From 9eb8d344fa873bc83ee5b3dc0b4e4a9256b73f98 Mon Sep 17 00:00:00 2001
From: Roger Oriol <rogi23696@gmail.com>
Date: Sun, 28 Jun 2026 19:08:04 +0200
Subject: [PATCH] fix pihole liveness probe

---
 pihole/pihole.yaml          | 8 ++++++--
 pihole/unbound/unbound.conf | 8 ++++++--
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/pihole/pihole.yaml b/pihole/pihole.yaml
index 39ee1a6..324c1a5 100644
--- a/pihole/pihole.yaml
+++ b/pihole/pihole.yaml
@@ -12,8 +12,12 @@ metadata:
 data:
   unbound.conf: |
     server:
-        # Listen only on loopback so only the co-located pihole can query it
-        interface: 127.0.0.1
+        # Listen on all interfaces so the kubelet's liveness/readiness probes
+        # (which connect to the pod IP, not 127.0.0.1) can reach unbound.
+        # No Service exposes port 5335, so it stays cluster-internal; pihole
+        # still forwards to 127.0.0.1#5335 which works because 0.0.0.0 covers
+        # loopback.
+        interface: 0.0.0.0
         port: 5335
 
         # IPv4 only for simplicity
diff --git a/pihole/unbound/unbound.conf b/pihole/unbound/unbound.conf
index 1223d41..cbb7a46 100644
--- a/pihole/unbound/unbound.conf
+++ b/pihole/unbound/unbound.conf
@@ -1,6 +1,10 @@
 server:
-    # Listen only on loopback so only the co-located pihole can query it
-    interface: 127.0.0.1
+    # Listen on all interfaces so the kubelet's liveness/readiness probes
+    # (which connect to the pod IP, not 127.0.0.1) can reach unbound.
+    # No Service exposes port 5335, so it stays cluster-internal; pihole
+    # still forwards to 127.0.0.1#5335 which works because 0.0.0.0 covers
+    # loopback.
+    interface: 0.0.0.0
     port: 5335
 
     # IPv4 only for simplicity