer to be explicit (and not listen on all).

Hi @cristiklein , thanks a lot for the answer.
The solution was the interface indeed!